No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi <@U01EJ0CBF2A>

You an actually take advantage of additionalSecretOutputs here - this will encrypt the output value for use in the state and the CLI but Pulumi will be able to understand that it's a secret and it will be able to be used in resources

<https://www.pulumi.com/docs/intro/concepts/programming-model/#additionalsecretoutputs>

ok, great, that seems to address the “state encryption” part of my concern, but I guess my question is more how an admin could retrieve the password to send it to the user…

unless a better solution would be to automatically email the new user his/her temporary password directly… :thinking_face:

if they have access to the keys used with the secrets provider

Definitely, thanks a lot <@UHTP242EB>, I’ll look into that! :+1:

You might also like `pulumi stack output myPasswordOutputName --show-secrets`

thanks <@U013Q0AKUCW>, good to know! :slightly_smiling_face: