I m seeing weird intermittent secret decryption failures on Pulumi Community #general

I'm seeing weird intermittent secret decryption fa...

sticky-kitchen-61063

03/25/2024, 6:21 PM

I'm seeing weird intermittent secret decryption failures on the same stack after using

pulumi stack change-secrets-provider

with AWS KMS. The strange thing is some previews work and some don't with no change:

Copy code

❯
AWS_REGION=us-west-2 AWS_PROFILE=pulumi pulumi up
Previewing update (prod-usw2):
error: constructing secrets manager of type "cloud": secrets (code=InvalidArgument): InvalidCiphertextException:
❯
AWS_REGION=us-west-2 AWS_PROFILE=pulumi pulumi up
error: getting stack configuration: get stack secrets manager: secrets (code=InvalidArgument): InvalidCiphertextException:
❯
AWS_REGION=us-west-2 AWS_PROFILE=pulumi pulumi up
Previewing update (prod-usw2):
....preview continues successfully...

Has anyone else seen anything like this or have an idea how to fix it?

sticky-kitchen-61063

03/25/2024, 6:33 PM

Sometimes it even gets through the preview but then has an auth error on the apply:

Copy code

Do you want to perform this update? yes
Updating (prod-usw2):
error: constructing secrets manager of type "cloud": secrets (code=InvalidArgument): InvalidCiphertextException:

but then it will work on the next attempt:

Copy code

Do you want to perform this update? yes
Updating (prod-usw2):
     Type                         Name                               Status              Info
     pulumi:pulumi:Stack          aws-eks-prod-usw2                  running..           warning: Attempting to deploy or update resources with 1 pending operations from previous dep

Open in Slack

Previous Next