gifted-balloon-26385
12/13/2023, 7:07 AMThe steps in this guide will work for Pulumi ESC if you use the following syntax instead:
pulumienvironmentsorgcontosoenv:<yaml>
Make sure to replace contoso with the name of your Pulumi organization and use the literal value of <yaml> as shown above.mean literally put
pulumi:environments:org:contoso:env:<yaml>
verbatim, as in with “<yaml>” not replaced with anything, as the subject condition in the trust policy?red-match-15116
12/13/2023, 3:24 PMsparse-apartment-71989
02/19/2024, 3:35 PMpulumi:environments:org:[myorg]:env:<yaml>
was needed for IAC to access the secrets via OIDC (in my case GCP Secret Manager secrets). However, the Pulumi ESC web console could not access them unless I also provided pulumi:environments:org:[myorg]:env:dev
subject