No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi everyone! Is it correct that aws.secretsmanager.getSecretVersion returns an object that doesn't mark `secretBinary` and `secretString` as sensitive values? I am using them as input values to my resources managed with a dynamic provider and it seems the input that got the value from `GetSecretVersionResult.secretString` is stored in the state unencrypted. It seems like a bug in the GetSecretVersion datasource.

This is definitely a bug, sorry about that. Can you open an issue in the pulumi-aws repo with a repro?

Done: <https://github.com/pulumi/pulumi-aws/issues/1449>