Ensure Old Secrets Provider Details Removed when Changing to Passphrase (#6210)
Co-authored-by: Justin Van Patten <jvp@justinvp.com>
This commit is contained in:
parent
30a4fc789b
commit
d72b788011
|
@ -9,6 +9,9 @@ CHANGELOG
|
|||
- [sdk/go] Take a breaking change to remove unidiomatic numerical types and drastically improve build performance (binary size and compilation time).
|
||||
[#6143](https://github.com/pulumi/pulumi/pull/6143)
|
||||
|
||||
- [cli] Ensure `pulumi stack change-secrets-provider` allows rotating the key from hashivault to passphrase provider
|
||||
[#6210](https://github.com/pulumi/pulumi/pull/6210)
|
||||
|
||||
## 2.18.2 (2021-01-22)
|
||||
|
||||
- [CLI] Fix malformed resource value bug.
|
||||
|
|
|
@ -78,6 +78,13 @@ func newPassphraseSecretsManager(stackName tokens.QName, configFile string,
|
|||
info.EncryptionSalt = ""
|
||||
}
|
||||
|
||||
// If there are any other secrets providers set in the config, remove them, as the passphrase
|
||||
// provider deals only with EncryptionSalt, not EncryptedKey or SecretsProvider.
|
||||
if info.EncryptedKey != "" || info.SecretsProvider != "" {
|
||||
info.EncryptedKey = ""
|
||||
info.SecretsProvider = ""
|
||||
}
|
||||
|
||||
// If we have a salt, we can just use it.
|
||||
if info.EncryptionSalt != "" {
|
||||
for {
|
||||
|
|
Loading…
Reference in a new issue