No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Have you set it as a secret in your Pulumi config?

yes, i've set "secret": true in the config.map property of the github pipeline

Pulumi doesn’t have any information about that. You need to set it as a secret in Pulumi 

See here:

<https://www.pulumi.com/docs/concepts/secrets/|https://www.pulumi.com/docs/concepts/secrets/>

but i see from the pulumi web interface that it correctly identifies the variable as a secret, marking it as "encrypted" on the configuration tab

If that’s the case, it’s a bug, and would be good to open an issue 

for example, in the ci output, it replaces the varaibles with "[secret]"

the only thing plaintext remaining are the input properties

Okay that’s a bug, please file an issue 

in regard to this bug report, i've open an issue here: <https://github.com/pulumi/pulumi/issues/13286>

in case someone experienced the same problem or wants to help :i_love_you_hand_sign:

<@UCWG26BH7> Can you help me with this issue? According to a collegue of yours the issue is in the missing fn:Secret. Do you agree?