No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

It looks like you’re missing the top-level secretsProvider setting.
See this thread for more details: <https://pulumi-community.slack.com/archives/C019YSXN04B/p1620424551253500?thread_ts=1620350166.244800&amp;cid=C019YSXN04B>

You’ll need something like the following
```const secretsProvider = 'azurekeyvault://********.<http://vault.azure.net/keys/********';|vault.azure.net/keys/********';>

const stack = await LocalWorkspace.createStack({
            stackName,
            projectName,
            program: createPulumiProgram(stackName), 
        },{
            secretsProvider,
            projectSettings: {
                name: projectName,
                runtime: 'nodejs',
                description: projectName,
                backend: {
                    url: 'azblob://***********'
                },
            },
            stackSettings: {
                [stackName]: {
                    secretsProvider,
                    config: {
                        "azure:location": Constants.AZURE_CONFIG.location,
                        "azure:environment": Constants.AZURE_CONFIG.environment,
                        "azure:clientId": Constants.AZURE_CONFIG.clientId,
                        "azure:clientSecret": { secret: Constants.AZURE_CONFIG.clientSecret },
                        "azure:subscriptionId": Constants.AZURE_CONFIG.subscriptionId,
                        "azure:tenantId": Constants.AZURE_CONFIG.tenantId,
                    }
                },
            },
            envVars: {
                "AZURE_STORAGE_KEY": "******",
                "AZURE_STORAGE_ACCOUNT": "**********",
                "AZURE_KEYVAULT_AUTH_VIA_CLI": "false",
            }, 
        });```

Thanks for the suggestion first of all but got  the issue   `stderr: "error: open keeper <azurekeyvault://hi3g-kv-demo-pulumi-3se.vault.azure.net/keys/pulumi-encryption-key>: failed to Dial default KeyVault: Invoking Azure CLI failed with the following error: ERROR: Please run 'az login' to setup account.\n" +`   this time. <@U01038HJ93R> Any suggestions?

```"AZURE_KEYVAULT_AUTH_VIA_CLI": "false",```
Tried changing it to true as well but didn't help much.

Hmm yeah unfortunately I don’t have much azure-specific knowledge.

Oh I see! Is this somehow related to this <https://github.com/pulumi/pulumi/issues/6597>?

Possibly, although it seems that you are setting the `AZURE_KEYVAULT_AUTH_VIA_CLI` env var and it’s still not working - and that seemed to work in that specific bug report