https://pulumi.com logo
s

sparse-apartment-71989

08/04/2021, 5:04 PM
As part of my talk last night to St. Louis Serverless about Pulumi, I covered Config, particularly the Secrets part of it. I was amazed, and thoroughly impressed with how hard it was to leak a secret out. I was using Typescript, so of course I showed exporting the secret as an Output and
console.log()
. Then I tried using
someSecret.substring(0)
and
someSecret.substring(0, someSecret.length)
and it wouldn’t leak. Then I tried outputting
someSecret.concat('zzz')
and was amazed to see
[secret]zzz
output. Well done to whoever wrote the interceptor(s) to catch leaking secrets and help prevent their escaping!
❤️ 5
🙌 1
g

great-sunset-355

08/04/2021, 5:57 PM
yeah I have to say it's a pretty neat feature, even if you just print the same string as the secret it covers it