70e16a2acd
This change allows using the passphrase secrets manager when creating a stack managed by the Pulumi service. `pulumi stack init`, `pulumi new` and `pulumi up` all learned a new optional argument `--secrets-provider` which can be set to "passphrase" to force the passphrase based secrets provider to be used. When unset the default secrets provider is used based on the backend (for local stacks this is passphrase, for remote stacks, it is the key managed by the pulumi service). As part of this change, we also initialize the secrets manager when a stack is created, instead of waiting for the first time a secret config value is stored. We do this so that if an update is run using `pulumi.secret` before any secret configuration values are used, we already have the correct encryption method selected for a stack. |
||
---|---|---|
.. | ||
manager.go |