example-pulumi-secrets-policy

An example using Pulumi CrossGuard for policy as code to ensure a database password is secret and will be encrypted in the Pulumi stack state file.

The example uses a few Pulumi features:

Encrypted Secrets to protected the password provided to the application.
additionalSecretOutputs to ensure the password output from the database is encrypted.
Policy as Code ("CrossGuard") to ensure additionalSecretOutputs is set correctly

Usage (Local Policy Enforcement)

pulumi stack init
pulumi config set clusterPassword --secret
pulumi up --policy-pack policy-as-code

Usage (Server-Side Policy Enforcement)

pulumi stack init
pulumi config set clusterPassword --secret
cd policy-as-code
pulumi policy publish <org>
pulumi policy enable aws-typescript latest
cd ..
pulumi up

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
policy-as-code		policy-as-code
.gitignore		.gitignore
LICENSE		LICENSE
Pulumi.yaml		Pulumi.yaml
README.md		README.md
index.ts		index.ts
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

example-pulumi-secrets-policy

Usage (Local Policy Enforcement)

Usage (Server-Side Policy Enforcement)

About

Languages

License

clstokes/example-pulumi-secrets-policy

Folders and files

Latest commit

History

Repository files navigation

example-pulumi-secrets-policy

Usage (Local Policy Enforcement)

Usage (Server-Side Policy Enforcement)

About

Topics

Resources

License

Stars

Watchers

Forks

Languages