bitter-island-28909
07/15/2019, 3:08 PMrandom
module. However, using the following code, the result
value of the RandomString
resource is still present in plaintext in the state (even though it’s correctly hidden as an attribute of the SSM Parameter.)
let password = pulumi.secret(new random.RandomString("my-password", {
length: 32
}).result);
let param = new aws.ssm.Parameter("my-password", {
name: "/my/password",
type: "SecureString",
value: password
});
white-balloon-205
random
package in particular unfortunately puts the secret value in both the value
field and the id
field. Blocking out the secret in the latter requires addressing https://github.com/pulumi/pulumi/issues/2717.
Blocking out any other property can be done with the additionalSecretOutputs: ["value"]
resource option. This tells Pulumi that that output from the resource should be marked as secret.bitter-island-28909
07/15/2019, 8:17 PMadditionalSecretOutputs
is just what I need. The random.SecureString
resource isn’t setting an id
(or at least, not one I can see in the state) so I think this is sufficient.