https://pulumi.com logo
Title
f

freezing-ability-2805

12/16/2022, 10:07 PM
Hi All, just wonder if any body experience the issue to deploy to via bitbucket to Azure, the error message is: failed to decrypt: incorrect passphrase, please set PULUMI_CONFIG_PASSPHRASE to the correct passphrase or set PULUMI_CONFIG_PASSPHRASE_FILE to a file containing the passphrase the DEV and QA deployments works fine the PROD deployment is failing, thanks in advance.
e

echoing-dinner-19531

12/16/2022, 10:50 PM
I mean the obvious question to ask is if PULUMI_CONFIG_PASSPHRASE is set correctly in the prod deployment environment?
f

freezing-ability-2805

12/16/2022, 11:18 PM
Ok no, for deploying in dev&qa I replaced security provider to default then deleted and deployed successfully was kind sure it should be the same for prod the deployment steps are the same for all environments, I guess if you can guide me how to clean up the secret objects out of state and run refresh ? We cannot recover passphrase
e

echoing-dinner-19531

12/17/2022, 9:36 AM
So if you have any secrets in the state store they'll be lost forever without the passphrase, which might result in diffs. But if you just want to remove the secret store you can manually edit the config yaml and state sjon. In the config yaml is a key EncryptionSalt, delete it. In the state json (pulumi stack export) there might be objects with a key "4dabf18193072939515e22adb298388d" and value "1b47061264138c4ac30d75fd1eb44270" followed by another key "value" and then some encrypted string. Delete those properties. You should then be able to reinitalize the secret provider with
pulumi stack change-secret-provider
and try to
pulumi refresh
to recover things.
f

freezing-ability-2805

12/17/2022, 10:32 AM
Thanks for the help Fraser I will do tomorrow or Monday let you