Channels
#general
Title
# general
b
bland-lawyer-98859
05/10/2022, 1:47 PMHello 🙂
I have a question about masking secrets in the pulumi preview output :
We create an AWS secret and I don't want the "secret_string" value to be shown in the pulumi preview output. How can I do that ?
Python pulumi code :
Copy code
secret_version = aws.secretsmanager.SecretVersion(f"aws_secretversion_{secret_name}", secret_id=secret.id, secret_string=json.dumps(secret_value)) Copy code
[urn=urn:pulumi:dev::snowflake::aws:secretsmanager/secretVersion:SecretVersion::aws_secretversion_snowflake/user/dev_usr_finops_api]
[provider=urn:pulumi:dev::snowflake::pulumi:providers:aws::default_4_38_1::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
secretId : output<string>
secretString: (json) {
password : "nDXw\">)ElJK=D+4$IvyJoBrbXR.LNF"
username : "TEST"
}m
millions-furniture-75402
05/10/2022, 1:48 PMIn the
opts Copy code
{ additionalSecretOutputs: ["secretString"] },b
bland-lawyer-98859
05/10/2022, 2:54 PMOh thanks for your answer.
But it didn't work :
Pulumi code :
Copy code
aws.secretsmanager.SecretVersion(
f"aws_secretversion_{secret_name}",
secret_id=secret.id, secret_string=json.dumps(secret_value), opts=ResourceOptions(additional_secret_outputs=["secretString"])) Copy code
aws:secretsmanager/secretVersion:SecretVersion: (create)
[urn=urn:pulumi:dev::snowflake::aws:secretsmanager/secretVersion:SecretVersion::aws_secretversion_snowflake/user/dev_usr_finops_api]
[provider=urn:pulumi:dev::snowflake::pulumi:providers:aws::default_4_38_1::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
secretId : output<string>
secretString: (json) {
password : "3BY,&LwsG__\\=)0/MUch[Te=J)zh[5"
username : "TEST"
}e
echoing-dinner-19531
05/10/2022, 4:14 PMThat looks like a bug, can you raise an issue at github.com/pulumi/pulumi so we can track that? Setting additional secret outputs should be sufficient to get that masked as [secret]
👍 1
b
bland-lawyer-98859
05/11/2022, 8:27 AMThanks @echoing-dinner-19531, I opened an issue : https://github.com/pulumi/pulumi/issues/9581
2 Views