This message was deleted.

As in like manually trigger it to replace? Would this be covered by a

taint

command (https://github.com/pulumi/pulumi/issues/11657)?

Hey @echoing-dinner-19531, if by tainting a specific resource we could force the replacement of the resource itself yes, I suppose that would do the trick. In my case, I could taint the

tls.PrivateKey

resource and pulumi will force the replacement. The problem right now with that resources is there's no way to trigger recreation other then probably deleting the key, deploy the changes to pulumi, and reintroduce the code. Am I right?

Correct

@echoing-dinner-19531 Maybe using a dynamic custom resource would solve the issue? I was thinking of using a node library (we are using typescript to create our applications) to generate a public/private key pair and then somehow trigger the recreation on an external configuration. The problem is I will need to access the private and public key outside of the dynamic resource to populate a BucketObject, but I'm not sure those are accessible from the pulumi program

I'm not sure if dynamic resources can safely create other resources, but if they can then you could do a trick where you just have a counter input + all the normal TLS inputs and just return a replace diff when the counter changes.