No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Have you looked into Pulumi ESC? If you store the secret in Pulumi ESC, then you can reference it from GitHub Actions and in your Pulumi stack configuration (if desired/needed), but the secret remains in only one place (in ESC).

Thanks Scott. It would still be in two places: ESC and AWS Secret Manager. For application owner who use those secrets, especially when something is not working, I guess having them in two places add some complexity

ESC can pull it from Secrets Manager, if you’d prefer to go that route.

So, secret in AWS Secrets Manager &lt; ESC references that &lt; GHA/Pulumi stack config/`esc` CLI tool all pull it from ESC (even using dynamic OIDC creds if you prefer)