No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I don’t think you could do this without a “sops” provider for Pulumi

Thanks, that's what I thought might be the case. Is it possible for anyone to write a provider or do they come from pulumi?

you can “bridge” terraform providers, and there’s a sop terraform provider but it doesn’t do the encryption part, just reads the encrypted value. Would that be helpful? I can bridge that for you

Ok, good to know. It's the encryption bit that sops does that I need. I did wonder about the Command Provider but that only appears to run on create or destroy based on the docs. I.e. if I updated a secret stack config value, I'd ideally want that change to update the appropriate Secret yaml and have it encrypted.