Got a bit of a pickle we are all in on pulumi and the automa Pulumi Community #general

Got a bit of a pickle, we are all in on pulumi and...

proud-pizza-80589

01/23/2022, 12:33 PM

Got a bit of a pickle, we are all in on pulumi and the automation api, but now i have to do an install (k8s resources), on premise, with no internet. And i want to keep it as simple as possible and not revert to helm charts. So i would need local state and no or a simple local secret manager. Is that even possible?

echoing-dinner-19531

01/23/2022, 5:35 PM

You can do local state and secrets. Our documentation and support for this is sadly not as good as for the service but improving local support is one of our goals for this quarter. pulumi login has docs on how to login to use local state, either stored in a file or a s3 or other blob storage. pulumi stack init has docs on how to configure a stack to use other secrets providers, including just using a given password for symmetric encryption.

echoing-dinner-19531

01/23/2022, 5:37 PM

The main limitation with local state files currently is they don't understand "projects" so you end up having to namespace your state files by putting the project in the stack name, or having separate directories/buckets that you login to for different projects. This is actively being worked on.

proud-pizza-80589

01/24/2022, 11:28 AM

it is a single instance of a stack we deploy using the .com backend, so single project.

proud-pizza-80589

01/24/2022, 11:28 AM

In the docs i saw passphrase as an encryption technique, but it was not explained anywhere, so i got scared 😉

5 Views

Open in Slack

Previous Next