Which provider authentication method avoids storing credentials in the state file?

Using environment variables is a method of provider authentication that effectively avoids storing credentials in the Terraform state file. When credentials are set as environment variables, Terraform retrieves them at runtime without embedding sensitive information directly into the infrastructure code or state files. This enhances security because the credentials aren't stored in a way that they can be easily accessed or exposed.

Additionally, when using environment variables, developers can easily manage and change credentials without the need to modify code or the Terraform configuration. This approach not only simplifies the management of sensitive information but also adheres to best practices for security by keeping sensitive data out of version control systems and state files.

Other methods like using a shared config file and a credential store may still expose sensitive data if proper care isn't taken, and while using an IAM role offers robust security, it typically applies to cloud services where the underlying application or service assumes the role and manages the credentials internally.