https://pulumi.com logo
Title
q

quaint-river-59320

03/31/2022, 3:11 PM
Good morning. Trying to generate a random password for an RDS database and then save the password as a secret to AWS Secret Manager. The secret gets created, but the password is always "{}". What am I doing wrong?
//Create RDS Secret
        var config = new Pulumi.Config();
        string dbUser = config.Get("rdsUser").ToString();

        var password = new Random.RandomPassword("chpm-rds-password", new Random.RandomPasswordArgs
        {
            Length = 16,
            Special = true
        });



        var rdsSecret = new AwsClassic.SecretsManager.Secret("CHPM-DB-Secret");
        var secretObject = new
        {
            UserName = dbUser,
            Password = password.Result,
            Endpoint = "test"
        };
b

billowy-army-68599

03/31/2022, 3:21 PM
@quaint-river-59320 you need to create a
SecretVersion
https://www.pulumi.com/registry/packages/aws/api-docs/secretsmanager/secretversion/ store the password in there. the
SecretsManager.Secret
just creates a container to store secrets
q

quaint-river-59320

03/31/2022, 3:30 PM
Thank you, I hadn't actually put in all my code... What I was trying to do is create a JSON object and store that as the secret (since the AWS secrets key/values are stored as json). If I don't do the json serialization, it works.
//Create RDS Secret
        var config = new Pulumi.Config();
        string dbUser = config.Get("rdsUser").ToString();

        var password = new Random.RandomPassword("chpm-rds-password", new Random.RandomPasswordArgs
        {
            Length = 16,
            Special = true
        });



        var rdsSecret = new AwsClassic.SecretsManager.Secret("CHPM-DB-Secret");
        var secretObject = new
        {
            UserName = dbUser,
            Password = password.Result,
            Endpoint = "test"
        };


        string jsonData = JsonConvert.SerializeObject(secretObject);
       // Create secret version
        var secretVersion = new AwsClassic.SecretsManager.SecretVersion("secretVersion", new AwsClassic.SecretsManager.SecretVersionArgs
        {
            SecretId = rdsSecret.Id,
            SecretString = jsonData,
        });
b

billowy-army-68599

03/31/2022, 3:33 PM
@quaint-river-59320 you'll need to use an
apply
to do the JSON serialization
q

quaint-river-59320

03/31/2022, 3:37 PM
Same result with the apply
//Create RDS Secret
        var config = new Pulumi.Config();
        string dbUser = config.Get("rdsUser").ToString();

        var password = new Random.RandomPassword("chpm-rds-password", new Random.RandomPasswordArgs
        {
            Length = 16,
            Special = true
        });



        var rdsSecret = new AwsClassic.SecretsManager.Secret("CHPM-DB-Secret");

        var secretObject = new
        {
            UserName = dbUser,
            Password = password.Result.Apply(p => $"{p}"),
            Endpoint = "test"
        };


        string jsonData = JsonConvert.SerializeObject(secretObject);
       // Create secret version
        var secretVersion = new AwsClassic.SecretsManager.SecretVersion("secretVersion", new AwsClassic.SecretsManager.SecretVersionArgs
        {
            SecretId = rdsSecret.Id,
            SecretString = jsonData,
        });
b

billowy-army-68599

03/31/2022, 3:40 PM
sorry, you'll need to do:
var secretVersion = new AwsClassic.SecretsManager.SecretVersion("secretVersion", new AwsClassic.SecretsManager.SecretVersionArgs
        {
            SecretId = rdsSecret.Id,
            SecretString = password.Result.Apply(JsonConvert.SerializeObject(secretObject))

        });
I'm not great with C#, but hopefully you get the idea
you need to take the output, use an
Apply
to create an JSON object, and then pass that to secretsmanager
the JSON object creation needs to happen inside the Apply
q

quaint-river-59320

03/31/2022, 3:44 PM
Ahh. I'll give that a go.
Got it. Thank you.
b

billowy-army-68599

03/31/2022, 5:40 PM
that worked?
q

quaint-river-59320

03/31/2022, 9:58 PM
Yes. That worked. I created a function that I called with Apply.
Thanks for your help.