https://pulumi.com
Join Slack
Hi there! I am observing something really odd for a Pulumi provider based on <https://github.com/pu...
# general
s
Hi there! I am observing something really odd for a Pulumi provider based on https://github.com/pulumi/pulumi-go-provider We have some somewhat deeply nested resource, That looks somewhat like this (excuse the not so formal scheme):
Copy code
{
  orgID: "UUID",
  shards: [
    {
      "ca_service" : {
        "vault": {
          "credentials": {
            "role_id": "UUID",
            "secret_id_ref": "UUID",  <- not secret according to the provider schema
          }
        }
      }
    },
  ]
}
Now, in the resources that we create with pulumi, we use the output of a resource that contains secrets as the input in 
shards[].ca_service.vault.credentials.secret_id_ref
. (However, the field that we access is not marked as secret in the schema) In our schema, the secret_id_ref is not marked as secret, however, in the stack, it always appears as secret. This has some strange side-effects. If there is more than one shard, we always see a diff on the 
shards
field because it is marked as secret. If there is only one shard, we do not see this diff. Now, here is my question. Is there a way to figure out why Pulumi recognizes secret_id_ref as secret? Could it be, because of the field name?
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by