https://pulumi.com logo
Join Slack
Powered by
Hm, i renamed the stack and it worked for the firs...
# automation-api
f
Hm, i renamed the stack and it worked for the first time - a second run fails again with the PASSPHRASE requirement
l
The passphrase provider is enough to create the stack, but this will modify the stack settings (pulumi.stack.yaml) to include 
encryptedKey
and/or 
encryptedSalt
depending on which secrets provider you specify. When you run your code again, those values are missing and you get the error message.
You'll need to update your code to specify the additional values for stacks that already exist. There are a few ways to do this, probably the easiest is to use a fixed working directory 
workDir: "."
or something equivalent and to not specify the 
stackSettings
object manually. This way when you create a stack, the 
pulumi.stack.yaml
file gets created in a consistent directory. Next time you run your program and select the stack, it will read settings from that directory.
f
hi, thx, it solves the problem on my local machine - but in the ci pipeline it happens again because the working directory is empty every time
l
Are you creating new stacks or selecting stacks in CI? If the latter, you will need to figure out how to specify that full info including salt and key either via a file or stack settings.
f
i used the 
createOrSelectStack
method and thought its just selecting when its already created and available in my state bucket … but looks like not working. atm i dont manage secrets in pulumi so i can also use a static password for the passphrase - but its an “ugly” workarround
l
For existing stacks that use alternate secrets you'll need to make one of the changes noted above. Either specifying they key/salt in the stackSettings, or saving the pulumi.stack.yaml and making sure it's available in CI and specified via the correct working dir.
4 Views
Open in Slack
PreviousNext
Powered by