https://pulumi.com logo
#python
Title
# python
c

calm-doctor-66000

12/21/2022, 4:57 PM
Hello All, I am trying to use Pulumi Secrets to store and create AWS Secrets Manager Secrets that can be retrieved by lambda functions at run time. When I am passing the value via config.require_secret() to the SecretVersion object, it is storing the secret as a pulumi output object (<pulumi.output.Output object at 0x103762fe0>) rather than the plain text secret. I have tried using apply(), but get the same result. What is the proper way to accomplish this with pulumi?
config = pulumi.Config()
X_CP_API_ID = config.require_secret('X_CP_API_ID')
X_CP_API_KEY = config.require_secret('X_CP_API_KEY')
X_ECM_API_ID = config.require_secret('X_ECM_API_ID')
X_ECM_API_KEY = config.require_secret('X_ECM_API_KEY')
cradlepoint_api = {
"X-CP-API-ID": X_CP_API_ID,
"X-CP-API-KEY": X_CP_API_KEY,
"X-ECM-API-ID": X_ECM_API_ID,
"X-ECM-API-KEY": X_ECM_API_KEY,
"Content-Type":"application/json"
}
cradlepoint_secret = aws.secretsmanager.Secret("lambda/cradlepoint_api")
cradlepoint_secret_version = aws.secretsmanager.SecretVersion("lambda/cradlepoint_api",
secret_id = cradlepoint_secret.arn,
secret_string = str(cradlepoint_api)
)
Thanks!
c

clever-painter-96148

12/22/2022, 10:18 AM
Did you try something like this:
Copy code
def serialize_secret(args):
    (x_cp_api_id, x_cp_api_key) = args
    return json.dumps({"X-CP-API-ID": x_cp_api_id, "X-CP-API-KEY": x_cp_api_key})

SecretVersion('foo', secret_id='foo', secret_string=Output.all(X_CP_API_ID, X_CP_API_KEY, ...).apply(serialize_secret))
28 Views