This message was deleted.
# generals
sparse-intern-71089
05/10/2020, 2:22 PMThis message was deleted.
b
broad-dog-22463
05/10/2020, 2:29 PMHey
Welcome :) you will be able to use the secret engine built into Pulumi to do this
import * as pulumi from "@pulumi/pulumi";
import * as random from "@pulumi/random";
const username = new random.RandomString("my-string", {
length: 16,
special: true,
}, {
// RandomString has an output of 'result' where the string actually is stored
additionalSecretOutputs: ["result"]
});
export const secret = username.result;
broad-dog-22463
05/10/2020, 2:29 PMAs a small example
broad-dog-22463
05/10/2020, 2:30 PMNotice that the CustomResourceOptions includes that secret options
g
gifted-ocean-95126
05/10/2020, 2:30 PMHi, thanks for the response
gifted-ocean-95126
05/10/2020, 2:31 PMI thought the secrets functionality was only for marking whether the items should be shown to the user or not
b
broad-dog-22463
05/10/2020, 2:33 PMNo that also encrypts in the state as well
g
gifted-ocean-95126
05/10/2020, 2:34 PMIs this two way encryption or is it a one way hash?
b
broad-dog-22463
05/10/2020, 2:35 PM2 way as the engine will know how to decrypt it
broad-dog-22463
05/10/2020, 2:36 PMBut you won’t be able to do it directly - the cli will need access to the kms key to be able to do it
g
gifted-ocean-95126
05/10/2020, 2:38 PMI can see that this is quite secure
gifted-ocean-95126
05/10/2020, 2:41 PMStill, is there no way to choose how the information is stored? For example, the Terraform provider hashes the value before storing it in the state (it seems the there is a setting called
StateFuncb
broad-dog-22463
05/10/2020, 3:11 PMPulumi have a number of secrets providers
🙏 1
👍 1
broad-dog-22463
05/10/2020, 3:11 PM