Thread
#general
    g

    gentle-piano-19726

    7 months ago
    I'm using https://www.pulumi.com/registry/packages/random/api-docs/randompassword/ but not sure how to read out the secret that gets produced? Am I thinking about this wrong? I am setting up an RDS instance
    l

    little-cartoon-10569

    7 months ago
    It's the result property, which is a secret output. You can pass it to another Pulumi resource that requires an input. If you want to see it on the command like, you export it in the normal way, then call
    pulumi stack --show-secrets
    g

    gentle-piano-19726

    7 months ago
    ah that flag is what I didn't know thanks
    Can that be achieved in the ui as well?
    l

    little-cartoon-10569

    7 months ago
    The Pulumi app / service? Don't know, never tried 🤔
    g

    gentle-piano-19726

    7 months ago
    Yeah the hosted pulumi app/service, in there now and it doesn't seem so
    cli only access is fine for me
    b

    bored-table-20691

    7 months ago
    @gentle-piano-19726 it can’t - the Service doesn’t have access to your encryption keys that the secret is encrypted with.
    g

    gentle-piano-19726

    7 months ago
    @bored-table-20691 hm, I never setup encryption keys––where would those be coming from?
    l

    little-cartoon-10569

    7 months ago
    Pulumi.yaml 🙂
    g

    gentle-piano-19726

    7 months ago
    hm, not sure I follow
    l

    little-cartoon-10569

    7 months ago
    You've got the default one based on your login then.
    g

    gentle-piano-19726

    7 months ago
    my login to... pulumi? Or is this AWS based?
    l

    little-cartoon-10569

    7 months ago
    You can set up an explicit secrets provider at the project level, but the default is to use the Pulumi backend, the Service.
    b

    bored-table-20691

    7 months ago
    Login to Pulumi - the Pulumi service is your encryption provider.
    g

    gentle-piano-19726

    7 months ago
    I'm logged in
    p login
    Logged in to <http://pulumi.com|pulumi.com> as jasonkuhrt (<https://app.pulumi.com/jasonkuhrt>)
    How is this supposed to work in a team setting?
    l

    little-cartoon-10569

    7 months ago
    Generally you should use an organization. The secret manager can be at that level.
    Stacks are per account, so using a personal account for deploying makes things very hard to managed in a team context.
    b

    bored-table-20691

    7 months ago
    g

    gentle-piano-19726

    7 months ago
    Ok, I am using an org (trial) already so that's one step
    l

    little-cartoon-10569

    7 months ago
    That's your secrets provider then.
    g

    gentle-piano-19726

    7 months ago
    Ok
    so everyone that has access to the org can work with the secrets IIUC?
    b

    bored-table-20691

    7 months ago
    Yes