https://pulumi.com logo
Title
b

bland-dog-47600

04/27/2023, 5:27 AM
Hello everyone, Is there a way to generate a random secret password without having to store it in the state unencrypted? My concern is
.ToSecret
accepts a raw value which I have to generate and store somewhere presumably.
l

limited-rainbow-51650

04/27/2023, 7:29 AM
Have a look at the
random
package, containing the
RandomPassword
resource: https://www.pulumi.com/registry/packages/random/api-docs/randompassword/
b

bland-dog-47600

04/27/2023, 2:51 PM
The problem with this package is it will create a password store in the encrypted Pulumi state and not as a secret.
l

limited-rainbow-51650

04/27/2023, 2:53 PM
It should be in our state encrypted, which I assumed was your concern.
b

bland-dog-47600

04/27/2023, 2:54 PM
Will it be stored as a secret?
l

limited-rainbow-51650

04/27/2023, 3:01 PM
Yes, see our schema. The
result
output property is marked as a
secret
and we track the usage of this value all over your Pulumi program: https://github.com/pulumi/pulumi-random/blob/master/provider/cmd/pulumi-resource-random/schema.json#L296-L300 E.g. for the TS SDK, this results to this code: https://github.com/pulumi/pulumi-random/blob/master/sdk/nodejs/randomPassword.ts#L222
b

bland-dog-47600

04/27/2023, 3:04 PM
Nice, I missed that. Thank you!