Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
f
flaky-soccer-58509
04/02/2023, 7:32 PMHello 🙂
I use Hashicorp Vault for storing my secrets, but when I getting it from Vault and applying to some code/resource I see that in state file it writing in plaintext. For output I can solve it by use
additional_secret_outputssecretok, found, I can mark in by
pulumi.Output.secret()and by marking input I don’t need separate mark output by
pulumi.ResourceOptions(additional_secret_outputs=['key'])thank for attention 🙂
w
white-balloon-205
04/03/2023, 2:16 AMWhich resource/function are you using from the Vault Pulumi provider which returned a plaintext value?
While what you say above works, if the output should always be a secret, we may want to update the provider to make this secret by default so that users don’t have to discover this themselves.
f
flaky-soccer-58509
04/05/2023, 3:04 AMI just tried understand if I can encrypt any input/output in state on case if it will be necessary for some reason. There’re no any problems with Vault or other modules