Hello Pulumi friends I am trying to move our AWS SecretManag Pulumi Community #general

Hello Pulumi friends! I am trying to move our AWS ...

stale-vase-87890

01/26/2022, 9:00 PM

Hello Pulumi friends! I am trying to move our AWS SecretManager values into Pulumi so we can manage them with code! The secrets would be encrypted using pulumi secret foo 'bar' in the config file. Since we are reading them in from the config file they become an Output<T> which makes things a bit of a pain. To do a key/pair with secrets manager you have to pass it as json however you can't JSON.stringify a type of Output<T>, and there doesn't seem any way to convert it into anything else example:

Copy code

interface appsecrets {
    auth0clientid: string,
}
const appsecrets = config.requireSecretObject<appsecrets>("appsecrets")
const auth0client = appsecrets.auth0clientid
const example1 = {
    auth0clientid1: auth0client
}

const exampleSecretVersion = new aws.secretsmanager.SecretVersion("exampleSecretVersion", {
    secretId: example.id,
    secretString: JSON.stringify(example1)
})

I have tried all sorts of things like

appsecrets.auth0clientid.apply(v => JSON.stringify(v))

but it still is going to be a type of Output<T> and it sets the value in secrets manager as Calling [toJSON] on an [Output<T>] is not supported. To get the value of an Output as a JSON value or JSON string consider either: 1: o.apply(v => v.toJSON()) 2: o.apply(v => JSON.stringify(v)) See https://pulumi.io/help/outputs for more details. This function may throw in a future version of @pulumi/pulumi.

bored-table-20691

01/26/2022, 9:04 PM

@stale-vase-87890 you should creat the value you pass to secretString in an

apply

. It would look something like:

Copy code

appsecrets.auth0clientid.apply(v => JSON.stringify({auth0clientid1: v}))

bored-table-20691

01/26/2022, 9:04 PM

and then use the return of that (which will be Output<T>) to pass to

secrestString

bored-table-20691

01/26/2022, 9:05 PM

Apologies for the pseudo-code - I mostly do this in Go 🙂

stale-vase-87890

01/26/2022, 9:07 PM

thanks! i will give a try

bored-table-20691

01/26/2022, 9:09 PM

But basically, you need to create an output which contains your fully resolved JSON blob, which itself is done in an apply.

stale-vase-87890

01/26/2022, 9:12 PM

Hey it worked! I am going to have a few secrets values that have several keys, but I think I can combine all that with pulumi.all

bored-table-20691

01/26/2022, 9:14 PM

Right, exctly.

bored-table-20691

01/26/2022, 9:14 PM

You got it 🙂

stale-vase-87890

01/26/2022, 9:15 PM

thanks so much!!!

stale-vase-87890

01/26/2022, 9:23 PM

const auth0client = pulumi.all([appsecrets.auth0clientid, appsecrets.auth0]).apply(([clientid, auth]) => JSON.stringify({auth0clientid1: clientid, authclient:auth}))

It is ugly but it works now to add helpful comments so I remember what this does a week from now 😆

bored-table-20691

01/26/2022, 9:24 PM

My guess is there are some utility functions already in place to make this better, but I just don’t know the TypeScript side.

echoing-dinner-19531

01/26/2022, 10:51 PM

you could probably use the output function which will try to unwrap nested Output values so you just have one Output type at the top level. I think something like:

output({auth0lientid1: appsecrets.auth0clientid, authclient:appsecrets.auth0}).apply(JSON.stringify)

🙌 1

4 Views

Open in Slack

Previous Next