You are working on a Terraform project that includes sensitive variables like passwords and API tokens. You want to ensure that these values are not accidentally exposed in the output or stored in the version control system. Which approach should you use to manage sensitive variables effectively?