https://pulumi.com logo
Title
b

bitter-carpenter-93554

03/16/2023, 5:35 AM
Hey!
pulumi stack init my-stack \
    --secrets-provider="<hashivault://payroll>"
Command above works fine when I set env variable
VAULT_TOKEN
. However, id does not work when
VAULT_TOKEN
is unset and instead I have token in my
~/.vault-token
. Is it possible to make pulumi work with
~/.vault-token
?
s

steep-sunset-89396

03/16/2023, 5:41 AM
It doesn't appear to be supported. Could you please open an issue here https://github.com/pulumi/pulumi-service/issues/new/choose ?
b

billowy-army-68599

03/16/2023, 2:18 PM
it wouldn’t be a service issue. The authentication is handled by this library: https://github.com/google/go-cloud filing an issue there is the first step
b

bitter-carpenter-93554

03/17/2023, 12:53 AM
@billowy-army-68599 just want to confirm. The library that is use for
pulumi up/preview/destroy
have nothing to do with pulumi_vault, right ?
b

billowy-army-68599

03/17/2023, 12:54 AM
no, the provider binary and the cli binary operate differently and handle authentication differently
the cli talks to the provider via GRPC (via localhost), so they auth independently from each other
b

bitter-carpenter-93554

03/17/2023, 12:56 AM
and Pulumi team use go-cloud for this
b

billowy-army-68599

03/17/2023, 12:56 AM
go-cloud is used for the self managed secrets providers and the self managed backends
it’s NOT used for the
pulumi_vault
provider
b

bitter-carpenter-93554

03/17/2023, 12:57 AM
yeah, I am asking about self managed secret provider.
I was confused that configs like
vault:address
and
vault:namespace
would work. but, that’s not the case
thank you for clarifying this