https://pulumi.com logo
Title
g

gentle-piano-19726

02/14/2022, 10:22 PM
I'm using https://www.pulumi.com/registry/packages/random/api-docs/randompassword/ but not sure how to read out the secret that gets produced? Am I thinking about this wrong? I am setting up an RDS instance
l

little-cartoon-10569

02/14/2022, 10:27 PM
It's the result property, which is a secret output. You can pass it to another Pulumi resource that requires an input. If you want to see it on the command like, you export it in the normal way, then call
pulumi stack --show-secrets
g

gentle-piano-19726

02/14/2022, 10:27 PM
ah that flag is what I didn't know thanks
👍 1
Can that be achieved in the ui as well?
l

little-cartoon-10569

02/14/2022, 10:27 PM
The Pulumi app / service? Don't know, never tried 🤔
g

gentle-piano-19726

02/14/2022, 10:28 PM
Yeah the hosted pulumi app/service, in there now and it doesn't seem so
cli only access is fine for me
👍 1
b

bored-table-20691

02/14/2022, 10:28 PM
@gentle-piano-19726 it can’t - the Service doesn’t have access to your encryption keys that the secret is encrypted with.
g

gentle-piano-19726

02/14/2022, 10:29 PM
@bored-table-20691 hm, I never setup encryption keys––where would those be coming from?
l

little-cartoon-10569

02/14/2022, 10:29 PM
Pulumi.yaml 🙂
g

gentle-piano-19726

02/14/2022, 10:30 PM
hm, not sure I follow
l

little-cartoon-10569

02/14/2022, 10:30 PM
You've got the default one based on your login then.
g

gentle-piano-19726

02/14/2022, 10:30 PM
my login to... pulumi? Or is this AWS based?
l

little-cartoon-10569

02/14/2022, 10:30 PM
You can set up an explicit secrets provider at the project level, but the default is to use the Pulumi backend, the Service.
b

bored-table-20691

02/14/2022, 10:31 PM
Login to Pulumi - the Pulumi service is your encryption provider.
g

gentle-piano-19726

02/14/2022, 10:31 PM
I'm logged in
❯ p login
Logged in to <http://pulumi.com|pulumi.com> as jasonkuhrt (<https://app.pulumi.com/jasonkuhrt>)
How is this supposed to work in a team setting?
l

little-cartoon-10569

02/14/2022, 10:31 PM
Generally you should use an organization. The secret manager can be at that level.
Stacks are per account, so using a personal account for deploying makes things very hard to managed in a team context.
b

bored-table-20691

02/14/2022, 10:32 PM
g

gentle-piano-19726

02/14/2022, 10:32 PM
Ok, I am using an org (trial) already so that's one step
l

little-cartoon-10569

02/14/2022, 10:32 PM
That's your secrets provider then.
g

gentle-piano-19726

02/14/2022, 10:32 PM
Ok
so everyone that has access to the org can work with the secrets IIUC?
b

bored-table-20691

02/14/2022, 10:46 PM
Yes