Utilizing Structured Configuration Mixed with Secrets #7418
-
When using a structured config file, some of the entries are secrets. When pulling those specific JsonElements out of the collection, it would be nice to know if it My specific scenario, I'm reading in a structured config like below, flattening it out, looping through each entry, and storing the key/value pairs in AWS Parameter Store. What's missing is for me to be able to check which of the values is a secret so, I can store it in Parameter Store as Pulumi.test.yaml
Here is the code where I pull the data out of the config, flatten it, and I'm writing it out to console for testing. NOTE: Both
GetFlat function returns a collection of flatten keys and their value ie:
Code for the looping and Parameter Store creation.
If I could pull IsSecret for each JsonElement in the object, I would be able to then utilize it. Link to slack conversation: https://pulumi-community.slack.com/archives/C84L4E3N1/p1624971038131700 |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
You should generally use
I suspect this is because there's an additional filter on all CLI output which replaces anything that is a secret config value with Ultimately, if you use |
Beta Was this translation helpful? Give feedback.
-
@lukehoban Its possible I'm missing something, but I tried with |
Beta Was this translation helpful? Give feedback.
You should generally use
RequireSecretObject
in cases where there are secrets in the config, or else the secretness will not be tracked and secrets could get leaked by your program. We are soon going to make this a warning/error to not useRequireSecretObject
in these cases.I suspect this is because there's an additional filter on all CLI output which replaces anything that is a secret config value with
[secret]
, even if it's not actually being treated as aSecret
…