Hello, if you lose your current passphrase or dele...
# general
Hello, if you lose your current passphrase or delete the KMS key (was suppose to be migrated to Pulumi Cloud Secrets) being used for secrets provider. Is there a way to reset this? I don't care about recovering secret values, more concerned with loosing control of the resources associated with the stack I've tried just removing the secret provider from the stack.json, but it throws all kinds of errors when trying to import it.
no, there isn’t any way to reset this. You’ll need to: •
pulumi state delete
the resources • reimport them using the
resource option or using the CLI
Well that stinks, thanks.
the alternative is to fundamentally break the encryption model, which I don’t think is a good option. If the underlying encryption key has disappeared, you can’t decrypt values.
I have considered adding a "clean" function to just strip the state file of all secret values for this. The diff on next update would probably look pretty bad, but it would at least keep all your resource types and id's tracked.
That would save a lot of time trying to re-import larger stacks with lost secrets