https://pulumi.com logo
c

crooked-pillow-11944

09/12/2021, 6:55 PM
I'm using Automation API and attempting to set KMS as the secrets provider. I thought this was being done but looking at the stack metadata in S3 I'm seeing
"secrets_providers": {"type": "passphrase",...
I'm also being prompted for
PULUMI_CONFIG_PASSPHRASE
which is what started me along this journey... Can somebody tell me what I'm missing? Here's my code:
Copy code
backend_url = f"s3://{backend_bucket}"
secrets_provider = f"<awskms://alias/{kms_alias_name}>"
project_settings=auto.ProjectSettings(
    name='test',
    runtime="python",
    backend={"url": backend_url}
)
stack_settings=auto.StackSettings(
   secrets_provider=secrets_provider)
stack = auto.create_or_select_stack(stack_name='dev',
                                    project_name='test',
                                    program=pulumi_program,
                                    opts=auto.LocalWorkspaceOptions(project_settings=project_settings,
                                                                    stack_settings={'dev': stack_settings}))
print("successfully initialized stack")
r

red-match-15116

09/12/2021, 7:05 PM
you’ll have to pass in the secrets provider to the create_or_select_stack call too. Here’s a typescript example for reference: https://github.com/pulumi/automation-api-examples/blob/main/nodejs/inlineSecretsProvider-ts/index.ts#L92 (unfortunately needs to be specified both as stack settings and to the createOrSelect call)
c

crooked-pillow-11944

09/12/2021, 7:10 PM
awesome, thanks!
17 Views