This message was deleted.
# getting-starteds
sparse-intern-71089
03/13/2022, 9:20 PMThis message was deleted.
l
little-cartoon-10569
03/13/2022, 9:36 PMYou want to construct a provider using a value stored in the cloud? You'll have to fetch that value yourself using another SDK, or at least another provider that doesn't depend on the value stored remotely.
e
echoing-dinner-19531
03/13/2022, 9:45 PMYou want to do this all in one Pulumi program?
It's a bit odd because we expect provider config to be known values, but you could wrap a load of program inside an apply call such that it only runs once the secret is made. Does mean preview won't be able to show you what's going to happen.
I'd think this is probably better done as one Pulumi program to make the secret and then using a stack reference in a second program to get hold of it.
e
echoing-oil-42947
03/13/2022, 9:46 PMGotcha, I'll take a deeper look into Stack References; the secret is initially created from a sidecar I'm using to auto initialize vault (which also creates the secret), which may be a deeper anti-pattern, as this is my first foray into kubernetes in general
echoing-oil-42947
03/13/2022, 9:47 PMEssentially the goal overall is:
Vault starts -> Gets initialized -> Token into secret
Pull that token -> Use vault provider to create infrastructure credential and policy -> add credential and policy to other programs that need to interact with vault
e
echoing-dinner-19531
03/13/2022, 9:54 PMThat sounds like a reasonable flow but I don't know Vault very well. I'll ask internally if we've got good examples of using vault to set up other providers.
e
echoing-oil-42947
03/16/2022, 3:50 PMAny examples pop up?
e
echoing-dinner-19531
03/16/2022, 3:55 PMNo 😞 I've bumped the question inside again.
e
echoing-oil-42947
03/16/2022, 5:23 PMThank you!
l
little-cartoon-10569
03/16/2022, 8:15 PMSo long as the vault isn't managed from within the same Pulumi program, this will work. Do you have some failing code you'd like to share?
7 Views