Terraform state is the record that connects the resources declared in configuration to the actual objects provisioned in the real world. The Terraform documentation explains that “Terraform uses your workspace’s state to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures.” Without this mapping, Terraform would have no way to know which cloud resource corresponds to which block in the configuration, nor what already exists versus what must be created.
State is what makes the plan-and-apply workflow possible. When Terraform plans a change, it compares three things: the desired state expressed in configuration, the recorded state in the state file, and, optionally, the live state queried from provider APIs. The difference between them is the set of actions Terraform proposes - create, update, or destroy. State also stores metadata such as resource dependencies and can cache attribute values to avoid re-querying every resource on large infrastructures.
Because state is a single shared source of truth, where it lives and who can write to it matters enormously for teams. The documentation recommends against keeping state locally, advising users to store it “in HCP Terraform or a remote backend to securely store state and collaborate with team members.” Remote backends add two critical capabilities: locking, which prevents two people from running apply at the same time and corrupting the state, and access control, which protects the file. The docs warn explicitly to “avoid storing your state in a version control system or other storage solution that does not support Terraform state locking and secure access control, because doing so can result in data loss or exposure of secrets.”
State is also the mechanism behind drift detection. When someone modifies infrastructure outside of Terraform, the live resources no longer match what state records; a plan or refresh surfaces this gap so it can be reconciled, making infrastructure drift visible rather than silent. Because the state file can contain sensitive values such as passwords and keys in plain text, it must be treated as a secret, which is one reason secure remote backends, and later features like the state encryption added by the OpenTofu fork, became important parts of operating Terraform safely.