A team member accidentally committed the terraform.tfstate file to a Git repository. What are the security implications?

  1. The state file is automatically encrypted by Git
  2. There are no security implications
  3. The state file contains sensitive data like database passwords and API keys that could be exposed ✓
  4. Only administrative data is stored in the state file

Correct answer: The state file contains sensitive data like database passwords and API keys that could be exposed

Option C is correct because the Terraform state file stores the full resource graph including all attribute values, which frequently includes sensitive data such as database connection strings, passwords, API keys, and private keys in plaintext, making exposure via a public or shared Git repository a serious credential-leak risk. Option A is incorrect because Git does not encrypt file contents; files are stored and transmitted as-is unless separately encrypted before committing. Option B is incorrect because there are significant security implications given the plaintext sensitive data the state file can contain. Option D is incorrect because the state file contains far more than administrative metadata, including credentials and other secrets that providers write into state.

Topic: · terraform state, secrets management, security, gitops

Practice HashiCorp Terraform Associate (003) Questions Free