Copying a cyphertext value across environments causes an internal error during esc run

Question

Copying a cyphertext value across environments causes an internal error during esc run

Closed this issue 2 months ago · 2 comments

What happened?

Copying an encrypted key to a different environment causes an internal error when trying to use it.

Example

pulumi env run --env pulumi/providers.all ls
Error: [0]
Diags: decrypting: internal error

An error occurred: [0]
Diags: decrypting: internal error

Repro:

Create an environment with a fn::secret value
Save it, copy the environment with the cyphertext
Paste it in a new environment.
Try to use that new environment, observe the error.

Note that this mistake is especially easy to make since we don't seem to support renaming environments.

Output of `pulumi about`

CLI
Version 3.106.0
Go Version go1.22.0
Go Compiler gc

Host
OS darwin
Version 14.1.1
Arch arm64

Backend
Name pulumi.com
URL https://app.pulumi.com/venelin-pulumi-corp
User venelin-pulumi-corp
Organizations venelin-pulumi-corp, demo, pulumi
Token type personal

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

Answer 1 · 2024-02-21T13:01:06.000Z

I'm now getting the same thing.

Answer 2 · 2024-04-05T15:23:31.000Z

For context, this happens because each environment uses a unique encryption key, so the copied ciphertext cannot be decrypted by the subsequent environment. At the very least, we should improve the error message to make it clear what the problem is.

What happened?

Example

Output of pulumi about

Additional context

Contributing

Output of `pulumi about`