This message was deleted.
# general
s
This message was deleted.
l
For now I changed the prod stack passphrase to the same as the other stacks. Really not a good solution. So I'd still appreciate any input / feedback / direction on if this is possible and, if so, how. Based on what I'm seeing right now, this seems to be a conflict between what we're able to do with secrets providers (a documented feature) and stack references (also a documented feature). Note that I have already seen these issues: • https://github.com/pulumi/pulumi/issues/5151 and • https://github.com/pulumi/pulumi/issues/4665 No updates of note in ~3+ years.
Bump. @billowy-army-68599??
b
This is not supported now as you point out. The secrets provider needs to be able to decrypt the value. If you need to do this, use a cloud secrets provider like a kms key or the Pulumi service
Also: I appreciate you need an answer, but this is a best effort support basis.
✔️ 1
l
Thanks for the reply. It's not clear to me how using a cloud secrets provider fixes the issue. Is that b/c the provider is internally "known" by each stack so when I call "new StackReference" it knows everything required for that referenced stack, separate from the current stack?
I appreciate you need an answer, but this is a best effort support basis.
You're right. I know that. My apologies if I came across as demanding.