delightful-monkey-90700
09/16/2022, 8:25 PMstocky-restaurant-98004
09/16/2022, 8:30 PMdelightful-monkey-90700
09/16/2022, 8:30 PMmillions-furniture-75402
09/16/2022, 8:31 PMdelightful-monkey-90700
09/16/2022, 8:31 PMmillions-furniture-75402
09/16/2022, 8:31 PMdelightful-monkey-90700
09/16/2022, 8:31 PMmillions-furniture-75402
09/16/2022, 8:31 PMdelightful-monkey-90700
09/16/2022, 8:32 PMmillions-furniture-75402
09/16/2022, 8:32 PMdelightful-monkey-90700
09/16/2022, 8:32 PMmillions-furniture-75402
09/16/2022, 8:32 PMdelightful-monkey-90700
09/16/2022, 8:33 PMmillions-furniture-75402
09/16/2022, 8:34 PMdelightful-monkey-90700
09/16/2022, 8:37 PMmillions-furniture-75402
09/16/2022, 8:39 PMdelightful-monkey-90700
09/16/2022, 8:40 PMmillions-furniture-75402
09/16/2022, 8:41 PMstocky-restaurant-98004
09/16/2022, 8:46 PMaverage-tiger-58107
09/16/2022, 9:43 PMconfig.requireSecret("mySecret")
. If you need to access that secret in other stacks (perhaps ECS tasks that are consumers of that configuration value), export the arn in the stack where you defined it and require the value on the consuming stack. In terms of secrets across cloud providers, I'm not really seeing your point @delightful-monkey-90700. You will always need to create resources specific to that cloud for storing secrets. You may just need a better understanding of secrets management.
The convenience of pulumi secrets is to ensure that values remain encrypted over the network with respect to state file. It is still your responsibility to choose a "remote" secret management tool.delightful-monkey-90700
09/16/2022, 9:45 PMaverage-tiger-58107
09/16/2022, 9:46 PMdelightful-monkey-90700
09/16/2022, 9:48 PMaverage-tiger-58107
09/16/2022, 9:49 PMdelightful-monkey-90700
09/16/2022, 9:51 PMaverage-tiger-58107
09/16/2022, 9:53 PMdelightful-monkey-90700
09/16/2022, 9:55 PMaverage-tiger-58107
09/16/2022, 9:56 PMdelightful-monkey-90700
09/16/2022, 9:57 PMstocky-restaurant-98004
09/16/2022, 10:00 PMaverage-tiger-58107
09/16/2022, 10:01 PMstocky-restaurant-98004
09/16/2022, 10:01 PMdelightful-monkey-90700
09/16/2022, 10:05 PMaverage-tiger-58107
09/16/2022, 10:08 PMdelightful-monkey-90700
09/16/2022, 10:09 PMaverage-tiger-58107
09/16/2022, 10:15 PMstocky-restaurant-98004
09/16/2022, 10:16 PMdelightful-monkey-90700
09/16/2022, 10:17 PMstocky-restaurant-98004
09/16/2022, 10:19 PMdelightful-monkey-90700
09/16/2022, 10:19 PMaverage-tiger-58107
09/16/2022, 10:21 PMstocky-restaurant-98004
09/16/2022, 10:23 PMaverage-tiger-58107
09/16/2022, 10:23 PMdelightful-monkey-90700
09/16/2022, 10:25 PMaverage-tiger-58107
09/16/2022, 10:27 PMbillowy-army-68599
09/17/2022, 1:45 AMPulumi.<stack>.yaml
then your mechanism of distribution is version control and requires human operation in order to sync those values (ie, git commit/git push)
If that isn’t acceptable to anyone who reads this thread, there are ways around it. To be clear, Pulumi has no plans to be a distributed configuration engine because there are lots of those out there
GCP’s version is secrets manager: https://cloud.google.com/secret-manager/docsorange-policeman-59119
10/03/2022, 9:35 PMPulumi.*.yaml
) but as named secrets. GCP's Typescript library was used to retrieve secrets and encrypt or decrypt them.
The advantage of bringing your own language into Pulumi is that you can bring in outside libraries and tools. I think - speaking for myself and not for the team - it's not a priority for us to write libraries for storing configuration in GCP, AWS, etc because there are already high quality libraries for that purpose, usually maintained by the cloud provider themselves.