$Env:ARM_SUBSCRIPTION_ID = $subscriptionId $Env:AR...
# azure
$Env:ARM_SUBSCRIPTION_ID = $subscriptionId $Env:ARM_TENANT_ID = $tenantId; $Env:ARM_CLIENT_ID = $pulumiClientId; $Env:ARM_CLIENT_SECRET = $pulumiPassword; $Env:PULUMI_CONFIG_PASSPHRASE = $pulumiConfigPassword;
Also the Config Passphrase seems only for Secrets I created, not for secrets which set on the azure resources. I found cleartext Azure SQL Admin Passoword, and cleartext connectionnStrings to Blob Storage.
yeah sorry ignore hte last line i meant to just spam the ARM_ ones which control how terraform interacts with the azure api
we've had the same issue with secrets going into state and came to the same conclusion that it was better secured on our own terms