I have only one secret in my pulumi code. I want t...
# general
b
I have only one secret in my pulumi code. I want to avoid using a secret manager just for it. I am thinking to load it at the start from env as a secret and use it where required. Is that fine or can it also leak my secret in the state? I dont want to keep this secret in my config file either, since I want to avoid checking it in source control (even though it is encrypted)
t
You don't need to use ESC for secrets you can just add a secret to the config with the cli and it will use an encryption key managed by pulumi cloud for the stack
b
@thankful-flower-8175 i was wondering if i can avoid adding to the config file too
t
Well it's added encrypted. Otherwise if you're not using a secrets manager or an encrypted file idk what else you can do
b
I want to read the value from env, instead of reading from config file
t
You can export it into your env just like any program :)
b
got it, thank you!