maxmustermann/pulumi
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
pulumi/pkg
History
Paul Stack eee053cb4c
Ensure EncryptionKey is regenerated when changing secrets provider (#5842) 
Fixes: #5835

when rotating a key in the Azure KeyVault secrets provider, we had
the following error:

```
error: secrets (code=InvalidArgument): keyvault.BaseClient#Decrypt: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadParameter" Message="The parameter is incorrect.\r\n"
```

This was because we were not regenerating the EncrytpionKey when
we were changing the secrets provider. Therefore, we now ensure
that this key is regenerated and we can successfully change the secrets provider

```
▶ pulumi stack init dev --secrets-provider="azurekeyvault://stack72kv10.vault.azure.net/keys/pulumi-secret"
Created stack 'dev'

▶ pulumi config set MyDBRootPassword Password1234! --secret

▶ pulumi config --show-secrets
KEY               VALUE
MyDBRootPassword  Password1234!

▶ pulumi stack change-secrets-provider "azurekeyvault://stack72kv20.vault.azure.net/keys/pulumi-secret"

▶ pulumi config --show-secrets
KEY               VALUE
MyDBRootPassword  Password1234!
```
2020-12-01 15:26:23 +00:00
..
backend Small UX change to the output of policy violations (#5773) 2020-11-17 21:14:28 +00:00
cmd/pulumi Ensure EncryptionKey is regenerated when changing secrets provider (#5842) 2020-12-01 15:26:23 +00:00
codegen [codegen/python] - Enums (#5553) 2020-11-24 23:43:32 -06:00
engine Fix a few issues with resource references. (#5804) 2020-11-23 11:15:10 -08:00
graph Breaking changes due to Feature 2.0 work 2020-04-14 09:30:25 +01:00
operations Ensure CLI doesn't panic when using pulumi watch and ComponentResources (#5675) 2020-11-04 01:14:43 +00:00
resource Turn on support for resourceReferences behind feature flag (#5830) 2020-11-25 10:43:46 -08:00
secrets Breaking changes due to Feature 2.0 work 2020-04-14 09:30:25 +01:00
testing/integration Ensure stderr is updated on error even if verbose is not set 2020-11-18 00:56:26 -08:00
util Breaking changes due to Feature 2.0 work 2020-04-14 09:30:25 +01:00
version duplicate version to ensure linking is properly handled 2020-03-19 12:49:34 -07:00
go.mod switch uuid packages (#5608) 2020-11-04 03:13:04 +00:00
go.sum Add additional test to demonstrate strict/relaxed enum semantics 2020-11-18 00:07:42 -08:00