and give that service principal the perms on the s...
# azure
and give that service principal the perms on the storage obviously
No i did not set the ENV Vars, because it seems not needed with my Principal, I’m allready logged in via
az login
I can use to create Azure Resources with that Principal with no problems, have nothing to set, simply have to be logged in and selected the correct subscription. With that in mind I expected that
pulumi login <azblob://containername>
may also work and used the current user. That i may have to setup a service principal for CI Scenaries could be possible. But not on my machine with my credentials.
ah we use the same mechanism locally and on CI to avoid permissions mistakes. i've not used the azblob state at all so i don't know. we just put the whole lot in git
yes, git is the alternative, a repository with the restricted access for the state the project. (ironcally we don’t need the azure generated secrets in most of the times, also we only provide a SQL Server Admin Password because we have to, we use Managed Identity for most stuff).
👍 1
yeah we throw all that in a keyvault but dont use it anywhere, msi also
might be worth filing a bug that azure secrets arent encrypted in state maybe it was overlooked when they implemented that recently