Is there any good documentation regarding self-managed backend? I logged into s3 and followed along the “Create a New Project” guide under AWS. I am successfully creating the buckets after running pulumi up, however I cannot understand this passphrase issue for the life of me. I understand that using pulumi’s service it does all the management for you, but I want to be self hosted so this is throwing a wrench in all their documentation and I can't really follow along. Current issue running pulumi on windows with python as the language-once successfully running pulumi up, I cannot run any command because it constantly says

"error: constructing secrets manager of type “passphrase”: unable to find either ‘PULUMI_CONFIG_PASSPHRASE’ or ‘PULUMI_CONFIG_PASSPHRASE_FILE’ when trying to access the Passphrase Secrets Provider; please ensure one of these environments barebones is set to allow the operation to continue”

I have tried a number of ways to “set” the passphrase but no luck. First tried setting it locally in my windows environment variables list and then tried

pulumi config set —secret PULUMI_CONFIG_PASSPHRASE “Test”

And yes “Test” is the passphrase I used when running pulumi up, just trying to understand how it's all working then I would use something more secure. Along with setting it up before running pulumi up by running

pulumi stack unit dev —secrets-provider passphrase

It just continuously gives me the error above after I run any subsequent commands after a successful pulumi up. For instance after creating the bucket I run

pulumi stack output bucket_name

and then get the same passphrase error above. I have to be missing something super simple lol. I have deleted everything and redid it multiple times but no luck. I just can't find anything on my own so I appreciate any help!

it needs to be set as an environment variable. i dont have a windows machine, so not sure how that's done

So I did set

PULUMI_CONFIG_PASSPHRASE

with the value

“Test”

as an environment variable, but pulumi still wasn't happy. Also felt that this was a bit odd since the password would then be stored as a plain text value in the environment variable. Is that truly expected? Seemed a bit counter intuitive lol

you can set a secrets manager as a stack encryption manager too, environment variables are just the default

@able-honey-93860 how did you set the env var?

Ok I finally got it to work. I setup the environment variable before running pulumi up and it seemed to work better than setting it up after running pulumi up. I was using ps command to set the variable as well as through SystemPropertiesAdvanced.exe. Nonetheless, it's all good now. However a new issue is happening where pulumi can't import the okta package that I installed. I confirmed the package is installed successfully because if I open python console directly I can run

import pulumi_okta as okta

just fine. So I think it might be due to pulumi using its own python exe? I installed via chocolatey, but have since uninstalled it and decided to install through the cmd command since I am more familiar with picking apart installs when they're not done via choco. This work however the environment variable set within CMD is being leveraged and I can run pulumi in cmd, but I can't run pulumi in powershell. Superrrr weird since I verified the environment variable is set in the gui, I have reloaded multiple powershell sessions and ran

refreshenv

quite a few times, however when I run

(Get-ChildItem -path env:PATH).value -split “;”

it doesn't pull in the environment variable. So odd, I am definitely more of a powershell user and never used cmd to set env variables before. I think I can figure out a fix eventually, but just another growing pain haha

when i faced the error msg first time i started using pulumi, i just set the env var and it worked. no time spent

Yeah it's definitely an easy way out to manually set it, but it's easy enough to include it in the script/command provided by their documentation. It's all about making it simple to setup/use so it's more readily adopted by the community. Otherwise a user will have their doubts if they have to figure out their own workaround from the first few mins of using pulumi.