How do I compare two .gitignore files?

Use our GitIgnore Diff tool to paste both .gitignore files and instantly see the differences. The tool highlights added, removed, and unchanged patterns side-by-side.

Is there a free gitignore diff tool online?

Yes, GitIgnore.pro offers the only free online gitignore diff tool that compares two .gitignore files and shows detailed differences.

Can I compare gitignore files from different projects?

Absolutely! Our diff tool works with any .gitignore files, allowing you to compare patterns between different projects and tech stacks.

What is a .gitignore file?

A .gitignore file tells Git which files and directories to ignore when tracking changes in your repository. It helps keep your repository clean by excluding build files, dependencies, and other unnecessary files.

How to fix gitignore not working?

If your .gitignore file is not working, try: 1) Clear Git cache with 'git rm -r --cached .', 2) Make sure the file is named exactly '.gitignore', 3) Check file syntax and patterns, 4) Ensure the file is in the repository root.

How to use gitignore for Python projects?

For Python projects, include patterns like __pycache__/, *.pyc, .env, venv/, and .pytest_cache/. Use our Python gitignore template at https://gitignore.pro/python-gitignore for a complete setup.

Terraform .gitignore Template & Security Guide

Complete Terraform .gitignore template for Infrastructure as Code. Secure your .tfvars, ignore .terraform/ directory, and follow DevOps best practices.

🔒 Security Critical

Never commit sensitive files! Always ignore .tfvars, terraform.tfstate, and any files containing secrets, API keys, or credentials.

Terraform housekeeping checklist

Embed these checks into your pull-request template or CI job to avoid leaking infrastructure secrets.

•State files – ensure terraform.tfstate* and *.backup never leave your local machine.
•Secrets – store .tfvars in a secret manager; commit the .tfvars.example stub instead.
•Provider caches – clean .terraform/ before zipping modules or publishing packages.
•Cloud credentials – verify AWS/GCP credentials are excluded from Git and rotated regularly.

🚀 Terraform .gitignore Template (2025)

# Terraform .gitignore Template - Updated 2025

# Local .terraform directories
**/.terraform/*

# .tfstate files
*.tfstate
*.tfstate.*

# Crash log files
crash.log
crash.*.log

# Exclude all .tfvars files, which are likely to contain sensitive data
*.tfvars
*.tfvars.json

# Ignore override files as they are usually used to override resources locally
override.tf
override.tf.json
*_override.tf
*_override.tf.json

# Include override files you do wish to add to version control using negation
# The commented out entries below show how to achieve this:
# !example_override.tf

# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
*.tfplan

# Ignore CLI configuration files
.terraformrc
terraform.rc

# Ignore Mac .DS_Store files
.DS_Store

# Ignore Terraform lock file (optional, see note below)
.terraform.lock.hcl

# Ignore Terraform Cloud/Enterprise run data
.terraform/

# Ignore backup files
*.backup
*.bak

# Ignore log files
*.log

# Ignore temporary files
*.tmp
*.temp

# Ignore IDE and editor files
.vscode/
.idea/
*.swp
*.swo
*~

# Ignore OS generated files
Thumbs.db
ehthumbs.db
Desktop.ini
$RECYCLE.BIN/

# Ignore terragrunt cache
.terragrunt-cache/

# Ignore Terraform workspaces
terraform.tfstate.d/

# Ignore provider cache
.terraform.d/

# Ignore custom Terraform modules (if using local development)
# modules/
# .terraform-modules/

# Ignore environment-specific files
.env
.env.local
.env.*.local

# Ignore terraform documentation
terraform-docs.yml
.terraform-docs.yml

🔐 Critical Files to Always Ignore

🚨 Security Sensitive

*.tfvars - Variable files with secrets
*.tfstate - State files with sensitive data
.env - Environment variables
terraform.rc - CLI configuration
crash.log - May contain sensitive info

⚡ Cache & Temporary

.terraform/ - Provider cache
*.tfplan - Plan output files
.terragrunt-cache/ - Terragrunt cache
override.tf - Local overrides
*.backup - Backup files

🤔 Should You Ignore .terraform.lock.hcl?

✅ Commit Lock File (Recommended)

• Ensures consistent provider versions
• Team members use same dependencies
• Reproducible infrastructure builds
• Official Terraform recommendation
• CI/CD pipeline consistency

Remove from .gitignore: Comment out or delete the.terraform.lock.hcl line

⚠️ Ignore Lock File (Edge Cases)

• Multi-platform development issues
• Different team OS requirements
• Frequent provider updates needed
• Experimental development setup

Keep in .gitignore: Leave the.terraform.lock.hcl line as-is

💡 Terraform Security Best Practices

1. Use terraform.tfvars.example

Create a template file with dummy values for team members:

# terraform.tfvars.example (commit this)
aws_region = "us-west-2"
environment = "production"
database_password = "your-password-here"

# terraform.tfvars (ignore this)
aws_region = "us-west-2"
environment = "production"
database_password = "actual-secret-password"

2. Use Remote State Backend

Store terraform.tfstate remotely (S3, Terraform Cloud) instead of locally. This ensures state files are never accidentally committed and enables team collaboration.

3. Environment-Specific .tfvars

Use separate variable files for each environment:

# All ignored in .gitignore
dev.tfvars
staging.tfvars  
production.tfvars

# Use with: terraform apply -var-file="dev.tfvars"

🔧 Common Terraform .gitignore Issues

Problem: Terraform state already committed

If you accidentally committed terraform.tfstate files:

# Remove from tracking but keep locally
git rm --cached *.tfstate
git rm --cached *.tfstate.*

# Update .gitignore and commit
git add .gitignore
git commit -m "Remove terraform state from tracking"

Problem: .terraform directory taking up space

The .terraform directory can become large. Clean it up and ensure it's ignored:

# Clean local cache
rm -rf .terraform/

# Reinitialize
terraform init

# Verify .terraform/ is in .gitignore

Problem: Sensitive data in plan files

Always ignore .tfplan files as they can contain sensitive information from your infrastructure state.

🏗️ Terragrunt Additional Ignores

If you're using Terragrunt, add these additional patterns:

# Terragrunt specific ignores
.terragrunt-cache/
terragrunt.hcl.backup
.terragrunt/

🛠️ Use Our Terraform Tools

🏗️ Terraform Template Generator

Generate a custom Terraform .gitignore with security best practices and your specific requirements.

🔍 Validate Your Terraform .gitignore

Test your Terraform .gitignore patterns to ensure sensitive files are properly ignored.

❓ Terraform .gitignore FAQ

Should I commit terraform.tfstate files?

Never! State files contain sensitive information about your infrastructure and can include secrets. Always use remote state backends (S3, Terraform Cloud, etc.) and ignore *.tfstate in your .gitignore.

Can I share .tfvars files safely?

Only if they contain no sensitive data. Create terraform.tfvars.example with dummy values for the team, but always ignore actual .tfvars files. Use environment variables or secure secret management instead.

What about provider credentials?

Never hardcode credentials in .tf files. Use environment variables, AWS profiles, or CI/CD secrets. Ignore any files containing actual credentials like .aws/credentials.

Should override.tf files be ignored?

Yes, override files are typically used for local development and testing. They can contain temporary configurations that shouldn't be shared with the team.

Prevent Terraform state leaks

Run the validator on your repository to be sure sensitive files stay out of Git.

Launch validator View Terraform template

Navigation

Quick Tools