No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi <@UHTP242EB>

What version of Pulumi are you using?

```import * as pulumi from "@pulumi/pulumi";

const cfg = new pulumi.Config();
const dbUsername = cfg.requireSecret("db_username");
const dbPassword = cfg.requireSecret("db_password");

export const user = dbUsername;
export const pw = dbPassword;```

I have the following in my Pulumi.dev.yaml

```▶ cat Pulumi.dev.yaml
config:
  secrets:db_password: MyPassword1234!
  secrets:db_username: rootUser```

```▶ pulumi up --yes --skip-preview
Updating (dev):
     Type                 Name         Status
 +   pulumi:pulumi:Stack  secrets-dev  created

Outputs:
    pw  : "[secret]"
    user: "[secret]"

Resources:
    + 1 created

Duration: 3s```

```{
    "version": 3,
    "deployment": {
        "manifest": {
            "time": "2020-04-16T16:35:05.141064+01:00",
            "magic": "b4c27b9ea131fefdc2090b2fd0e08de221f1d26b5f7cfbbaf74f86e1123059a7",
            "version": "v1.14.1"
        },
        "secrets_providers": {
            "type": "service",
            "state": {
                "url": "<https://api.pulumi.com>",
                "owner": "stack72",
                "project": "secrets",
                "stack": "dev"
            }
        },
        "resources": [
            {
                "urn": "urn:pulumi:dev::secrets::pulumi:pulumi:Stack::secrets-dev",
                "custom": false,
                "type": "pulumi:pulumi:Stack",
                "outputs": {
                    "pw": {
                        "4dabf18193072939515e22adb298388d": "1b47061264138c4ac30d75fd1eb44270",
                        "ciphertext": "AAABAMlyCKlz16OObcTPlx8o2xsuPEsrCESVLt+S9oS9tltrN0op7hfpfh1FrLnSFQ=="
                    },
                    "user": {
                        "4dabf18193072939515e22adb298388d": "1b47061264138c4ac30d75fd1eb44270",
                        "ciphertext": "AAABAFRmO08aa/G7xeDWDCW9iukWzqHqWS54WoyiXfluDkutsSUEtSWz"
                    }
                }
            }
        ]
    }
}```

I don't see any unencrypted secrets in the outputs section

I’ll split out a separate project and see if I can replicate there. I’m creating an rds instance, and the plaintext password is showing up in the `outputs` for that

```const cfg = new pulumi.Config();
const dbUsername = cfg.requireSecret("db_username");
const dbPassword = cfg.requireSecret("db_password");

const db = new aws.rds.Instance(c19track, {
    engine: "postgres",
    instanceClass: aws.rds.InstanceTypes.T3_Micro,
    allocatedStorage: 5,
    dbSubnetGroupName: subnetGroup.id,
    vpcSecurityGroupIds: cluster.securityGroups.map(g =&gt; g.id),
    name: "c19",
    username: dbUsername,
    password: dbPassword,
    skipFinalSnapshot: true,
});```