https://pulumi.com logo
Title
e

enough-caravan-98871

02/08/2023, 2:29 PM
I am trying to pull some outputs out of Terraform and into Pulumi using @pulumi/terraform following this article. It is working as described. My issue is they are not getting recognized as secrets and I am struggling to describe to Pulumi that they should be treated as secrets using common methods. They are marked as sensitive in the Terraform output. Here is a sanitized snippet of my code. Does anyone have any thoughts around this? Thanks!
const certState = new terraform.state.RemoteStateReference("certs", {
    backendType: "remote",
    token: tfeToken,
    organization: org,
    workspaces: {
        name: "acme-tf"
    },
});

const certificate = new azure.keyvault.Certificate("cert-name", {
    keyVaultId: vaultId,
    certificate: {
        contents: certState.getOutput("certificate_p12"),
        password: certState.getOutput("certificate_p12_password"),
    },
    name: "cert-name"
});
e

echoing-dinner-19531

02/08/2023, 3:30 PM
e

enough-caravan-98871

02/08/2023, 4:03 PM
For example:
certState.getOutput("certificate_p12") as pulumi.Output<Secret>
That does not work... Type 'Output<Secret>' is not assignable to type 'Input<string>'.
e

echoing-dinner-19531

02/08/2023, 4:04 PM
pulumi.secret(certState.getOutput("certificate_p12"))
e

enough-caravan-98871

02/08/2023, 4:14 PM
Wow... I feel like a noob! Thank you so much!!
e

echoing-dinner-19531

02/08/2023, 4:15 PM
n/p 🙂
e

enough-caravan-98871

02/08/2023, 9:05 PM
@echoing-dinner-19531 The first block of code for terraform.state.RemoteStateReference was still producing plaintext output, even after we resolved it for the second block with your recommendation. I found that adding
additionalSecretOutputs: ["outputs"]
to the first block resolved it there too.