clean-australia-8892701/12/2024, 4:45 PM
? I am planning to work with multiple stacks and don't want to manually set env vars whenever I change stacks
clever-sunset-7658501/12/2024, 5:40 PM
because that is what is used to encrypt other secret values that you store in your stack config when using the passphrase as your secrets provider.
Your only option is to set that env var for each stack when you are using passphrase secrets provider. Obviously, the way around that is to use the same password but it's a bad idea to use the same password for encrypting secrets used in each stack if this anything more than a personal project that you are playing with.
clean-australia-8892701/12/2024, 5:59 PM
and reference them in my
clever-sunset-7658501/12/2024, 6:05 PM
However, I don't see why I can't have gitignored filesYou should consider opening a suggestion inand
<http://passphrase.dev|passphrase.dev>and reference them in my
. Your suggestion sounds reasonable to me.
What makes this issue even worse is that I can't even use tools like direnv for that because the PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE vars do not differentiate between stacksYep. I hear you. I've run into the same experience. The desktop app I am building lets you switch stacks using the system tray icon too. but of course, anytime env vars are changed, you have to either source them in your current session or open a new session.