https://pulumi.com logo
#automation-api
Title
# automation-api
b

bumpy-agent-19616

05/25/2021, 5:41 PM
const stack = await LocalWorkspace.createStack({
stackName,
projectName,
program: createPulumiProgram(stackName),
},{
projectSettings: {
name: projectName,
runtime: 'nodejs',
description: projectName,
backend: {
url: 'azblob://***********'
},
},
stackSettings: {
[stackName]: {
secretsProvider: 'azurekeyvault://********.<http://vault.azure.net/keys/********|vault.azure.net/keys/********>',
config: {
"azure:location": Constants.AZURE_CONFIG.location,
"azure:environment": Constants.AZURE_CONFIG.environment,
"azure:clientId": Constants.AZURE_CONFIG.clientId,
"azure:clientSecret": { secret: Constants.AZURE_CONFIG.clientSecret },
"azure:subscriptionId": Constants.AZURE_CONFIG.subscriptionId,
"azure:tenantId": Constants.AZURE_CONFIG.tenantId,
}
},
},
envVars: {
"AZURE_STORAGE_KEY": "******",
"AZURE_STORAGE_ACCOUNT": "**********",
"AZURE_KEYVAULT_AUTH_VIA_CLI": "false",
},
});
Error is as follows, CommandError: code: 255 stdout: Created stack 'statictest' stderr: error: passphrase must be set with PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE environment variables err?: at Object.createCommandError (/Users/veerasamy001/Projects/3Labs/cloud-self-service-portal/node_modules/@pulumi/pulumi/automation/errors.js7117) at ChildProcess.<anonymous> (/Users/veerasamy001/Projects/3Labs/cloud-self-service-portal/node_modules/@pulumi/pulumi/automation/cmd.js6340) at ChildProcess.emit (nodeevents378:20) at Process.ChildProcess._handle.onexit (nodeinternal/child process290:12) { commandResult: CommandResult { stdout: "Created stack 'statictest'\n", stderr: '*error: passphrase must be set with PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE environment variables*\n', code: 255, err: undefined } } I am actually facing the above issue even though I have emvironment variables for Azure Blob storage. Any help would be much appreciated.
r

red-match-15116

05/25/2021, 5:53 PM
It looks like you’re missing the top-level secretsProvider setting. See this thread for more details: https://pulumi-community.slack.com/archives/C019YSXN04B/p1620424551253500?thread_ts=1620350166.244800&amp;cid=C019YSXN04B
You’ll need something like the following
Copy code
const secretsProvider = 'azurekeyvault://********.<http://vault.azure.net/keys/********';|vault.azure.net/keys/********';>

const stack = await LocalWorkspace.createStack({
            stackName,
            projectName,
            program: createPulumiProgram(stackName), 
        },{
            secretsProvider,
            projectSettings: {
                name: projectName,
                runtime: 'nodejs',
                description: projectName,
                backend: {
                    url: 'azblob://***********'
                },
            },
            stackSettings: {
                [stackName]: {
                    secretsProvider,
                    config: {
                        "azure:location": Constants.AZURE_CONFIG.location,
                        "azure:environment": Constants.AZURE_CONFIG.environment,
                        "azure:clientId": Constants.AZURE_CONFIG.clientId,
                        "azure:clientSecret": { secret: Constants.AZURE_CONFIG.clientSecret },
                        "azure:subscriptionId": Constants.AZURE_CONFIG.subscriptionId,
                        "azure:tenantId": Constants.AZURE_CONFIG.tenantId,
                    }
                },
            },
            envVars: {
                "AZURE_STORAGE_KEY": "******",
                "AZURE_STORAGE_ACCOUNT": "**********",
                "AZURE_KEYVAULT_AUTH_VIA_CLI": "false",
            }, 
        });
b

bumpy-agent-19616

05/25/2021, 6:07 PM
Thanks for the suggestion first of all but got the issue
stderr: "error: open keeper <azurekeyvault://hi3g-kv-demo-pulumi-3se.vault.azure.net/keys/pulumi-encryption-key>: failed to Dial default KeyVault: Invoking Azure CLI failed with the following error: ERROR: Please run 'az login' to setup account.\n" +
this time. @red-match-15116 Any suggestions?
Copy code
"AZURE_KEYVAULT_AUTH_VIA_CLI": "false",
Tried changing it to true as well but didn't help much.
r

red-match-15116

05/25/2021, 6:14 PM
Hmm yeah unfortunately I don’t have much azure-specific knowledge.
b

bumpy-agent-19616

05/25/2021, 6:20 PM
Oh I see! Is this somehow related to this https://github.com/pulumi/pulumi/issues/6597?
r

red-match-15116

05/25/2021, 6:23 PM
Possibly, although it seems that you are setting the
AZURE_KEYVAULT_AUTH_VIA_CLI
env var and it’s still not working - and that seemed to work in that specific bug report
2 Views