How confident are you that your sensitive data is secure when using Terraform? Imagine this: private keys or API tokens are sitting in plain sight within your plan or state files, ready to be snatched by anyone who knows where to look. Is your infrastructure really as bulletproof as you think, or is it an open door waiting to be breached?

To address these issues, Terraform 1.10 introduces ephemeral values, which prevent sensitive data from being kept in plaintext in Terraform's state or plan files.

Previously, if these files were read incorrectly, secrets that were extracted from data sources or created by resources — such as random passwords — were susceptible to disclosure. Ephemeral values now safeguard sensitive data from possible breaches by ensuring that it is never kept between operations.

Let's explore how ephemeral values and resources enhance infrastructure security, as well as how to implement them successfully — and get a sneak peak at write-only arguments.