Hello, I am having issues with two of my stacks du...
# general
Hello, I am having issues with two of my stacks due to something with the passphrase and would appreciate some help 🙂 : Issue 1: I was able to perform
pulumi stack select <stack>
successfully with my passphrase but when trying to run a
pulumi preview
command it is throwing the following error:
error: getting secrets manager: incorrect passphrase
This error is different from the error I would usually get if my passphrase is wrong for 2 reasons: 1. when the passphrase is wrong I usually can't even select the stack successfully 2. the usual error string i am getting for the wrong passphrase is:
error: failed to decrypt: incorrect passphrase, please set PULUMI_CONFIG_PASSPHRASE to the correct passphrase or set PULUMI_CONFIG_PASSPHRASE_FILE to a file containing the passphrase
Issue 2: A stack passphrase became unknown, is there a way to fix the current stack manually if I have access to the stack JSON file? some workaround I can perform in order to change the passphrase from within the stack file?
I don't think
stack select
actually validates the passphrase is correct, so might just be you've got a typo that only preview is catching. For issue two you might be able to export the state and remove and secret objects (they have a key "4dabf18193072939515e22adb298388d" with value "1b47061264138c4ac30d75fd1eb44270") and remove the password config and salt from the stack config. But I'd take backups of state and config before trying that.
@echoing-dinner-19531 from my experience
stack select
actually does validate. it fails when performing it with a different passphrase. In addition, when failing regarding the passphrase I usually get a different error msg. regarding issue number two - great, this is one of the workarounds I had in mind. Thank you🙏!
Could you raise an issue for 1 on github, I think I've heard this mentioned before and it would be good to have something to track it. If you work out how to reproduce the issue that would be amazing, but not necessary to open the issue.
sure thing, its still hapening
@echoing-dinner-19531 hi, so i think i might be doing something g wrong while editing the stack, I removed the whole "secrets_providers" path, and I noticed there is multiple objects with this "4dabf18193072939515e22adb298388d" key-value combination. should I remove everything that is associated with it and then perform a refresh ?
Yeh if you've forgotten the passphrase we don't have anything built in to fix this, but I think just clearing all secret objects out of state and running refresh should trigger the engine to ask for a new passphrase and re-encrypt everything.