few-cricket-13571
08/14/2024, 7:10 AMAZURE_KEYVAULT_AUTH_VIA_CLI: "true"
to make it work but it doesn’t seem to have any effectfew-cricket-13571
08/14/2024, 7:12 AMAZURE_KEYVAULT_AUTH_VIA_CLI
was removed from go-cloud/secrets/azurekeyvault but not from any of the docs: https://github.com/google/go-cloud/pull/3202few-cricket-13571
08/14/2024, 7:47 AMfull-hydrogen-5950
08/14/2024, 8:02 AM- name: Login to Azure
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy Environment
uses: pulumi/actions@v5
with:
command: up
stack-name: test
work-dir: app
comment-on-summary: true
cloud-url: <azblob://pulumi?storage_account=xXx>
secrets-provider: <azurekeyvault://xXx.vault.azure.net/keys/pulumi>
env:
ARM_USE_OIDC: true
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
few-cricket-13571
08/14/2024, 8:03 AMfull-hydrogen-5950
08/14/2024, 8:04 AMAPPSETTING_WEBSITE_SITE_NAME: azcli-workaround
as an environment variable, or it will use the wrong login url. On the Pulumi run, I had to specify both oidc and a client secret to make it work because it doesn’t seem to authenticate the same way for secrets and state store as it does for the run.No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.
Powered by