when i read a pulumi config, that is an object, an some key, is a secret: Is there a way to know or differentiate the secret? ie:

pulumi.stack.yml
config:
  proj:data:
    services:
      foo: bar
      priv:
        secure: AAABAB+T(...)sEmx8=

__main__.py
import pulumi

conf = pulumi_config.require_object("data")

This conf, is a dict, but pulumi correctly recognizes that inside there is a secret. if i print it shows:

{'foo': 'bar', 'priv': '[secret]'}

So i want to iterate over this dic, and do something on the secrets, but i'm not sure how to know. python thinks it is a str.

print(conf["services"]["priv"])
print(type(conf["services"]["priv"]))

[secret]
<class 'str'>

Can you try

require_secret_object

? Link

I noticed that, and i can require the whole

conf

as a secret object. But if i do that, i cant iterate over it, and all keys say true to

.is_secret()

Hmm yeah something here doesn’t look right. Can you open up an issue summarizing what you’re seeing with a repro?