How can I emulate this via pulumi from pulumi config secrets

Question

How can I emulate this via pulumi from pulumi config secrets `kubectl create secret tls myservice tls cert=myservice cert pem key=myservice key pem dry run o yaml` I ve tried manually constructing a TLS secret with the exact contents of the yaml file but it doesn t work for some reason I feel like I must be missing something obvious any insights

billowy-army-68599 · Answer

You can read the file from disk using whatever library makes sense in typescript ``` const secret = new k8s core v1 Secret secret stringData tls crt fs readFileSync myservice cert pem toString tls key fs readFileSync myservice key pem toString ```

breezy-gold-44713 · Answer

Yes but if I want to store them in the pulumi stack so it can be encrypted

breezy-gold-44713 · Answer

It s not possible for me to store the key in revision control so I need to stash it in the stack in an encrypted format

breezy-gold-44713 · Answer

I can cobble together a secret of type tls that has the exact same base64 values read from the stack that I see in the yaml file output from the kubectl command but they are clearly different somehow when I go to actually use the secret

gorgeous-egg-16927 · Answer

The stringData field is base64 encoded server side If you re passing in base64 encoded data you can use the data field instead

breezy-gold-44713 · Answer

OK I got this working I m going to document my solution here for future reference

breezy-gold-44713 · Answer

```$ base64 lt myservice cert pem | pulumi config set secret tls crt $ base64 lt myservice key pem | pulumi config set secret tls key```

breezy-gold-44713 · Answer

```const secretsName = `$ serviceName secrets` const secrets = new k8s core v1 Secret secretsName metadata name secretsName namespace mynamespace type <http kubernetes io tls|kubernetes io tls> data tls crt Buffer from config require tls crt toString tls key Buffer from config require tls key toString ```