https://pulumi.com logo
Powered by
f

faint-vegetable-61837

05/17/2019, 7:13 PM
Hi, how can I move a stack with secrets from Pulumi backend to a local backend (s3). I am getting
Copy code
could not import deployment: unknown secrets provider type
The stack that I created was using secret outputs
w

white-balloon-205

05/17/2019, 7:35 PM
Cc @bitter-oil-46081 for pointer to docs on this.
b

bitter-oil-46081

05/17/2019, 9:47 PM
@faint-vegetable-61837 When you were managing this stack with the Pulumi service, you were using the default secrets provider (i.e. you did not have type in a passphrase on each operation, and the encryption was managed by the Pulumi service for you)?
f

faint-vegetable-61837

05/17/2019, 10:05 PM
Yes, thats right, we were just using --secret option without setting a passphrase
b

bitter-oil-46081

05/17/2019, 10:13 PM
Okay - Thanks. The state file you are trying to import, it should have a 
secrets_providers
section in it, does it? If so, does the object have a 
type
member?
FWIW - I don't believe we have a good story here for moving from the service to the local backend when using secrets. The crux of the issue is when you 
pulumi stack export
a stack, all of the secret values are going to be encrypted with a key managed by the pulumi service, and the local backend is not going to understand how to interact with these keys. I think this is something we can support however. My previous question is related to me trying to understand how we could have gotten the error you ended up getting (the fact that the there's no name after 
type
in that message is confusing to me)
Powered by