Got a bit of a pickle, we are all in on pulumi and...
# general
Got a bit of a pickle, we are all in on pulumi and the automation api, but now i have to do an install (k8s resources), on premise, with no internet. And i want to keep it as simple as possible and not revert to helm charts. So i would need local state and no or a simple local secret manager. Is that even possible?
You can do local state and secrets. Our documentation and support for this is sadly not as good as for the service but improving local support is one of our goals for this quarter. pulumi login has docs on how to login to use local state, either stored in a file or a s3 or other blob storage. pulumi stack init has docs on how to configure a stack to use other secrets providers, including just using a given password for symmetric encryption.
The main limitation with local state files currently is they don't understand "projects" so you end up having to namespace your state files by putting the project in the stack name, or having separate directories/buckets that you login to for different projects. This is actively being worked on.
it is a single instance of a stack we deploy using the .com backend, so single project.
In the docs i saw passphrase as an encryption technique, but it was not explained anywhere, so i got scared 😉