No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

ok, found, I can mark in by `pulumi.Output.secret()`

and by marking input I don’t need separate mark output by `pulumi.ResourceOptions(additional_secret_outputs=['key'])`

thank for attention :slightly_smiling_face:

Which resource/function are you using from the Vault Pulumi provider which returned a plaintext value?

While what you say above works, if the output should always be a secret, we may want to update the provider to make this secret by default so that users don’t have to discover this themselves. 

I just tried understand if I can encrypt any input/output in state on case if it will be necessary for some reason. There’re no any problems with Vault or other modules