https://pulumi.com logo
Title
g

great-analyst-59265

09/23/2020, 9:12 AM
is it possible to store the Azure client secret as an encrypted value in the Pulumi state file?
b

better-rainbow-14549

09/23/2020, 12:50 PM
there's an "additionalSecretOutputs" or something property you can apply to each resource, that should do it
ūüĎć 2
g

great-analyst-59265

09/24/2020, 2:51 PM
I was using the default Azure provider "pulumiūüėõroviders:azure::default_3_19_0". As I understand I have to create a custom Azure provider and specify the values as Pulumi secret:
import { clientId, clientSecret, environment, subscriptionId, tenantId } from "@pulumi/azure/config";
import { interpolate, secret } from "@pulumi/pulumi";
import { Provider } from "@pulumi/azure";

export const azProvider = new Provider("az-provider", {
  clientId: secret(interpolate`${clientId}`),
  clientSecret: secret(interpolate`${clientSecret}`),
  environment: secret(interpolate`${environment}`),
  subscriptionId: secret(interpolate`${subscriptionId}`),
  tenantId: secret(interpolate`${tenantId}`),
});