https://pulumi.com logo
s

shy-waiter-84958

08/08/2023, 3:08 PM
Hello, if you lose your current passphrase or delete the KMS key (was suppose to be migrated to Pulumi Cloud Secrets) being used for secrets provider. Is there a way to reset this? I don't care about recovering secret values, more concerned with loosing control of the resources associated with the stack I've tried just removing the secret provider from the stack.json, but it throws all kinds of errors when trying to import it.
b

billowy-army-68599

08/08/2023, 3:19 PM
no, there isn’t any way to reset this. You’ll need to: •
pulumi state delete
the resources • reimport them using the
import
resource option or using the CLI
s

shy-waiter-84958

08/08/2023, 3:34 PM
Well that stinks, thanks.
b

billowy-army-68599

08/08/2023, 3:40 PM
the alternative is to fundamentally break the encryption model, which I don’t think is a good option. If the underlying encryption key has disappeared, you can’t decrypt values.
e

echoing-dinner-19531

08/08/2023, 8:33 PM
I have considered adding a "clean" function to just strip the state file of all secret values for this. The diff on next update would probably look pretty bad, but it would at least keep all your resource types and id's tracked.
s

shy-waiter-84958

08/08/2023, 9:17 PM
That would save a lot of time trying to re-import larger stacks with lost secrets