Got a bit of a pickle we are all in on pulumi and the automa

Question

Got a bit of a pickle we are all in on pulumi and the automation api but now i have to do an install k8s resources on premise with no internet And i want to keep it as simple as possible and not revert to helm charts So i would need local state and no or a simple local secret manager Is that even possible

echoing-dinner-19531 · Answer

You can do local state and secrets Our documentation and support for this is sadly not as good as for the service but improving local support is one of our goals for this quarter has docs on how to login to use local state either stored in a file or a s3 or other blob storage has docs on how to configure a stack to use other secrets providers including just using a given password for symmetric encryption

echoing-dinner-19531 · Answer

The main limitation with local state files currently is they don t understand projects so you end up having to namespace your state files by putting the project in the stack name or having separate directories buckets that you login to for different projects This is actively being worked on

proud-pizza-80589 · Answer

it is a single instance of a stack we deploy using the com backend so single project

proud-pizza-80589 · Answer

In the docs i saw passphrase as an encryption technique but it was not explained anywhere so i got scared wink