Best practice for retreiving credentials when deploying a virtual machine?

Curious question, what is the best practice for retrieving credentials to deploy a virtual machine? For example, the resource “azurerm_windows_virtual_machine” requires a username and password to deploy the vm. I can create a variable for this and specify the creds in a tfvars file but i’m wondering if there is a more secure way to accomplish this rather than storing the creds in plain text? I cant seem to find examples and i’m wondering how other people typically handle it.

Any help is appreciated.

Secure storage of such things is a whole topic of its own. There are loads of possible solutions, including tooling built into the cloud providers, CI/CD systems or stand-alone products like Vault.