Provide a way to opt-out of secretness for Python dynamic providers #15539
Labels
area/dynamic-providers
area/sdks
Pulumi language SDKs
kind/enhancement
Improvements or new features
language/python
Milestone
The serialized Python dynamic provider code is marked as a secret by default with #13315. This was done to ensure any credentials used by a dynamic provider would not be stored in plaintext in the state. However, this can lead to performance issues due to #15538.
We should consider providing a way to opt-out of secretness, or even consider changing the default back and making it opt-in. Perhaps we could come up with a way to detect secretness similar to what the Node.js SDK does for its dynamic provider implementation.
In the meantime, if you know your Python dynamic provider implementation does not capture any secrets, and you'd like to opt-out of secretness, you could use a transformation to do so as a workaround. For example, calling
register_stack_transformation
before creating any of the dynamic resources:The text was updated successfully, but these errors were encountered: