https://pulumi.com logo
Title
s

stocky-lion-64552

04/06/2021, 7:51 AM
Can I use
upsert
for the pulumi github action with the
awskms
secret provider? I see there's an option to add
PULUMI_CONFIG_PASSPHRASE
as env var, but I don't see an env var for the secret-provider
g

gifted-island-55702

04/06/2021, 7:05 PM
@stocky-lion-64552 secret provider configuration is stored in the stack yaml configuration file. For example:
secretsprovider: awskms://<id of the secret>?region=<region name>
encryptedKey: <base64 of the encryption key ciphertext>
These entries should be added automatically by Pulumi when a stack is created (with
pulumi stack init --secrets-provider="awskms://.....
)
s

stocky-lion-64552

04/07/2021, 6:39 AM
@gifted-island-55702 Thank you, but I was looking for the
upsert
flag in the github action to create the stack yaml for me. The problem is that it's only supporting passphrase and not awskms
g

gifted-island-55702

04/07/2021, 7:04 AM
Oh, I see - sorry. I didn't understand your use case. And actually I would be interested in this too 🙂