1

I am looking to understand that the "best practice" view on *.tfvars files is, as there appears to be conflicting schools of thought.

  • "Terraform Best Practices" states that terraform.tfvars files should be used in composition
  • GitHub says that *.tfvars should be excluded from VCS entirely.

Which is it? I am currently looking to follow the first option, using a terraform.tfvars file to provide values in composition, but I do like to use the GitHub .gitignore files. Is there an official/accepted best practice?

Improve this question

1 Answer 1

Reset to default
1

There isn't a "one-size-fits-all" answer to which approach is the "official" or "accepted" best practice, as it largely depends on factors such as project requirements, team preferences, and security considerations. However, you can adopt a hybrid approach that combines the benefits of both perspectives:

  • Use terraform.tfvars files for non-sensitive variables and default configurations.
  • Exclude sensitive .tfvars files containing credentials or secrets from version control using .gitignore.
  • Manage sensitive data separately, such as through environment variables or a secrets management system, and reference them in your Terraform configurations.

This hybrid approach balances convenience and security, ensuring that sensitive information is protected while maintaining flexibility and ease of use in managing other configuration variables.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.