The file that maps your config to real cloud objects, where it lives, how a team shares it without corrupting it, and how to keep its secrets from leaking.
8 topics
Almost every confusing thing Terraform does traces back to state. State is the file that records which real-world object — i-0abc123, a specific S3 bucket, a VPC ID — corresponds to each resource block in your config. Without it, Terraform could not compute a diff, could not tell what already exists, and could not destroy anything cleanly. With it, you inherit a new set of obligations: state holds secrets in plaintext, a team has to share one copy without two people clobbering each other, and a lost or corrupted file means Terraform no longer knows what it manages.
This chapter works through state from the inside out. What it is and why it exists, what the JSON actually contains, where to store it for a team (an S3 backend), how locking stops concurrent applies from corrupting it, what workspaces really isolate and what they do not, and the two declarative refactoring tools — import blocks and moved blocks — that let you adopt and restructure infrastructure without destroying it. The chapter closes on the uncomfortable truth that sensitive hides values from your terminal but does nothing to the bytes on disk.