This message was deleted.
# general
s
This message was deleted.
s
Have you looked into Pulumi ESC? If you store the secret in Pulumi ESC, then you can reference it from GitHub Actions and in your Pulumi stack configuration (if desired/needed), but the secret remains in only one place (in ESC).
r
Thanks Scott. It would still be in two places: ESC and AWS Secret Manager. For application owner who use those secrets, especially when something is not working, I guess having them in two places add some complexity
s
ESC can pull it from Secrets Manager, if you’d prefer to go that route.
So, secret in AWS Secrets Manager < ESC references that < GHA/Pulumi stack config/`esc` CLI tool all pull it from ESC (even using dynamic OIDC creds if you prefer)