No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I'm using Google Auth Platform (though very little else in Google Cloud) and was wondering if it was possible to create OAuth clients and client secrets?

Looking at the package docs for google I can't help but think I'm either looking in the wrong place or missing something that is right in front of me.

My purpose here is to be able to automate use of client secrets end to end without having to manually pull down a secret and then take steps to send it where its needed (EKS in the first instance) - this is the universal challenge, how do I get secrets to let code work with resources that need secrets without first knowing the secrets... something that Pulumi helps solve. (And yes there may be a better way, be delighted to learn what it is...)

It seems like there might not be an API for creating an OAuth client in gcp:
<https://issuetracker.google.com/issues/35907249>

So I think that is a manual step and perhaps Pulumi IaC and ESC could help after that.

Frustrating! Even given context (:point_down::skin-tone-2:) one wants to do the right thing and limit sharing of credentials as far as possible. Having to jump through manual hoops pushes one in the other direction just to avoid the work - and it also makes even contemplating the notion of rotating things painful. If I can write a F# functions and pull the output across stacks then its easy to do the right (or at least "less wrong") thing, if not then... what's the least that I can do that works (and I actually end up with documented manual steps given the way Google's auth works).

Still, at least I wasn't missing something obvious - so I'll take the small victory!

For context I'm a team of 2 in a teeny business (and the devops bit is *all* me) - much as it might be useful hard to justify (something like) ESC.

yeah, I get that. Budget is not infinite. I think pricing is pretty reasonable, but that is not my area

I have significantly less budget than tests (and I have way too few of those). I also don't think pricing is unreasonable but I do think its pitched more toward enterprises than to me - and I can't argue with that, I want the company to be successful even if my personal toolbox is more limited