pulumi-azure-native
pulumi-azure-native copied to clipboard
pulumi
listStaticSiteSecrets results are not marked as secrets
What happened?
The azure-native.web.listStaticSiteSecrets methods return a result that is not maked as a secret so it appear in plain text when outputing it.
Expected Behavior
The listStaticSiteSecrets result should be marked as a secret.
Steps to reproduce
const staticWebApp = new web.StaticSite("stapp-vue2048-preprod", {
resourceGroupName: resourceGroup.name,
sku: {
name: "Free",
tier: "Free"
},
repositoryUrl: "",
});
export const staticWebAppDeployToken = pulumi.secret(web.listStaticSiteSecretsOutput({name: staticWebApp.name, resourceGroupName: resourceGroup.name}).properties["apiKey"]);
If we remove the pulumi.secret the output is not a secret
Output of pulumi about
CLI Version 3.64.0 Go Version go1.20.3 Go Compiler gc
Plugins NAME VERSION azure-native 1.100.1 nodejs unknown
Host OS Microsoft Windows 11 Enterprise Version 10.0.22000 Build 22000 Arch x86_64
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@TechWatching Thanks for reporting this issue. Yes, these responses should be marked as a secret within our provider so they can be generated as a secret field! Adding this to our backlog now!
@mnlumi @rquitales Is it something coming soon? Currently anyone that does use the azure-typescript template (or similar template creating a storage account and listing its keys) will output in clear text the secret. If someone tries to run this template in a GitHub Actions workflow, the secret will be available in the logs.
By the way, the listStaticSiteSecretsfunction is not the only one with this issue.
hey @TechWatching. I will work with the team to prioritize this work and update you as soon I have news. Thanks for checking in!
