Thread
#python
    k

    kind-jelly-61624

    2 months ago
    Hey folks, Need help understanding if this is a bug or a feature: I have a schema very similar to the boilerplate. I’m trying to return the S3 bucket as an output of my Component Resource, but any values I have encrypted in the bucket are returned in plaintext. Here’s an example output:
    {  
            acceleration_status                 : [secret]
            bucket                              : {
                acceleration_status                 : "Suspended"
                acl                                 : "private"
                .......
            }
          }
    When I return the encrypted acceleration_status as it’s own output - it stays encrypted. But when I return it as a field within the bucket object - it gets decrypted.
    This is how I’m returning the output:
    self.outputs = {"bucket": bucket, "acceleration_status": bucket.acceleration_status}
    so pulumi_aws returns the encrypted acceleration_status (i passed it into pulumi_aws through
    add_additional_secrets
    ). It stays encrypted if it’s a separate output but gets decrypted if I return the whole bucket object.
    ok more updates, i checked with RDS databases. When I provision an RDS database through pulumi_aws, it encrypts the password in the output. When I provision the same database using a Component Resource and return the database object as a whoke, it decrypts the password and returns it in plaintext