https://pulumi.com logo
#general
Title
# general
e

elegant-dress-88912

01/22/2020, 5:30 AM
pulumi up
shows secure outputs in plain text, is it a known issue? I am using pulumi random:
Copy code
import * as random from "@pulumi/random";
...
const redisPassword = new random.RandomPassword("redis", {
  length: 10,
  special: false
});

export const redisStgPassword = redisPassword.result;
Per docs, pulumi should display at as`[secret]` : https://www.pulumi.com/docs/intro/concepts/programming-model/#stack-outputs and https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/random/#RandomPassword while in my case it displays it in plaintext every invocation of
pulumi up
or
pulumi stack output
I am using pulumi 1.8.1 and random 1.4.0
w

white-balloon-205

01/22/2020, 5:32 AM
Right now - you need to specifiy
additionalSecretOutputs
to ensure outputs are secret (unless they were also inputs which were provided a secret value). https://github.com/pulumi/pulumi-terraform-bridge/issues/10 will make it so that this additional annotation is not required, and "Sensitive" outputs from upstream providers will automatically be marked as secret.
e

elegant-dress-88912

01/22/2020, 5:33 AM
thanks @white-balloon-205 !
@white-balloon-205, this worked well for
random.RandomPassword
and
tls.PrivateKey
(which are from terraform modules), but didn't work for k8s.Secret. Any idea? Code:
Copy code
const vaultAuthAccount = new k8s.core.v1.ServiceAccount(
...

// read from created account token secret
export const vaultAuthToken64 = k8s.core.v1.Secret.get(
  "vault-auth-token",
  pulumi.interpolate`${vaultAuthAccount.metadata.namespace}/${vaultAuthAccount.secrets[0].name}`,
  {
      additionalSecretOutputs: ["data"]
  }
).data.apply(d => (d as { token: string }).token);
looks like static method
get
of https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/kubernetes/core/v1/#Secret does not honor this option
mb there is some way to create secure
Output
from non-secure
Output
? I could use this as w/a.
w

white-balloon-205

01/22/2020, 5:53 AM
Hmm - that doesn't sound right. Could you open an issue with a report of that? (
get
not respecting this option).
e

elegant-dress-88912

01/22/2020, 5:53 AM
sure
w

white-balloon-205

01/22/2020, 5:54 AM
mb there is some way to create secure
Output
from non-secure
Output
?
Yeah -
pulumi.secret(output)
should work.
e

elegant-dress-88912

01/22/2020, 5:54 AM
thanks !