hey guys, I have a object in my stack with some pr...
# general
hey guys, I have a object in my stack with some properties using secrets. For example:
Copy code
  - pass:
      secure: v1:xxxxxxxxx
    user: admin
  - pass:
      secure: v1:yyyyyyyyy
    user: admin2
What I am trying to achieve is to get this, turn it into JSON and send it to my Node application as a environment variable. The problem is when I do something like this:
Copy code
const config = new Config();
config.requireSecretObject<any[]>('ACCOUNTS').apply(a => JSON.stringfy(a)); // Will produce "[{\"pass\":\"[secret]\",\"user\":\"admin\"},{\"pass\":\"[secret]\",\"user\":\"admin2\"}]"
JSON.stringfy(config.requireObject('ACCOUNTS')) // Will also produce "[{\"pass\":\"[secret]\",\"user\":\"admin\"},{\"pass\":\"[secret]\",\"user\":\"admin2\"}]"
I want the secret itself, the only reason I use it as a secret in the stack is to avoid it in plain text in the Github Repo. I have no problems with people being able to see it inside the TaskDefinition (since I am using AWS). How do I achieve this?
If you use
instead of
it will use the plaintext version. But note that it will be saved to pulumi state as plaintext.
I have already tried this and it does not work
I have also tried
but it does not work either
Note that it works fine in the CLI
pulumi config --show-secrets
so it is not a stack bad configuration
Hmm... maybe it's because the whole object is not a secret but the individual keys are?
It gives me this:
Copy code
It is strange because the CLI works fine
only the TS does not as expected
yeah I think it's probably a bug - but I do think it's related to the fact that the individual keys are secrets rather than the entire object which means that
don't unsecret the top-level object because it was never a secret in the first place.
What it should do is also unsecret the individual keys.. but it seems it is not doing that.
Yep, I might look into contributing tomorrow
But it seems pretty complicated for what I have seen so far