This message was deleted.
# generals
sparse-intern-71089
09/21/2023, 7:34 PMThis message was deleted.
l
little-library-54601
09/21/2023, 8:16 PMFor now I changed the prod stack passphrase to the same as the other stacks. Really not a good solution.
So I'd still appreciate any input / feedback / direction on if this is possible and, if so, how.
Based on what I'm seeing right now, this seems to be a conflict between what we're able to do with secrets providers (a documented feature) and stack references (also a documented feature).
Note that I have already seen these issues:
• https://github.com/pulumi/pulumi/issues/5151
and
• https://github.com/pulumi/pulumi/issues/4665
No updates of note in ~3+ years.
little-library-54601
09/22/2023, 2:24 PMBump. @billowy-army-68599??
b
billowy-army-68599
09/22/2023, 2:32 PM
This is not supported now as you point out. The secrets provider needs to be able to decrypt the value. If you need to do this, use a cloud secrets provider like a kms key or the Pulumi service
billowy-army-68599
09/22/2023, 2:34 PM
Also: I appreciate you need an answer, but this is a best effort support basis.
✔️ 1
l
little-library-54601
09/22/2023, 2:34 PMThanks for the reply. It's not clear to me how using a cloud secrets provider fixes the issue.
Is that b/c the provider is internally "known" by each stack so when I call "new StackReference" it knows everything required for that referenced stack, separate from the current stack?
little-library-54601
09/22/2023, 2:35 PMI appreciate you need an answer, but this is a best effort support basis.You're right. I know that. My apologies if I came across as demanding.