Hello everyone, Is there a way to generate a random secret password without having to store it in the state unencrypted? My concern is

.ToSecret

accepts a raw value which I have to generate and store somewhere presumably.

Have a look at the

random

package, containing the

RandomPassword

resource: https://www.pulumi.com/registry/packages/random/api-docs/randompassword/

The problem with this package is it will create a password store in the encrypted Pulumi state and not as a secret.

It should be in our state encrypted, which I assumed was your concern.

Will it be stored as a secret?

Yes, see our schema. The

result

output property is marked as a

secret

and we track the usage of this value all over your Pulumi program: https://github.com/pulumi/pulumi-random/blob/master/provider/cmd/pulumi-resource-random/schema.json#L296-L300 E.g. for the TS SDK, this results to this code: https://github.com/pulumi/pulumi-random/blob/master/sdk/nodejs/randomPassword.ts#L222

Nice, I missed that. Thank you!