w

    witty-vegetable-61961

    7 months ago
    hi guys, an obvious questionbut in a pulumi program where do i put environment specific data? eg a web app name which is different in dev, test, uat, prd. do these go in the pulumi yaml files ie pulumi.dev.yaml?
    l

    little-cartoon-10569

    7 months ago
    Yes, if the relationship is stack = environment, then the Pulumi stack file is perfect.
    e

    echoing-dinner-19531

    7 months ago
    We do have a couple of issues about how best to handle environment data https://github.com/pulumi/pulumi/issues/8402 and https://github.com/pulumi/pulumi/issues/7048.
    f

    freezing-van-87649

    7 months ago
    one possible alternative is stack/environment specific config object in your language of choice
    In python I've got a dict of stack name -> stack config objects that I call at the entrypoint
    w

    witty-vegetable-61961

    7 months ago
    yeah relationship in my case is stack = environment. Just straightforward dev, tst, stg, prd etc. I guess I can store config variables in a stack and then get those through the language I use (this is documented)?
    e

    echoing-dinner-19531

    7 months ago
    w

    witty-vegetable-61961

    7 months ago
    ah yes, just what i saw. ok that makes sense. one last question. I provisioned my pulumi program, specifically to create Auth0 resources. In order for that to happen, I created auth0 config variables (client secret, etc). In my Pulumi program, these exist in the yaml file. Can I remove them from the yaml file? as theyre plaintext.
    for the above question, i can put the variables as system environment variables on my machine. the bit im confused about is does any config variable defined in my stack need to be in yaml file too?
    m

    miniature-musician-31262

    7 months ago
    @witty-vegetable-61961 If you want to use the Pulumi Config API, then yes, they’ll need to be in your Pulumi.stackname.yaml file. If you’d rather access them from your program as environment variables, you should be able to do that through your language’s built-in facilities (e.g.,
    process.env.SOME_VAR
    in the case of a Node.js program). However, it’s common practice to store secret values as secrets (so in ciphertext) in your Pulumi.stackname.yaml files. You can do this by passing the
    --secret
    CLI option as described here: https://www.pulumi.com/docs/intro/concepts/secrets/
    It’s considered safe to check these values into source control as well.
    w

    witty-vegetable-61961

    7 months ago
    thats hepful cnunciato, let me re-review. in that case, i will use config variables and chck in cipher text. That will be the most straightforward way, nice and easy!
    m

    miniature-musician-31262

    7 months ago
    Awesome, sounds good! I generally think so too. 🙂
    a

    agreeable-eye-87399

    7 months ago
    Fun fact - I did a livestream with pulumi/Auth0 a few weeks ago, and it included adding auth0 secrets to the stack config as encrypted values 😃

    https://youtu.be/0hEmuhyNF4o

    w

    witty-vegetable-61961

    7 months ago
    Thanks Matt! @miniature-musician-31262 you said "they’ll need to be in your Pulumi.stackname.yaml file". Presumably this is a manual process for a program already made. How would I still get the encrypted value? (I'll check that vid tonight).
    m

    miniature-musician-31262

    7 months ago
    It’d be “manual” in that you’d run
    pulumi config set someKey someSecretValue --secret
    with the appropriate stack selected, yes, to get the encrypted value into the config. Once that’s there, you can use (eg., in TS)
    const config = new pulumi.Config();
    const mySecret = config.requireSecret("someKey");
    .. and then use
    mySecret
    in your program in the normal way. Make sense?
    And when you read the value into the program with
    requireSecret
    , Pulumi will track
    mySecret
    as a secret throughout the life of the program. This is all explained in the secrets docs here: https://www.pulumi.com/docs/intro/concepts/secrets/#using-configuration-and-secrets-in-code
    w

    witty-vegetable-61961

    7 months ago
    @miniature-musician-31262 that all makes sense. I should clarify my question - what I was wondering is if the pulumi config command creates the addition in the yaml file as well as the pulumi UI. The former I am not sure about. I ran the config command but i am not seeing any change in pulumi. going to troubleshoot...
    m

    miniature-musician-31262

    7 months ago
    Yes, there’s a nuance here, you’re right:
    pulumi config set
    creates the config entry (and the stack file, if one doesn’t already exist), but does not persist the entry in the backend (i.e., the Pulumi Service) until you run an update with it. This is intentional and allows you to preview configuration changes without affecting any systems that have already been deployed. I’m pretty sure this is mentioned in the docs, but it’s probably easy to miss. Lemme see.
    Yeah, I’m not finding it — which is doubly frustrating because I’m pretty sure I wrote it! Will post back here if I do. But that’s basically how it works — you can
    pulumi config set
    all day long, but the value won’t be written to your stack’s state in the Service until you run
    pulumi up
    .
    w

    witty-vegetable-61961

    7 months ago
    ah gotcha! and just to be sure, pulumi up will also add the addition to the config file? i will get my pulumi program in order and do an up.
    l

    little-cartoon-10569

    7 months ago
    pulumi config set
    writes it to the config file. Are you looking in the correct one? It's always written to the stack file (Pulumi.<dev>.yml) and not the project file (Pulumi.yml).
    You should be able to find changes that various tools make to your files by using
    git status
    ,
    git diff
    or similar. This is also handy for finding changes made by your package manager, code editor, etc.
    w

    witty-vegetable-61961

    7 months ago
    sorted it, was in the wrong stack! i have a stack called dev and one called organisationname/dev. The ui only lists the dev stack however. How do I see the other stack in the ui?
    I made some amendments to my code, used standard c# constructs like loops etc. In seconds created myself a bunch of apps in Auth0! Really like Pulumi! I will treat this program as a learning curve I think and make a new one with everything I've learnt above. Thanks guys!
    l

    little-cartoon-10569

    7 months ago
    The organisationname/dev stack is probably in your org account and the dev one is in your personal. There's a dropdown at the top of the page to switch.
    w

    witty-vegetable-61961

    7 months ago
    ah yes i saw that! ok thanks for that tip. ive deleted the program, will recreate and check.
    ok so recreatd my program. I get this error: error: could not validate provider configuration: 1 error occurred: * : invalid or unknown key: test when i have created a config variable.
    l

    little-cartoon-10569

    7 months ago
    Without code, it didn't happen... 😉
    w

    witty-vegetable-61961

    7 months ago
    ha, i ran this command: pulumi config set test XXXXXXXXXXXXXX
    and then do a pulumi up.
    e

    echoing-dinner-19531

    7 months ago
    Your code needs to look up the config value with the key "<project-name>:test"
    w

    witty-vegetable-61961

    7 months ago
    yup, just got it sorted. seems to work now.
    all good now. thanks guys. this has been very educational, i understand the pulumi workflow quite well and enough to write production ready code. liking it!