{"id":5381,"library":"pulumi-random","title":"Pulumi Random","description":"The `pulumi-random` provider enables the safe use of randomness in Pulumi programs, allowing users to generate resource properties, such as names or passwords, that incorporate randomness in a way that aligns with Pulumi's goal state-oriented approach. It avoids constant re-convergence by managing random values within the Pulumi state. The library is actively maintained, with frequent releases, and is currently at version 4.19.2.","status":"active","version":"4.19.2","language":"en","source_language":"en","source_url":"https://github.com/pulumi/pulumi-random","tags":["pulumi","terraform","random","iac","cloud","infrastructure as code"],"install":[{"cmd":"pip install pulumi_random","lang":"bash","label":"Install pulumi-random"}],"dependencies":[{"reason":"Core Pulumi SDK required for all Pulumi providers.","package":"pulumi","optional":false},{"reason":"Requires Python 3.9 or newer.","package":"python","optional":false}],"imports":[{"note":"Pulumi Python SDKs typically import classes directly from the top-level package or a sub-module like `pulumi_random.index` rather than deeply nested paths for resources.","wrong":"import pulumi_random.RandomPassword","symbol":"RandomPassword","correct":"from pulumi_random import RandomPassword"},{"note":"Common convention to alias the provider for brevity.","symbol":"pulumi_random","correct":"import pulumi_random as random"},{"symbol":"pulumi","correct":"import pulumi"}],"quickstart":{"code":"import pulumi\nimport pulumi_random as random\n\n# Generate a random password for a database user\n# The result is treated as sensitive and not displayed in console output\npassword = random.RandomPassword(\"db-password\",\n    length=16,\n    special=True,\n    override_special=\"_@%\",\n    keepers={\n        \"purpose\": \"db_user_password\"\n    }\n)\n\npulumi.export(\"generated_password_result_hash\", password.bcrypt_hash)","lang":"python","description":"This example demonstrates how to create a `RandomPassword` resource with specific length and character requirements. The `keepers` map ensures the password is only regenerated if the values in the map change. The `bcrypt_hash` is exported instead of the raw `result` due to its sensitive nature."},"warnings":[{"fix":"Review and update any explicit references or configurations related to the `terraformConfig` provider function if directly interacting with the provider's schema or low-level internals. Most user-level code should not be directly affected, but custom provider logic or advanced configurations might need adjustment.","message":"In version `v4.18.4`, there was a breaking schema change for the `pulumi:providers:random/terraformConfig` function. The input type of `__self__` changed from `#/resources/pulumi:providers:random` to `#/provider`.","severity":"breaking","affected_versions":"v4.18.4 and later"},{"fix":"Use the `keepers` map with arbitrary key/value pairs that represent the dependencies for the random value. If any value in `keepers` changes, the random resource will be recreated. For example, include a version number or a hash of dependent inputs in `keepers`.","message":"The `pulumi-random` provider manages randomness by generating values once during resource creation and then holding them steady until the inputs change. To explicitly trigger recreation of a random value, use the `keepers` input property. Changes to the `keepers` map will force the resource to regenerate its random output.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always check the specific resource documentation (e.g., `RandomPassword`, `RandomBytes`, `RandomId`) if you require cryptographically secure randomness. For general unique identifiers or simple random strings, the provider's resources are sufficient.","message":"The default random results generated by this provider are generally not suitable for cryptographic use unless explicitly stated otherwise (e.g., `RandomPassword` which uses a cryptographic random number generator).","severity":"gotcha","affected_versions":"All versions"},{"fix":"Prefer `RandomPassword` for sensitive data that should not be displayed in logs or state, and `RandomId` for unique identifiers that minimize collision risk. Use `RandomString` for non-sensitive, general-purpose random alphanumeric strings.","message":"Choose the appropriate random resource: `RandomString` generates a random alphanumeric string, `RandomPassword` generates a sensitive random string (suitable for passwords and treated as sensitive in Pulumi state), and `RandomId` generates unique identifiers (e.g., for resource names).","severity":"gotcha","affected_versions":"All versions"},{"fix":"Ensure that if your Pulumi resource outputs need to be used as inputs for subsequent operations, they are explicitly represented or 'predeclared' within the resource's type definition to allow for correct rehydration from the state. Consult the Pulumi dynamic provider documentation for best practices.","message":"When defining dynamic provider resources, if your `Output` object contains more data elements than your `Input` (e.g., a field generated by the provider), these additional output fields might be undefined when attempting to access them later, even if they exist in the state file.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-13T00:00:00.000Z","next_check":"2026-07-12T00:00:00.000Z"}