This message was deleted.
# getting-started
s
This message was deleted.
g
Pulumi service is used as a default provider, I'm not sure you can call the service directly but what you can do is to use a different secrets provider service eg. AWS KMS / Hashi Vault and then call that https://www.pulumi.com/docs/intro/concepts/secrets/#configuring-secrets-encryption
w
Yes, I had that idea too, but I dont think this would be an acceptable solution. Currently I see no way other than spawning a child process, call pulumi cli and interpret the stdout, even tough i wanted to avoid installing the pulumi cli
e
I keep asking the service team for an openapi spec of the service to point people to, would make these questions easier. There is a decrypt endpoint you can hit, gimme a minute I'll go dig it out.
❤️ 1
POST to
api/{organization}/{project}/{stack}/decrypt
with an object with one field
ciphertext
which is the base64 encoding of the bytes of the secret
👍 1
w
thank you!
The URL results in 404 😞
e
hmm I'm pretty sure that's the right url, https://github.com/pulumi/pulumi/blob/master/pkg/backend/httpstate/client/client.go#L410 It might be because you don't have the correct auth token set, or did a GET instead of POST?
oh wait! silly me I missed a part of the url
api/stacks/{organization}/{project}/{stack}/decrypt
🙌 1
Sorry about that
w
ah!
e
This is why we need an openapi spec 😆
w
thank you
ok, i receive some value now 🙂