lemon-monkey-22801/25/2022, 4:41 PM
GCP project and my resources will live in a completely separate project.
great-queen-3969701/25/2022, 8:50 PM
billions-glass-1708901/25/2022, 9:14 PM
arg you can manually set. I'd store it as a pulumi config tho
lemon-monkey-22801/26/2022, 9:19 AM
env var which points to a service account key
so that's not an issue, but the deployment will try and use the service account (provided by the
env var) to do the deployment
bucket (eg. called
) This has been fine because I've been deploying K8s services so far, so not had the need to deploy GCP resources too.
service account key for both my state storage and as the account to deploy the GCP resources
project that can write into a GCS bucket to save the state changes; one service account in
that will actually deploy the resources)
great-queen-3969701/26/2022, 5:10 PM
as an example) or as an explicit provider in the resource options (as in https://www.pulumi.com/registry/packages/gcp/api-docs/provider/). I'd personally lean toward the config set secret version, but you can use either one.
pulumi config set --secret <service-account-name> <secret-key>