#Passing a secret to the client.Container() in PythonSDK

hi, happy new year everyone!

could someone help me understand how to pass a secret to the Container. I'm learning python as i go as well i.e.: I can't grok the reference docs yet. I'm trying to do the dagger equivalent to this command in docker :
docker run -e PULUMI_ACCESS_TOKEN=<TOKEN> -v "$(pwd)":/pulumi/projects

this seemingly works with with_env_variable :

async def poc():
    async with dagger.Connection(dagger.Config(log_output=sys.stderr)) as client:
        src = client.host().directory("infrastructure/")
        proof = (
            client.container()
            .from_("pulumi/pulumi-python@sha256:..")
            .with_mounted_directory("/pulumi/projects", src)
            .with_env_variable("PULUMI_ACCESS_TOKEN", os.environ.get("PULUMI_ACCESS_TOKEN"))
            .with_exec(["pulumi", "up", "--yes"])
        )
        result = await proof.stdout()

but with_secret_variable() returns either 'not valid base64 encoded' or when it is, it trips up on the first or second char of the decoded string.
I can see in the docs:

with_secret_variable(name: str, secret: Secret)→ Container[source]
This container plus an env variable containing the given secret

I think I am misunderstanding what I need to pass to the with_secret_variable() function.

Hey! Have you tried https://dagger-io.readthedocs.io/en/latest/api.html#dagger.api.gen.Host.env_variable ?

token = client.host().env_variable("PULUMI_ACCESS_TOKEN").secret()
proof = (
    client.container()
    ...
    .with_secret_variable("PULUMI_ACCESS_TOKEN", token)
    ....
)

i just tried, thanks for expanding the answer. it works thank you so much!

I'm glad 🙂