s

    straight-crowd-1391

    2 months ago
    I’m having difficulty finding the information so here goes. I’m trying to create a Database (instance, user, password) and a Kubernetes Secret from my Pulumi Config:
    $ pulumi config set --secret pulumi-product-k8s-minikube:db_user_password letmein
    
    const user = new postgresql.Role("product_admin_user", {
        createDatabase: true,
        login: true,
        name: "product_admin_user",
        password: config.requireSecret("db_user_password")
    });
    
    const productSecretMap = new k8s.core.v1.Secret("product-api-secrets", {
        metadata: {
            namespace: productNamespace.metadata.name
        },
        data: {
            database_password: config.requireSecret("db_user_password").apply(val => val)
        }
    });
    Problem is, the k8s Secret needs the base64 encoded value that, I think, is being retrieved as the salt encoded value from the config. What exactly is the standard practice here (aside from using a secret manager) to transfer the database password from the config to both the Database Role and Kubernetes Secret? I figured I could store 2 password values (one base64, the other in the salt encoded) but it doesn’t feel right.
    b

    billowy-army-68599

    2 months ago
    you can base64 encode the value insead the
    apply
    or use
    stringData
    which will base64 encode it for youhttps://www.pulumi.com/registry/packages/kubernetes/api-docs/core/v1/secret/#stringdata_nodejs
    s

    straight-crowd-1391

    2 months ago
    Oh cool. Thanks for that @billowy-army-68599. I'll give it a try.
    All worked! Thanks @billowy-army-68599 #closed