Terraform state files are one of the most overlooked sources of credential exposure.
Terraform state files contain the full plaintext values of every resource attribute, including passwords, tokens, and private keys. When these files are stored in shared S3 buckets, committed to git, or left on CI runners, they become a goldmine for attackers. We walk through how TruffleHog now scans Terraform state natively and what we found scanning open S3 buckets.