No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

pulumi stack output myPassword | | base64 --decode

piping through `base64 -d` only outputs binary/garbage! :confused:

can you show me your code that you've specified for this?

```      const loginProfile = new aws.iam.UserLoginProfile(
        user.username,
        {
          user: iamUser.name,
          pgpKey: `keybase:${user.keybaseUser}`,
        },
        { parent: this }
      );```
and later in a dynamic provider that will send encrypted password by email, where `encryptedPassword` is the resolved value of `loginProfile.encryptedPassword`:
```    console.log(
      `Encrypted password: ${encryptedPassword}`
    );```
I can share a more complete code excerpt if needed, but it’s a bit more involved, with the dynamic provider.

Same happens to me, I wrap it in the headers and footers myself, and it works.. onesec I've got the code...

Ah, it's just Terraform code, haven't ported it to Pulumi yet...
```output "passwords" {
  value =&lt;&lt;ARMOURED
%{for login_profile in aws_iam_user_login_profile.support }
PGP-encrypted password for ${login_profile.user}
-----BEGIN PGP MESSAGE-----

${login_profile.encrypted_password}

-----END PGP MESSAGE-----
%{endfor}
ARMOURED
}```

Thanks <@U012UJTT55M>! However, it’s not just the armour that’s missing, it’s also the bytes that seem to be grouped in bunches.  As I mentioned earlier, the format keybase is expecting looks like this:
```BEGIN KEYBASE SALTPACK ENCRYPTED MESSAGE. keDIDMQWYvVR58B FTfTeDQNHx1585M wWbrASgxlB4AxUD GDs2vnNJvt5UodK mH0F6pHuD4vc3Vm lAlAPrh7ZKv2OTY HnLXoNcUySLmP3p 63H2m1IHrfmMttC RLfExoP8zM8ZQ6R b1AWj2suk3W6s2G r5LriMri8wq94Hs X4hS0THSXY4AK8r nWrWvYlT3LBcuza 5AL24aH3H1eNVPe Mev3P0esF4z3O4w 9g9EQGy9IGN4ft7 5TKjYlptRSsGYAB RlGQlkRFFHQomtD es0YdccwPYXC5aa YbWyCA7jVOSEvCQ dcUbmILBnJLgvnf CJA6cpucUDsUeoP bKhMOzGg72JFSQ1 OXRp5VNwlo4ox8E 1UfUcHnbYM8vtOw OsZfpid. END KEYBASE SALTPACK ENCRYPTED MESSAGE.```

However, my team lead asked that I stop going down this rabbit hole (which is starting to waste a lot of time) and instead find an alternative for generating/sending passwords! :confused:  I guess I’ll create my own dynamic provider to create the login profile (because the regular AWS one only supports encrypted passwords). I’ll generate a random password, configure it to force user to reset it upon first login, and just send it to user by email as plain-text (as it’s just a temporary one).  That’s a compromise, but we just need a simple enough workflow both for admins and users…