https://pulumi.com logo
#getting-started
Title
# getting-started
c

clean-australia-88927

01/12/2024, 4:45 PM
Hey everyone 🙂 is it possible to set the value of PULUMI_CONFIG_PASSPHRASE_FILE in
Pulumi.<stack>.yaml
? I am planning to work with multiple stacks and don't want to manually set env vars whenever I change stacks
c

clever-sunset-76585

01/12/2024, 5:40 PM
You wouldn't be able to set that as an encrypted value in
Pulumi.<stack>.yaml
because that is what is used to encrypt other secret values that you store in your stack config when using the passphrase as your secrets provider. Your only option is to set that env var for each stack when you are using passphrase secrets provider. Obviously, the way around that is to use the same password but it's a bad idea to use the same password for encrypting secrets used in each stack if this anything more than a personal project that you are playing with.
One other alternative is that I created a desktop app that supports environments like Postman does for situations like this. The idea is that you can switch environments on the fly and thus activating the relevant env vars from the system tray icon.
c

clean-australia-88927

01/12/2024, 5:59 PM
I see your point for PULUMI_CONFIG_PASSPHRASE. However, I don't see why I can't have gitignored files
<http://passphrase.dev|passphrase.dev>
and
passphrase.prod
and reference them in my
Pulumi.dev.yaml
or
Pulumi.prod.yaml
configs.
What makes this issue even worse is that I can't even use tools like direnv for that because the PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE vars do not differentiate between stacks
c

clever-sunset-76585

01/12/2024, 6:05 PM
However, I don't see why I can't have gitignored files
<http://passphrase.dev|passphrase.dev>
and
passphrase.prod
and reference them in my
Pulumi.dev.yaml
or
Pulumi.prod.yaml
configs.
You should consider opening a suggestion in
pulumi/pulumi
. Your suggestion sounds reasonable to me.
What makes this issue even worse is that I can't even use tools like direnv for that because the PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE vars do not differentiate between stacks
Yep. I hear you. I've run into the same experience. The desktop app I am building lets you switch stacks using the system tray icon too. but of course, anytime env vars are changed, you have to either source them in your current session or open a new session.