just regular

pulumi up

this is just a regular URL, which is not secret and I want to

unsecret

it

github action that detects “changes” every single time shows this change, which doesn’t make any sense to keep it running continuously 😞

so the flow is like this: 1) pulumi up (i get this change from secret to output<string>) 2) okay, let’s apply it 3) try again - it shows the same transformation from secret to output

¯\_(ツ)_/¯

There is no “secret” type. The log is not saying that the secret is transforming into an output, it is telling you that the secret is a string. The arrow may be misleading in that case

I'm incorrect. I'm sorry. I clearly need coffee. It looks like it is in fact telling you that if you apply the change it will unsecret it. You're saying that doesn't work? Or at the very least it's saying it will change it to an output string, but that could still be a secret. So you may need to share your unsecret usage

I wonder if what you’re seeing here is the CLI masking any value that matches a configured secret. Even if you

.unsecret()

the secret within the scope of the program, Pulumi will still prevent that value from being exposed by the CLI. So if your program happens to be tracking a secret whose value matches what you’ve got there for the

url

property, the CLI will always mask it as

"[secret]"

.

Hard to tell if that’s what’s going on here, but seems like it could be.