https://pulumi.com logo
Powered by
#general
Title
# general
s

stale-vase-87890

01/26/2022, 9:00 PM
Hello Pulumi friends! I am trying to move our AWS SecretManager values into Pulumi so we can manage them with code! The secrets would be encrypted using pulumi secret foo 'bar' in the config file. Since we are reading them in from the config file they become an Output<T> which makes things a bit of a pain. To do a key/pair with secrets manager you have to pass it as json however you can't JSON.stringify a type of Output<T>, and there doesn't seem any way to convert it into anything else example:
Copy code
interface appsecrets {
    auth0clientid: string,
}
const appsecrets = config.requireSecretObject<appsecrets>("appsecrets")
const auth0client = appsecrets.auth0clientid
const example1 = {
    auth0clientid1: auth0client
}

const exampleSecretVersion = new aws.secretsmanager.SecretVersion("exampleSecretVersion", {
    secretId: example.id,
    secretString: JSON.stringify(example1)
})
I have tried all sorts of things like 
appsecrets.auth0clientid.apply(v => JSON.stringify(v))
but it still is going to be a type of Output<T> and it sets the value in secrets manager as Calling [toJSON] on an [Output<T>] is not supported. To get the value of an Output as a JSON value or JSON string consider either: 1: o.apply(v => v.toJSON()) 2: o.apply(v => JSON.stringify(v)) See https://pulumi.io/help/outputs for more details. This function may throw in a future version of @pulumi/pulumi.
b

bored-table-20691

01/26/2022, 9:04 PM
@stale-vase-87890 you should creat the value you pass to secretString in an 
apply
. It would look something like:
Copy code
appsecrets.auth0clientid.apply(v => JSON.stringify({auth0clientid1: v}))
and then use the return of that (which will be Output<T>) to pass to 
secrestString
.
Apologies for the pseudo-code - I mostly do this in Go πŸ™‚
s

stale-vase-87890

01/26/2022, 9:07 PM
thanks! i will give a try
b

bored-table-20691

01/26/2022, 9:09 PM
But basically, you need to create an output which contains your fully resolved JSON blob, which itself is done in an apply.
s

stale-vase-87890

01/26/2022, 9:12 PM
Hey it worked! I am going to have a few secrets values that have several keys, but I think I can combine all that with pulumi.all
b

bored-table-20691

01/26/2022, 9:14 PM
Right, exctly.
You got it πŸ™‚
s

stale-vase-87890

01/26/2022, 9:15 PM
thanks so much!!!
const auth0client = pulumi.all([appsecrets.auth0clientid, appsecrets.auth0]).apply(([clientid, auth]) => JSON.stringify({auth0clientid1: clientid, authclient:auth}))
It is ugly but it works now to add helpful comments so I remember what this does a week from now πŸ˜†
b

bored-table-20691

01/26/2022, 9:24 PM
My guess is there are some utility functions already in place to make this better, but I just don’t know the TypeScript side.
e

echoing-dinner-19531

01/26/2022, 10:51 PM
you could probably use the output function which will try to unwrap nested Output values so you just have one Output type at the top level. I think something like: 
output({auth0lientid1: appsecrets.auth0clientid, authclient:appsecrets.auth0}).apply(JSON.stringify)
πŸ™Œ 1
4 Views
Powered by