TA-002-P · Question #369
TA-002-P Question #369: Real Exam Question with Answer & Explanation
The correct answer is B: The Terraform code is copied to the target resources to be applied locally and could expose. Hardcoding secrets in Terraform is dangerous because the code, including sensitive information, is typically stored in version control and distributed to systems that apply it, risking exposure.
Question
Why should secrets not be hard coded into Terraform code? Choose two correct answers
Options
- AAll passwords should be rotated on a quarterly basis.
- BThe Terraform code is copied to the target resources to be applied locally and could expose
- CTerraform code is typically stored in version control, as well as copied to the systems from h it's
- DIt makes the code less reusable.
Explanation
Hardcoding secrets in Terraform is dangerous because the code, including sensitive information, is typically stored in version control and distributed to systems that apply it, risking exposure.
Common mistakes.
- A. While password rotation is a security best practice, it's not the primary reason why secrets shouldn't be hardcoded into the code itself; it's a separate operational security measure.
- D. Hardcoding secrets does not inherently make code less reusable; rather, it primarily poses a security risk by embedding sensitive data directly.
Concept tested. Terraform security best practices for secrets
Reference. https://developer.hashicorp.com/terraform/language/values/variables#sensitive-variables
Topics
Community Discussion
No community discussion yet for this question.