No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Yes you need to import resources into the stack for pulumi to know about them and configure them instead of create them.

As far as people creating new key vaults manually, imo that goes against IaC best practices. If you have IaC, then the process for creating new resources should primarily go through your code. You can implement a process for requesting resources be created this way.

Thanks for your reply would you recommend the manual way with import command or with resourceOpts (not protected)? As I understood if I use manual import from cli I need to do it once and of course I have to declare it in my code. But I would avoid that if possible. Do you have any resources regarding the process? I wasn't able to get information on that

In your original message, are key vaults in azure related to ACLs? You mention them both, but they don't seem related.

ACLs are not the access policies/RBAC it's to restrict access from specific IP addresses in firewall settings <https://learn.microsoft.com/en-us/azure/key-vault/general/network-security>