magnificent-scientist-64889
02/16/2023, 2:02 PMerror: Preview failed: constructing secrets manager of type "cloud": secrets (code=Unknown): AccessDeniedException: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access
I can eliminate the error by giving access to the KMS key in stack 1 to the deployment role in stack 2. Which seems counter intuitive when the stack references does not expose the config and has the following comment:
/**
* Fetches the value promptly of the named stack output. May return undefined if the value is
* not known for some reason.
*
* This operation is not supported (and will throw) if the named stack output is a secret.
*
* @param name The name of the stack output to fetch.
*/
getOutputValue(name: string): Promise<any>;
Is this by design?
Hope someone can shed some light on it.
EDIT: looks like a bug https://github.com/pulumi/pulumi/issues/11109lemon-agent-27707
02/16/2023, 11:32 PMmagnificent-scientist-64889
02/17/2023, 7:11 AM