Cannot set PULUMI_CONFIG_PASSPHRASE(_FILE) in `.Envs` or `.SecretEnvs`
squaremo opened this issue · 0 comments
The spec fields .envs and .secretEnvs are deprecated in favour of .envRefs, but are still expected to work -- the test case "can deploy a stack with a file config" explicitly uses .secretEnvs to provide the secret. However, they are applied to the workspace after the stack has been created, so the passphrase is not available to the stack state backend on initialisation, leading to errors in the log:
error: passphrase must be set with PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE environment variables
Weirdly, this doesn't cause the test to fail, even though (you would think) it would stop the controller getting any further. The controller succeeds the second time around, which makes me think there's a deeper problem with how stack initialisation works.
In any case: .envs and .secretEnvs should be set at the same time the .envRefs are processed, before the stack is created.