better-shampoo-48884
03/21/2021, 9:50 PMlet currentStack = "dev-devsecops"
const stack = await pulumi.LocalWorkspace.createOrSelectStack({
projectName: "k8s-baseline",
program: pulumiProgram,
stackName: currentStack
},{
projectSettings: {
name: "k8s-baseline",
author: "It's a me",
runtime: "nodejs",
backend: {
url: "<azblob://pulumi-state>"
},
description: "Baseline Kubernetes configuration for xxxxx"
},
secretsProvider: "<azurekeyvault://xxxxxvault.azure.net/keys/pulumi>"
})
I'm getting:
commandResult: CommandResult {
stdout: '',
stderr: 'error: getting secrets manager: passphrase must be set with PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE environment variables\n',
code: 4294967295,
err: undefined
There is no Pulumi.yaml or stack yml in the directory where I'm running this btw. Could there be something of the stack previously cached or something? I would have thought providing the secretsProvider explicitly removed the need for the passphrase?bored-oyster-3147
03/21/2021, 10:38 PMCommandResult
indicates that the Automation API is just forwarding you an error that the CLI threw.
When you provide a projectSettings
object the LocalWorkspace.CreateOrSelectStack
method should be serializing that into a project setting YAML.
So, the first thing I would do is verify that the project settings YAML that is generated, in the temp directory that it creates, has the secrets provider as you expect it to.
If it does, than I would try the same configuration using the CLI - not the Automation API - and see if you get the same error.
If you don't, than it is an Automation API issue. If you do, than it is either a CLI issue or is an issue with your configurationlemon-agent-27707
03/22/2021, 4:27 AMbetter-shampoo-48884
03/22/2021, 5:58 AMworkDir: ".",
now, and Pulumi.yaml showed up in the directory (no stack yaml though). Same error - so I'm guessing it needs a passphrase to establish a stack then it converts that to secrets-store afterwards..const stack = await pulumi.LocalWorkspace.createOrSelectStack({
projectName: "k8s-baseline",
program: pulumiProgram,
stackName: currentStack
},{
envVars: {
AZURE_KEYVAULT_AUTH_VIA_CLI: "true",
},
projectSettings: {
....
},
workDir: ".",
secretsProvider: "<azurekeyvault://xxxxx.vault.azure.net/keys/pulumi>"
})
it works without complaintlemon-agent-27707
03/22/2021, 4:12 PM