Does Pulumi support dynamically referencing a secret stored in AWS SSM or AWS Secrets?
We have a number of other tools that are able to perform SSM path lookups and extract/use the values from those SSM Secure type entries. We also (but rarely) use AWS Secrets to store valuable credentials. These usually involve a plugin or helper function that authenticates to AWS and the passed SSM/Secrets path to retrieve the secret value.
I am currently doing a PoC of Pulumi as a IAC replacement for CloudFormation, but I am not finding a way to natively:
• Look up an SSM reference
• Use SSM as a value dynamically without having to use config set manually.
Right now, our POC is just an S3 backend, and I am trying to configure some resources with the Datadog provider that require an API key. Ideally I can use our thousands of secrets stored in SSM/Secrets without having to declare them all for Pulumi.
Is there way to do something like this where I can fetch the token from an existing SSM or AWS Secrets path dynamically? Something like below would be great if it exists.
pd = datadog.pagerduty.Integration("pd",
api_token=datadog.ssm.Parameter.get("pd-api-token").value,
schedules=[
"<https://ddog.pagerduty.com/schedules/12345>",
"<https://ddog.pagerduty.com/schedules/12345>",
],
subdomain="ddog")