Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
c
chilly-crayon-19101
06/07/2020, 9:04 PMHi there, been having a noddle around with Pulumi and liking the premise. I have some azure functions that I am deploying and so far so good. The only problem I am having is exporting the host keys for some downstream CI processes. I have a bunch of smoke tests I would like to run on deployment and to set up the config I need the key. However I have noticed that the function key is not automatically marked as a secret. I am struggling to see a way to mark it as such so it does not get blasted to the logs in my CI for everyone to see. For other settings we can use the additionalSecretOutputs properties.
This is what I have so far:
import * as azure from "@pulumi/azure";
import * as configuration from "./IConfiguration";
let config = new pulumi.Config().requireObject<configuration.IConfiguration>("configuration");
const resourceGroup = new azure.core.ResourceGroup("resourceGroup", {
name: config.resourceGroupName
});
const apiStorageAccount = new azure.storage.Account("cvStorageAccount", {
name: `${config.appName}storage`,
resourceGroupName: resourceGroup.name,
accountReplicationType: "LRS",
accountTier: "Standard",
accountKind: "StorageV2"
}, {additionalSecretOutputs: ["primaryConnectionString"]});
const app = new azure.appservice.ArchiveFunctionApp("functionApp", {
resourceGroup,
name: `${config.appName}back`,
archive: new pulumi.asset.FileArchive("../src/CurriculumVitaeApi/bin/Release/netcoreapp3.1/publish"),
appSettings: {
"runtime": "dotnet",
"CvApiDataConnectionString": apiStorageAccount.primaryConnectionString,
"GetBlobPath": "curriculumvitae/{id}.json",
"ContainerName": "curriculumvitae"
}
});
export let baseurl = app.functionApp.defaultHostname.apply(x => `https://${x}`);
export let functionsHostKey = app.functionApp.getHostKeys().masterKey; //make me a secret please!
export let storageConnectionString = apiStorageAccount.primaryConnectionString;t
tall-librarian-49374
06/07/2020, 9:42 PMYou can wrap it into
pulumi.secretconst iamsecret = pulumi.secret("asecret");c
chilly-crayon-19101
06/10/2020, 5:03 AMHey apologies for the delay in replying. Thank you that has done the trick. I must have skipped over that in the reference docs, however I do not believe it is mentioned in any of the intros or user guides which may have been helpful.
t
tall-librarian-49374
06/10/2020, 6:34 AMIt’s mentioned in https://www.pulumi.com/docs/intro/concepts/programming-model/#secrets
If you have a better suggestion, could you please file an issue in https://github.com/pulumi/docs/issues
c
chilly-crayon-19101
06/10/2020, 8:44 AMI have no suggestions I think this one is on me for missing it 🤦♂️