This message was deleted Pulumi Community #pulumi-deployments

Join Slack

This message was deleted.

# pulumi-deployments

sparse-intern-71089

01/05/2023, 5:35 AM

This message was deleted.

lemon-agent-27707

01/05/2023, 2:54 PM

Environment variables are stored encrypted. They are decrypted and sent to a single use VM that runs your deployment. The VM is deleted after the deployment completes. We've been working on OIDC integration to support temporary credentials that are scoped to an individual deployment run to give more fine grain security options. The code is live, and we're working on publishing documentation and blog posts right now: https://github.com/pulumi/service-requests/issues/144 https://github.com/pulumi/pulumi-hugo/pull/2369

💯 1

flat-engineer-30260

01/06/2023, 12:55 AM

Sounds great! That's relieve our concerns a lot. Hoping the documents will be ready soon. Thanks

lemon-agent-27707

01/06/2023, 2:15 AM

Here you go! https://www.pulumi.com/docs/guides/oidc/

👍 1

lemon-agent-27707

01/06/2023, 2:16 AM

Some additional usage info in the rest api docs as well: https://www.pulumi.com/docs/reference/deployments-rest-api/#operationcontext

👏 1

flat-engineer-30260

01/06/2023, 6:28 AM

For AWS China, there seems is a trust issue of OIDC for pulumi api. Could it be resolved possible somehow?

red-match-15116

01/06/2023, 6:12 PM

Hey @flat-engineer-30260 thanks for pointing that out, there was an error in the docs on our end. The URL should be

<https://api.pulumi.com/oidc>

- we're updating the docs now but just wanted to give you a heads up.

Open in Slack

Previous Next