No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Cross-posting ESC Launches today!

<https://pulumi-community.slack.com/archives/CB36DSVSA/p1717603328655759>

let's go :raised_hands:

Is this the best way to add/set a environment secret directly from Pulumi?

```	// Update Environment with Secrets
	updatePayload := &amp;esc.EnvironmentDefinition{
		Values: &amp;esc.EnvironmentDefinitionValues{
			AdditionalProperties: map[string]interface{}{
				"my_secret": map[string]string{
					"fn::secret": "shh! don't tell anyone",
				},
			},
		},
	}

	_, err = escClient.UpdateEnvironment(authCtx, orgName, envName, updatePayload)
	if err != nil {
		log.Fatalf("Failed to update environment: %v", err)
	}```


You can use the <https://www.pulumi.com/registry/packages/pulumiservice/api-docs/environment/#pulumiservice-environment|Environments Pulumi Service Provider> and follow <https://www.pulumi.com/learn/building-with-pulumi/secrets/|this> to encrypt the secret in your config.

Something like this:

```$ pulumi config set --secret mongoPassword S3cr37```
```import pulumi
from pulumi_pulumiservice import Environment

# Define and load the configuration
config = pulumi.Config()

# Fetch the mongo password as a secret
mongo_password = config.require_secret("mongoPassword")

# Create the environment with the fetched mongo password
environment = Environment(
    "testing-environment",
    organization="arun-test",
    name="testing-environment-py",
    yaml=mongo_password.apply(lambda pw: pulumi.StringAsset(f"""
        values:
          mongoPassword: 
            fn::secret: ${pw}
    """))
)```