late-australia-13136
04/11/2024, 3:35 PMclever-sunset-76585
04/11/2024, 3:40 PMlate-australia-13136
04/11/2024, 3:41 PM${{ env.AWS_REGION }}
late-australia-13136
04/11/2024, 3:42 PMpulumi env
?clever-sunset-76585
04/11/2024, 3:42 PMOr is that only if the env variable is stored withYeah that's only if you used Pulumi ESC.?pulumi env
late-australia-13136
04/11/2024, 3:44 PMdoppler run --config prd pulumi up
and as it stands we’re relying on the doppler env variables overriding the machine level credentials at time of execution rather than being explicit about it.late-australia-13136
04/11/2024, 3:44 PMlate-australia-13136
04/11/2024, 3:46 PMclever-sunset-76585
04/11/2024, 3:49 PMDeskypus integration maybeHa, funny you should mention that. I originally wrote Environments for Deskypus thinking of local environments and helping developers switch between environment groups. You can use that to run
doppler
commands as a source for the values. The environments in Deskypus work a little like Postman's.clever-sunset-76585
04/11/2024, 3:52 PMIt would be super nice to be able to sync doppler with pulumi env/secretsPossibly. Maybe the Pulumi team would be interested in that integration, though, I doubt it would make sense for them given that Doppler is its own secrets sync service. You might propose that as a feature request in
pulumi/pulumi
to see if they would consider that.late-australia-13136
04/11/2024, 3:52 PMlate-australia-13136
04/11/2024, 3:53 PMclever-sunset-76585
04/11/2024, 3:53 PMpulschema
to build a native Pulumi provider for it. https://github.com/cloudy-sky-software/pulschemaclever-sunset-76585
04/11/2024, 3:54 PMIn theory, you could read from it in the pulumi handler and construct the cloud provider from itIndeed. That would be a good way to source the secrets from Doppler within Pulumi.
late-australia-13136
04/11/2024, 3:55 PMlate-australia-13136
04/11/2024, 3:55 PMlate-australia-13136
04/11/2024, 3:55 PMclever-sunset-76585
04/11/2024, 3:55 PMclever-sunset-76585
04/11/2024, 4:04 PMpulschema
against it and see what adjustments it might need. The thing with most of these API specs is that they are auto-generated themselves and the generator makes some assumptions that don't work with other code generators. I'll see if I can create a provider for it. Doppler has been on my list of open-source providers that I'd like to create for a while now.late-australia-13136
04/11/2024, 4:04 PMclever-sunset-76585
04/11/2024, 4:05 PMclever-sunset-76585
04/11/2024, 4:09 PM$(doppler ...)
, that it would work. In theory, I believe it should just work. So if you get a chance to try that out for your local dev experience, that'd be awesome.late-australia-13136
04/11/2024, 4:09 PMclever-sunset-76585
04/11/2024, 4:10 PMlate-australia-13136
04/11/2024, 4:11 PM# Pulumi.dev.yaml
config:
<provider>.access_key: ${{ FOO_BAR }}
Then
FOO_BAR=HELLO pulumi up
late-australia-13136
04/11/2024, 4:13 PMlate-australia-13136
04/11/2024, 4:14 PMlate-australia-13136
04/11/2024, 4:14 PMos.Getenv
in Go for examplelate-australia-13136
04/11/2024, 4:15 PMclever-sunset-76585
04/11/2024, 4:16 PMlate-australia-13136
04/11/2024, 4:17 PMlate-australia-13136
04/11/2024, 4:18 PMclever-sunset-76585
04/11/2024, 4:19 PMaws:allowedAccountIds
provider config option.clever-sunset-76585
04/11/2024, 4:20 PMI suppose if ESC already provides the general functionality, then in theory a solution would be to provide a mechanism to dynamically source the Environment key value pairsThat sounds like a good feature request for
pulumi/pulumi
:)late-australia-13136
04/11/2024, 4:20 PM