No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I have a secret in an ESC environment which is exposed in the pulumiConfig. In a stack where I import this ESC environment, I am using this secret as an input of one of my resource. Shouldn't the resource property containing the secret  be marked as a secret as well ? I add to use `additionalSecretOutputs`

Pulumi env :
`{`
  `"nuxtUI": {`
    `"licenceKey": "[secret]"`
  `},`
  `"pulumiConfig": {`
    `"nuxt.UIProLicenseKey": "[secret]"`
  `}`
`}`

Infrastructure code :
```const config = new Config()
const nuxtUIKey = config.require("nuxt.UIProLicenseKey")

new netlify.EnvironmentVariable("nuxtUIKeyEnvVar", {
  siteId: blog.id,
  key: "NUXT_UI_PRO_LICENSE", 
  values: [{
    value: nuxtUIKey,
    context: "all"
  }]
})```
 I would have expect "values" to be encrypted

If you want secretness to be retained for your config value, you need to import it with `config.requireSecret` instead of `config.require`

Relevant bit in the docs: <https://www.pulumi.com/docs/iac/concepts/secrets/#using-configuration-and-secrets-in-code:~:text=While%20it%20is%20possible%20to%20read%20a%20secret%20using%20the%20ordinary%20non%2Dsecret%20getters%2C%20this%20is%20almost%20certainly%20not%20what%20you%20want|https://www.pulumi.com/docs/iac/concepts/secrets/#using-configuration-and-secrets-in-code:~:text=[…]s%20almost%20certainly%20not%20what%20you%20want>