https://pulumi.com logo
Title
s

sparse-butcher-73713

12/22/2021, 7:39 AM
Good morning! what is the best way to configure a container environment with pulumi? Obviously it will contain secrets so it cant be committed to git, is there a way to persist the config and then pass it to the container? Also, on a code level, how can I "mass" pass the variables without creating them one by one in the code?
b

billowy-army-68599

12/22/2021, 8:59 AM
Morning @sparse-butcher-73713 - you are actually able to commit secrets to git if you put them inside the config:
pulumi config set <key> <value> -- secret
s

sparse-butcher-73713

12/22/2021, 9:00 AM
whoah - so pulumi will encrypt them? with the pulumi key or the configured provider?
b

billowy-army-68599

12/22/2021, 9:03 AM
by default, it'll be a key configured by pulumi, but you can encrypt them with an aws kms key, google cloud key or azure kms key when you create the stack https://www.pulumi.com/blog/peace-of-mind-with-cloud-secret-providers/
s

sparse-butcher-73713

12/22/2021, 9:03 AM
Ok got it
it there any short hand way to transfer all key-values from config to the container environment variables?
or just put them in one by one
?
also I couldn't find any examples on how to use
EnvFrom
in
ContainerArgs
which sounds like could be it
b

billowy-army-68599

12/22/2021, 9:10 AM
and then pass the configuration object to the container
s

sparse-butcher-73713

12/22/2021, 9:10 AM
mmm yes, interesting - use a JsonObject