Currently any values captured by code that is transformed into a lambda are just serialized into the text of the lambda.
Once
https://github.com/pulumi/pulumi/issues/397 is complete, we will be able to improve this to understand when the value we are serializing is a secret, and in that case can use Lambda environment variables to pass the data. This is a planned work item as follow up to the above.
For now, if you do need these secrets to be passed in environment variables instead of serialized to text, you will want to manually pass in via
environment
and the. Pull out from the environment yourself instead of relying just on Pulumi’s setialization.
Cc also
@bitter-oil-46081 and
@lemon-spoon-91807 for fyi.