Back to listCategory security Workaround hack Stage deploy Freshness persistent Scope framework Upstream open Recurring Yes Buyer Type team
Sensitive data exposure in state and plan artifacts
9/10 CriticalTerraform stores real secret values (API tokens, database passwords) in plaintext state files and plan output despite showing (sensitive value) in the CLI. When plan files are uploaded as CI/CD artifacts, they become security liabilities if accessible to unauthorized parties.
Sources
- https://www.schibsted.pl/blog/9-reasons-why-terraform-is-a-pain-and-1-why-you-should-still-care/
- https://www.capterra.com/p/179262/HashiCorp/reviews/
- https://spacelift.io/blog/terraform-challenges
- https://dev.to/mechcloud_academy/the-tough-side-of-terraform-10-challenges-youll-face-and-how-to-tackle-them-376n
Collection History
Query: “What are the most common pain points with Terraform for developers in 2025?”3/29/2026
Even when the CLI shows (sensitive value), the underlying state and plan data can still contain the real value... State and plan files may include sensitive values like initial database passwords or API tokens — and local state is stored in plaintext by default. That plan file can contain enough information to leak secrets if it's accessible to the wrong people.
Created: 3/29/2026Updated: 3/29/2026