💻 What Is .gitignore in Terraform? (And Why You Should Care Before You Push to Git)

Hey everyone 👋

If you're working with Terraform and using Git to version your infrastructure code (which you absolutely should!), there's one simple file that can save you from major headaches:

➡️ .gitignore

When I first started with Terraform, I was focused on writing .tf files and deploying resources. But I quickly learned that if you don’t handle .gitignore properly, you can accidentally leak sensitive info — and clutter your repo with auto-generated noise.

Let me walk you through it the way I wish someone had done for me 👇

---

🧹 Think of It Like a “Do Not Pack” List

You’re moving houses. You label boxes you want to move — clothes, books, tech.

But you don’t pack everything. You leave out garbage, pizza boxes, and broken cables.

.gitignore is your "Do Not Pack" list for Git — telling it what not to commit.

---

💣 What Happens If You Don’t Use It?

Terraform creates a lot of behind-the-scenes files — like plugin folders, state files, and even crash logs.

If you push them to Git:

• Your repo gets bloated 💾
• Secrets might be exposed 😱
• Other devs will see things they shouldn’t 👀

---

⚠️ Common Terraform Files You Should Ignore

📂 File or Folder	⚠️ Why It Should Be Ignored
.terraform/	Contains downloaded provider binaries and plugin data — recreated with terraform init
terraform.tfstate	Stores your actual infrastructure state — including cleartext secrets
terraform.tfstate.backup	A backup copy of your state — same risks as above
*.tfvars	May include environment-specific variables like passwords, API keys, etc.
crash.log	Only created on errors — not useful for version control

---

✍️ Example .gitignore File for Terraform

# Ignore Terraform system files
.terraform/
*.tfstate
*.tfstate.backup
*.tfvars
crash.log

💡 Pro tip: You can grab a prebuilt Terraform .gitignore from GitHub’s github/gitignore repo.

---

🔬 Quick Lab Recap: Setting It Up

In the demo I followed:

1. Cloned a sample Terraform repo containing demo.tf
2. Created an example.tfvars file with this content:

   username = "admin"
   password = "password"

1. Ran terraform init and terraform apply
2. Noticed these files appeared:

• .terraform/
• terraform.tfstate
• example.tfvars

Then created a .gitignore file with the entries listed above.

After that, running git status showed:
✅ Git ignored all the sensitive/noisy files
✅ Only .gitignore was being staged

---

🧠 Why This Matters (Especially for Teams)

Without .gitignore, you might:

• Accidentally leak credentials in tfstate files
• Share huge plugin binaries no one needs
• Cause version conflicts from files that change every run

💡 Analogy: Committing Terraform system files is like sending your dirty laundry to your boss instead of just the project folder.

---

✅ Final Checklist

✅ Good Practice	❌ Bad Practice
Use .gitignore to keep your repo clean	Commit .tfstate or .tfvars files
Store secrets securely (not in Git)	Hardcode passwords in .tf files
Push only the code — not the mess	Include local .terraform/ or crash logs

---

🧩 Final Thoughts

Using .gitignore isn’t just about being tidy — it’s about:

• Keeping your infrastructure secure
• Making your repo easier to work with
• Protecting your team from accidentally leaking secrets

It’s a small file with a big job. And once you understand it, it becomes second nature in every Terraform project.

If you’re working with Terraform, I’d love to hear your .gitignore setup or lessons you’ve learned. Drop a comment or connect with me on LinkedIn — let’s keep building clean, secure infrastructure together ☁️🧠