• q

    quiet-laptop-13439

    1 week ago
    crickets
  • b

    brash-alligator-49865

    1 week ago
    Hi all, was anyone able to make KMS work? I tried both options with existing project/region/keyring in https://www.pulumi.com/docs/intro/concepts/secrets/
  • b

    brash-alligator-49865

    1 week ago
    but when i set up a secret it continues to use Pulumi local yaml 😕
  • b

    brash-alligator-49865

    1 week ago
    Is it just me?
  • b

    brash-alligator-49865

    1 week ago
    I also believe the semantic is wrong: the example asks you to provide a KEY but I believe you should provide a KEYRING to support multiple secrets:
  • b

    brash-alligator-49865

    1 week ago
    pulumi stack init my-stack --secrets-provider="<gcpkms://projects/acmecorpsec/locations/us-west1/keyRings/prod/cryptoKeys/payroll>"
  • b

    brash-alligator-49865

    1 week ago
    i would have thought this would make much more sense:
    pulumi stack init my-stack --secrets-provider="<gcpkms://projects/acmecorpsec/locations/us-west1/keyRings/prod/>"
  • b

    brash-alligator-49865

    1 week ago
    unless I just misunderstood and the KMS key is single and its just used to decrypt the local keys? This would make also sense.
    b
    1 replies
    Copy to Clipboard
  • f

    famous-kite-52506

    5 days ago
    @sparse-park-68967 Hi, I was wondering was is the ETA for the native gcp provider release (out of preview)? In the meantime, I guess it is safer to use the classic provider?
    f
    g
    2 replies
    Copy to Clipboard
  • g

    gorgeous-country-43026

    4 days ago
    Hmm. It looks like Google APIs do not allow managing Firebase projects via normal
    gcloud auth
    authenticated users but you are forced to use a service account? Is this true and is there any way to go around this? I mean,
    gcloud auth
    is much better security wise for IaC unless one setups infrastructure setup into CI/CD but then one cannot really do development locally. Any tips or tricks or am I screwed?