Hi there. Rightly or wrongly, I'm currently using pulumi to deploy/configure infrastructure (a K8s cluster and the stuff outside of K8s) whilst using Flux to deploy the stuff inside the cluster. For some of the items deployed by flux, they have a secret that is encrypted via sops; one example of this is the object storage creds. What I'd ideally be able to do is have pulumi create and manage the object storage, generate the access/secret on the cloud service, generate the yaml for the Secret and written to a file in the repo, which would in turn be encrypted by sops and, once committed, would be applied by flux. Other "secret" values could of course come from secrets in the pulumi stack but would go through the same pipeline of steps. Is what I've described possible? Does it make sense or am I crazy? š