I’m having difficulty finding the information so h...
# kubernetes
I’m having difficulty finding the information so here goes. I’m trying to create a Database (instance, user, password) and a Kubernetes Secret from my Pulumi Config:
Copy code
$ pulumi config set --secret pulumi-product-k8s-minikube:db_user_password letmein

const user = new postgresql.Role("product_admin_user", {
    createDatabase: true,
    login: true,
    name: "product_admin_user",
    password: config.requireSecret("db_user_password")

const productSecretMap = new k8s.core.v1.Secret("product-api-secrets", {
    metadata: {
        namespace: productNamespace.metadata.name
    data: {
        database_password: config.requireSecret("db_user_password").apply(val => val)
Problem is, the k8s Secret needs the base64 encoded value that, I think, is being retrieved as the salt encoded value from the config. What exactly is the standard practice here (aside from using a secret manager) to transfer the database password from the config to both the Database Role and Kubernetes Secret? I figured I could store 2 password values (one base64, the other in the salt encoded) but it doesn’t feel right.
you can base64 encode the value insead the
or use
which will base64 encode it for you https://www.pulumi.com/registry/packages/kubernetes/api-docs/core/v1/secret/#stringdata_nodejs
Oh cool. Thanks for that @billowy-army-68599. I'll give it a try.
All worked! Thanks @billowy-army-68599 #closed