No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

would <https://www.pulumi.com/registry/packages/random/api-docs/randompassword> work?

Will require that your state is stored securely as the passwords will not be encrypted in the state file.

<@U02L1UHTLJ3> I'm just playing with that actually. If I was to use this with the pulumi web service would that count as the stack being stored securely?

Presumably I'd just create my .env by interpolating these values?

<https://www.pulumi.com/docs/intro/concepts/state>
mentions "Encrypted state in transit and at rest"

Yes you can interpolate them.

An alternative is to use the AWS Parameter store for the passwords and pull these down in the ansible script.

However this may be overkill for your use case.

Thanks <@U02L1UHTLJ3> - this looks like a good solution. Is there a way to query just a part of the state? Say I wanted to just ask for the `--show-secrets` of one part of the state?

to get the passwords I would just reference the resources you create for the password - no need to query the state.

```const password = new random.RandomPassword("password", {...})

// can just reference the generated password in code.
password.generated```


Got it, I was more meaning if I as an operator wanted to look up a particular password for a service on one of the machines I've set up (say I wanted to log into a database with one of the randomly generated passwords)

you could publish them as an output of your stack, allowing you to retrieve them with `pulumi stack --show-secrets output [password-name]`

<@U02L1UHTLJ3>: `pulumi stack output --show-secrets -j | jq ".secrets.hasura"` perfect :slightly_smiling_face: