https://pulumi.com logo
Title
b

better-shampoo-48884

03/16/2021, 1:55 PM
KeyVaults, especially with the new softDelete protection are becoming the bane of my existence.. If I protect keyvault, I have to pass the URN of 20+ other resources to delete them (note: I still want the "--exclude-protected" flag on
pulumi destroy
), if I do choose to delete the keyvault, I can't recreate the same one because it's softDeleted and therefore "still there" (nevermind that the RG is gone..). So I have to create just the RG, then restore the keyvault into the rg - but now if I try to create the keyvault in pulumi (exact same) I can't because obviously it exists - and I can't refresh because it's not in the state.. so I have to use pulumi import azure-native:keyvault:Vault (vaultname) (vaultname).. and that doesn't even work because resource (vaultname) does not exist.. 😕
right, so import requires the :id field
t

tall-librarian-49374

03/16/2021, 2:32 PM
If those are temporary stacks, why not auto-name the KeyVault with a random name?
b

better-shampoo-48884

03/16/2021, 2:37 PM
it's temporary on its way to permanence.. I do realize that I should be doing this in a "throwaway" configuration, but it's also for testing reproducability and recovery and suchlike
but still, I think the --exclude-protect flag makes sense 🙂
t

tall-librarian-49374

03/16/2021, 2:38 PM
You could also purge old keyvaults (outside Pulumi)