maxmustermann/pulumi
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
pulumi/pkg/resource
History
Luke Hoban 6ed4bac5af
Support additional cloud secrets providers (#2994) 
Adds support for additional cloud secrets providers (AWS KMS, Azure KeyVault, Google Cloud KMS, and HashiCorp Vault) as the encryption backend for Pulumi secrets. This augments the previous choice between using the app.pulumi.com-managed secrets encryption or a fully-client-side local passphrase encryption.

This is implemented using the Go Cloud Development Kit support for pluggable secrets providers.

Like our cloud storage backend support which also uses Go Cloud Development Kit, this PR also bleeds through to users the URI scheme's that the Go CDK defines for specifying each of secrets providers - like `awskms://alias/LukeTesting?region=us-west-2` or `azurekeyvault://mykeyvaultname.vault.azure.net/keys/mykeyname`.

Also like our cloud storage backend support, this PR doesn't solve for how to configure the cloud provider client used to resolve the URIs above - the standard ambient credentials are used in both cases. Eventually, we will likely need to provide ways for both of these features to be configured independently of each other and of the providers used for resource provisioning.
2019-08-02 16:12:16 -07:00
..
config Encrypt secret values in deployments 2019-05-10 17:07:52 -07:00
deploy Pass ignoreChanges to providers. (#3005) 2019-07-31 11:39:07 -05:00
edit Retain the SecretsManager that was used to deserialize a deployment 2019-05-10 17:07:52 -07:00
graph Process deletions conservatively in parallel (#1963) 2018-09-27 15:49:08 -07:00
plugin Pass ignoreChanges to providers. (#3005) 2019-07-31 11:39:07 -05:00
provider Implement status sinks 2018-08-31 15:56:53 -07:00
stack Support additional cloud secrets providers (#2994) 2019-08-02 16:12:16 -07:00
testdata Fix asset bugs; write more tests 2017-10-24 09:00:11 -07:00
asset.go Normalize Windows paths for directory archive (#2887) 2019-07-02 00:04:24 +03:00
asset_test.go Correctly handle FileArchives when the filename contains a dot 2019-03-28 13:26:07 -07:00
custom_timeouts.go Addition of Custom Timeouts (#2885) 2019-07-16 00:26:28 +03:00
errors.go Add license headers 2018-05-22 15:02:47 -07:00
properties.go Rework secret annotation algorithm slightly 2019-05-15 09:33:02 -07:00
properties_diff.go Fix a panic during property diffing 2019-05-15 16:20:25 -07:00
properties_diff_test.go Fix a panic during property diffing 2019-05-15 16:20:25 -07:00
properties_path.go Pass ignoreChanges to providers. (#3005) 2019-07-31 11:39:07 -05:00
properties_path_test.go Pass ignoreChanges to providers. (#3005) 2019-07-31 11:39:07 -05:00
properties_test.go Add license headers 2018-05-22 15:02:47 -07:00
resource_goal.go Addition of Custom Timeouts (#2885) 2019-07-16 00:26:28 +03:00
resource_id.go Add license headers 2018-05-22 15:02:47 -07:00
resource_id_test.go Adopt golangci-lint and address issues 2018-11-08 14:11:47 -08:00
resource_operation.go Add support for importing existing resources. (#2893) 2019-07-12 11:12:01 -07:00
resource_state.go Addition of Custom Timeouts (#2885) 2019-07-16 00:26:28 +03:00
stack.go Make a smattering of CLI UX improvements 2018-09-24 08:43:46 -07:00
status.go Partial status for resource providers 2018-07-02 13:32:23 -07:00
urn.go Add license headers 2018-05-22 15:02:47 -07:00
urn_test.go Add license headers 2018-05-22 15:02:47 -07:00