Hi how can I move a stack with secrets from Pulumi backend t Pulumi Community #general

Hi, how can I move a stack with secrets from Pulum...

faint-vegetable-61837

05/17/2019, 7:13 PM

Hi, how can I move a stack with secrets from Pulumi backend to a local backend (s3). I am getting

Copy code

could not import deployment: unknown secrets provider type

faint-vegetable-61837

05/17/2019, 7:31 PM

The stack that I created was using secret outputs

white-balloon-205

05/17/2019, 7:35 PM

Cc @bitter-oil-46081 for pointer to docs on this.

bitter-oil-46081

05/17/2019, 9:47 PM

@faint-vegetable-61837 When you were managing this stack with the Pulumi service, you were using the default secrets provider (i.e. you did not have type in a passphrase on each operation, and the encryption was managed by the Pulumi service for you)?

faint-vegetable-61837

05/17/2019, 10:05 PM

Yes, thats right, we were just using --secret option without setting a passphrase

bitter-oil-46081

05/17/2019, 10:13 PM

Okay - Thanks. The state file you are trying to import, it should have a

secrets_providers

section in it, does it? If so, does the object have a

type

member?

bitter-oil-46081

05/17/2019, 10:17 PM

FWIW - I don't believe we have a good story here for moving from the service to the local backend when using secrets. The crux of the issue is when you

pulumi stack export

a stack, all of the secret values are going to be encrypted with a key managed by the pulumi service, and the local backend is not going to understand how to interact with these keys. I think this is something we can support however. My previous question is related to me trying to understand how we could have gotten the error you ended up getting (the fact that the there's no name after

type

in that message is confusing to me)

Open in Slack

Previous Next