No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I'm working on bootstrapping a cluster, and I noticed that when I create a `kubernetes.Provider` with an inline `kubeconfig` string, the string (with cluster access tokens) isn't being treated as a secret. Is there any way to mark this as a secret, so that the cluster's cleartext root credentials aren't available in diffs and the state store?

Yea, I believe this should do it.

```const k8sProvider = new k8s.Provider(projectName, {
    kubeconfig: pulumi.secret(kubeconfig), // &lt;-- use pulumi.secret(...)
});```

Thanks, that works great! I thought I had tried that earlier and had it fail, but I must have not. :slightly_smiling_face: