Home » HashiCorp » Terraform Associate » Valarie has created a database instance in AWS and for ease of use is outputting the value of the database password with the following code.
Valarie has created a database instance in AWS and for ease of use is outputting the value of the database password with the following code. Valarie wants to hide the output value in the CLI after terraform apply that’s why she has used sensitive parameter.
1. output “db_password” {
2. value = local.db_password
3. sensitive = true
4. }
Since sensitive is set to true, will the value associated with db password be available in plain-text in the state file for everyone to read?
A. Yes
B. No
Correct Answer: A
Explanation/Reference:
Explanation:
Outputs can be marked as containing sensitive material by setting the sensitive attribute to true, like this: output “sensitive” { sensitive = true value = VALUE
} When outputs are displayed on-screen following a terraform apply or terraform refresh, sensitive outputs are redacted, with <sensitive> displayed in place of their value.
Limitations of Sensitive Outputs
The values of sensitive outputs are still stored in the Terraform state, and available using the terraform output command, so cannot be relied on as a sole means of protecting values.
Sensitivity is not tracked internally, so if the output is interpolated in another module into a resource, the value will be displayed.
|
Download Printable PDF. VALID exam to help you PASS.
|
 |
