Back to course

Secret Management: Environment Variables

Infrastructure as Code (Terraform & OpenTofu Mastery)

TF_VAR Magic

Instead of putting passwords in a file, you can pass them via the terminal using the TF_VAR_ prefix.

bash export TF_VAR_db_password="supersecret" tofu apply

OpenTofu automatically maps TF_VAR_db_password to variable "db_password". This is the standard way to handle secrets in CI/CD pipelines.