https://pulumi.com logo
Title
c

chilly-crayon-19101

06/07/2020, 9:04 PM
Hi there, been having a noddle around with Pulumi and liking the premise. I have some azure functions that I am deploying and so far so good. The only problem I am having is exporting the host keys for some downstream CI processes. I have a bunch of smoke tests I would like to run on deployment and to set up the config I need the key. However I have noticed that the function key is not automatically marked as a secret. I am struggling to see a way to mark it as such so it does not get blasted to the logs in my CI for everyone to see. For other settings we can use the additionalSecretOutputs properties. This is what I have so far:
import * as azure from "@pulumi/azure";
import * as configuration from "./IConfiguration";

let config = new pulumi.Config().requireObject<configuration.IConfiguration>("configuration");

const resourceGroup = new azure.core.ResourceGroup("resourceGroup", {
    name: config.resourceGroupName
});

const apiStorageAccount = new azure.storage.Account("cvStorageAccount", {
    name: `${config.appName}storage`,
    resourceGroupName: resourceGroup.name,
    accountReplicationType: "LRS",
    accountTier: "Standard",
    accountKind: "StorageV2"
}, {additionalSecretOutputs: ["primaryConnectionString"]});

const app = new azure.appservice.ArchiveFunctionApp("functionApp", {
    resourceGroup,
    name: `${config.appName}back`,
    archive: new pulumi.asset.FileArchive("../src/CurriculumVitaeApi/bin/Release/netcoreapp3.1/publish"),
    appSettings: {
        "runtime": "dotnet",
        "CvApiDataConnectionString": apiStorageAccount.primaryConnectionString,
        "GetBlobPath": "curriculumvitae/{id}.json",
        "ContainerName": "curriculumvitae"
    }
});

export let baseurl =  app.functionApp.defaultHostname.apply(x => `https://${x}`);
export let functionsHostKey = app.functionApp.getHostKeys().masterKey; //make me a secret please!
export let storageConnectionString = apiStorageAccount.primaryConnectionString;
t

tall-librarian-49374

06/07/2020, 9:42 PM
You can wrap it into
pulumi.secret
.
const iamsecret = pulumi.secret("asecret");
c

chilly-crayon-19101

06/10/2020, 5:03 AM
Hey apologies for the delay in replying. Thank you that has done the trick. I must have skipped over that in the reference docs, however I do not believe it is mentioned in any of the intros or user guides which may have been helpful.
t

tall-librarian-49374

06/10/2020, 6:34 AM
It’s mentioned in https://www.pulumi.com/docs/intro/concepts/programming-model/#secrets If you have a better suggestion, could you please file an issue in https://github.com/pulumi/docs/issues
c

chilly-crayon-19101

06/10/2020, 8:44 AM
I have no suggestions I think this one is on me for missing it 🤦‍♂️