Fixes: #5835 when rotating a key in the Azure KeyVault secrets provider, we had the following error: ``` error: secrets (code=InvalidArgument): keyvault.BaseClient#Decrypt: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadParameter" Message="The parameter is incorrect.\r\n" ``` This was because we were not regenerating the EncrytpionKey when we were changing the secrets provider. Therefore, we now ensure that this key is regenerated and we can successfully change the secrets provider ``` ▶ pulumi stack init dev --secrets-provider="azurekeyvault://stack72kv10.vault.azure.net/keys/pulumi-secret" Created stack 'dev' ▶ pulumi config set MyDBRootPassword Password1234! --secret ▶ pulumi config --show-secrets KEY VALUE MyDBRootPassword Password1234! ▶ pulumi stack change-secrets-provider "azurekeyvault://stack72kv20.vault.azure.net/keys/pulumi-secret" ▶ pulumi config --show-secrets KEY VALUE MyDBRootPassword Password1234! ``` |
||
---|---|---|
.. | ||
backend | ||
cmd/pulumi | ||
codegen | ||
engine | ||
graph | ||
operations | ||
resource | ||
secrets | ||
testing/integration | ||
util | ||
version | ||
go.mod | ||
go.sum |