No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

`awsSecret` essentially _is_ the secret you just created; the lookup shouldn’t be necessary. You should be able to reference the secret’s properties (`awsSecret.name`, etc.) as resource “outputs” throughout your program: <https://www.pulumi.com/docs/intro/concepts/inputs-outputs/|https://www.pulumi.com/docs/intro/concepts/inputs-outputs/>

The extra characters tacked onto the end are the result of “auto-naming”, a feature of Pulumi that’s discussed in more detail here: <https://www.pulumi.com/docs/intro/concepts/resources/names/#autonaming|https://www.pulumi.com/docs/intro/concepts/resources/names/#autonaming>

Lookup functions like `getSecret` are useful for fetching resources created by other means — e.g., manually in the AWS console, by some other IaC tool, etc. <https://www.pulumi.com/docs/intro/concepts/resources/get/|https://www.pulumi.com/docs/intro/concepts/resources/get/>

ah , yes , thank you !
I was thinking about this all wrong :face_palm: !

Note that if you update your secret via other means, then Pulumi won't know about it until you run `pulumi refresh`.

The values that you see in your program are from the Pulumi state, not from AWS. `pulumi refresh` is needed to get Pulumi to fetch values from AWS.