2 months ago
    I’m having difficulty finding the information so here goes. I’m trying to create a Database (instance, user, password) and a Kubernetes Secret from my Pulumi Config:
    $ pulumi config set --secret pulumi-product-k8s-minikube:db_user_password letmein
    const user = new postgresql.Role("product_admin_user", {
        createDatabase: true,
        login: true,
        name: "product_admin_user",
        password: config.requireSecret("db_user_password")
    const productSecretMap = new k8s.core.v1.Secret("product-api-secrets", {
        metadata: {
            namespace: productNamespace.metadata.name
        data: {
            database_password: config.requireSecret("db_user_password").apply(val => val)
    Problem is, the k8s Secret needs the base64 encoded value that, I think, is being retrieved as the salt encoded value from the config. What exactly is the standard practice here (aside from using a secret manager) to transfer the database password from the config to both the Database Role and Kubernetes Secret? I figured I could store 2 password values (one base64, the other in the salt encoded) but it doesn’t feel right.


    2 months ago
    you can base64 encode the value insead the
    or use
    which will base64 encode it for youhttps://www.pulumi.com/registry/packages/kubernetes/api-docs/core/v1/secret/#stringdata_nodejs


    2 months ago
    Oh cool. Thanks for that @billowy-army-68599. I'll give it a try.
    All worked! Thanks @billowy-army-68599 #closed