https://pulumi.com logo
Join Slack
Powered by
Hello All, I'm previewing Pulumi and I'm really en...
# general
f
Hello All, I'm previewing Pulumi and I'm really enjoying it so far....running into an issue with secrets however.... I create a secret using 
pulumi config set --secret [name] [value]
, but when I attempt to do 
cfg.requireSecret('[name]')
I'm getting an error during 
pulumi up
(see screenshot). If I hard code my variable (rather than using config) it works....I've tried the suggestions in the error, I've set the config variable to 
plaintext
and used 
cfg.require('[name]')
and still doesn't work....I've studied the secrets documentation....am I missing something?
I've also tried this, didn't work: const repositoryToken = cfg.requireSecret('repositoryToken').apply(x => 
${x}
);
q
You have to use repositoryToken within the 
apply()
closure. Like this:
Copy code
cfg.requireSecret("repositoryToken").apply(x => useToken(x));
apply
returns an 
Output
so you can't use it directly. Although all the Pulumi docs tell you to use 
apply
. I actually found it a lot easier to only use Promise with async/await. You can convert an 
Output
to a Promise with this:
Copy code
const fut = new Promise(f => output.apply(f));
I think requireSecret also has a version that returns a promise instead of output. Just checked it doesn't. But you can still convert it to a promise and 
await
on it yourself.
b
yep, Yage is right, if you share your full code we can help, you're likely passing the secret value to a resource parameter that only takes a string
f
Cool....here is the code:
Copy code
import * as pulumi from "@pulumi/pulumi";
import * as resources from "@pulumi/azure-native/resources";
import * as applatform from "@pulumi/azure-native/appplatform";
import * as azureweb from "@pulumi/azure-native/web";

const cfg = new pulumi.Config();
const repositoryToken = cfg.requireSecret('repositoryToken');

const frontend = new azureweb.StaticSite("static-site-name", {
    resourceGroupName: "[resourceGroupName]",
    branch: "main",
    name: "static-site-name",
    sku: {
        name: "Free",
        tier: "Free"
    },
    repositoryUrl: "[repositoryUrl]",
    repositoryToken: repositoryToken
});
every example I see doesn't show awaiting on the 
requireSecret
call so I'm a bit confused.
...and the reference to "lifting" in the docs suggests that the code above will work if I'm not mistaken?
q
It's unclear to me from the docs when lifting works and when it doesn't. From my anecdotal experience it's a pain to hope lifting works and find out later that it resulted in garbage value. I just use await to make the code nicer to write and read. It's been working well for me so far. My understanding is 
apply
and async/await accomplish the same thing. But with async/await you don't get callback hell.
So with async you would do this:
Copy code
const repositoryToken =
    await new Promise(f => cfg.requireSecret('repositoryToken').apply(f)) as string;
And keep rest of the code the same. But with apply:
Copy code
cfg.requireSecret('repositoryToken').apply(repositoryToken => {
    const frontend = new azureweb.StaticSite("static-site-name", {
        resourceGroupName: "[resourceGroupName]",
        branch: "main",
        name: "static-site-name",
        sku: {
            name: "Free",
            tier: "Free"
        },
        repositoryUrl: "[repositoryUrl]",
        repositoryToken: repositoryToken
    });
})
The nesting can get annoying pretty quickly unless there's a trick I don't know about.
Maybe the pulumi apply stuff was written before async await? I'm not familiar with node/js ecosystem. 🤷
Open in Slack
PreviousNext
Powered by