docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Secrets concepts page engineering review

Open toriancrane opened this issue 1 year ago • 1 comments

Regarding the Secrets concept page:

  • [x] Is the doc representative of the facts? Are the topics covered on the page accurate?
  • [x] Are there features of this topic not covered in the guide? Is there anything missing?
  • [x] Are there features listed in the guide that no longer exist?
  • [x] Are we covering the right concepts and providing relevant use cases/ examples?

toriancrane avatar Apr 22 '24 16:04 toriancrane

Some things that should be updated as I was reading through the page:

https://github.com/pulumi/pulumi-hugo/blob/ec2b6fed8fd7c58cc8d397ac1fed3f20ec170f79/themes/default/content/docs/concepts/secrets.md?plain=1#L82-L83

- Setting `configuration.${KEY}.Secret: true` when reading a value from the config.
- Calling `Fn::Secret` to construct a secret from an existing value.

Should be

- Setting `config.${KEY}.secret: true` when reading a value from the config.
- Calling `fn::secret` to construct a secret from an existing value.

https://github.com/pulumi/pulumi-hugo/blob/ec2b6fed8fd7c58cc8d397ac1fed3f20ec170f79/themes/default/content/docs/concepts/secrets.md?plain=1#L179-L181

configuration:
  mySecretValue:
    secret: true

Should be:

config:
  mySecretValue:
    type: string
    secret: true

https://github.com/pulumi/pulumi-hugo/blob/ec2b6fed8fd7c58cc8d397ac1fed3f20ec170f79/themes/default/content/docs/concepts/secrets.md?plain=1#L236

Similarly, if our program attempts to print the value of `dbPassword` to the console-either intentionally or accidentally-Pulumi will mask it out:

I don't know if we want to get into it at all, but it may be worth noting in a note that only config values marked as secrets are masking out. Marking a secret via pulumi.secret("foo") isn't going to mask out "foo" from log console output unless the value "foo" was also a secret config value. I've seen folks be confused over this.

https://github.com/pulumi/pulumi-hugo/blob/ec2b6fed8fd7c58cc8d397ac1fed3f20ec170f79/themes/default/content/docs/concepts/secrets.md?plain=1#L610

With Pulumi ESC, you can manage secrets wherever they live. [...]

Should we have "Pulumi ESC" link to a main page on ESC that explains what it actually is? Maybe https://www.pulumi.com/docs/concepts/environments/ ?

justinvp avatar May 16 '24 05:05 justinvp

Cannot close issue:

  • does not have required labels: resolution/

Please fix these problems and try again.

pulumi-bot avatar May 18 '24 11:05 pulumi-bot