victorious-sugar-42620
12/08/2021, 3:07 AMdev:ACCOUNTS:
- pass:
secure: v1:xxxxxxxxx
user: admin
- pass:
secure: v1:yyyyyyyyy
user: admin2
What I am trying to achieve is to get this, turn it into JSON and send it to my Node application as a environment variable. The problem is when I do something like this:
const config = new Config();
config.requireSecretObject<any[]>('ACCOUNTS').apply(a => JSON.stringfy(a)); // Will produce "[{\"pass\":\"[secret]\",\"user\":\"admin\"},{\"pass\":\"[secret]\",\"user\":\"admin2\"}]"
JSON.stringfy(config.requireObject('ACCOUNTS')) // Will also produce "[{\"pass\":\"[secret]\",\"user\":\"admin\"},{\"pass\":\"[secret]\",\"user\":\"admin2\"}]"
I want the secret itself, the only reason I use it as a secret in the stack is to avoid it in plain text in the Github Repo. I have no problems with people being able to see it inside the TaskDefinition (since I am using AWS). How do I achieve this?red-match-15116
12/08/2021, 3:28 AMrequireObject
instead of requireSecretObject
it will use the plaintext version. But note that it will be saved to pulumi state as plaintext.victorious-sugar-42620
12/08/2021, 3:37 AMpulumi.unsecure
but it does not work eitherpulumi config --show-secrets
so it is not a stack bad configurationred-match-15116
12/08/2021, 3:45 AMvictorious-sugar-42620
12/08/2021, 3:46 AM"[{\"pass\":\"[secret]\",\"user\":\"admin\"},{\"pass\":\"[secret]\",\"user\":\"admin2\"}]"
red-match-15116
12/08/2021, 3:50 AMunsecret
or requireObject
don't unsecret the top-level object because it was never a secret in the first place.victorious-sugar-42620
12/08/2021, 3:52 AM