No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

As in like manually trigger it to replace?
Would this be covered by a `taint` command (<https://github.com/pulumi/pulumi/issues/11657>)?

Hey <@U02J3T6A8LB>, if by tainting a specific resource we could force the replacement of the resource itself yes, I suppose that would do the trick. In my case, I could taint the `tls.PrivateKey` resource and pulumi will force the replacement. The problem right now with that resources is there's no way to trigger recreation other then probably deleting the key, deploy the changes to pulumi, and reintroduce the code. Am I right?

<@U02J3T6A8LB> Maybe using a dynamic custom resource would solve the issue? I was thinking of using a node library (we are using typescript to create our applications) to generate a public/private key pair and then somehow trigger the recreation on an external configuration. The problem is I will need to access the private and public key outside of the dynamic resource to populate a BucketObject, but I'm not sure those are accessible from the pulumi program

I'm not sure if dynamic resources can safely create other resources, but if they can then you could do a trick where you just have a counter input + all the normal TLS inputs and just return a replace diff when the counter changes.