No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

that all depends on if the secret can be stored in your state

if thats fine, you can just use a random string  resource to feed the password

<https://github.com/pulumi/kubernetes-the-prod-way/blob/34c1bfded93822e02fb2ce8365f71b50b2d2d537/azure/identity/config.ts#L26-L30> is an example of using a random string to generate the password. You can also pass in an existing password as a config value with the `pulumi config set &lt;password&gt; --secret` CLI command

Indeed - these are both great options.

&gt; that all depends on if the secret can be stored in your state

This part is something we are working on right now as part of <https://github.com/pulumi/pulumi/issues/397>.  We plan to allow "secrets" to be encrypted in the checkpoint file as well, as an additional level of protection for any secrets managed via your Pulumi program.

Right, thanks <@UB3BGTV63> <@UE1LN7A22> and <@UD2HJDBCL>.
I was actually thinking of a way of managing the users CRUD operations and state like you do with clouds or k8s resources. Like having `PostgresUser` `ComponentResource` which knows it has created a user in the postgres cluster instance and is able to update or delete it later on.