No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello, I was wondering what would be the best way to handle some applications specific users/credentials with pulumi ? ie. postgres
Before diving too deep in researches I could use some thoughts from you guys :slightly_smiling_face:

that all depends on if the secret can be stored in your state

if thats fine, you can just use a random string  resource to feed the password

<https://github.com/pulumi/kubernetes-the-prod-way/blob/34c1bfded93822e02fb2ce8365f71b50b2d2d537/azure/identity/config.ts#L26-L30> is an example of using a random string to generate the password. You can also pass in an existing password as a config value with the `pulumi config set &lt;password&gt; --secret` CLI command

Indeed - these are both great options.

&gt; that all depends on if the secret can be stored in your state

This part is something we are working on right now as part of <https://github.com/pulumi/pulumi/issues/397>.  We plan to allow "secrets" to be encrypted in the checkpoint file as well, as an additional level of protection for any secrets managed via your Pulumi program.

Right, thanks <@UB3BGTV63> <@UE1LN7A22> and <@UD2HJDBCL>.
I was actually thinking of a way of managing the users CRUD operations and state like you do with clouds or k8s resources. Like having `PostgresUser` `ComponentResource` which knows it has created a user in the postgres cluster instance and is able to update or delete it later on.