hands-on lab

Managing Secrets With Terraform and AWS Secrets Manager

Up to 30m
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


Secret management is a critical component of any infrastructure. Secrets are sensitive pieces of information that should be protected from unauthorized access. These can include database credentials, API keys, or private IP addresses.

Terraform provides several ways to manage secrets, including environment variables, remote state, and integrations with secret stores like AWS Secrets Manager. As teams develop their infrastructure, they will need to consider how to manage secrets in a secure and scalable way.

In this lab, you will configure an Amazon RDS instance to use credentials stored in AWS Secrets Manager. You will also configure a remote state backend to store the .tfstate file in an Amazon S3 bucket and mask the values of sensitive environment variables.

Learning objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Configure an Amazon S3 bucket to store Terraform remote state
  • Mask the values of sensitive environment variables in Terraform
  • Access a secret stored in AWS Secrets Manager using Terraform

Intended audience

  • Individuals studying for the HashiCorp Certified: Terraform Associate exam
  • Cloud Engineers
  • DevOps Engineers


Familiarity with the following will be beneficial but is not required:

  • Terraform Remote State
  • AWS Secrets Manager

The following content can be used to fulfill the prerequisites:

About the author

Jun Fritz, opens in a new tab
Cloud Labs Developer
Learning paths

Jun is a Cloud Labs Developer with previous experience as a Software Engineer and Cloud Developer. He holds the AWS Certified Solutions Architect and DevOps Engineer Professional certifications. He also holds the AWS Certified Solutions Architect, Developer, and SysOps Administrator Associate certifications. 

Jun is focused on giving back to the growing cloud community by sharing his knowledge and experience with students and creating engaging content. 

Covered topics

Lab steps

Managing Secrets With Terraform and AWS Secrets Manager