https://pulumi.com logo
#google-cloud
Title
# google-cloud
f

fierce-memory-34976

09/23/2020, 10:25 AM
Hi, i have created a new stack with:
pulumi stack init dev --secrets-provider="gcpkms://<redacted>"
and in my code I have:
var config = new Config();
and later in code in an env var definition:
Value = config.RequireSecret("dev-db-connection-string")
and when i try pulumi up i still get:
Missing Required configuration variable 'projectName:dev-db-connection-string'
`please set a value using the command `pulumi config set projectName:dev-db-connection-string <value>`` the secret in GCP is called obviously
dev-db-connection-string
what am I missing?
does this only provide the key to encrypt the secrets and the secrets are/should be still kept by pulumi?
g

green-school-95910

09/23/2020, 11:39 AM
You are using Pulumi Config, which reads from the stack config file
f

fierce-memory-34976

09/23/2020, 11:46 AM
great, thanks!
@green-school-95910 is there perhaps somewhere an example how this is used in C#
What I mean - is there a way to read existing secrets in GCP from Pulumi? All I see is ways to create a new secret..
g

green-school-95910

09/23/2020, 1:31 PM
I don't think there is an example of this particular resource on any oss repo. But at the lower in the page there is the
getSecretVersion
function, which gets a secret that already exists.
f

fierce-memory-34976

09/24/2020, 12:02 PM
finally got it to work with
Copy code
Value = Output.Create(Pulumi.Gcp.SecretManager.GetSecretVersion.InvokeAsync(new Pulumi.Gcp.SecretManager.GetSecretVersionArgs
                                   {
                                       Secret = "projects/<some_id>/secrets/<secret_name>"
                                   })).Apply(x => x.SecretData)
g

green-school-95910

09/24/2020, 1:52 PM
Oh, right.... I should have asked which language you are using and pointed to the specific docs
Sorry about that
3 Views