No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I have only one secret in my pulumi code. I want to avoid using a secret manager just for it. I am thinking to load it at the start from env as a secret and use it where required. Is that fine or can it also leak my secret in the state?

I dont want to keep this secret in my config file either, since I want to avoid checking it in source control (even though it is encrypted)

You don't need to use ESC for secrets you can just add a secret to the config with the cli and it will use an encryption key managed by pulumi cloud for the stack

<@U07118AR534> i was wondering if i can avoid adding to the config file too

Well it's added encrypted. Otherwise if you're not using a secrets manager or an encrypted file idk what else you can do

I want to read the value from env, instead of reading from config file

You can export it into your env just like any program :)