Channels
#python
Title
# python
b
busy-branch-95201
01/11/2022, 6:15 PMHow does pulumi mark str objects as secret when getting them from the config via require_object? Is it possible to check wether a str is marked as secret or not? I'd like to judge on that to decide if a value should go into a ConfigMap or a Secret in k8s.
b
billowy-army-68599
01/11/2022, 6:19 PM
@busy-branch-95201 if it's in configuration encrypted, it's a secret. you'd have to do
pulumi config set foo bar --secretyou can use
isSecretb
busy-branch-95201
01/11/2022, 6:24 PMthe isSecret function is exactly what I'm looking for. However I don't find it in the python docs.
b
billowy-army-68599
01/11/2022, 6:26 PM
it looks like a docs bug, it's definitely there:
https://github.com/pulumi/pulumi/search?q=is_secret
I've opened this issue for the docs: https://github.com/pulumi/docs/issues/7000
b
busy-branch-95201
01/11/2022, 6:28 PMI guess I'm stumbling accross this: https://github.com/pulumi/pulumi/issues/6531
I have a nested data structure where some values are encrypted or not and like to find out which of them are encrypted. The python debugger tells me it is a str object and just magically gets transformed into a secret when using it somewhere. Calling is_secret fails with
AttributeError: 'str' object has no attribute 'is_secret'Ok, it seems that in this case those are really str and just the pulumi wrapper seems to filter the prints. In this case I guess I have to take a different approach and judge on well known keys that should be secret.
p
prehistoric-activity-61023
01/12/2022, 8:52 AMOne workaround would be to create separate keys
configsecrets Copy code
config:
proj:data:
my_values:
plain_value: foo
secure_value:
secure: AAABAB+T(...)sEmx8= Copy code
config:
proj:data:
my_values:
config:
plain_value: foo
secrets:
secure_value:
secure: AAABAB+T(...)sEmx8=2 Views