New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rotate cloud secrets provider #11554
Conversation
pkg/cmd/pulumi/util.go
Outdated
@@ -190,14 +190,15 @@ func createSecretsManager( | |||
} | |||
|
|||
if secretsProvider == passphrase.Type { | |||
if _, pharseErr := filestate.NewPassphraseSecretsManager(stack.Ref().Name(), configFile, | |||
rotatePassphraseSecretsProvider); pharseErr != nil { | |||
if _, pharseErr := filestate.NewPassphraseSecretsManager(stack.Ref().Name(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you mean phraseErr
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hah I mean I didn't change that text, but yes I'm sure that's what the original author intended. I'll fix it up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, minor comment about a typo
41f267d
to
c6fd8f4
Compare
Changelog[uncommitted] (2022-12-15)Features
|
c6fd8f4
to
d94470a
Compare
d94470a
to
1d1fe80
Compare
bors merge |
Build succeeded: |
Description
Little thing I noticed while looking at secrets. We support the idea of rotating the passphrase secret provider (that is changing the key and assigning a new passphrase). Turns out this makes sense for the cloud secret provider as well where we generate a new symmetric key.
Checklist
make changelog
and committed thechangelog/pending/<file>
documenting my change