No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello, I’m looking for a Pulumi example of how to pass a secret (at the moment it’s a pulumi secret) to a ECS Fargate Task container secrets, so I can inject passwords in a secure way. Would you be able to point me to some relevant documentation / resources?

you can create a AWS secrets manager resource and then reference the arn of that resource in your <https://aws.amazon.com/premiumsupport/knowledge-center/ecs-data-security-container-task/|fargate task definition>
```      "secrets": [
        {
          "name": "DATABASE_PASSWORD",
          "valueFrom": "arn:aws:secretsmanager:us-east-1:awsExampleAccountID:parameter/awsExampleParameter"
        }
      ]```

Cheers Mike. That’s helpful :slightly_smiling_face:

FYI Pulumi secrets are only secret between where they're persisted, and your code. Once your code puts them somewhere, they're unencrypted.
Generally solutions like Mike's are the way to go: the secret is secret in AWS's storage and used by AWS services.

That makes sense and was my understanding (thank you for clarifying though :slightly_smiling_face: )

and it turned out to be dead easy to set it as ssm parameter, so now I know how to solve it seems obvious