Is there a way to have Pulumi yml interact with Az...
# azure
Is there a way to have Pulumi yml interact with Azure using Azure-Login? It works now by specifically adding each property of Azure credentials (Tenant ID, Sub ID, App ID, Cleint Secret) but to save space and time I wonder if this would work with Azure Login (with one GitHub secret for AZURE_CREDENTIALS) instead?
Hi - we use the current az cli credentials during dev, and split out the AZURE_SUBSCRIPTION parts during pipeline runs. The key is that our pulumi config never specifies any client/secret/tenant credentials. This in turn means all our devs require an az cli login, which makes sense for us - YMMV. Is that what you meant? Happy to provide more details should you need it.
Thanks for the response John Usually when I do GitHib Action deploys to Azure I can use the "Azure/Login" step to verifiy access
This uses a secret stored in GitHub Actions called "AZURE_CREDENTIALS" which contains the values of the "clientId", "clientSecret", "subscriptionId" and "tenantId" It is saved this like: { "clientId": "xxx", "clientSecret": "xxx", "subscriptionId": "xxx", "tenantId": "xxx" } I was just wondering if we could use the same approach in our pulumi yml for GitHub Actions Right now I see it works by individually setting variables/secrets for those, but it might save time and space to have one "AZURE_CREDENTIALS" variable that uses the "Azure/Login" instead
So effectively this:
Would become this:
@happy-parrot-60128 FYI