Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
g
gentle-piano-19726
02/14/2022, 10:22 PMI'm using https://www.pulumi.com/registry/packages/random/api-docs/randompassword/ but not sure how to read out the secret that gets produced? Am I thinking about this wrong? I am setting up an RDS instance
l
little-cartoon-10569
02/14/2022, 10:27 PMIt's the result property, which is a secret output. You can pass it to another Pulumi resource that requires an input. If you want to see it on the command like, you export it in the normal way, then call
pulumi stack --show-secretsg
gentle-piano-19726
02/14/2022, 10:27 PMah that flag is what I didn't know thanks
đź‘Ť 1
Can that be achieved in the ui as well?
l
little-cartoon-10569
02/14/2022, 10:27 PMThe Pulumi app / service? Don't know, never tried 🤔
g
gentle-piano-19726
02/14/2022, 10:28 PMYeah the hosted pulumi app/service, in there now and it doesn't seem so
cli only access is fine for me
đź‘Ť 1
b
bored-table-20691
02/14/2022, 10:28 PM@gentle-piano-19726 it can’t - the Service doesn’t have access to your encryption keys that the secret is encrypted with.
g
gentle-piano-19726
02/14/2022, 10:29 PM@bored-table-20691 hm, I never setup encryption keys––where would those be coming from?
l
little-cartoon-10569
02/14/2022, 10:29 PMPulumi.yaml 🙂
g
gentle-piano-19726
02/14/2022, 10:30 PMhm, not sure I follow
l
little-cartoon-10569
02/14/2022, 10:30 PMYou've got the default one based on your login then.
g
gentle-piano-19726
02/14/2022, 10:30 PMmy login to... pulumi? Or is this AWS based?
l
little-cartoon-10569
02/14/2022, 10:30 PMYou can set up an explicit secrets provider at the project level, but the default is to use the Pulumi backend, the Service.
b
bored-table-20691
02/14/2022, 10:31 PMLogin to Pulumi - the Pulumi service is your encryption provider.
g
gentle-piano-19726
02/14/2022, 10:31 PMI'm logged in
❯ p login
Logged in to <http://pulumi.com|pulumi.com> as jasonkuhrt (<https://app.pulumi.com/jasonkuhrt>)How is this supposed to work in a team setting?
l
little-cartoon-10569
02/14/2022, 10:31 PMGenerally you should use an organization. The secret manager can be at that level.
Stacks are per account, so using a personal account for deploying makes things very hard to managed in a team context.
b
bored-table-20691
02/14/2022, 10:32 PMg
gentle-piano-19726
02/14/2022, 10:32 PMOk, I am using an org (trial) already so that's one step
l
little-cartoon-10569
02/14/2022, 10:32 PMThat's your secrets provider then.
g
gentle-piano-19726
02/14/2022, 10:32 PMOk
so everyone that has access to the org can work with the secrets IIUC?
b
bored-table-20691
02/14/2022, 10:46 PMYes