Hey folks Need help understanding if this is a bug or a feat Pulumi Community #python

Hey folks, Need help understanding if this is a bu...

kind-jelly-61624

07/18/2022, 5:59 PM

Hey folks, Need help understanding if this is a bug or a feature: I have a schema very similar to the boilerplate. I’m trying to return the S3 bucket as an output of my Component Resource, but any values I have encrypted in the bucket are returned in plaintext. Here’s an example output:

Copy code

{  
        acceleration_status                 : [secret]
        bucket                              : {
            acceleration_status                 : "Suspended"
            acl                                 : "private"
            .......
        }
      }

When I return the encrypted acceleration_status as it’s own output - it stays encrypted. But when I return it as a field within the bucket object - it gets decrypted.

kind-jelly-61624

07/18/2022, 6:01 PM

This is how I’m returning the output:

Copy code

self.outputs = {"bucket": bucket, "acceleration_status": bucket.acceleration_status}

kind-jelly-61624

07/18/2022, 6:03 PM

so pulumi_aws returns the encrypted acceleration_status (i passed it into pulumi_aws through

add_additional_secrets

). It stays encrypted if it’s a separate output but gets decrypted if I return the whole bucket object.

kind-jelly-61624

07/18/2022, 8:51 PM

ok more updates, i checked with RDS databases. When I provision an RDS database through pulumi_aws, it encrypts the password in the output. When I provision the same database using a Component Resource and return the database object as a whoke, it decrypts the password and returns it in plaintext

2 Views

Open in Slack

Previous Next