Hi all, Im using infra-secrets.enc.yaml file for storage of secretes like principal Id,db password etc. using sops mechanism with azure key vault, I have encrypted the file. How can I use it in my main.py ..to fetch the secrets in decrypted form by each component resource during deployment?

I have used sops for this . Can you explain me how can I approach?

You start the py code like this config = pulumi.Config() #... mongo_username = config.require("mongo_username") mongo_password = config.require_secret("mongo_password")

Ok but I have many secrets to be stored..if all secrets stored in one pulumi.dev.yaml file it doesn't become complex ? And also I have all my variables there only

Ok you can use stacks and configuring secrets feature by pulumi take reference from here https://www.pulumi.com/blog/managing-secrets-with-pulumi/