https://pulumi.com logo
a

alert-artist-66265

03/13/2020, 11:59 PM
hello, im trying to create a secret with new k8s.core.v1.Secret()... do i need to pass the strings in base64 (as in regular k8s secrets) or just plain strings?
w

white-balloon-205

03/14/2020, 12:02 AM
Yeah - you need to
base64
encode it as normal for Kubernetes. A few examples here: https://github.com/pulumi/examples/search?q=k8s.core.v1.Secret&unscoped_q=k8s.core.v1.Secret
b

billowy-army-68599

03/14/2020, 12:25 AM
@alert-artist-66265 if you really want to use a plainString, use
stringData
https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/kubernetes/types/input/#Secret-stringData
it'll base64 encode the string on the API server. You probably want to wrap it in
pulumi.Secret
though so it doesn't get stored in plaintext 😉
a

alert-artist-66265

03/14/2020, 1:04 AM
thanks, i did set the string contents with pulumi config set key value --secret which then i attemted to decode with base64 and it didnt worked.. so i assumed that the values where not base64 encoded but actually encrypted at rest in the Pulumi.stack file a-la-Ansible. thanks
g

gorgeous-egg-16927

03/14/2020, 2:19 AM
it'll base64 encode the string on the API server. You probably want to wrap it in
pulumi.Secret
though so it doesn't get stored in plaintext 😉
Pulumi should automatically mark both the ‘data’ and ‘stringData’ fields as secret. This changed fairly recently.