TERRAFORM-ASSOCIATE-004 · Question #143
TERRAFORM-ASSOCIATE-004 Question #143: Real Exam Question with Answer & Explanation
The correct answer is C: You should not store credentials in Terraform configuration. Storing credentials (such as access keys, passwords, or tokens) directly in Terraform configuration files is a critical security anti-pattern. Configuration files are typically committed to version control systems (e.g., Git), where sensitive credentials become part of the histor
Question
Why does this backend configuration not follow best practices?
Options
- AAn alias meta-argument should be included in backend blocks whenever possible
- BYou should use the local enhanced storage backend whenever possible
- CYou should not store credentials in Terraform configuration
- DThe backend configuration should contain multiple credentials so that more than one user can
Explanation
Storing credentials (such as access keys, passwords, or tokens) directly in Terraform configuration files is a critical security anti-pattern. Configuration files are typically committed to version control systems (e.g., Git), where sensitive credentials become part of the history and are visible to anyone with repo access. Best practices include using environment variables, a secrets manager (like HashiCorp Vault), or provider-specific authentication mechanisms (like AWS IAM roles) to supply credentials at runtime instead of hardcoding them.
Topics
Community Discussion
No community discussion yet for this question.