Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
h
happy-pencil-75222
05/16/2023, 11:40 AMHi there! I've been studying Pulumi for my company for a couple of weeks now. I have a security question concerning the encryptionsalt when using the passphrase secret provider.
➡️ Is it safe to commit the encryptionsalt?
I read a couple of articles and I think I kinda understood the concept of salt in cryptography. But if I understood correctly, concerning Pulumi there is only one salt generated per password? If so, doesn't it negate the benefit of using salt if it's committed to the config file? I would be happy to discuss this to understand it better 🙂 thanks!
b
billowy-army-68599
05/16/2023, 2:47 PMIt is safe to commit the encryption salt 🙂
a
able-camera-57198
05/25/2023, 12:38 PMCan I provide the encryption salt from outside of the yaml file?