I am reasonably certain that the recent changes to consume config as property values were available has broken support for secret config. Consider the stack + program below:
# Stack config
config:
static-secrets:my-secret:
secure: AAAB... # plaintext value is password
With pulumi v3.92.0 and pulumi-yaml v1.4.0, updating this stack leaves the my-secret output with the value {}:
static-secrets ❯ pulumi stack
Current stack is dev:
Owner: pat-pulumi-corp
Last updated: 2 seconds ago (2023-11-09 14:42:43.283559 -0800 PST)
Pulumi version used: 3.92.0
Current stack resources (1):
TYPE NAME
pulumi:pulumi:Stack static-secrets-dev
Current stack outputs (1):
OUTPUT VALUE
my-secret {}
More information at: https://app.pulumi.com/pat-pulumi-corp/static-secrets/dev
Use `pulumi stack select` to change stack; `pulumi stack ls` lists known ones
With pulumi-yaml v1.3.0, the update correctly sets the value of my-secret to password:
static-secrets ❯ pulumi stack
Current stack is dev:
Owner: pat-pulumi-corp
Last updated: 5 seconds ago (2023-11-09 14:41:12.667638 -0800 PST)
Pulumi version used: 3.92.0
Current stack resources (1):
TYPE NAME
pulumi:pulumi:Stack static-secrets-dev
Current stack outputs (1):
OUTPUT VALUE
my-secret password
More information at: https://app.pulumi.com/pat-pulumi-corp/static-secrets/dev
Use `pulumi stack select` to change stack; `pulumi stack ls` lists known ones
I am reasonably certain that the recent changes to consume config as property values were available has broken support for secret config. Consider the stack + program below:
With
pulumi
v3.92.0 andpulumi-yaml
v1.4.0, updating this stack leaves themy-secret
output with the value{}
:With
pulumi-yaml
v1.3.0, the update correctly sets the value ofmy-secret
topassword
: