Should I commit Terraform State files to the git repository?

+1 vote

Should I commit the state files of terraform i.e the .tfstate files to the repository. The terraform docs on its website says:


Terraform also put some state into the terraform.tfstate file by default. This state file is extremely important; it maps various resource metadata to actual resource IDs so that Terraform knows what it is managing. This file must be saved and distributed to anyone who might run Terraform. We recommend simply putting it into version control, since it generally isn't too large.


But one of the most upvoted answer on the best practices thread of terraform says that these .tfstate files should be stored in a centralized location like S3 but not in a GIT Repository.

Can anyone tell what practice should I follow

Apr 4, 2018 in DevOps & Agile by Damon Salvatore
• 5,250 points
291 views

2 answers to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

Here's why you shouldn't store your terraform state files in your version control repository like git:

- At times, if your colleague is working on the same terraform files you both may end up overwriting each others changes on the .tfstate files. On the other hand you may forget to commit your changes after working on terraform which in turn will result in your colleagues having an out dated .tfstate file.

- Another reason for not storing .tfstate files on git is that these files are not encrypted at all. There may be some instance when you have to use passwords while integrating with terraform. Terraform stores these in plain text in the .tfstate files.

Update:

Terraform has updated their documentation:


Terraform also puts some state into the terraform.tfstate file by default. This state file is extremely important; it maps various resource metadata to actual resource IDs so that Terraform knows what it is managing. This file must be saved and distributed to anyone who might run Terraform. It is generally recommended to setup remote state when working with Terraform. This will mean that any potential secrets stored in the state file, will not be checked into version control


answered Apr 4, 2018 by ajs3033
• 7,000 points
0 votes
Its better not to commit it to git because of the following reasons:

1) You might have forgotten to commit or push a few changes after running terraform apply and your team mates will have outdated information and then they'll work on those outdated codes, creating chaos.

2) The .tfstate files may contain secrets. These secrets may contain passwords and other critical information which will just be stored as a plain text file, there's no encryption.

3) Without any locking on these state files, if two team members run Terraform at the same time on the same .tfstate files, you may overwrite each other's changes.
answered Aug 3, 2018 by Nilesh
• 6,900 points

Related Questions In DevOps & Agile

0 votes
1 answer

to check file has the same value or not i.e comparing file with stat module.

Try the following script: Do the second time ...READ MORE

answered May 1, 2018 in DevOps & Agile by shubham
• 6,480 points
187 views
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer
+13 votes
2 answers
0 votes
1 answer
+3 votes
1 answer

Unable to find the TargetArguments path While configuring dot cover in VSTS

For your unable to find the TargetArguments ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by ajs3033
• 7,000 points
56 views
+1 vote
2 answers

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.