https://pulumi.com logo
#python
Title
# python
k

kind-jelly-61624

07/18/2022, 5:59 PM
Hey folks, Need help understanding if this is a bug or a feature: I have a schema very similar to the boilerplate. I’m trying to return the S3 bucket as an output of my Component Resource, but any values I have encrypted in the bucket are returned in plaintext. Here’s an example output:
Copy code
{  
        acceleration_status                 : [secret]
        bucket                              : {
            acceleration_status                 : "Suspended"
            acl                                 : "private"
            .......
        }
      }
When I return the encrypted acceleration_status as it’s own output - it stays encrypted. But when I return it as a field within the bucket object - it gets decrypted.
This is how I’m returning the output:
Copy code
self.outputs = {"bucket": bucket, "acceleration_status": bucket.acceleration_status}
so pulumi_aws returns the encrypted acceleration_status (i passed it into pulumi_aws through
add_additional_secrets
). It stays encrypted if it’s a separate output but gets decrypted if I return the whole bucket object.
ok more updates, i checked with RDS databases. When I provision an RDS database through pulumi_aws, it encrypts the password in the output. When I provision the same database using a Component Resource and return the database object as a whoke, it decrypts the password and returns it in plaintext
2 Views