Should I commit Terraform State files to the git repository

+1 vote

Should I commit the state files of terraform i.e the .tfstate files to the repository. The terraform docs on its website says:


Terraform also put some state into the terraform.tfstate file by default. This state file is extremely important; it maps various resource metadata to actual resource IDs so that Terraform knows what it is managing. This file must be saved and distributed to anyone who might run Terraform. We recommend simply putting it into version control, since it generally isn't too large.


But one of the most upvoted answer on the best practices thread of terraform says that these .tfstate files should be stored in a centralized location like S3 but not in a GIT Repository.

Can anyone tell what practice should I follow

Apr 4, 2018 in DevOps & Agile by Damon Salvatore
• 5,980 points
3,582 views

2 answers to this question.

0 votes

Here's why you shouldn't store your terraform state files in your version control repository like git:

- At times, if your colleague is working on the same terraform files you both may end up overwriting each others changes on the .tfstate files. On the other hand you may forget to commit your changes after working on terraform which in turn will result in your colleagues having an out dated .tfstate file.

- Another reason for not storing .tfstate files on git is that these files are not encrypted at all. There may be some instance when you have to use passwords while integrating with terraform. Terraform stores these in plain text in the .tfstate files.

Update:

Terraform has updated their documentation:


Terraform also puts some state into the terraform.tfstate file by default. This state file is extremely important; it maps various resource metadata to actual resource IDs so that Terraform knows what it is managing. This file must be saved and distributed to anyone who might run Terraform. It is generally recommended to setup remote state when working with Terraform. This will mean that any potential secrets stored in the state file, will not be checked into version control


answered Apr 4, 2018 by ajs3033
• 7,300 points
0 votes
Its better not to commit it to git because of the following reasons:

1) You might have forgotten to commit or push a few changes after running terraform apply and your team mates will have outdated information and then they'll work on those outdated codes, creating chaos.

2) The .tfstate files may contain secrets. These secrets may contain passwords and other critical information which will just be stored as a plain text file, there's no encryption.

3) Without any locking on these state files, if two team members run Terraform at the same time on the same .tfstate files, you may overwrite each other's changes.
answered Aug 3, 2018 by Nilesh
• 7,060 points

Related Questions In DevOps & Agile

0 votes
1 answer

to check file has the same value or not i.e comparing file with stat module.

Try the following script: Do the second time ...READ MORE

answered May 1, 2018 in DevOps & Agile by shubham
• 7,340 points
4,191 views
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

How do I push a docker image to a private repository?

Here is what you can do. Just try ...READ MORE

answered Sep 19, 2018 in DevOps & Agile by Damon Salvatore
• 5,980 points
1,396 views
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by DragonLord999
• 8,450 points
4,047 views
+2 votes
1 answer
+3 votes
1 answer

Unable to find the TargetArguments path While configuring dot cover in VSTS

For your unable to find the TargetArguments ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by ajs3033
• 7,300 points
1,236 views
+1 vote
2 answers
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP