https://pulumi.com logo
Powered by
b

busy-soccer-65968

06/04/2020, 10:12 PM
what causes state values to become 
"[secret]"
and is there a way to disable it on fields? it's causing massive diffs. I'll thread an example.
Copy code
spec      : {
    ~ template: {
        ~ spec    : {
            - containers: "[secret]" <----- HERE
            + containers: [
            +     [0]: {
                    + command        : [
                    +     [0]: "xxx"
                    +     [1]: "xxx"
                    +     [2]: "xxx"
                    +     [3]: "xxx"
                    +     [4]: "xxx"
                      ]
                    + env            : [
                    +     [0]: {
                            + name : "ENVIRONMENT"
                            + value: "stage"
                          }
                      ]
                    + image          : "<http://0000000000.dkr.ecr.us-west-1.amazonaws.com/test:latest|0000000000.dkr.ecr.us-west-1.amazonaws.com/test:latest>"
                    + imagePullPolicy: "Always"
                    + name           : "test"
                    + ports          : [
                    +     [0]: {
                            + containerPort: 8000
                          }
                      ]
                    + resources      : {
                        + limits  : {
                            + cpu   : "4"
                            + memory: "8G"
                          }
                        + requests: {
                            + cpu   : "2"
                            + memory: "4G"
                          }
                      }
                    + volumeMounts   : [
                    +     [0]: {
                            + mountPath: "/config"
                            + name     : "config"
                            + readOnly : true
                          }
                      ]
                  }
              ]
            - volumes   : "[secret]" <----- HERE
            + volumes   : [
            +     [0]: {
                    + name  : "config"
                    + secret: {
                        + secretName: "config"
                      }
                  }
              ]
          }
      }
  }
g

green-school-95910

06/04/2020, 10:16 PM
It becomes a secret if any of the values you used comes from a secret output. A secret output can be: • A resource output marked as secret • A configuration that you accessed with 
getSecret
, 
requireSecret
or any of their variants • A value explicitly marked as secret using 
pulumi.secret(value)
Any 
Output
created using any secret is also a secret
b

busy-soccer-65968

06/04/2020, 10:18 PM
i'm using a 
core.v1.Secret
attached to a deployment
g

green-school-95910

06/04/2020, 10:19 PM
Not that secret, the value is a 
pulumi.Output
that is set as a secret, probably because it is a sensitive value or used a sensitive value to be generated
b

busy-soccer-65968

06/04/2020, 10:20 PM
here?
g

green-school-95910

06/04/2020, 10:21 PM
These secrets
b

busy-soccer-65968

06/04/2020, 10:21 PM
sorry i'm a little confused because I don't set a pulumi secret anywhere
like output secret
l

lemon-agent-27707

06/04/2020, 10:22 PM
Some resources will have outputs that are marked as secret by default.
b

busy-soccer-65968

06/04/2020, 10:22 PM
that's what I was looking for. ty
@lemon-agent-27707 do you know how to see it?
looking at the 
Secret.ts
I don't see anything obvious to me
l

lemon-agent-27707

06/04/2020, 10:23 PM
b

busy-soccer-65968

06/04/2020, 10:24 PM
thanks for help guys 🙇
Powered by