I'm using <https://www.pulumi.com/registry/package...
# general
g
I'm using https://www.pulumi.com/registry/packages/random/api-docs/randompassword/ but not sure how to read out the secret that gets produced? Am I thinking about this wrong? I am setting up an RDS instance
l
It's the result property, which is a secret output. You can pass it to another Pulumi resource that requires an input. If you want to see it on the command like, you export it in the normal way, then call
pulumi stack --show-secrets
g
ah that flag is what I didn't know thanks
👍 1
Can that be achieved in the ui as well?
l
The Pulumi app / service? Don't know, never tried 🤔
g
Yeah the hosted pulumi app/service, in there now and it doesn't seem so
cli only access is fine for me
👍 1
b
@gentle-piano-19726 it can’t - the Service doesn’t have access to your encryption keys that the secret is encrypted with.
g
@bored-table-20691 hm, I never setup encryption keys––where would those be coming from?
l
Pulumi.yaml 🙂
g
hm, not sure I follow
l
You've got the default one based on your login then.
g
my login to... pulumi? Or is this AWS based?
l
You can set up an explicit secrets provider at the project level, but the default is to use the Pulumi backend, the Service.
b
Login to Pulumi - the Pulumi service is your encryption provider.
g
I'm logged in
Copy code
❯ p login
Logged in to <http://pulumi.com|pulumi.com> as jasonkuhrt (<https://app.pulumi.com/jasonkuhrt>)
How is this supposed to work in a team setting?
l
Generally you should use an organization. The secret manager can be at that level.
Stacks are per account, so using a personal account for deploying makes things very hard to managed in a team context.
b
g
Ok, I am using an org (trial) already so that's one step
l
That's your secrets provider then.
g
Ok
so everyone that has access to the org can work with the secrets IIUC?
b
Yes