Hello Pulumi friends! I am trying to move our AWS ...
# general
Hello Pulumi friends! I am trying to move our AWS SecretManager values into Pulumi so we can manage them with code! The secrets would be encrypted using pulumi secret foo 'bar' in the config file. Since we are reading them in from the config file they become an Output<T> which makes things a bit of a pain. To do a key/pair with secrets manager you have to pass it as json however you can't JSON.stringify a type of Output<T>, and there doesn't seem any way to convert it into anything else example:
Copy code
interface appsecrets {
    auth0clientid: string,
const appsecrets = config.requireSecretObject<appsecrets>("appsecrets")
const auth0client = appsecrets.auth0clientid
const example1 = {
    auth0clientid1: auth0client

const exampleSecretVersion = new aws.secretsmanager.SecretVersion("exampleSecretVersion", {
    secretId: example.id,
    secretString: JSON.stringify(example1)
I have tried all sorts of things like
appsecrets.auth0clientid.apply(v => JSON.stringify(v))
but it still is going to be a type of Output<T> and it sets the value in secrets manager as Calling [toJSON] on an [Output<T>] is not supported. To get the value of an Output as a JSON value or JSON string consider either: 1: o.apply(v => v.toJSON()) 2: o.apply(v => JSON.stringify(v)) See https://pulumi.io/help/outputs for more details. This function may throw in a future version of @pulumi/pulumi.
@stale-vase-87890 you should creat the value you pass to secretString in an
. It would look something like:
Copy code
appsecrets.auth0clientid.apply(v => JSON.stringify({auth0clientid1: v}))
and then use the return of that (which will be Output<T>) to pass to
Apologies for the pseudo-code - I mostly do this in Go πŸ™‚
thanks! i will give a try
But basically, you need to create an output which contains your fully resolved JSON blob, which itself is done in an apply.
Hey it worked! I am going to have a few secrets values that have several keys, but I think I can combine all that with pulumi.all
Right, exctly.
You got it πŸ™‚
thanks so much!!!
const auth0client = pulumi.all([appsecrets.auth0clientid, appsecrets.auth0]).apply(([clientid, auth]) => JSON.stringify({auth0clientid1: clientid, authclient:auth}))
It is ugly but it works now to add helpful comments so I remember what this does a week from now πŸ˜†
My guess is there are some utility functions already in place to make this better, but I just don’t know the TypeScript side.
you could probably use the output function which will try to unwrap nested Output values so you just have one Output type at the top level. I think something like:
output({auth0lientid1: appsecrets.auth0clientid, authclient:appsecrets.auth0}).apply(JSON.stringify)
πŸ™Œ 1