nice-application-79035
04/08/2024, 6:47 PMazurekeyvault
as a secret provider. From the observation of the below task, first it set the secret provider as an azurekeyvault but when pulumi up
starts running, and during the run it changes the secret provider to passphrase
. I am not able to understand why it is changing the secret provider from azurekeyvault to passphrase. Can someone please let me know the reason?
- task: AzureCLI@2
displayName: 'Pulumi stack select and up'
inputs:
azureSubscription: '${{ parameters.azureSubscription }}'
scriptType: 'bash'
scriptLocation: 'inlineScript'
addSpnToEnvironment: true
inlineScript: |
pulumi login --cloud-url azblob://$(PULUMI_STACKS_BLOB_CONTAINER)?storage_account=$(AMAP_DEV_STORAGE_ACCOUNT)
cd $(Build.SourcesDirectory)/cicd/iac/
pulumi stack select organization/ruc/$(stackName)
pulumi stack change-secrets-provider $(AMAP_DEV_PULUMI_KEY_URL)
pulumi up --yes --config-file=$(CONFIG_FILE_PATH)
env:
AZURE_STORAGE_ACCOUNT: $(AMAP_DEV_STORAGE_ACCOUNT)
AZURE_STORAGE_KEY: $(AMAP_DEV_STORAGE_ACCOUNT_KEY)
ARM_CLIENT_ID: $(ARM-CLIENT-ID)
ARM_TENANT_ID: $(ARM-TENANT-ID)
ARM_CLIENT_SECRET: $(ARM-CLIENT-SECRET)
ARM_ENVIRONMENT: '${{ variables.cloudEnvironment }}'
AZURE_KEYVAULT_AUTH_VIA_CLI: 'true'
PULUMI_CONFIG_PASSPHRASE:
nice-application-79035
04/10/2024, 6:47 AMfast-sandwich-30809
04/17/2024, 4:21 PMAMAP_DEV_PULUMI_KEY_URL
as an env var in the script, but I don't see it being set in the env:
block - that might be it?