This message was deleted.

sparse-intern-71089

06/06/2020, 3:49 PM

This message was deleted.

strong-plastic-28250

06/06/2020, 4:01 PM

Why not generate the passwords outside of pulumi, store those in a key management location and then create pulumi config secrets and reference from that. The reason I say this is, how are you going to know the dynamically generated password for say rds without spitting that to an output?

strong-plastic-28250

06/06/2020, 4:02 PM

Or maybe even better use Aws secrets manager with key rotation. This will allow the password to be rotated and updated

gray-helicopter-10230

06/06/2020, 4:10 PM

I put them into a Kubernetes secret, so I don't need to spit them out other than that. The reason why I don't create them beforehand is that I want to minimize the steps outside of Pulumi. But maybe AWS secrets manager can create handle Kubernetes secrets as well, I admit I have no clue about this.

able-beard-29160

06/06/2020, 6:17 PM

@gray-helicopter-10230 how are you generating your random values? Is it by using

pulumi/random

resources? https://github.com/pulumi/pulumi-random#example

💯 1

gray-helicopter-10230

06/07/2020, 8:56 AM

@able-beard-29160 Ahhh thank you! That was what I was looking for.

👍🏻 1

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.