This message was deleted.
# general
s
This message was deleted.
b
that all depends on if the secret can be stored in your state
if thats fine, you can just use a random string resource to feed the password
g
https://github.com/pulumi/kubernetes-the-prod-way/blob/34c1bfded93822e02fb2ce8365f71b50b2d2d537/azure/identity/config.ts#L26-L30 is an example of using a random string to generate the password. You can also pass in an existing password as a config value with the
pulumi config set <password> --secret
CLI command
w
Indeed - these are both great options.
that all depends on if the secret can be stored in your state
This part is something we are working on right now as part of https://github.com/pulumi/pulumi/issues/397. We plan to allow "secrets" to be encrypted in the checkpoint file as well, as an additional level of protection for any secrets managed via your Pulumi program.
f
Right, thanks @white-balloon-205 @gorgeous-egg-16927 and @busy-umbrella-36067. I was actually thinking of a way of managing the users CRUD operations and state like you do with clouds or k8s resources. Like having
PostgresUser
ComponentResource
which knows it has created a user in the postgres cluster instance and is able to update or delete it later on.