Hi! Is there any guidance on how to overcome the chicken-and-egg-problem that you need a storage account (pulumi state) and an Azure Key Vault (secrets provider) to use Pulumi? Right now I use the Azure CLI in order to create those resources, but it would be nice if I could use Pulumi instead. 🤔
05/11/2020, 4:46 PM
use the SaaS for the storage account and AKV simple smile
05/11/2020, 4:50 PM
I don't know if there is a guidance on the subject. However the way I understand it is pulumi state and secret provider are resources you will only create once for you organization/department and that will be used for all your projects using pulumi. You won't need to provision them multiple times.
So I guess it's not a problem of having them created manually or through azure cli scripts. What do you think ?
05/11/2020, 4:52 PM
Also, I’ll mention that the community SaaS is free forever. It’s really the best place to start when using Pulumi.
05/11/2020, 5:09 PM
@millions-journalist-34868 We created a Blob Storage and Azure Key Vault for each team (so far one team) and each environment. Imo there should be at least a different storage and secrets provider between prod and non-prod.
@future-barista-68134 For Saas we would need a non-free version of pulumi which is not an option so far for us.
My background is that I came from way of using the C# Azure SDK where we built our own little deployment tool where we had full control. So we just had one tool with one library. Now we have Pulumi and some Powershell Scripts with Azure CLI commands. So the developer experience is a bit more difficult. The whole point of pulumi should be to make things simpler. To a certain degree pulumi does this, but on other points it doesnt (so far).