Is there a way to have Pulumi yml interact with Azure using Azure-Login?
It works now by specifically adding each property of Azure credentials (Tenant ID, Sub ID, App ID, Cleint Secret) but to save space and time I wonder if this would work with Azure Login (with one GitHub secret for AZURE_CREDENTIALS) instead?
08/29/2022, 11:52 AM
Hi - we use the current az cli credentials during dev, and split out the AZURE_SUBSCRIPTION parts during pipeline runs. The key is that our pulumi config never specifies any client/secret/tenant credentials.
This in turn means all our devs require an az cli login, which makes sense for us - YMMV.
Is that what you meant? Happy to provide more details should you need it.
09/06/2022, 10:40 AM
Thanks for the response John
Usually when I do GitHib Action deploys to Azure I can use the "Azure/Login" step to verifiy access
This uses a secret stored in GitHub Actions called "AZURE_CREDENTIALS" which contains the values of the "clientId", "clientSecret", "subscriptionId" and "tenantId"
It is saved this like:
I was just wondering if we could use the same approach in our pulumi yml for GitHub Actions
Right now I see it works by individually setting variables/secrets for those, but it might save time and space to have one "AZURE_CREDENTIALS" variable that uses the "Azure/Login" instead