No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Pulumi does not yet mark them as secret automatically. We will do this in the future as part of <https://github.com/pulumi/pulumi-terraform/issues/449>.

In the meantime, you can use `additional_secret_outputs` per <https://www.pulumi.com/docs/intro/concepts/programming-model/#additionalsecretoutputs> to mark specific resource properties as secrets.

So it looks like the masking works if you mask on the whole entire object. For example, we have s3loggings.s3SecretKey. Is it possible only mask the s3secretKey vs masking all the values in the s3loggings block?

Currently it can only be applied to top-level properties or objects. I've opened <https://github.com/pulumi/pulumi/issues/3144> to track supporting nested properties.