sparse-intern-71089
09/06/2019, 3:28 PMwhite-balloon-205
pulumi stack init --secrets-provider="<gcpkms://projects/pulumi-development/locations/global/keyRings/luke-kms-testing/cryptoKeys/stack-key>"
And then I confirmed that all secrets were being encrypted using the specific GCP KMS key.white-balloon-205
pulumi stack init --help
has details on configuring.quiet-wolf-18467
quiet-wolf-18467
quiet-wolf-18467
quiet-wolf-18467
quiet-wolf-18467
white-balloon-205
Sorry, could not create stack 'dev': secrets (code=NotFound): rpc error: code = NotFound desc = CryptoKey projects/pulumi-development/locations/global/keyRings/luke-kms-testing/cryptoKeys/stack not found.
You are positive that pulumi version
is v1.0.0
?white-balloon-205
quiet-wolf-18467
╰ pulumi version
v1.0.0
quiet-wolf-18467
white-balloon-205
quiet-wolf-18467
quiet-wolf-18467
white-balloon-205
curl -fsSL <https://get.pulumi.com> | sh
as well and similar useful error:
Sorry, could not create stack 'dev': secrets (code=PermissionDenied): rpc error: code = PermissionDenied desc = Req
uest had insufficient authentication scopes.
quiet-wolf-18467
╰ ~/.pulumi/bin/pulumi new --dir abc
Please choose a template: aws-javascript A minimal AWS JavaScript Pulumi program
This command will walk you through creating a new Pulumi project.
Enter a value or leave blank to accept the (default), and press <ENTER>.
Press ^C at any time to quit.
project name: (abc)
project description: (A minimal AWS JavaScript Pulumi program)
Created project 'abc'
stack name: (dev)
Enter your passphrase to protect config/secrets:
Re-enter your passphrase to confirm:
Sorry, could not create stack 'dev': stack 'dev' already exists
stack name: (dev) ^C
quiet-wolf-18467
quiet-wolf-18467
white-balloon-205
<http://pulumi.com|pulumi.com>
backend? That's the only other variable I can imagine being different from what I tested above.quiet-wolf-18467
~/.pulumi
and trying againquiet-wolf-18467
white-balloon-205
quiet-wolf-18467
quiet-wolf-18467
white-balloon-205
quiet-wolf-18467
quiet-wolf-18467
white-balloon-205
quiet-wolf-18467
quiet-wolf-18467
quiet-wolf-18467
quiet-wolf-18467
if _, ok := b.(filestate.Backend); ok || secretsProvider == "passphrase" {
quiet-wolf-18467
quiet-wolf-18467
localBackend
instead. Do we want ot force localBackend to only have passphrase encryption?quiet-wolf-18467
quiet-wolf-18467
if secretsProvider == "passphrase" {
if _, pharseErr := newPassphraseSecretsManager(stackRef.Name(), stackConfigFile); pharseErr != nil {
return nil, pharseErr
}
quiet-wolf-18467
quiet-wolf-18467