https://pulumi.com logo
Join Slack
Powered by
any ideas, why my preview always shows this change...
# general
i
any ideas, why my preview always shows this changes? even if I use 
pulumi.unsecret
?
b
Are you use “—show-secrets” with your preview command?
i
@bored-oyster-3147 no
just regular 
pulumi up
b
Do the preview yourself. Tell it to show secrets if you want secrets in your logs. Then skip the preview with your up invocation. It doesn't show secrets by default. Imagine running pulumi in continuous deployment and having your secrets preserved in those logs for as long as your artifact retention.
i
the problem here is, I don’t want any secrets to be in the preview logs
this is just a regular URL, which is not secret and I want to 
unsecret
it
github action that detects “changes” every single time shows this change, which doesn’t make any sense to keep it running continuously 😞
so the flow is like this: 1) pulumi up (i get this change from secret to output<string>) 2) okay, let’s apply it 3) try again - it shows the same transformation from secret to output
¯\_(ツ)_/¯
b
I'm having a hard time understanding your flow example and getting the problem from it. What do you mean by “get this change from secret to output”? A secret and non-secrets use the same type in pulumi, they are both outputs.
There is no “secret” type. The log is not saying that the secret is transforming into an output, it is telling you that the secret is a string. The arrow may be misleading in that case
I'm incorrect. I'm sorry. I clearly need coffee. It looks like it is in fact telling you that if you apply the change it will unsecret it. You're saying that doesn't work? Or at the very least it's saying it will change it to an output string, but that could still be a secret. So you may need to share your unsecret usage
i
@bored-oyster-3147 I am saying it doesn’t work, it says to 
unsecret
every single time when I want to apply changes
m
@icy-jordan-58549 Is that screenshot from the Pulumi Service Console? (Guessing not, but just ruling that out)
I wonder if what you’re seeing here is the CLI masking any value that matches a configured secret. Even if you 
.unsecret()
the secret within the scope of the program, Pulumi will still prevent that value from being exposed by the CLI. So if your program happens to be tracking a secret whose value matches what you’ve got there for the 
url
property, the CLI will always mask it as 
"[secret]"
.
Hard to tell if that’s what’s going on here, but seems like it could be.
i
uh oh, thanks @miniature-musician-31262 . Yea, I am seeing this inside CLI
4 Views
Open in Slack
PreviousNext
Powered by