https://pulumi.com logo
#general
Title
# general
g

great-sundown-78827

02/19/2024, 11:45 PM
I’m not understanding something about how Pulumi is maintaining state… when I create the
Pulumi.Main.yaml
file and populate it properly with the salt and provider, it gets wiped out when we run
pulumi preview
and instead we’re asked to set up a new encryptoin secret. Why?
Copy code
% cat Pulumi.Main.yaml
secretsProvider: <awskms://alias/pulumi-test?region=us-east-1>
encryptedKey: AQICA...

# At this point, I feel like I should be able to run these commands without touching the Pulumi stack file
% AWS_PROFILE=test pulumi stack select Main
% AWS_PROFILE=test pulumi preview
Enter your passphrase to protect config/secrets:
Re-enter your passphrase to confirm:
Previewing update (Main):
     Type                 Name              Plan       Info
 +   pulumi:pulumi:Stack  test-Main  create     1 error

Diagnostics:
  pulumi:pulumi:Stack (test-Main):
  ...


% git diff Pulumi.Main.yaml
diff --git a/Pulumi.Main.yaml b/Pulumi.Main.yaml
index 0d430bd..98d817a 100644
--- a/Pulumi.Main.yaml
+++ b/Pulumi.Main.yaml
@@ -1,4 +1 @@
-# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
-
-secretsProvider: <awskms://alias/pulumi-test?region=us-east-1>
-encryptedKey: AQICA...
+encryptionsalt: v1:nuttCXvqPEk=:v1:4F50TOCEoSSsTDPr:X0CVw0CTdnbHmO0QBzBlP/O0HYqKJA==
r

red-match-15116

02/20/2024, 12:04 AM
The configuration keys for setting up a secret provider are
secretsprovider
and
encryptedkey
(no capitalization) - your settings as written in your config file are not registering and the service is attempting to create a key for you.
You can also initialize the stack with the
--secrets-provider
flag and it will set the correct properties: https://www.pulumi.com/docs/concepts/secrets/#aws-key-management-service-kms
g

great-sundown-78827

02/20/2024, 12:22 AM
ok wait .. lemme double check that, hopefully its a simple error..
🤦‍♂️
so the automation API interface uses the camelcase… i wonder why
r

red-match-15116

02/20/2024, 2:30 AM
automation api uses the convention of the language. in ts that might be
secretsProvider
, in python it'll be
secrets_provider
, in go it'll be
SecretsProvider
, etc.