No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Why not generate the passwords outside of pulumi, store those in a key management location and then create pulumi config secrets and reference from that.  The reason I say this is, how are you going to know the dynamically generated password for say rds without spitting that to an output?

Or maybe even better use Aws secrets manager with key rotation. This will allow the password to be rotated and updated

I put them into a Kubernetes secret, so I don't need to spit them out other than that. The reason why I don't create them beforehand is that I want to minimize the steps outside of Pulumi.  But maybe AWS secrets manager can create handle Kubernetes secrets as well, I admit I have no clue about this.

<@U014G9U1DCP> how are you generating your random values? Is it by using `pulumi/random` resources? <https://github.com/pulumi/pulumi-random#example>

<@U014497Q309> Ahhh thank you! That was what I was looking for.