How to use the @pulumi/pulumi.secret function in @pulumi/pulumi
To help you get started, we’ve selected a few @pulumi/pulumi examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
pulumi / pulumi / tests / integration / stack_reference / nodejs / step1 / index.ts View on Github 
// Copyright 2016-2018, Pulumi Corporation. All rights reserved.
import * as pulumi from "@pulumi/pulumi";
let config = new pulumi.Config();
let org = config.require("org");
let slug = `${org}/${pulumi.getProject()}/${pulumi.getStack()}`;
let a = new pulumi.StackReference(slug);
const oldVal: string[] = a.getOutputSync("val");
if (oldVal.length !== 2 || oldVal[0] !== "a" || oldVal[1] !== "b") {
throw new Error("Invalid result");
}
export const val2 = pulumi.secret(["a", "b"]);import * as pulumi from "@pulumi/pulumi";
export const normal = pulumi.output("normal");
export const secret = pulumi.secret("secret");
// Kinda strange, but we are getting a stack reference to ourselves, and refercing the result of the /previous/
// deployment.
const org = new pulumi.Config().require("org");
const project = pulumi.getProject();
const stack = pulumi.getStack();
const sr = new pulumi.StackReference(`${org}/${project}/${stack}`);
export const refNormal = sr.getOutput("normal");
export const refSecret = sr.getOutput("secret");],
Resource: [
`arn:aws:s3:::${bucketName}/*` // policy refers to bucket name explicitly
]
}]
};
}
// Set the access policy for the bucket so all objects are readable
let bucketPolicy = new s3.BucketPolicy("bucketPolicy", {
bucket: siteBucket.bucket, // refer to the bucket created earlier
policy: siteBucket.bucket.apply(publicReadPolicyForBucket) // use output property `siteBucket.bucket`
});
return {
secretValue: secret("hello world"),
websiteUrl: siteBucket.websiteEndpoint,
};
};// These are paintext values, so they will be stored as is in the state file.
export const plaintextMessage = new ReflectResource("pValue", message).value;
export const plaintextApply = new ReflectResource("pApply", message.length).value;
// These are secrets, as well, based on the composition above. We expect that these will also be stored as secrets
// in the state file.
export const combinedMessage = new ReflectResource("cValue", combined).value;
export const combinedApply = new ReflectResource("cApply", combined.apply(x => x.length)).value;
// With a rich structure like this, we expect that the actual reasource properties in the state file will be stored
// as a mixture of plaintext and secrets, but the outputed stack property will be a secret (because part of the value
// property contains a secret, and that means the entire Output object must be marked as a secret.
export const richStructure = new ReflectResource("rValue", {
plain: pulumi.output("plaintext"),
secret: pulumi.secret("secret value"),
}).value;
// The dummy resource just provides a single output named "value" with a simple message. But we can use
// `additionalSecretOutputs` as a way to enforce that it is treated as a secret.
export const dummyValue = new DummyResource("pDummy").value;
export const dummyValueAdditionalSecrets = new DummyResource("sDummy", {
additionalSecretOutputs: ["value"],
}).value;import * as pulumi from "@pulumi/pulumi";
export const normal = pulumi.output("normal");
export const secret = pulumi.secret("secret");constructor(name: string, args?: SecretArgs, opts?: pulumi.CustomResourceOptions) {
let inputs: pulumi.Inputs = {};
opts = opts || {};
if (!opts.id) {
inputs["apiVersion"] = "v1";
inputs["data"] = args?.data ? pulumi.secret(args.data) : undefined;
inputs["immutable"] = args ? args.immutable : undefined;
inputs["kind"] = "Secret";
inputs["metadata"] = args ? args.metadata : undefined;
inputs["stringData"] = args?.stringData ? pulumi.secret(args.stringData) : undefined;
inputs["type"] = args ? args.type : undefined;
} else {
inputs["apiVersion"] = undefined /*out*/;
inputs["data"] = undefined /*out*/;
inputs["immutable"] = undefined /*out*/;
inputs["kind"] = undefined /*out*/;
inputs["metadata"] = undefined /*out*/;
inputs["stringData"] = undefined /*out*/;
inputs["type"] = undefined /*out*/;
}
if (!opts.version) {
opts = pulumi.mergeOptions(opts, { version: utilities.getVersion()});
}
const secretOpts = { additionalSecretOutputs: ["data", "stringData"] };
opts = pulumi.mergeOptions(opts, secretOpts);
super(Secret.__pulumiType, name, inputs, opts);constructor(name: string, args?: SecretArgs, opts?: pulumi.CustomResourceOptions) {
let inputs: pulumi.Inputs = {};
opts = opts || {};
if (!opts.id) {
inputs["apiVersion"] = "v1";
inputs["data"] = args?.data ? pulumi.secret(args.data) : undefined;
inputs["immutable"] = args ? args.immutable : undefined;
inputs["kind"] = "Secret";
inputs["metadata"] = args ? args.metadata : undefined;
inputs["stringData"] = args?.stringData ? pulumi.secret(args.stringData) : undefined;
inputs["type"] = args ? args.type : undefined;
} else {
inputs["apiVersion"] = undefined /*out*/;
inputs["data"] = undefined /*out*/;
inputs["immutable"] = undefined /*out*/;
inputs["kind"] = undefined /*out*/;
inputs["metadata"] = undefined /*out*/;
inputs["stringData"] = undefined /*out*/;
inputs["type"] = undefined /*out*/;
}
if (!opts.version) {
opts = pulumi.mergeOptions(opts, { version: utilities.getVersion()});
Popular @pulumi/pulumi functions
- @pulumi/pulumi.all
- @pulumi/pulumi.asset
- @pulumi/pulumi.ComponentResource
- @pulumi/pulumi.concat
- @pulumi/pulumi.Config
- @pulumi/pulumi.CustomResource
- @pulumi/pulumi.dynamic
- @pulumi/pulumi.getProject
- @pulumi/pulumi.getStack
- @pulumi/pulumi.interpolate
- @pulumi/pulumi.log
- @pulumi/pulumi.mergeOptions
- @pulumi/pulumi.output
- @pulumi/pulumi.RunError
- @pulumi/pulumi.runtime
- @pulumi/pulumi.secret
- @pulumi/pulumi.StackReference
- @pulumi/pulumi/automation.LocalWorkspace.createOrSelectStack
- @pulumi/pulumi/dynamic.Resource
- @pulumi/pulumi/errors.RunError