Hello everyone, I am maintaining pulumi stack state in the self-managed backend. I made some modifications in the Azure ADO pipeline pulumi tasks to use

--secrets-provider

but the pulumi task always shows the following error

error: getting stack configuration: get stack secrets manager: passphrase must be set with PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE environment variables

. Below is my Pulumi task in the ADO pipeline. Could you please tell me why do we need to set ``PULUMI_CONFIG_PASSPHRASE` when I try to use Azure key vault as the secret provider in the environment variable?

task: Pulumi@1
  displayName: 'Pulumi Up (Namespace: ${{ parameters.namespace }})'
  retryCountOnTaskFailure: 3
  inputs:
    cwd: '$(Build.SourcesDirectory)/cicd/iac/'
    command: 'up'
    args: '--yes --config-file=$(CONFIG_FILE_PATH) --secrets-provider=$(KEY_VAULT_PULUMI_KEY)'
    loginArgs: '--cloud-url <azblob://pulumistacks?storage_account=$(STORAGE_ACCOUNT_NAME)>'
    stack: 'organization/test/virtual-${{ parameters.namespace }}'
    azureSubscription: $(PULUMI_STACK_SUBSCRIPTION)
    createStack: true
  env:
    AZURE_STORAGE_ACCOUNT: $(STORAGE_ACCOUNT_NAME)
    AZURE_STORAGE_KEY: $(STORAGE_ACCOUNT_KEY)
    AZURE_KEYVAULT_AUTH_VIA_CLI: "true"

(edited)

I thought we might already have an issue for this at https://github.com/pulumi/actions/issues as I'm sure this has come up before. Probably worth raising an issue to track this, I think it's a bug in the nodejs automation api but needs a proper investigation.