No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

The `random` package in particular unfortunately puts the secret value in both the `value` field and the `id` field.  Blocking out the secret in the latter requires addressing <https://github.com/pulumi/pulumi/issues/2717>.

Blocking out any other property can be done with the `additionalSecretOutputs: ["value"]` resource option.  This tells Pulumi that that output from the resource should be marked as secret.

oh, cool, looks like `additionalSecretOutputs` is just what I need. The `random.SecureString` resource isn’t setting an `id` (or at least, not one I can see in the state) so I think this is sufficient.