This message was deleted.
# general
s
This message was deleted.
1
b
Essentially it seems to be doing https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http But I'm running this from my laptop.. which is definitely not a machine running in Azure.
Right - a bit of digging around figured it out. So this is the thing: • secrets backend for pulumi -> keyvault: https://github.com/pulumi/pulumi/blob/c20bdbe945df331447f64c6d629387ee70c781ba/pkg/secrets/cloud/manager.go#L26 • Found that at https://pkg.go.dev/gocloud.dev/secrets/azurekeyvault#hdr-URLs • That includes the instruction:
The default URL opener will use Dial, which gets default credentials from the environment, unless the AZURE_KEYVAULT_AUTH_VIA_CLI environment variable is set to true, in which case it uses DialUsingCLIAuth to get credentials from the "az" command line.
Thus, setting that environment variable on my machine made everything happy. Should we perhaps update docs with this info?
🙌 1
And, had I bothered to read the last line of documentation, I would even have seen that it actually said exactly that. Good job me. /closes fork