Secrets stored in plain text in the state when setting an environment variable in a stack deployment settings. #377
Labels
impact/regression
Something that used to work, but is now broken
impact/security
kind/bug
Some behavior is incorrect or out of spec
p1
A bug severe enough to be the next item assigned to an engineer
Milestone
What happened?
When using the code shown below, the stack state stores
SECRET_ENV_VAR
in plain text despite the value being marked as a secret. One, in the resourceinputs
and two, in the resourceoutputs
.Example
State
Output of
pulumi about
Additional context
Related to #376
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: