No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

hey, is there a simple secret resource that allows programmatic secret management and only rely on the pulumi state?

Stack config secrets are sort of like that, except they are not in your state. Does that not work for your use case? It's also not a resource but it is encrypted in your stack config file so it's safe to check into git.

You can change the secrets provider that is used to encrypt the stack config secrets too while still storing your stack's state on Pulumi Cloud if you wanted.

creating stack secrets from within pulumi go code would be acceptable, however it'd still be nice to have it wrapped in a resource provider that automatically manages the CRUD lifecycle of these

i'm trying to create a small resource provider myself now. having quite the struggle sifting through what seems like AI hallucinations

How about the `pulumi-random` provider's `RandomPassword`?

<@UDE2DCFT3> i think i can use that internally in my own provider.

am i correct that if i want to persist state in a provider that doesn't have an actual remote state the provider can manage state by exporting outputs?

I am not sure what you mean by that. What problem are you trying to solve?

i'm trying to wrap some go code in my own provider to only run the code once, depending on the result

<@UDE2DCFT3> i'm back with a concrete example :slightly_smiling_face:

i've the following command:

```_, err = pulumi_local.NewCommand(ctx,
"NixOS installation",
&pulumi_local.CommandArgs{
	Create: pulumi.String(fmt.Sprintf(`nixos-anywhere -i %s --flake %s root@%s `, sshKeyIdentityFileName, flake, ipAddress)),
},
)```
the `sshKeyIdentityFileName` is actually a tempfile which will be different on every invocation.

what's needed so that it doesn't try to "create" after it successfully ran once?

<@U06V12Y6YCV> thanks for the example. According to the docs for `pulumi-command`, it looks like the way you've used it should do exactly that -- run once on creation. But based on your question, I am assuming that's not what you are observing? Do you have this wrapped inside another component by any chance? Can you reveal a bit more about what is going on around this snippet?