https://pulumi.com logo
Title
b

busy-journalist-6936

02/28/2022, 11:27 PM
is there an example laying around showing how to get the hash of a secret that I create with a pulumi resources so I can use it as a label/annotation to roll my pod deployment when it's value is updated?
this is just base64 encoding a string, but the principal should be the same.
b

busy-journalist-6936

03/01/2022, 12:02 AM
Hmm, yeah that gives me an idea thank you
s

steep-toddler-94095

03/01/2022, 6:28 PM
likely you do not want to be putting an unencrypted secret value in your deployment annotation. it defeats the purpose of using the secret. Pulumi will automatically reroll the deployment pods when a secret is updated if it's connected in a certain way. I forget exactly but I think it's if you reference the secret object inside the deployment (e.g. through env var assignment) and the secret doesn't have an explicit name assigned or something like that
b

busy-journalist-6936

03/02/2022, 4:01 AM
@steep-toddler-94095 I would not use a base64 encoded version of the secret in the deployment for those exact concerns.
I would have liked to believe that changing the secret's value would re-roll the pods but that is not happening in this case.
s

steep-toddler-94095

03/02/2022, 4:02 AM
Oh yeah sorry i misinterpreted your original message!
b

busy-journalist-6936

03/02/2022, 4:02 AM
I wonder if the failure to roll pods is due to using k8s helm release rather than a deployment spec natively in pulumi which limits this behavior