Pulumi Random

Warnings

• breaking In version `v4.18.4`, there was a breaking schema change for the `pulumi:providers:random/terraformConfig` function. The input type of `__self__` changed from `#/resources/pulumi:providers:random` to `#/provider`.
  Fix: Review and update any explicit references or configurations related to the `terraformConfig` provider function if directly interacting with the provider's schema or low-level internals. Most user-level code should not be directly affected, but custom provider logic or advanced configurations might need adjustment.
• gotcha The `pulumi-random` provider manages randomness by generating values once during resource creation and then holding them steady until the inputs change. To explicitly trigger recreation of a random value, use the `keepers` input property. Changes to the `keepers` map will force the resource to regenerate its random output.
  Fix: Use the `keepers` map with arbitrary key/value pairs that represent the dependencies for the random value. If any value in `keepers` changes, the random resource will be recreated. For example, include a version number or a hash of dependent inputs in `keepers`.
• gotcha The default random results generated by this provider are generally not suitable for cryptographic use unless explicitly stated otherwise (e.g., `RandomPassword` which uses a cryptographic random number generator).
  Fix: Always check the specific resource documentation (e.g., `RandomPassword`, `RandomBytes`, `RandomId`) if you require cryptographically secure randomness. For general unique identifiers or simple random strings, the provider's resources are sufficient.
• gotcha Choose the appropriate random resource: `RandomString` generates a random alphanumeric string, `RandomPassword` generates a sensitive random string (suitable for passwords and treated as sensitive in Pulumi state), and `RandomId` generates unique identifiers (e.g., for resource names).
  Fix: Prefer `RandomPassword` for sensitive data that should not be displayed in logs or state, and `RandomId` for unique identifiers that minimize collision risk. Use `RandomString` for non-sensitive, general-purpose random alphanumeric strings.
• gotcha When defining dynamic provider resources, if your `Output` object contains more data elements than your `Input` (e.g., a field generated by the provider), these additional output fields might be undefined when attempting to access them later, even if they exist in the state file.
  Fix: Ensure that if your Pulumi resource outputs need to be used as inputs for subsequent operations, they are explicitly represented or 'predeclared' within the resource's type definition to allow for correct rehydration from the state. Consult the Pulumi dynamic provider documentation for best practices.

Install

• pip install pulumi_random Install pulumi-random

Imports

• RandomPassword

  from pulumi_random import RandomPassword

  Pulumi Python SDKs typically import classes directly from the top-level package or a sub-module like `pulumi_random.index` rather than deeply nested paths for resources.
• pulumi_random

  import pulumi_random as random

  Common convention to alias the provider for brevity.
• pulumi

  import pulumi

Quickstart

This example demonstrates how to create a `RandomPassword` resource with specific length and character requirements. The `keepers` map ensures the password is only regenerated if the values in the map change. The `bcrypt_hash` is exported instead of the raw `result` due to its sensitive nature.

import pulumi
import pulumi_random as random

# Generate a random password for a database user
# The result is treated as sensitive and not displayed in console output
password = random.RandomPassword("db-password",
    length=16,
    special=True,
    override_special="_@%",
    keepers={
        "purpose": "db_user_password"
    }
)

pulumi.export("generated_password_result_hash", password.bcrypt_hash)