No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

```
export const imagePullSecret = new k8s.core.v1.Secret(
    "docker-hub",
    {
        type: "<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>",
        metadata: {
            namespace: "community"
        },
        stringData: {
            ".dockerconfigjson": config
                .requireSecret("docker-hub-token")
                .apply(value =&gt; {
                    return JSON.stringify({
                        auths: {
                            "<https://index.docker.io/v1/>": {
                                auth: value
                            }
                        }
                    })
                })
        },
    },
    {
        provider: kubernetesProvider
    }
);

```

^ I think that should do the trick. I made a couple changes:
1. Using the `stringData` field avoids having to base64 encode the string yourself.
2. You weren’t returning a value inside of the `apply`, so the value of `.dockerconfigjson` was `null`.

I realize this is still complicated, but we’re actively working on making this process far easier. Stay tuned for related announcements around KubeCon next month!

Thank you. I'll give that a try :grinning:

Do you know if it's possible to create a service account and then fetch the default token that is created?

I haven’t done that myself, but it should be doable.

Can you give me an example of how you’re creating the service account and where you need to use the token?

I have a private repository, called production, that creates a namespace for each team at InfluxDB

Each namespace gets a default service account. I want to use that as an output to consume in each team's repository for their own Pulumi code

I also don't mind creating an explicit service account in the namespace too, if that's easier

I think, in my limited knowledge, the challenge is because the token is created async by a controller

My limited knowledge of Pulumi I mean, I'm down with the Kubernetes bit :+1:

I’m not super familiar with service accounts in k8s, but you can use the `get` APIs to grab info on resources created out of band from Pulumi (e.g., by k8s). Something like this might do the trick:
```
const token = k8s.core.v1.ServiceAccount.get("token", "namespace/token-id");
```

I'd probably need to enter an arbitrary sleep to let the reconcile happen,. It that could work. I'll let you know

<@UE1LN7A22> has this been made easier meanwhile? I need the same.

Not yet, but I could add it to the kx package pretty easily. Can you file an issue to remind me?

<https://github.com/pulumi/pulumi-kubernetesx/issues/49>