Hello All, I am trying to use Pulumi Secrets to store and create AWS Secrets Manager Secrets that can be retrieved by lambda functions at run time. When I am passing the value via config.require_secret() to the SecretVersion object, it is storing the secret as a pulumi output object (<pulumi.output.Output object at 0x103762fe0>) rather than the plain text secret. I have tried using apply(), but get the same result. What is the proper way to accomplish this with pulumi?

config = pulumi.Config()

X_CP_API_ID = config.require_secret('X_CP_API_ID')

X_CP_API_KEY = config.require_secret('X_CP_API_KEY')

X_ECM_API_ID = config.require_secret('X_ECM_API_ID')

X_ECM_API_KEY = config.require_secret('X_ECM_API_KEY')

cradlepoint_api = {

"X-CP-API-ID": X_CP_API_ID,

"X-CP-API-KEY": X_CP_API_KEY,

"X-ECM-API-ID": X_ECM_API_ID,

"X-ECM-API-KEY": X_ECM_API_KEY,

"Content-Type":"application/json"

}

cradlepoint_secret = aws.secretsmanager.Secret("lambda/cradlepoint_api")

cradlepoint_secret_version = aws.secretsmanager.SecretVersion("lambda/cradlepoint_api",

secret_id = cradlepoint_secret.arn,

secret_string = str(cradlepoint_api)

)

Thanks!

Did you try something like this:

def serialize_secret(args):
    (x_cp_api_id, x_cp_api_key) = args
    return json.dumps({"X-CP-API-ID": x_cp_api_id, "X-CP-API-KEY": x_cp_api_key})

SecretVersion('foo', secret_id='foo', secret_string=Output.all(X_CP_API_ID, X_CP_API_KEY, ...).apply(serialize_secret))