This message was deleted.
# generals
sparse-intern-71089
08/25/2022, 11:14 AMThis message was deleted.
e
echoing-dinner-19531
08/25/2022, 12:08 PMSo only the master key goes through azure key vault. All the config values are encrypted via AES256 using that master key.
echoing-dinner-19531
08/25/2022, 12:09 PMI don't think there's a good interface into the engine to get it to do this decryption ad-hoc
echoing-dinner-19531
08/25/2022, 12:09 PMProbably worth an issue to github to ask for an interface
👍 1
d
damp-honey-93158
08/25/2022, 3:48 PMdo you mind pointing me in the direction I would need to ask for that - I'm happy to raise an issue for this. I would also like to ask if you are able to explain how I might go about pulling the v1<something><else> apart in order to decrypt, or perhaps easier is just pointing me at the encryption provider ?
e
echoing-dinner-19531
08/25/2022, 5:06 PMhttps://github.com/pulumi/pulumi/issues for the new issue.
In terms of the secret format it's,
v1:<nonce>:<AES256GCGM encrypted data>d
damp-honey-93158
08/26/2022, 6:49 AMthanks - and hopefully last q, can you point me in the direction of the secrets provider code? I'm failing to decode the encryptedkey value from pulumi config (assuming this is the master key that I'll need when using Aes256)
damp-honey-93158
08/26/2022, 7:00 AMLooking at this now: https://gocloud.dev/howto/secrets/
damp-honey-93158
08/27/2022, 6:15 PMMy attempt at articulation of said request: https://github.com/pulumi/pulumi/issues/10511
e
echoing-dinner-19531
08/30/2022, 7:18 AMAh sorry was a long weekend. The secrets provider code in pulumi is mostly in https://github.com/pulumi/pulumi/tree/master/pkg/secrets.
8 Views