No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

image.png

I have run into this with dynamic providers, where pulumi must be able to refresh using only information from the statefile. I managed to avoid serializing secrets by serializing code that would read the secrets from env variables, and then wrapping pulumi in another process to do the auth and set those secrets.

I am _praying_ that the native provider doesn't have to do this. All of the resources in this stack use the same provider, which has always used an azure-attached managed identity on the deployment VM. If there's anything serialized, I'm hoping it's an instruction to "Go ask the IMDS for a token"

Are you by any chance setting `azure-native:oidcToken`, f.x. via ESC?

Not via esc - This stack is actually old enough that it may have been "contaminated" by me trying to use az login for auth, which would explain the above. It's probably on me. I'm no longer under pressure to revive it though; so we will likely just nuke it and import the resources via a "correct" stack if we ever need to make changes.