Hi guys, I'm using azurekeyvault has secrets-provider. The azurekeyvault which contains the stack key is not in the same tenant/subscription as where the stack is deployed and I'm trying to run

pulumi cli

from a pipeline. From what I understand with

pulumi cli

(https://www.pulumi.com/docs/intro/concepts/secrets/#azure-key-vault), the secret provider authentication is based on azure environment variables:

ARM_SUBSCRIPTION_ID
ARM_CLIENT_ID
ARM_CLIENT_SECRET
ARM_TENANT_ID

is there a un-documented way of having 2 sets of Azure auth ENV. One for secret-provider and second for AzureProvider and deploying the stack? Currently it seem that the

azurekeyvault

have to be in the same subscription of where the stack is deployed. Thanks