https://pulumi.com logo
Title
f

flaky-soccer-58509

04/02/2023, 7:32 PM
Hello 🙂 I use Hashicorp Vault for storing my secrets, but when I getting it from Vault and applying to some code/resource I see that in state file it writing in plaintext. For output I can solve it by use
additional_secret_outputs
, but input still in plaintext. Is any way to mark any input variables as
secret
?
ok, found, I can mark in by
pulumi.Output.secret()
and by marking input I don’t need separate mark output by
pulumi.ResourceOptions(additional_secret_outputs=['key'])
thank for attention 🙂
w

white-balloon-205

04/03/2023, 2:16 AM
Which resource/function are you using from the Vault Pulumi provider which returned a plaintext value? While what you say above works, if the output should always be a secret, we may want to update the provider to make this secret by default so that users don’t have to discover this themselves.
f

flaky-soccer-58509

04/05/2023, 3:04 AM
I just tried understand if I can encrypt any input/output in state on case if it will be necessary for some reason. There’re no any problems with Vault or other modules