Sensitive=true prevents accidental display in plans, outputs, and logs, but it does not encrypt state or stop Terraform from storing the underlying value. Teams that rely on it alone still end up with plaintext secrets in state files, remote backends, and local copies.
Why This Matters for Security Teams
Using
sensitive=true
alone creates a false sense of protection because it only changes how Terraform handles presentation, not how it stores or transports the value. The underlying secret still lands in state, remote backends, local caches, and any place that consumes the state file. That means the real exposure problem remains, especially when teams assume the flag is equivalent to encryption or redaction.This is exactly the kind of control gap highlighted by the Guide to the Secret Sprawl Challenge and reinforced by the OWASP Non-Human Identity Top 10, where credential handling failures often start with convenience features that are misread as security controls. Sensitive values still need lifecycle management, rotation, and storage protections aligned to NIST Cybersecurity Framework 2.0 expectations for protecting assets and limiting exposure.
GitGuardian’s State of Secrets Sprawl 2026 reported that 64% of valid secrets leaked in 2022 are still valid and exploitable today, which shows why “hidden in output” is not the same as “reduced risk.” In practice, many security teams encounter the real problem only after a state file is copied, backed up, or accessed during an incident rather than through intentional review.
How It Works in Practice
Terraform’s
sensitive=true
flag suppresses value rendering in plan output, CLI responses, and some logs, but it does not alter the state model. If a secret is part of a resource argument or output, the value is still serialized unless the provider or workflow uses a separate mechanism to avoid persistence altogether. That is why sensitive handling must be paired with state protection, not treated as a substitute for it.In practice, teams should think in three layers. First, protect the state itself with encryption at rest, access controls, and tightly scoped backend permissions. Second, avoid placing long-lived secrets directly into Terraform-managed resources when a system can mint them dynamically instead. Third, treat local developer machines and CI runners as storage locations too, because they often retain plan files, cached state, or debug output.
- Use NIST SP 800-53 Rev 5 Security and Privacy Controls to map state access, encryption, and audit requirements.
- Limit who can read remote state, because anyone with state access can often recover the underlying secret even when plans appear redacted.
- Prefer ephemeral credentials, short TTLs, and external secret stores for values that should not persist in IaC state.
- Review Terraform outputs, debug logs, backups, and artifact retention as part of the secret exposure surface.
The Ultimate Guide to NHIs — Static vs Dynamic Secrets is useful here because the operational answer is usually to reduce static secret lifetime, not to rely on display suppression. These controls tend to break down when multiple teams reuse the same remote state backend and state access is broader than application deployment access, because the secret becomes readable long after the original change is complete.
Common Variations and Edge Cases
Tighter secret handling often increases workflow overhead, requiring organisations to balance developer convenience against state security and auditability. That tradeoff becomes sharper in large Terraform estates, where a single backend may support many applications, environments, and approval paths.
There is no universal standard for whether every sensitive input must be removed from state, but current guidance suggests the strongest pattern is to keep secrets out of Terraform whenever possible. If a secret must be referenced, use a system designed for short-lived credential issuance and rotate aggressively. This is especially important in pipelines that use remote state sharing, because a redacted plan can still sit beside a fully readable state object.
Edge cases also matter. A CI/CD pipeline exploitation case study illustrates why masked output does not help if a runner, artifact store, or operator workstation already has access to the raw state. Likewise, the Top 10 NHI Issues reinforces that over-trusting static controls is a recurring pattern in credential compromise. For teams working under NIST Cybersecurity Framework 2.0, the practical question is not whether the value is hidden in output, but whether the secret is still recoverable anywhere in the control plane.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Sensitive values in state still create non-human identity exposure risk. |
| OWASP Agentic AI Top 10 | Autonomous tooling and pipelines often leak secrets through state and logs. | |
| CSA MAESTRO | Covers governance for automation chains that can expose secrets via orchestration. | |
| NIST CSF 2.0 | PR.AC-4 | State access is an access-control problem, not just a masking problem. |
| NIST AI RMF | GOVERN | Secret persistence in tooling needs governance and accountability decisions. |
Inventory NHI secrets and remove any long-lived credential from Terraform state paths.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 12, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org