great-sundown-78827
02/19/2024, 11:45 PMPulumi.Main.yaml
file and populate it properly with the salt and provider, it gets wiped out when we run pulumi preview
and instead we’re asked to set up a new encryptoin secret. Why?
% cat Pulumi.Main.yaml
secretsProvider: <awskms://alias/pulumi-test?region=us-east-1>
encryptedKey: AQICA...
# At this point, I feel like I should be able to run these commands without touching the Pulumi stack file
% AWS_PROFILE=test pulumi stack select Main
% AWS_PROFILE=test pulumi preview
Enter your passphrase to protect config/secrets:
Re-enter your passphrase to confirm:
Previewing update (Main):
Type Name Plan Info
+ pulumi:pulumi:Stack test-Main create 1 error
Diagnostics:
pulumi:pulumi:Stack (test-Main):
...
% git diff Pulumi.Main.yaml
diff --git a/Pulumi.Main.yaml b/Pulumi.Main.yaml
index 0d430bd..98d817a 100644
--- a/Pulumi.Main.yaml
+++ b/Pulumi.Main.yaml
@@ -1,4 +1 @@
-# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
-
-secretsProvider: <awskms://alias/pulumi-test?region=us-east-1>
-encryptedKey: AQICA...
+encryptionsalt: v1:nuttCXvqPEk=:v1:4F50TOCEoSSsTDPr:X0CVw0CTdnbHmO0QBzBlP/O0HYqKJA==
red-match-15116
02/20/2024, 12:04 AMsecretsprovider
and encryptedkey
(no capitalization) - your settings as written in your config file are not registering and the service is attempting to create a key for you.red-match-15116
02/20/2024, 12:05 AM--secrets-provider
flag and it will set the correct properties: https://www.pulumi.com/docs/concepts/secrets/#aws-key-management-service-kmsgreat-sundown-78827
02/20/2024, 12:22 AMgreat-sundown-78827
02/20/2024, 12:22 AMgreat-sundown-78827
02/20/2024, 12:23 AMred-match-15116
02/20/2024, 2:30 AMsecretsProvider
, in python it'll be secrets_provider
, in go it'll be SecretsProvider
, etc.