HashiCorp Certified: Terraform Associate — Question 278

Which option cannot be used to keep secrets out of Terraform configuration files?

Answer options

• A. Environment Variables
• B. Mark the variable as sensitive
• C. A Terraform provider
• D. A -var flag

Correct answer: B

Explanation

Marking a variable as sensitive in Terraform does not prevent secrets from being in the configuration files; it only affects how the variable is displayed in output. Environment Variables, a Terraform provider, and the -var flag can all help manage sensitive data without exposing it directly in the configuration.