No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Yeah - you need to `base64` encode it as normal for Kubernetes.

A few examples here: <https://github.com/pulumi/examples/search?q=k8s.core.v1.Secret&amp;unscoped_q=k8s.core.v1.Secret>

<@UUPJRBHK5> if you really want to use a plainString, use `stringData` <https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/kubernetes/types/input/#Secret-stringData>

it'll base64 encode the string on the API server. You probably want to wrap it in `pulumi.Secret` though so it doesn't get stored in plaintext :wink:

thanks, i did set the string contents with pulumi config set key value --secret which then i attemted to decode with base64 and it didnt worked.. so i assumed that the values where not base64 encoded but actually encrypted at rest in the Pulumi.stack file a-la-Ansible. thanks

&gt; it'll base64 encode the string on the API server. You probably want to wrap it in `pulumi.Secret` though so it doesn't get stored in plaintext :wink:

Pulumi should automatically mark both the ‘data’ and ‘stringData’ fields as secret. This changed fairly recently. 