Hi, due to some API limitations, we might need to ...
# generalm
modern-petabyte-38275
02/10/2023, 3:43 PMHi, due to some API limitations, we might need to expose something in plain text in the pulumi runtime. whats the best way, if any, to hide a resource? it will probably be
pulumi local.Commando
orange-policeman-59119
02/10/2023, 3:44 PMExpose something in plain text, but you want to hide it?
Are you trying to redact a piece of text?
orange-policeman-59119
02/10/2023, 3:47 PMYou could either wrap the input text you need to keep secret using secrets:
https://www.pulumi.com/docs/intro/concepts/secrets/#programmatically-creating-secrets
Or you could force the return properties of Command to be secret by setting a resource option:
https://www.pulumi.com/docs/intro/concepts/resources/options/additionalsecretoutputs/
Either of these should keep your data redacted when printed by the CLI, and still usable by any resources that you pass it into.
m
modern-petabyte-38275
02/10/2023, 7:05 PM@orange-policeman-59119 looks like the second one makes more sense, additional secret outputs. i need to hide the Input which is dynamically getting populated, potentially will have credential info. i know it might sound strange. limitation with Terraform/pulumi and aws right now i have a support ticket running on aws side
o
orange-policeman-59119
02/10/2023, 7:51 PMTo redact sensitive inputs use this (TypeScript here, substitute for the 1st article's API in your language)
Copy code
const someValue = pulumi.ToSecret(x)additionalSecretOutputsm
modern-petabyte-38275
02/10/2023, 8:13 PMgot it. X would be the entire input value?
o
orange-policeman-59119
02/10/2023, 8:14 PMTypically it would be one property of the input arguments to a resource, but you can use ToSecret on objects, arrays.
m
modern-petabyte-38275
02/10/2023, 9:13 PMin my use case its just a string