Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
b
busy-branch-95201
01/11/2022, 6:15 PMHow does pulumi mark str objects as secret when getting them from the config via require_object? Is it possible to check wether a str is marked as secret or not? I'd like to judge on that to decide if a value should go into a ConfigMap or a Secret in k8s.
b
billowy-army-68599
01/11/2022, 6:19 PM@busy-branch-95201 if it's in configuration encrypted, it's a secret. you'd have to do
pulumi config set foo bar --secretyou can use
isSecretb
busy-branch-95201
01/11/2022, 6:24 PMthe isSecret function is exactly what I'm looking for. However I don't find it in the python docs.
b
billowy-army-68599
01/11/2022, 6:26 PMit looks like a docs bug, it's definitely there:
https://github.com/pulumi/pulumi/search?q=is_secret
I've opened this issue for the docs: https://github.com/pulumi/docs/issues/7000
b
busy-branch-95201
01/11/2022, 6:28 PMI guess I'm stumbling accross this: https://github.com/pulumi/pulumi/issues/6531
I have a nested data structure where some values are encrypted or not and like to find out which of them are encrypted. The python debugger tells me it is a str object and just magically gets transformed into a secret when using it somewhere. Calling is_secret fails with
AttributeError: 'str' object has no attribute 'is_secret'Ok, it seems that in this case those are really str and just the pulumi wrapper seems to filter the prints. In this case I guess I have to take a different approach and judge on well known keys that should be secret.
p
prehistoric-activity-61023
01/12/2022, 8:52 AMOne workaround would be to create separate keys
configsecretsconfig:
proj:data:
my_values:
plain_value: foo
secure_value:
secure: AAABAB+T(...)sEmx8=config:
proj:data:
my_values:
config:
plain_value: foo
secrets:
secure_value:
secure: AAABAB+T(...)sEmx8=