Complete guide to storing AWS secrets in Terraform

Anand Tripathi
Published in
4 min readNov 4, 2023


Photo by NFT gallery on Unsplash

With every terraform project the first thing you do is set up the provider and to access the provider you need credentials for it. For example, the below code is the starting point of every terraform code

provider "aws" {
region = "us-west-1"
access_key = "my-access-key"
secret_key = "my-secret-key"

I just pasted the above configuration from Terraform's official doc. Wait what! 🤔

Yeah, you heard it correctly, but just read the note in that link too.

Hard-coded credentials are not recommended in any Terraform configuration and risks secret leakage should this file ever be committed to a public version control system.

Trust me or not never ever write something like this. There should be a red alarm banging inside your head if you face some code like this. Keys are meant to be secret, it's like you are pasting your bank account password on your nameplate of the house.

So if it's your bank account password you will keep it safe then just treat all the secrets and keys, also like your bank account password. So to keep them safe here are some tips for the…