HashiCorp Certified: Terraform Associate — Question 348

Why should secrets not be hard coded into Terraform code? (Choose two.)

Answer options

• A. It makes the code less reusable.
• B. Terraform code is typically stored in version control, as well as copied to the systems from which it's run. Any of those may not have robust security mechanisms.
• C. The Terraform code is copied to the target resources to be applied locally and could expose secrets if a target resource is compromised.
• D. All passwords should be rotated on a quarterly basis.

Correct answer: A, B

Explanation

The correct answers are A and B because hardcoding secrets makes the code less flexible for reuse and poses security risks when the code is stored in version control systems that might not be secure. Option C, while relevant, does not directly address the main concerns about hardcoding secrets, and option D is unrelated to the issue of hardcoding since it discusses password rotation instead.