terraformstatePractitioner

Mastering terraform_remote_state: Securely Accessing Outputs Across Configurations

5 min read HashiCorp DocsApr 21, 2026Reviewed for accuracy

Practitioner — Hands-on experience recommended

In a world where infrastructure is code, sharing outputs between different Terraform configurations is crucial. The terraform_remote_state data source allows you to retrieve root module output values from a specified state backend, solving the problem of inter-module communication. This is particularly useful when you have separate configurations for different parts of your infrastructure, like networking and application layers, and you need to reference outputs from one in another.

How does it work? The terraform_remote_state data source connects to a specified backend to fetch the latest state snapshot. It doesn't require a separate provider configuration since it's built into Terraform itself. You'll need to specify the backend and, optionally, the workspace and configuration settings. For example, you can access outputs from a remote backend like this:

terraform

data "terraform_remote_state" "vpc" { backend = "remote" config = { organization = "hashicorp" workspaces = { name = "vpc-prod" } } }

In production, you need to be cautious. While terraform_remote_state is powerful, it exposes the entire state snapshot to anyone with access to the outputs. This means if your configuration deals with sensitive data, you should avoid using it. Instead, consider the tfe_outputs data source for HCP Terraform or Terraform Enterprise, as it provides a more secure way to access outputs without exposing the full state. Always evaluate the security implications before implementing this in your infrastructure.

Key takeaways

→Utilize terraform_remote_state to share outputs between Terraform configurations effectively.
→Specify the backend and configuration parameters to connect to your desired state snapshot.
→Avoid using terraform_remote_state if your resources handle sensitive data.
→Consider using tfe_outputs for a more secure alternative in HCP Terraform or Terraform Enterprise.

Why it matters

In production, securely sharing outputs between Terraform configurations can streamline your infrastructure management. However, exposing sensitive data can lead to significant security risks, making it crucial to understand the implications of using terraform_remote_state.

Code examples

terraform

data "terraform_remote_state" "vpc" { backend = "remote" config = { organization = "hashicorp" workspaces = { name = "vpc-prod" } } } # Terraform >= 0.12 resource "aws_instance" "foo" { # ... subnet_id = data.terraform_remote_state.vpc.outputs.subnet_id }

terraform

data "terraform_remote_state" "vpc" { backend = "local" config = { path = "..." } } # Terraform >= 0.12 resource "aws_instance" "foo" { # ... subnet_id = data.terraform_remote_state.vpc.outputs.subnet_id }

When NOT to use this

Don't use terraform_remote_state if any of the resources in your configuration work with data that you consider sensitive. The risk of exposing the entire state snapshot outweighs the benefits in such cases.

Want the complete reference?

Read official docs

Test what you just learned

Quiz questions written from this article

Take the quiz →

VultrSponsor

High-performance cloud infrastructure — deploy in 60 seconds. New accounts get $100 free credit to try Kubernetes, VMs, and managed databases.

Get $100 free credit →

Mastering terraform_remote_state: Securely Accessing Outputs Across Configurations

Key takeaways

Why it matters

Code examples

When NOT to use this

More on this topic

Mastering Terraform Lifecycle Management

Mastering Sensitive Data Management in Terraform State

Mastering Terraform State Locking: Avoiding Chaos in Your Infrastructure