https://pulumi.com logo
Join Slack
Powered by
what causes state values to become `"[secret]"` an...
# general
b
what causes state values to become 
"[secret]"
and is there a way to disable it on fields? it's causing massive diffs. I'll thread an example.
Copy code
spec      : {
    ~ template: {
        ~ spec    : {
            - containers: "[secret]" <----- HERE
            + containers: [
            +     [0]: {
                    + command        : [
                    +     [0]: "xxx"
                    +     [1]: "xxx"
                    +     [2]: "xxx"
                    +     [3]: "xxx"
                    +     [4]: "xxx"
                      ]
                    + env            : [
                    +     [0]: {
                            + name : "ENVIRONMENT"
                            + value: "stage"
                          }
                      ]
                    + image          : "<http://0000000000.dkr.ecr.us-west-1.amazonaws.com/test:latest|0000000000.dkr.ecr.us-west-1.amazonaws.com/test:latest>"
                    + imagePullPolicy: "Always"
                    + name           : "test"
                    + ports          : [
                    +     [0]: {
                            + containerPort: 8000
                          }
                      ]
                    + resources      : {
                        + limits  : {
                            + cpu   : "4"
                            + memory: "8G"
                          }
                        + requests: {
                            + cpu   : "2"
                            + memory: "4G"
                          }
                      }
                    + volumeMounts   : [
                    +     [0]: {
                            + mountPath: "/config"
                            + name     : "config"
                            + readOnly : true
                          }
                      ]
                  }
              ]
            - volumes   : "[secret]" <----- HERE
            + volumes   : [
            +     [0]: {
                    + name  : "config"
                    + secret: {
                        + secretName: "config"
                      }
                  }
              ]
          }
      }
  }
g
It becomes a secret if any of the values you used comes from a secret output. A secret output can be: • A resource output marked as secret • A configuration that you accessed with 
getSecret
, 
requireSecret
or any of their variants • A value explicitly marked as secret using 
pulumi.secret(value)
Any 
Output
created using any secret is also a secret
b
i'm using a 
core.v1.Secret
attached to a deployment
g
Not that secret, the value is a 
pulumi.Output
that is set as a secret, probably because it is a sensitive value or used a sensitive value to be generated
b
here?
g
These secrets
b
sorry i'm a little confused because I don't set a pulumi secret anywhere
like output secret
l
Some resources will have outputs that are marked as secret by default.
b
that's what I was looking for. ty
@lemon-agent-27707 do you know how to see it?
looking at the 
Secret.ts
I don't see anything obvious to me
l
b
thanks for help guys 🙇
Open in Slack
PreviousNext
Powered by