TERRAFORM-ASSOCIATE-004 Question #128: Real Exam Question with Answer & Explanation

The correct answer is D: Pass variables to Terraform with a -var flag. This is a secure way to inject sensitive variables into your Terraform run, as they will not be stored in any file or source code repository. You can also use environment variables or variable files with encryption to pass sensitive variables to Terraform.

Submitted by kevin_r· Apr 18, 2026Use Terraform CLI

Question

You're building a CI/CD (continuous integration/continuous delivery) pipeline and need to inject sensitive variables into your Terraform run. How can you do this safely?

Options

ACopy the sensitive variables into your Terraform code
BStore the sensitive variables in a secure_varS.tf file
CStore the sensitive variables as plain text in a source code repository
DPass variables to Terraform with a -var flag

Explanation

This is a secure way to inject sensitive variables into your Terraform run, as they will not be stored in any file or source code repository. You can also use environment variables or variable files with encryption to pass sensitive variables to Terraform.

Topics

#sensitive variables#CI/CD#Terraform CLI#security best practices

Community Discussion

No community discussion yet for this question.

Full TERRAFORM-ASSOCIATE-004 Practice Browse All TERRAFORM-ASSOCIATE-004 Questions