Hi, how can I move a stack with secrets from Pulum...
# general
Hi, how can I move a stack with secrets from Pulumi backend to a local backend (s3). I am getting
Copy code
could not import deployment: unknown secrets provider type
The stack that I created was using secret outputs
Cc @bitter-oil-46081 for pointer to docs on this.
@faint-vegetable-61837 When you were managing this stack with the Pulumi service, you were using the default secrets provider (i.e. you did not have type in a passphrase on each operation, and the encryption was managed by the Pulumi service for you)?
Yes, thats right, we were just using --secret option without setting a passphrase
Okay - Thanks. The state file you are trying to import, it should have a
section in it, does it? If so, does the object have a
FWIW - I don't believe we have a good story here for moving from the service to the local backend when using secrets. The crux of the issue is when you
pulumi stack export
a stack, all of the secret values are going to be encrypted with a key managed by the pulumi service, and the local backend is not going to understand how to interact with these keys. I think this is something we can support however. My previous question is related to me trying to understand how we could have gotten the error you ended up getting (the fact that the there's no name after
in that message is confusing to me)