10/06/2021, 8:12 AM
Hello everyone! ๐Ÿ‘‹ I created my first stack on aws with Pulumi and everything went smoothly, resources are online and not having to deal with the AWS console everytime is super nice ๐Ÿ˜„ after that I wanted to use my S3 bucket as a pulumi backend (my Idea is to be able to manage the infrastructure from both my laptop and desktop). I was able to export the stack, then when I tried to import it after logging into the s3 backend, the cli correctly warned me about deserialization issues with
error: could not deserialize deployment: constructing secrets manager of type "service": could not find access token for <>, have you logged in?
, according to the doc i have to use
pulumi stack change-secrets-provider "<awskms://alias/keyalias?region=myregion>"
. Now, I must be doing something wrong in this part, but I canโ€™t seem to figure it out: I created a Symmetric key (trying with an asymmetric throws
, copied the alias and used the change-secrets-provider command, but i get the following output: (Iโ€™m sure the alias is correct, I also tried using the keyId instead of the alias, but i get the same error. I tried with and without passing the region param)
Migrating old configuration and state to new secrets provider
I1006 09:53:48.314796   39657 sink.go:154] defaultSink::Error(error: bad value


10/06/2021, 1:05 PM
are you trying to migrate from PulumiService to S3 backend? I did this without changing secrets provider, instead I ran
pulumi stack export --show-secrets
and removed secrets provider form the state, then imported it and configured secrets provider.


10/06/2021, 1:39 PM
Yes Iโ€™m trying to migrate and your solution works perfectly! Thank you so much! ๐Ÿ™ I did not think of inspecting the exported state file ๐Ÿ˜ž