Need some help - pretty stuck... How can I reference a stack when the current stack's passphrase is different than the stack-to-be-referenced's passphrase?

var otherStack = new StackReference("other-stack");

This works great for all my lower environments which share a stack passphrase. But my production stack has a different passphrase, for obvious reasons. When it executes that code, pulumi dumps an error because the current PULUMI_CONFIG_PASSPHRASE environment variable is valid for the prod stack but not for "other-stack". FWIW, I'm using the default secrets provider - maybe that's technically "passphrase" since I see there's one called "default" in the docs but I don't know what that means or how it's different than "passphrase". Is this possible? Would appreciate direction. Thanks.

This is not supported now as you point out. The secrets provider needs to be able to decrypt the value. If you need to do this, use a cloud secrets provider like a kms key or the Pulumi service

Thanks for the reply. It's not clear to me how using a cloud secrets provider fixes the issue. Is that b/c the provider is internally "known" by each stack so when I call "new StackReference" it knows everything required for that referenced stack, separate from the current stack?