This message was deleted.

sparse-intern-71089

03/31/2020, 1:18 PM

This message was deleted.

mammoth-train-70005

03/31/2020, 1:28 PM

No i did not set the ENV Vars, because it seems not needed with my Principal, I’m allready logged in via

az login

I can use to create Azure Resources with that Principal with no problems, have nothing to set, simply have to be logged in and selected the correct subscription. With that in mind I expected that

pulumi login <azblob://containername>

may also work and used the current user. That i may have to setup a service principal for CI Scenaries could be possible. But not on my machine with my credentials.

better-rainbow-14549

03/31/2020, 1:31 PM

ah we use the same mechanism locally and on CI to avoid permissions mistakes. i've not used the azblob state at all so i don't know. we just put the whole lot in git

mammoth-train-70005

03/31/2020, 1:36 PM

yes, git is the alternative, a repository with the restricted access for the state the project. (ironcally we don’t need the azure generated secrets in most of the times, also we only provide a SQL Server Admin Password because we have to, we use Managed Identity for most stuff).

👍 1

better-rainbow-14549

03/31/2020, 1:38 PM

yeah we throw all that in a keyvault but dont use it anywhere, msi also

better-rainbow-14549

03/31/2020, 1:38 PM

might be worth filing a bug that azure secrets arent encrypted in state maybe it was overlooked when they implemented that recently

5 Views

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.