Terraform.tfvars wasn’t made to be secure it was made to make Dev/Test life easier

Nuntin Padmadin — Wed, 13 Aug 2025 09:48:14 +0000

Many developers (myself included) assume terraform.tfvars is a secure place to store secrets.
Some even think: "Just add it to .gitignore and you’re safe."

But here’s the truth:
.tfvars is just a plain input file no encryption, no protection, no magic.

.tfvars is not secure
Myth Reality
It's a secret file ❌ It's plaintext
It's safe if added to .gitignore ❌ It still exists on disk
It's okay for passwords ❌ Only if leaking is okay

What is it actually for?
Convenience.
It helps pass variables without writing long -var flags every time.
Great for dev/test, but never meant for storing secrets.

Bottom line:
.tfvars is useful just don’t treat it like a vault.

How I Built a Real DevOps Automation Lab (Terraform, Ansible, K8s, CI/CD)

Nuntin Padmadin — Tue, 03 Jun 2025 17:19:18 +0000

Intro

Are you tired of “sample” DevOps portfolios with code that’s never been run?
I was too. That’s why I built automation-devops-lab: a real, working infrastructure automation project anyone can clone, test, and use as proof-of-skill — no corporate access or paid cloud credits needed.

🚩 Why This Lab?
Most engineers can’t show real infrastructure without a job, budget, or paid cloud.

Recruiters and teams want proof not just theory.

This project was built to solve both:
A portfolio you can test, break, and prove end-to-end.

🛠️ What’s Inside
Terraform: Build AWS VPC, EC2, S3, RDS

Ansible: Automated config for Nginx, Prometheus, Grafana

GitLab CI: IaC pipeline to glue it all

Live output & monitoring: Grafana dashboards, screenshots, diagrams

Manual test: Every step can be run without paid SaaS

🔄 Pipeline Stages (Production-Grade CI/CD)
Stage 1: Lint & Security Scan – terraform fmt/validate, tfsec, ansible-lint, fail on critical

Stage 2: Terraform Plan → Manual Approval – generate plan artifact, reviewer approve

Stage 3: Terraform Apply → Deploy Infra – apply with plan, backup state to S3 + DynamoDB

Stage 4: Ansible Config → Provision App/Monitoring – dynamic inventory, install stack, verify endpoint

Stage 5: Integration Test → Grafana Screenshot – run test, capture dashboard proof

Project Structure
automation-devops-lab/
├── terraform/ # Infra code: AWS, variables, modules
├── ansible/ # Playbooks: config, monitoring
├── .gitlab-ci.yml # CI/CD pipeline
├── images/ # Proof: diagrams, Grafana UI
├── README.md # Full doc (with quick start)

Quick Start

Clone the repo

git clone https://github.com/nuntin/automation-devops-lab.git

Provision AWS infra (Terraform)

cd automation-devops-lab/terraform
terraform init
terraform apply -auto-approve -var-file="terraform.tfvars"

Configure EC2 (Ansible)

cd ../ansible
ansible-playbook -i aws_ec2_inventory.py site.yml
ansible-playbook -i aws_ec2_inventory.py prometheus_grafana.yml

Who’s This For?
DevOps engineers/job seekers needing real, provable work

Recruiters hiring for cloud/infrastructure roles

Anyone learning IaC, automation, or prepping for interviews

Why I Built It
I rebuilt my skillset from scratch after leaving my last job.
Every commit here was tested on real infra.
If you’re stuck building a portfolio with “samples” — this lab is for you.

Links
GitHub: https://github.com/nuntin/automation-devops-lab

LinkedIn: www.linkedin.com/in/nuntin-padmadin-97b708145

Email: nuntin.p@gmail.com