Do not store your state in anything besides remote backend. Even if you store it in a remote backend the secrets will appear in a plain text again, this is an ongoing Terraform limitation.
In our case we are using AWS S3 backend ( although we have multi cloud environments ), we've got those key benefits out of the box:
- Encryption in transit and at rest.
- Access policy configuration.
- Durability and availability close to the maximum.
- Locking capability.
- Versioning.
Please do not go with locally-maintained repos that are redundant as possible.
