No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Quick question about secret, we are using the s3 stack for now. We need often to add secret for our stacks. The only concerns is that this required someone to run the `pulumi config set --secret` . Often we cannot do that because most of our users doesn’t have access in rw of the s3 bucket.

we are using the kms secret provider. We were maybe looking into vault.

Any ideas?

config doesn't get committed to the s3 bucket, it's part of the Pulumi.&lt;stack&gt;.yaml files so you just need secrets access not state access.

Weird. Every time, we are trying to add a secret we need to make sure that we are able to connect to the s3 bucket.

I think the program flow always tries to get the stack data but its just to confirm the stack name is valid. You could trick it by just logging into --local creating a stack of the same name, running "config set" and then switching back to the real backend.
If you want to raise an issue to discuss this we could see about maybe having a sort of "-no-validate-stack-name" mode or something?

awesome! I will try to open something tomorrow 

<@U02J3T6A8LB> we are using awskms as the secret provider so that would explain why