https://pulumi.com logo
Title
m

most-mouse-38002

10/18/2022, 2:53 PM
Do you need to maintain a backend for Pulumi, or is it enough to keep stack.json in git, and lock down the secret key/password for Pulumi-$env.yaml? I dont really see a big reason for e.g. introducing azure blob storage for Pulumi state if it can live in git without any problems? Or does it affect any parts of how Pulumi behaves (e.g. between stacks in a mono-repo)?
b

billowy-army-68599

10/18/2022, 2:56 PM
if you only have a single person working on it, checking into git is fine If you have multiple people doing deployments, the state being in git is going to cause a lot of issues
m

most-mouse-38002

10/18/2022, 2:59 PM
All deploys will be through pull requests with a pipeline executing them. I guess so long as only one instance of the pipeline actually runs
pulumi up
we are going to be fine?
I have storage accounts and such ready for Azure, I just wish there was a way to access it without a storage key or sas token (e.g. simply using the principal with the right role assigned to it and have pulumi work its magic in the background instead of having to have keys in the pipeline which eventually gets rotated).
b

billowy-army-68599

10/18/2022, 3:02 PM
i think so. I wouldnt do it myself
m

most-mouse-38002

10/18/2022, 3:02 PM
Well, thats good enough for me to not do it the git way then 👍
f

few-yacht-11623

10/18/2022, 4:27 PM
the
pulumi up
is going to write to state… so you would have to commit your code changes,
pulumi up
, and then commit the resulting state json changes. Theoretically viable but you might have to block merges to your main branch to avoid race conditions
m

most-mouse-38002

10/19/2022, 9:01 AM
Right, that makes sense. Not what I want to do.