can i set env vars during runtime? setting GOOGLE_CREDENTIALS for gcp provider for example doesn’t seem to work

@quick-king-51158 this should definitely work. The docs explain all the settings you can have, also via env variables. https://www.pulumi.com/registry/packages/gcp/installation-configuration/ If you have a reproducible case where it indeed doesn’t work, please create a Github issue and attach the setup to reproduce.

yes, if i set in the shell before pulumi up, it works

That won’t work unfortunately. Due to the architecture of Pulumi, our CLI, the language runtime and all the providers need access to these environment variables. If you set it in Go (which is the language host at that moment), you only have these available there and these aren’t propagated to the CLI/engine and providers.

ok, thanks. and can i configure the provider from code?

You have the option to set it as stack configuration when using the default provider, or as constructor arguments to an explicit provider object. Keep in mind though, that the more you hardcode, the less flexible it can be in a team context.

ok, thanks

have a look here, one of our best practices is to use multiple service accounts with least privilege, this code gets a access token and sets a provider up with those credentials - the caller needs "service account user" permissions to assume the service account however. https://github.com/garybowers/google-cloud-pulumi/blob/garyb/defaults/go/blueprints/gke-multicluster-gateway/main.go

thanks, i will take a look into this