Hi due to some API limitations we might need to expose somet

Question

Hi due to some API limitations we might need to expose something in plain text in the pulumi runtime whats the best way if any to hide a resource it will probably be `pulumi local Command` specifically so it doesnt show in the pulumi logs

orange-policeman-59119 · Answer

Expose something in plain text but you want to hide it Are you trying to redact a piece of text

orange-policeman-59119 · Answer

You could either wrap the input text you need to keep secret using secrets Or you could force the return properties of Command to be secret by setting a resource option Either of these should keep your data redacted when printed by the CLI and still usable by any resources that you pass it into

modern-petabyte-38275 · Answer

< orange policeman 59119> looks like the second one makes more sense additional secret outputs i need to hide the Input which is dynamically getting populated potentially will have credential info i know it might sound strange limitation with Terraform pulumi and aws right now i have a support ticket running on aws side

orange-policeman-59119 · Answer

To redact sensitive inputs use this TypeScript here substitute for the 1st article s API in your language ```const someValue = pulumi ToSecret x ``` And to ensure a resource s outputs are secret set `additionalSecretOutputs`

modern-petabyte-38275 · Answer

got it X would be the entire input value

orange-policeman-59119 · Answer

Typically it would be one property of the input arguments to a resource but you can use ToSecret on objects arrays

modern-petabyte-38275 · Answer

in my use case its just a string