Any tips on getting a pulumi secret into a kubernetes secret? I tried both with and without a promise. I am doing the following(with promise):

cfg.requireSecret("secret1").apply(secret1=>{
        cfg.requireSecret("secret2").apply(secret2=>{
          const k8sSecret = new k8s.core.v1.Secret(`${k8sSecretName}-secret`, {
            data: {
                "access-id": secret1,
                "secret-key": secret2,
            },
          },{ parent: k8sNamespace });
        })
      })

And getting the following error:

error: resource default/k8sSecretName-7e8f35be was not successfully created by the Kubernetes API server : Secret in version "v1" cannot be handled as a Secret: illegal base64 data at input byte 40

you need to base64 encode it, or use

stringData

Ah I see. I figured kubernetes automatically encoded plain text into base64 as a secret?

that’s what

stringData

does

Ahhh thank you! 🙏

not everyone wants to have k8s encode the data, often people want to encode it themselves 🙂

I see. So you're suggesting you could use a different encoding scheme or people want to trust their own base64 encoding?

hi @glamorous-australia-21342, I highly suggest you, to use a secret controller like

external-secrets

for Kubernetes secret management. Depending on where you run your k8s cluster you may have a managed service for that.

@glamorous-australia-21342 you must use base64 encoding for any value in

data

. The

stringData

field is provided for convenience, to have the API server perform the encoding for you. Same result. https://kubernetes.io/docs/concepts/configuration/secret/#restriction-names-data