No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

you're correct, `refresh` uses the state.
You should be able to do `up` with `--target` to only update the datadog provider

Do you know if using the default provider would let us roll the cred and run a successful refresh?

unsure, but I think it would face the same problem