No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

HC vault would be most suitable here IMO.

I agree, however, just found out it will start at about 15000 dollars a year for their hosted solution. So for storing a few hundred secrets across multiple clouds it is a bit expensive imho.

Yes, it seems expensive. Managing the vault on your own is also an option.

<@U02PPE4MS56> most common thing i've seen in my time consulting in IT is to stick them in plaintext in the repos

sorry for the useless comment i couldn't help myself

Also an option, I wouldn't keep my job for long though :wink:

my earliest memory 'haxoring' was breaking the admin tool at highschool, the admin had made a vbscript app and his encryption was xor'ing against his birthday

Currently ESC retrieves secrets from other secrets managers (AWS Secrets Manager, Azure KeyVault, etc.) and makes them accessible (both to Pulumi IaC and to other tools).