stack72
commented
2 years ago Hi @Eric-Swiftly
Please can you tell me what should be secret in this case? If you create a resource from scratch do they get marked as secret correctly?
Paul
Open ghost opened 2 years ago
stack72
commented
2 years ago Hi @Eric-Swiftly
Please can you tell me what should be secret in this case? If you create a resource from scratch do they get marked as secret correctly?
Paul
ghost
commented
2 years ago These are all the fields that are in the outputs section when you export the stack. I marked the ones with a * that get flagged as secret when it is created as opposed to being imported.
__meta
eventhubName
id
listen
manage
name
namespaceName
*primaryConnectionString
*primaryConnectionStringAlias
*primaryKey
resourceGroupName
*secondaryConnectionString
*secondaryConnectionStringAlias
*secondaryKey
send
What happened?
Importing an existing eventhub authorization rule then doing pulumi stack export and you will see that the keys and connection strings are unencrypted. When creating a new resource all of the values are encrypted in state.
Steps to reproduce
pulumi import azure:eventhub/authorizationRule:AuthorizationRule rule1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.EventHub/namespaces/namespace1/eventhubs/eventhub1/authorizationRules/rule1
Expected Behavior
pulumi stack export shows the keys and connection strings are encrypted.
Actual Behavior
the values are in plaintext as strings
Versions used
CLI Version 3.34.1 Go Version go1.17.11 Go Compiler gc
Plugins NAME VERSION azure 4.42.0 azure-native 1.64.0 azuread 5.22.0 command 0.0.3 python unknown random 4.6.0
Host OS ubuntu Version 20.04 Arch x86_64
Additional context
When creating a new resource, the values are encrypted properly.
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).