sparse-intern-71089
05/07/2021, 1:16 AMred-match-15116
05/07/2021, 1:22 AMlimited-rain-96205
05/07/2021, 4:59 PMred-match-15116
05/07/2021, 5:08 PMIs it possible to use gcpkms as the secrets provider with the Automation API?The answer is if it works with the Pulumi CLI it should work with automation API. My guess is that something is probably misconfigured and the secret provider isn’t plumbing through properly. You’ll have to share your code if you want more direction but in general this example and the secrets page should lead you to the happy path.
limited-rain-96205
05/07/2021, 9:55 PMconst secretsProvider = '<gcpkms://projects/xxxxx/locations/global/keyRings/yyyyy/cryptoKeys/zzzzz>';
const stack = await LocalWorkspace.createOrSelectStack(
{
stackName: this.stackName,
projectName: 'pulumi-deployment',
program: async () => console.log('Program started'),
},
{
secretsProvider,
workDir: __dirname,
projectSettings: {
name: 'pulumi-deployment',
runtime: 'nodejs',
backend: {
url: '<gs://xxxxx/deployment>',
},
},
stackSettings: {
[this.stackName]: {
secretsProvider,
},
},
}
);
await stack.setConfig('test', {
value: 'yes',
secret: true,
});
red-match-15116
05/07/2021, 10:11 PM(Why does it need a per-stack secrets provider and ignore the main one in opts?)Yeah that is indeed odd. Feel free to leave some comments here: https://github.com/pulumi/pulumi/issues/5432
There is no stack config yaml generated.I think you’ll actually have to run
LocakWorkspace.saveStackSettings()
for this.
The backend stack data does not contain the config secret that I’m setting programatically.I believe this only happens once you run
up