https://pulumi.com logo
Join Slack
Powered by
Hi all, I'm new to ESC and going through the docum...
# esc
b
Hi all, I'm new to ESC and going through the documentation, I feel that I'm missing something... I'm developing a webapi in .net 9. I want to manage the runtime secrets in pulumi cloud using pulumi esc, and I want to access configuration and secrets using the options pattern. My requirements are: 1. support local development config/secrets 2. support local testing (running in docker using test containers and xUnit) 3. support CI pipeline testing (using github actions) 4. support deployed environments (running google cloud run and using gcp secret manager) I was thinking of creating an pulumi esc environment for each of these use cases (so for example, for local development each developer will have their own pulumi esc environment etc) I can't find anywhere how to load config and secrets from a pulumi esc environment via code in c#. What am I missing?
s
The ESC SDK isn't available in C# right now, unfortunately.
b
Thanks @stocky-restaurant-98004. Does this mean that Pulumi ESC isn't an option for me? Is there a work around by setting the secrets as env variables in docker? If there's a way for each of the scenarios above to read secrets from Pulumi cloud and run containers with the secrets as environment variables? If it's possible then could you please point me at some examples of how to do it?
s
Are you running on Kubernetes?
If so, ESC has a Secrets Operator for K8s: https://www.pulumi.com/docs/esc/integrations/kubernetes/external-secrets-operator/ Here's a helpful tutorial on integrating with Docker: https://www.pulumi.com/docs/esc/integrations/dev-tools/docker/ And also, file a feature request here: https://github.com/pulumi/esc The simplest thing though might be to use 
esc run -- your_app
as the command to start either the container or the entrypoint in the container.
I haven't tried using ESC as the entrypoint command. I just came up with it as I wrote that. If you try that approach, let me know how it works for you.
f
to add to what Josh said: while we don't currently have .NET support, it is on our radar and we have an issue for it. In the meantime you can use the esc CLI or use the ESC API directly
b
Hi, thanks both 🙂 I think I'll go down the REST Api route as it feels like the easiest to swap to the .NET provider when it's available
b
b
@bored-activity-40468 I'm spending a bit more time on this. Is there a reason why you're using executables rather than calling the REST API?
@freezing-pilot-97749 @stocky-restaurant-98004 I started using the REST API but the response I'm getting when calling "read open environment" is different to what's in the documentation. The response in the documentation looks like this:
Copy code
"values":
  "aws":
    "creds":
      "accessKeyId": "<redacted>",
      "secretAccessKey": "<redacted>",
      "sessionToken": "<redacted>",
  "environmentVariables":
    "AWS_ACCESS_KEY_ID": "<redacted>",
    "AWS_SECRET_ACCESS_KEY": "<redacted>",
    "AWS_SESSION_TOKEN": "<redacted>""
But the response I'm getting is:
CleanShot 2025-03-22 at 10.15.54@2x.png
@freezing-pilot-97749 @stocky-restaurant-98004 could you please help with this discrepancy between the documentation and what I'm seeing in practice
f
Hi, thanks for pointing this out. Yup, the docs are outdated here, we will get this fixed. The output of the open API call is the full detailed expression tree. If you want to see how this is converted to a "human friendly" output, https://github.com/pulumi/esc/blob/main/cmd/esc/cli/env_open.go is where it's done in esc, but it might be easier to use the esc CLI in your case
b
Thanks @freezing-pilot-97749. I'd rather move away from the CLI approach. For example, with the CLI approach, when running the code locally in an IDE (rider) it works fine but when using 
docker compose up
we're getting a permission denied to run the CLI from its target folder in the container... using the API will avoid things like this + it works on all platforms, unlike the CLI that requires 3 executables to be shipped with the code
b
@big-king-63459 Used the executable because it was a quick replace since envkey was shutting down. I believe the executable has some functionality built on top of the rest API but I could be wrong. Our stuff runs in containers and when the container is built esc gets permissions to run so it can execute. I used openapi-generator and kiota to generate a client which works fine but work needs done on the templates and extensions the other sdks have.
b
Thanks @bored-activity-40468 🙂 Even though the code runs in containers it still caused me some issues around permissions etc (see above). I changed the code to use the REST API and it's working well for me. I built it specifically for my app, and also only implemented the functionality that I needed (Init, Open and Get).
I used your code as a starting point but didn't update it directly so it's not something I can create PR from but I'm happy to share with you the code that I wrote in case you want to update your library
b
I had hopes that the c# pulimi esc sdk would have been available by now.
b
Good point @bored-activity-40468. @freezing-pilot-97749, @stocky-restaurant-98004 any news on that front?
b
@big-king-63459 Here's what I have to do to for esc to work in the image. Yeah, the rest api / sdk would be ideal.
f
@big-king-63459 unfortunately not yet
6 Views
Open in Slack
PreviousNext
Powered by