https://pulumi.com logo
#aws
Title
# aws
c

creamy-kite-96780

03/27/2024, 5:35 PM
Hello everyone, I have a question about how Pulumi uses secrets providers. I've configured a stack to use a kms key for encrypting secrets and it seems to be working as all existing secrets were re-encrypted, however, in CloudTrail I get Decrypt events almost exclusively. When adding a new secret to config, only Decrypt events are registered in CloudTrail. Does this mean Pulumi decrypts the
encryptedkey
property from the yaml file and uses that to encrypt the config values? Apologies if it's described somewhere, couldn't find this in the documentation 🙂