This message was deleted.

sparse-intern-71089

11/05/2022, 5:01 PM

This message was deleted.

miniature-king-36473

11/05/2022, 5:05 PM

would https://www.pulumi.com/registry/packages/random/api-docs/randompassword work?

miniature-king-36473

11/05/2022, 5:07 PM

Will require that your state is stored securely as the passwords will not be encrypted in the state file.

tall-crowd-93084

11/05/2022, 5:09 PM

@miniature-king-36473 I'm just playing with that actually. If I was to use this with the pulumi web service would that count as the stack being stored securely?

tall-crowd-93084

11/05/2022, 5:09 PM

Presumably I'd just create my .env by interpolating these values?

miniature-king-36473

11/05/2022, 5:16 PM

https://www.pulumi.com/docs/intro/concepts/state mentions "Encrypted state in transit and at rest" Yes you can interpolate them. An alternative is to use the AWS Parameter store for the passwords and pull these down in the ansible script. However this may be overkill for your use case.

🙌 1

tall-crowd-93084

11/05/2022, 5:17 PM

Thanks @miniature-king-36473 - this looks like a good solution. Is there a way to query just a part of the state? Say I wanted to just ask for the

--show-secrets

of one part of the state?

miniature-king-36473

11/05/2022, 5:21 PM

to get the passwords I would just reference the resources you create for the password - no need to query the state.

Copy code

const password = new random.RandomPassword("password", {...})

// can just reference the generated password in code.
password.generated

tall-crowd-93084

11/05/2022, 5:22 PM

Got it, I was more meaning if I as an operator wanted to look up a particular password for a service on one of the machines I've set up (say I wanted to log into a database with one of the randomly generated passwords)

miniature-king-36473

11/05/2022, 5:26 PM

you could publish them as an output of your stack, allowing you to retrieve them with

pulumi stack --show-secrets output [password-name]

tall-crowd-93084

11/05/2022, 5:27 PM

perfect, thanks!

tall-crowd-93084

11/05/2022, 5:36 PM

@miniature-king-36473:

pulumi stack output --show-secrets -j | jq ".secrets.hasura"

perfect 🙂

🙌 1

3 Views

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.