https://pulumi.com logo
Title
m

microscopic-cpu-38113

03/24/2023, 5:14 PM
hi there, I encountered a rare situation in which all the Datadog API call returns 403 forbidden during pulumi preview. The datadog app key and api key have bee the same and it's been working all these while until yesterday where things started to get broken :
[38;5;1merror: [0m[0mPreview failed: refreshing urn:pulumi:staging::spinoff::datadog:index/user:User::us5-standard-user-user1: 1 error occurred:
	* error getting user from <https://us5.datadoghq.com/api/v2/users/xxxxxxxxxxxxxxxxx>: 403 Forbidden: {"errors":["Forbidden"]}
Datadog support has requested the headers that was sent from Pulumi to Datadog, is there a way to retrieve this information? TIA
s

stocky-restaurant-98004

03/24/2023, 5:36 PM
Are you in the US environment?
m

microscopic-cpu-38113

03/25/2023, 12:13 AM
Yes, us5
I am not sure if this could be the problem, when I compare the AppKey, it seems that the old AppKey configured previously is no longer valid on the Datadog Console, and from the state file, it seems saving the AppKey value, in this case, can we replace the old AppKey with a new one in the state file to recover it?
think I've resolved this by replacing the hardcoded appkey value with the new app key. Will use the pulumi runtime environment instead to keep our state file as free as possible
s

stocky-restaurant-98004

03/27/2023, 2:29 PM
You can safely add those keys by doing
pulumi config set --secret
Pulumi will only store the encrypted value - no secrets in plaintext.