Can I use

upsert

for the pulumi github action with the

awskms

secret provider? I see there's an option to add

PULUMI_CONFIG_PASSPHRASE

as env var, but I don't see an env var for the secret-provider

@stocky-lion-64552 secret provider configuration is stored in the stack yaml configuration file. For example:

secretsprovider: awskms://<id of the secret>?region=<region name>
encryptedKey: <base64 of the encryption key ciphertext>

These entries should be added automatically by Pulumi when a stack is created (with

pulumi stack init --secrets-provider="awskms://.....

)

@gifted-island-55702 Thank you, but I was looking for the

upsert

flag in the github action to create the stack yaml for me. The problem is that it's only supporting passphrase and not awskms

Oh, I see - sorry. I didn't understand your use case. And actually I would be interested in this too 🙂