Pulumi Secret in JSON

main.ts

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
const config = new pulumi.Config();

const kubernetesProvider = new k8s.Provider("metrics", {
  kubeconfig: config.requireSecret("kubeconfig"),
  // Why doesn't it use the namespace from the context?
  // PR submitted: https://github.com/pulumi/pulumi-kubernetes/pull/862
  namespace: "community"
});

const actualDockerHubToken = pulumi
  .output({
    dockerHubToken: config.requireSecret("docker-hub-token").apply(c => c)
  })
  .apply(c => c.dockerHubToken);

const reallyActualDockerHubToken = () => JSON.stringify(actualDockerHubToken);

console.log(reallyActualDockerHubToken());

export const imagePullSecret = new k8s.core.v1.Secret(
  "docker-hub",
  {
    type: "kubernetes.io/dockerconfigjson",
    metadata: {
      namespace: "community"
    },
    data: {
      ".dockerconfigjson": Buffer.from({
        auths: {
          "https://index.docker.io/v1/": {
            auth: actualDockerHubToken
          }
        }})
      ).toString("base64")
    }
  },
  {
    provider: kubernetesProvider
  }
);

const pod = new k8s.core.v1.Pod(
  "metrics",
  {
    metadata: {
      name: "metrics"
    },
    spec: {
      imagePullSecrets: [{ name: imagePullSecret.metadata.name }],
      containers: [
        {
          name: "metrics",
          image: "rawkode/devrel-metrics-community:latest",
          imagePullPolicy: "Always"
        }
      ]
    }
  },
  {
    provider: kubernetesProvider
  }
);

export const name = pod.metadata.name;

Too many brackets.