https://pulumi.com logo
#general
Title
# general
c

clever-plumber-29709

03/12/2021, 8:40 PM
when i read a pulumi config, that is an object, an some key, is a secret: Is there a way to know or differentiate the secret? ie:
Copy code
pulumi.stack.yml
config:
  proj:data:
    services:
      foo: bar
      priv:
        secure: AAABAB+T(...)sEmx8=

__main__.py
import pulumi

conf = pulumi_config.require_object("data")
This conf, is a dict, but pulumi correctly recognizes that inside there is a secret. if i print it shows:
{'foo': 'bar', 'priv': '[secret]'}
So i want to iterate over this dic, and do something on the secrets, but i'm not sure how to know. python thinks it is a str.
Copy code
print(conf["services"]["priv"])
print(type(conf["services"]["priv"]))

[secret]
<class 'str'>
r

red-match-15116

03/12/2021, 8:59 PM
Can you try
require_secret_object
? Link
c

clever-plumber-29709

03/12/2021, 9:38 PM
I noticed that, and i can require the whole
conf
as a secret object. But if i do that, i cant iterate over it, and all keys say true to
.is_secret()
r

red-match-15116

03/13/2021, 7:31 PM
Hmm yeah something here doesn’t look right. Can you open up an issue summarizing what you’re seeing with a repro?