hello, im trying to create a secret with new k8s.core.v1.Secret()... do i need to pass the strings in base64 (as in regular k8s secrets) or just plain strings?

Yeah - you need to

base64

encode it as normal for Kubernetes. A few examples here: https://github.com/pulumi/examples/search?q=k8s.core.v1.Secret&unscoped_q=k8s.core.v1.Secret

@alert-artist-66265 if you really want to use a plainString, use

stringData

https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/kubernetes/types/input/#Secret-stringData

thanks, i did set the string contents with pulumi config set key value --secret which then i attemted to decode with base64 and it didnt worked.. so i assumed that the values where not base64 encoded but actually encrypted at rest in the Pulumi.stack file a-la-Ansible. thanks

it'll base64 encode the string on the API server. You probably want to wrap it in

pulumi.Secret

though so it doesn't get stored in plaintext 😉

Pulumi should automatically mark both the ‘data’ and ‘stringData’ fields as secret. This changed fairly recently.