Hi, What is the expected behavior of an `pulumi.co...
# general
Hi, What is the expected behavior of an
if the
object has data that was deemed a secret. I am trying to understand if
automatically translates the portion of the object into a secret that was set by using pulumi config set --secret. FWIW it seems to mask the secret in pulumi preview, but when writing the state file it seems to be showing keys in plain text.
Yes - you must use
to ensure the value is treated as a secret as part of the deployment (not serialized into any statefile). We will in the future make it an error to use other config functions on a secret config value (this is supported today for compatibility with how things worked prior to having deployment support for secrets).
Thanks for the clarification. Is there currently a github issue for the above. I would love to follow along