No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello folks,
We’re using secrets to store some sensitive data (namely serviceAccounts keys). I was wondering what would happen to pods (or workloads more generally) using those secrets when we rotate our serviceAccount keys. Pulumi would then try to recreate a new secret with new values. Will these be propagated to the workloads using them?
Many thanks,

It depends on how your secrets are setup with Pulumi. If they’re recreated on modification, then yes - workloads will be rescheduled with the changes (because the secret name will change).

If not, then the workloads will need to be restarted manually as configmaps and secret changes do not cause a pod to be recreated