flat-insurance-25294
12/20/2019, 11:00 AMfuture-barista-68134
12/20/2019, 3:56 PMflat-insurance-25294
12/21/2019, 1:47 PMprocess.env
to read them.
Then there are secrets generated by Pulumi, like RDS password. That’s fine, that can stay with Pulumi.
Out of curiosity, I don’t actually have to save the db, right? Pulumi does that for me when creating the RDS instance and each time I call pulumi up it will use said password for my Pod spec, right?future-barista-68134
12/21/2019, 6:24 PMI guess I can just useto read them.process.env
Yes this is a good option if you don’t want to use the Pulumi managed config. You could also drop in your own file at runtime and read from it.
each time I call pulumi up it will use said password for my Pod spec, right?
That’s correct. Pulumi keeps track of the inputs for resources in the state file. Pulumi encrypts this in transit and at rest but there are options to manage that yourself. See: https://www.pulumi.com/blog/managing-secrets-with-pulumi/.