Hi, I am using Pulumi with AWS KMS for encrypting secrets. In one project Pulumi insists on asking me for a secrets passphrase even though all stacks use AWS KMS. Has anybody encoutered this as well and has solved it? (Currently using pulumi v3.36.0)

Could you raise a bug about this at github.com/pulumi/pulumi if the stacks are setup for kms they shouldn't be asking for passphrases. If you know what command flow is repro'ing this we can hopefully fix it up quickly.

Not necessary. I found that the remote state had a passphrase configured (initially started with passphrase). Using the initially used passphrase and

pulumi stack change-secrets-provider "awskms:...

fixed it apparently