https://pulumi.com logo
#general
Title
# general
s

sticky-kitchen-61063

03/25/2024, 6:21 PM
I'm seeing weird intermittent secret decryption failures on the same stack after using
pulumi stack change-secrets-provider
with AWS KMS. The strange thing is some previews work and some don't with no change:
Copy code
❯
AWS_REGION=us-west-2 AWS_PROFILE=pulumi pulumi up
Previewing update (prod-usw2):
error: constructing secrets manager of type "cloud": secrets (code=InvalidArgument): InvalidCiphertextException:
❯
AWS_REGION=us-west-2 AWS_PROFILE=pulumi pulumi up
error: getting stack configuration: get stack secrets manager: secrets (code=InvalidArgument): InvalidCiphertextException:
❯
AWS_REGION=us-west-2 AWS_PROFILE=pulumi pulumi up
Previewing update (prod-usw2):
....preview continues successfully...
Has anyone else seen anything like this or have an idea how to fix it?
Sometimes it even gets through the preview but then has an auth error on the apply:
Copy code
Do you want to perform this update? yes
Updating (prod-usw2):
error: constructing secrets manager of type "cloud": secrets (code=InvalidArgument): InvalidCiphertextException:
but then it will work on the next attempt:
Copy code
Do you want to perform this update? yes
Updating (prod-usw2):
     Type                         Name                               Status              Info
     pulumi:pulumi:Stack          aws-eks-prod-usw2                  running..           warning: Attempting to deploy or update resources with 1 pending operations from previous dep