What is the best practice to pass passwords and sensitive data inputs to terraform?

We have some sensitive data including passwords, users,… that are passed to terraform as .tfvars files and that are saved in state file in plaintext, is there any conventions about managing sensitive data in terraform ?

1 Like