No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I see the same behavior.  Seems like that should stay secret.

Thanks for taking the time to check this, <@UDLHQLKB4>! I think I might open an issue in the GitHub repository for this.

I don’t know the specifics off the top of my head, but it is possible to “flow” values that are secret through a checkpoint file. (So that the resource input/output would be a secret/encrypted in the checkpoint file.)

It might require changing the resource provider however, so that the resource inputs/outputs are marked appropriately to get that behavior. But it’s certainly possible, and from what it sounds, what we would want to happen in this case too.