https://pulumi.com logo
s

sparse-optician-70334

09/14/2023, 4:31 PM
I have a question for secrets: The default way adds an encrypted version of the secret to the config file which is safe to be checked in for version control. How can I control access to the secret that only certain users are able to decrypt it? Is this part of pulumi? Or do I need to control access to the github repository?
e

echoing-dinner-19531

09/14/2023, 5:06 PM
How can I control access to the secret that only certain users are able to decrypt it?
Depends which secrets system your using. If your using Pulumi Cloud I think secrets decrpytion is tied to being able to read the stack. Although there's an issue about possibly making that finer-grained https://github.com/pulumi/pulumi-cloud-requests/issues/122.
s

sparse-optician-70334

09/15/2023, 9:39 AM
thx - understood