A new tutorial on HashiCorp Learn shows how to protect sensitive data with Terraform.
HashiCorp Terraform configuration often includes sensitive inputs, such as passwords, API tokens, or Personally Identifiable Information (PII). Terraform provides several features to help avoid accidentally exposing sensitive data.
Follow our new tutorial on HashiCorp Learn, Protect Sensitive Input Variables. In this tutorial, you will provision a web application using Terraform, and use the `sensitive` variable flag to set sensitive values. You will also learn about ways to manage sensitive values in your Terraform state.
New in Terraform 0.14, input variables now support the `sensitive` flag. Terraform will redact the values of sensitive variables in console and log output, to reduce the risk of accidentally disclosing these values.
When you apply this configuration, Terraform redacts the sensitive value from its console output.
This feature helps prevent accidental disclosure of sensitive values, but is not sufficient to fully secure your Terraform configuration.
Even when a variable is marked sensitive, Terraform still needs to store the value in its state file, so that it can correctly apply configuration changes.
In this tutorial, you will learn about several methods that Terraform and other HashiCorp products provide to secure your state file.
Version 5.0 of the HashiCorp Terraform AWS provider brings improvements to default tags, allowing practitioners to set tags at the provider level.
Learn how HashiCorp Terraform supports the deployment of Azure Linux container host for Azure Kubernetes Service (AKS).
New CI/CD pipeline templates for GitHub Actions and GitLab CI provide prescriptive guides for integrating with Terraform Cloud, and a new integration tool can help build workflows with other CI/CD platforms.