Quick question about secret, we are using the s3 stack for now. We need often to add secret for our stacks. The only concerns is that this required someone to run the

pulumi config set --secret

. Often we cannot do that because most of our users doesn’t have access in rw of the s3 bucket. we are using the kms secret provider. We were maybe looking into vault. Any ideas?

config doesn't get committed to the s3 bucket, it's part of the Pulumi.<stack>.yaml files so you just need secrets access not state access.

Weird. Every time, we are trying to add a secret we need to make sure that we are able to connect to the s3 bucket.

I think the program flow always tries to get the stack data but its just to confirm the stack name is valid. You could trick it by just logging into --local creating a stack of the same name, running "config set" and then switching back to the real backend. If you want to raise an issue to discuss this we could see about maybe having a sort of "-no-validate-stack-name" mode or something?

awesome! I will try to open something tomorrow