No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello everyone,
Is there a way to generate a random secret password without having to store it in the state unencrypted?
My concern is `.ToSecret` accepts a raw value which I have to generate and store somewhere presumably.

Have a look at the `random` package, containing the `RandomPassword` resource:
<https://www.pulumi.com/registry/packages/random/api-docs/randompassword/>

The problem with this package is it will create a password store in the encrypted Pulumi state and not as a secret.

It should be in our state *encrypted*, which I assumed was your concern.

Yes, see our schema. The `result` output property is marked as a `secret` and we track the usage of this value all over your Pulumi program:
<https://github.com/pulumi/pulumi-random/blob/master/provider/cmd/pulumi-resource-random/schema.json#L296-L300>
E.g. for the TS SDK, this results to this code:
<https://github.com/pulumi/pulumi-random/blob/master/sdk/nodejs/randomPassword.ts#L222>