https://pulumi.com logo
#general
Title
# general
b

bitter-island-28909

02/01/2019, 4:03 PM
Is there any way to use Pulumi’s config & secrets-management facility to securely manage and check in files that are a bit too large to comfortably fit in the config itself? I’m thinking of private keys, etc.
w

white-balloon-205

02/01/2019, 10:48 PM
I believe you can store fairly large text in config if you want to - but two alternatives: 1. Store the keys in some other location, and use a key pointing to that location as the config setting, then look up the value inside your Pulumi program (using
aws-sdk
or whatever other process you want). 2. Store files (potentially encrypted) in the source tree for each known target, and then a config key that picks which one to use and loads it from disk. We're looking into options to make (1) simpler in the future - allowing pluggable storage for config/secrets such that the secret can be stored in Secrets Manager, Vault, etc. and just the key to look it up stored in the Pulumi config, but then the value will be pulled from that store before Pulumi does the deployment. https://github.com/pulumi/pulumi/issues/1547 is tracking this - though the issue isn't quite up to date with current thinking.