No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello,
if you lose your current passphrase or delete the KMS key (was suppose to be migrated to Pulumi Cloud Secrets) being used for secrets provider.
Is there a way to reset this? I don't care about recovering secret values, more concerned with loosing control of the resources associated with the stack

I've tried just removing the secret provider from the stack.json, but it throws all kinds of errors when trying to import it.

no, there isn’t any way to reset this. You’ll need to:
• `pulumi state delete` the resources
• reimport them using the `import` resource option or using the CLI

the alternative is to fundamentally break the encryption model, which I don’t think is a good option. If the underlying encryption key has disappeared, you can’t decrypt values.

I have considered adding a "clean" function to just strip the state file of all secret values for this. The diff on next update would probably look pretty bad, but it would at least keep all your resource types and id's tracked.

That would save a lot of time trying to re-import larger stacks with lost secrets