colossal-plastic-46140
02/25/2020, 2:09 PMpulumi.config.require_object("config")
if the config
object has data that was deemed a secret. I am trying to understand if require_object
automatically translates the portion of the object into a secret that was set by using pulumi config set --secret. FWIW it seems to mask the secret in pulumi preview, but when writing the state file it seems to be showing keys in plain text.white-balloon-205
require_secret
to ensure the value is treated as a secret as part of the deployment (not serialized into any statefile).
We will in the future make it an error to use other config functions on a secret config value (this is supported today for compatibility with how things worked prior to having deployment support for secrets).colossal-plastic-46140
02/25/2020, 3:04 PMwhite-balloon-205