https://pulumi.com logo
Title
c

colossal-plastic-46140

11/08/2019, 3:20 PM
Hi Folks, I am working on some code to generate what a stack config would look like(for easy importing into pulumi), is it possible to get what the salt/encryption method would be outside of a pulumi program? This way I could import secret configs out of band
w

white-balloon-205

11/08/2019, 3:39 PM
Are these secrets encrypted with the passphrase encryption (default for local backend) or the Pulumi service encryption (default for Pulumi service backend)? If the former, it is possible you could recreate the same encryption used in the Pulumi CLI sources. If the latter, you may be able to use the Pulumi service REST API (not yet documented, but stable for use from old CLIs).
c

colossal-plastic-46140

11/08/2019, 3:43 PM
this is a local backend currently
w

white-balloon-205

11/08/2019, 4:07 PM
You can see the current encryption algorithms for passphrase encryption at https://github.com/pulumi/pulumi/blob/master/pkg/resource/config/crypt.go.
c

colossal-plastic-46140

11/08/2019, 4:26 PM
👍