I’m not understanding something about how Pulumi i...
# general
I’m not understanding something about how Pulumi is maintaining state… when I create the
file and populate it properly with the salt and provider, it gets wiped out when we run
pulumi preview
and instead we’re asked to set up a new encryptoin secret. Why?
Copy code
% cat Pulumi.Main.yaml
secretsProvider: <awskms://alias/pulumi-test?region=us-east-1>
encryptedKey: AQICA...

# At this point, I feel like I should be able to run these commands without touching the Pulumi stack file
% AWS_PROFILE=test pulumi stack select Main
% AWS_PROFILE=test pulumi preview
Enter your passphrase to protect config/secrets:
Re-enter your passphrase to confirm:
Previewing update (Main):
     Type                 Name              Plan       Info
 +   pulumi:pulumi:Stack  test-Main  create     1 error

  pulumi:pulumi:Stack (test-Main):

% git diff Pulumi.Main.yaml
diff --git a/Pulumi.Main.yaml b/Pulumi.Main.yaml
index 0d430bd..98d817a 100644
--- a/Pulumi.Main.yaml
+++ b/Pulumi.Main.yaml
@@ -1,4 +1 @@
-# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
-secretsProvider: <awskms://alias/pulumi-test?region=us-east-1>
-encryptedKey: AQICA...
+encryptionsalt: v1:nuttCXvqPEk=:v1:4F50TOCEoSSsTDPr:X0CVw0CTdnbHmO0QBzBlP/O0HYqKJA==
The configuration keys for setting up a secret provider are
(no capitalization) - your settings as written in your config file are not registering and the service is attempting to create a key for you.
You can also initialize the stack with the
flag and it will set the correct properties: https://www.pulumi.com/docs/concepts/secrets/#aws-key-management-service-kms
ok wait .. lemme double check that, hopefully its a simple error..
so the automation API interface uses the camelcase… i wonder why
automation api uses the convention of the language. in ts that might be
, in python it'll be
, in go it'll be
, etc.