https://pulumi.com logo
#general
Title
# general
c

colossal-plastic-46140

02/25/2020, 2:09 PM
Hi, What is the expected behavior of an
pulumi.config.require_object("config")
if the
config
object has data that was deemed a secret. I am trying to understand if
require_object
automatically translates the portion of the object into a secret that was set by using pulumi config set --secret. FWIW it seems to mask the secret in pulumi preview, but when writing the state file it seems to be showing keys in plain text.
w

white-balloon-205

02/25/2020, 2:54 PM
Yes - you must use
require_secret
to ensure the value is treated as a secret as part of the deployment (not serialized into any statefile). We will in the future make it an error to use other config functions on a secret config value (this is supported today for compatibility with how things worked prior to having deployment support for secrets).
c

colossal-plastic-46140

02/25/2020, 3:04 PM
Thanks for the clarification. Is there currently a github issue for the above. I would love to follow along
w

white-balloon-205

02/25/2020, 4:01 PM
2 Views