No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I've tried several permutations of what's in the `data` arg to the Secret, and none of them are working.

`password.result.apply(lambda result: "{}".format(result))` seems to work to get the result of the RandomPassword provider, but the Kubernetes provider complains that it's not valid base64.

A lot of Pulumi code allows you to pass the object directly in. Have you tried that yet?

`data={"pw": password.result}` complains that the input isn't base64 encoded.

`error: Plan apply failed: resource &lt;my-resource&gt; was not successfully created by the Kubernetes API server : Secret in version "v1" cannot be handled as a Secret: v1.Secret.ObjectMeta: v1.ObjectMeta.TypeMeta: Kind: Data: decode base64: illegal base64 data at input byte 1, error found in #10 byte of ...|3{wTr*_uh"},"kind":"|..., bigger context ...|1","data":{"pw":"z%lyta@9S}h@-dESK+Yk#=x3{wTr*_uh"},"kind":"Secret","metadata":{"annotations":{"kube|...`

Pulumi should probably handle the encoding itself. I'm surprised that it expects me to do it (if that's what's happening here).

So now I've been through several attempts of trying to b64encode it and I can't get that to work.

What about saving `password.result.apply(lambda result: base64.b64encode(result.encode("utf-8")))` as a variable just below `password` and passing that variable in?

It shouldn't make a difference, but can't hurt to try

Okay wait, the latest error is saying that it got bytes where it expected string. So maybe I just need to re-decode the b64-encoded string.

Haha, yeah, this works:
```
data={"pw": password.result.apply(lambda result: base64.b64encode(result.encode("utf-8")).decode())},
```

Think I'll see if there's an issue open about this.

Turns out `Secret` has a `string_data` arg provided as a convenience method that does do the encoding for you.

I can pass `password.result` directly to that.

<@UP28YBH5E> yeah, we have a very unopinionated view of k8s right now. We do not “embellish” the API at all—it’s a 1:1 mapping with the underlying resource shapes. I think this is probably the right move currently.

If we diverge in random places I think it will mainly confuse people.