delightful-table-58879
03/04/2024, 1:15 PMIMPORTANT: All arguments including the password will be stored in the raw state as plain-text. Read more about sensitive data in state.So my plan is to create a new user via Pulumi, go to the Mongo Web UI and update the password of this user. This works. Also after a redeployment the password doesn’t get updated (as long as the password in Pulumi code doesn’t change). But my question is: Is there a guarantee somewhere, that it doesn’t get updated if e.g. another property of the user gets changed? Can the current behaviour change? Is the current behaviour package dependent or general Pulumi behaviour, e.g. as long as it is not in the diff it doesn’t change?
limited-rainbow-51650
03/06/2024, 3:42 PMDatabaseUser
. If I look at the Pulumi schema for that resource type, I can see the password
property configured like this:
"password": {
"type": "string",
"secret": true
},
This means that the password is not stored as clear text in the Pulumi state. Let's try this: create a DatabaseUser
for test purposes and set the password using Pulumi. Apply the changes. Now go to your stack on our cloud portal, click on the Resources
tab and click further on your DatabaseUser
resource. The password
property should show with some dots, similar to my screenshot. The dots mean this is a secret.
Now run pulumi stack export --file state.json
. Search in that file for password
. I expect it to have an encrypted value.