What are the pros and cons of using environment variables for managing secrets in Terraform configurations?

Pros:

• You avoid using secrets directly in configurations in plain text
• free (no need to pay for secret management platforms/solutions)
• Straightforward to use

Cons:

• Configurations might not be usable without the environment variables which may make impact the user experience as the user has to know what environment variables he should pass for everything to work properly
• Mostly managed outside of Terraform mechanisms which makes it hard to enforce, track, ... anything that is related to secrets when it depends on the user to pass environment variables