No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I've split my pulumi program into two parts: "base", where I create a new AWS account including a new user in our organization and "actual" where I create the resources. base has the access key ID and secret access key as output.
I'm importing base as a StackReference in "actual" and want to configure the default aws provider with these credentials.
Is this possible?

I'm not 100% if its possible or not, but you definitely should not pass around AWS creds like this.

Can you elaborate? Pulumi prides itself with secrets as a first class citizen - why not use them?

(but even if "base" would store them in a key vault from where "actual" reads them, the question remains the same: How to configure the default / implicit provider at runtime?)

I believe you'll need to create an explicit provider in order to do what you're seeking.