Copying a cyphertext value across environments causes an internal error during esc run
Closed this issue · 2 comments
What happened?
Copying an encrypted key to a different environment causes an internal error when trying to use it.
Example
pulumi env run --env pulumi/providers.all ls
Error: [0]
Diags: decrypting: internal error
An error occurred: [0]
Diags: decrypting: internal error
Repro:
- Create an environment with a fn::secret value
- Save it, copy the environment with the cyphertext
- Paste it in a new environment.
- Try to use that new environment, observe the error.
Note that this mistake is especially easy to make since we don't seem to support renaming environments.
Output of pulumi about
CLI
Version 3.106.0
Go Version go1.22.0
Go Compiler gc
Host
OS darwin
Version 14.1.1
Arch arm64
Backend
Name pulumi.com
URL https://app.pulumi.com/venelin-pulumi-corp
User venelin-pulumi-corp
Organizations venelin-pulumi-corp, demo, pulumi
Token type personal
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
I'm now getting the same thing.
For context, this happens because each environment uses a unique encryption key, so the copied ciphertext cannot be decrypted by the subsequent environment. At the very least, we should improve the error message to make it clear what the problem is.