https://pulumi.com logo
Title
w

white-architect-1595

05/01/2023, 5:29 PM
I have a question, I am using C# with Azure Native and I am creating a key vault and secrets. I create my key vault var vault = new Vault(vaultName, new() { VaultName = vaultName, ResourceGroupName = resourceGroup.Name, Properties = new Pulumi.AzureNative.KeyVault.Inputs.VaultPropertiesArgs { //removed }, EnableSoftDelete = false, EnabledForDeployment = true, EnabledForDiskEncryption = true, EnabledForTemplateDeployment = true, Sku = new Pulumi.AzureNative.KeyVault.Inputs.SkuArgs { Family = "A", Name = Pulumi.AzureNative.KeyVault.SkuName.Standard, }, TenantId = identity.TenantId, }, }); and secrets like var newSecret = new Secret(Name, new() { ResourceGroupName = resourceGroup.Name, VaultName = keyVault.Name, SecretName = Name, Properties = new Pulumi.AzureNative.KeyVault.Inputs.SecretPropertiesArgs { // Only provide the value during an actual deployment. // This prevents updating the secret during a pulumi preview. Value = "SECRET VALUE", }, }, new CustomResourceOptions { DependsOn = keyVault, IgnoreChanges = { "Properties" } }); Everytime I run pulumi up it overrides the values in my keyvault, even thought I have ingore changes on. Anyone know why?? My goal here is to have Pulumi create the key vault and the secrets, and then we will go in manually to the keyvault and update the secrest with the real secret values, we only want Pulumi to create the outline of the secrets and a placeholder value Anyone know what I am doing wrong?
i

icy-doctor-13719

05/01/2023, 10:27 PM
Maybe try something like this?
}, new CustomResourceOptions { DependsOn = keyVault, IgnoreChanges = { "properties.value" } });
docs seem to make it look like it has to be camelCase: https://www.pulumi.com/docs/intro/concepts/resources/options/ignorechanges/
w

white-architect-1595

05/02/2023, 4:07 PM
i

icy-doctor-13719

05/02/2023, 4:10 PM
gotcha, so refresh before pulumi up and it’ll take your value. makes sense
w

white-architect-1595

05/02/2023, 4:34 PM
Sorta - the second you make any changes to your resources in azure portal (or anywhere outside of code) the IngoreChanges flag doesnt work. It will only continue to ingorechanges for anything code via code.