enough-leather-70274
03/01/2021, 6:54 AMwhite-balloon-205
03/01/2021, 7:26 AM<http://secret.id|secret.id>
or similar. If you have a code snippet of what you are trying - happy to provide more concrete suggestion.enough-leather-70274
03/01/2021, 7:33 AMconst secret = new Secret(construct, 'my-secret-name', {
generateSecretString: {
excludePunctuation: true,
generateStringKey: 'password',
},
});
the same value you used as an input to the SecretValueThis is what I want to avoid - I'd like to let SecretsManager generate the password, then have Pulumi fetch it, maybe via GetSecretVersion
billowy-army-68599
03/01/2021, 7:43 AMpulumi.Random
to generate the password:
https://www.pulumi.com/docs/reference/pkg/random/randompassword/
this marks it as secret and encrypts it in the Pulumi state, then I store that password in secrets managerGetRandomPassword
api (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetRandomPassword.html) isn't declarative. CDK works around that by only calling that value when required, but pulumi random provider will do basically the same thing and is also declerativeenough-leather-70274
03/01/2021, 7:47 AMbillowy-army-68599
03/01/2021, 7:49 AMenough-leather-70274
03/01/2021, 7:50 AM