Do you need to maintain a backend for Pulumi or is it enough

Question

Do you need to maintain a backend for Pulumi or is it enough to keep stack json in git and lock down the secret key password for Pulumi $env yaml I dont really see a big reason for e g introducing azure blob storage for Pulumi state if it can live in git without any problems Or does it affect any parts of how Pulumi behaves e g between stacks in a mono repo

billowy-army-68599 · Answer

if you only have a single person working on it checking into git is fine If you have multiple people doing deployments the state being in git is going to cause a lot of issues

most-mouse-38002 · Answer

All deploys will be through pull requests with a pipeline executing them I guess so long as only one instance of the pipeline actually runs `pulumi up` we are going to be fine

most-mouse-38002 · Answer

I have storage accounts and such ready for Azure I just wish there was a way to access it without a storage key or sas token e g simply using the principal with the right role assigned to it and have pulumi work its magic in the background instead of having to have keys in the pipeline which eventually gets rotated

billowy-army-68599 · Answer

i think so I wouldnt do it myself

most-mouse-38002 · Answer

Well thats good enough for me to not do it the git way then +1

few-yacht-11623 · Answer

the `pulumi up` is going to write to state so you would have to commit your code changes `pulumi up` and then commit the resulting state json changes Theoretically viable but you might have to block merges to your main branch to avoid race conditions

most-mouse-38002 · Answer

Right that makes sense Not what I want to do