-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secrets not encrypted in state file (even if explicit) #915
Comments
Yes, the |
Actually, I wasn't able to reproduce this with the value marked with
I do see the behavior you're reporting if you pass in a plain value. While the outputs are automatically encrypted, I agree that it's probably worth encrypting the inputs by default as well. |
Thanks for checking. With a fresh pulumi stack I am seeing what you are seeing.
So ideally pulumi should check if the json path in the last-applied annotation is now marked as a secret, and encrypt the output. |
This should be fixed now that we automatically mark Secret |
Problem description
Secrets do not remain encrypted in the state file even if explicitly marked as a secret. I actually would have expected it to be encrypted in state even without using pulumi.secret().
Errors & Logs
NA
Affected product version(s)
@pulumi/kubernetes
1.4.0pulumi v1.6.1
Reproducing the issue
{ additionalSecretOutputs: ['stringData'] }
. Note that the output remains stored unencrypted in Pulumi state.Suggestions for a fix
The text was updated successfully, but these errors were encountered: