Does anybody have a good method for accessing structured config in code when an object has both secret and non secret values? The docs advise using the secret getters on secret values to ensure they remain encrypted at all times.

For example:

yaml

config:
  namespace:service:
    - name: my-service
      secrets:
      - name: SECRET_NAME
        value:
          secure: ...
        ...

typescript

interface ServiceConfig {
  name: string;
  secrets: Secret[];
}

interface Secret {
  name: string;
  value: pulumi.Output<string>;
}

// Secret values appear to be read as secrets but docs suggest specifically using secret getters, making below seem like a bad idea

const serviceConfig = new pulumi.Config().requireObject<ServiceConfig>("service");

// All values will be read as secrets which I think would work fine but not optimal

const secretServiceConfig = new pulumi.Config().requireSecretObject<ServiceConfig>("service")

Ultimately I would like to be able to recursively unpack config values, using secret and non-secret getters respectively. I have tried a few approaches but can't seem to get anything to work. Is this a crazy configuration structure in the first place? I like this approach because it allows me to dynamically supply configuration values to my container's runtime environment without modifying the typescript code