This message was deleted.

you're likely placing the lambda at the wrong place, can you share the code you tried?

Code is pretty complicated, but I’ll include the details as much as I can. So in

utils.py

,

for secret_key in secret_keys:
        try:
            secret_value = config.require_secret(secret_key).apply(
                lambda val: val
            )
        except pulumi.ConfigMissingError as cme:
            raise cme
        richen_manifest['extra_env'].append({
            'name': secret_key,
            'value': secret_value
        })
   # this is a jinja2 template rendering...
   template.render(manifest)

and in the

__main__.py

, we call that rendering part from

utils

and then dump it to a temporary file.

with open(tmp_manifest, 'w') as f:
                yaml.dump(yaml.load(rendered_manifest), f)

            kubernetes.yaml.ConfigFile(
                f'events-{server}-{product}-{stage}',
                file=tmp_manifest,
                opts=ResourceOptions(provider=k8s)
            )

And the bare template looks like

containers:
        - image: {{ registry }}/{{ image }}:{{ image_tag }}
          env:
          {% for item in extra_env %}
            - name: {{ item.name }}
              value: "{{ item.value }}"
          {% endfor %}

So the resulting rendering looks like

env:
        - name: SCHEMA_REGISTRY_AUTH
          value: "<pulumi.output.Output object at 0x7fcc98c51b80>"

you need to life the apply to where the template is rendered:

config.require_secret(secret_key).apply(template.render)

etc

Since there are lot’s of secrets that should be into the template, it’s tough to maintain the

apply

scheme. Is there any other solutions available?

no,

apply

is there because of technical reasons around when the value is known. Why is it tough to maintain?