No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Is there any best practices around how to manage provider credentials in Pulumi? We recently needed to update some provider credentials (datadog) where the old credentials were revoked. Our stack explicitly created a provider instead of using the default provider, and the refresh operation failed because I believe it was using the old credentials that were saved in the state file. I think we can fix this by running up to update the provider credentials, but ideally we could roll away from revoked creds without also applying changes.

you're correct, `refresh` uses the state.
You should be able to do `up` with `--target` to only update the datadog provider

Do you know if using the default provider would let us roll the cred and run a successful refresh?

unsure, but I think it would face the same problem