hey guys, I have a object in my stack with some properties using secrets. For example:

dev:ACCOUNTS:
  - pass:
      secure: v1:xxxxxxxxx
    user: admin
  - pass:
      secure: v1:yyyyyyyyy
    user: admin2

What I am trying to achieve is to get this, turn it into JSON and send it to my Node application as a environment variable. The problem is when I do something like this:

const config = new Config();
config.requireSecretObject<any[]>('ACCOUNTS').apply(a => JSON.stringfy(a)); // Will produce "[{\"pass\":\"[secret]\",\"user\":\"admin\"},{\"pass\":\"[secret]\",\"user\":\"admin2\"}]"
JSON.stringfy(config.requireObject('ACCOUNTS')) // Will also produce "[{\"pass\":\"[secret]\",\"user\":\"admin\"},{\"pass\":\"[secret]\",\"user\":\"admin2\"}]"

I want the secret itself, the only reason I use it as a secret in the stack is to avoid it in plain text in the Github Repo. I have no problems with people being able to see it inside the TaskDefinition (since I am using AWS). How do I achieve this?

If you use

requireObject

instead of

requireSecretObject

it will use the plaintext version. But note that it will be saved to pulumi state as plaintext.

I have already tried this and it does not work

Hmm... maybe it's because the whole object is not a secret but the individual keys are?

maybe...

yeah I think it's probably a bug - but I do think it's related to the fact that the individual keys are secrets rather than the entire object which means that

unsecret

or

requireObject

don't unsecret the top-level object because it was never a secret in the first place.

Yep, I might look into contributing tomorrow