No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi guys,

I'm using azurekeyvault has secrets-provider. The azurekeyvault which contains the stack key is not in the same tenant/subscription as where the stack is deployed and I'm trying to run `pulumi cli` from a pipeline.

From what I understand with `pulumi cli` (<https://www.pulumi.com/docs/intro/concepts/secrets/#azure-key-vault>), the secret provider authentication is based on azure environment variables:
```ARM_SUBSCRIPTION_ID
ARM_CLIENT_ID
ARM_CLIENT_SECRET
ARM_TENANT_ID```
is there a un-documented way of having 2 sets of Azure auth ENV. One for secret-provider and second for AzureProvider and deploying the stack?

Currently it seem that the `azurekeyvault` have to be in the same subscription of where the stack is deployed.

Thanks