No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi team, I am new to Pulumi and using Pulumi for Infrastructure provisioning on Google Cloud, I am using a GCS bucket as my custom backend and GCP KMS as my secret provider, I see that Pulumi has the provider URI and encrypted key (which is a symmetric key in KMS) configured in the stack's configuration file. Is this a Pulumi encryption encrypting my otherwise symmetric key? I am skeptical about this file in any version control system, tried browsing some documentation, not sure if I had enough clarity with some parts of docs suggesting that it's safe enough to have encryption salts for paraphrase (if used as secret provider) and these keys in the source control systems, what I had ensured though that besides the pulumi service account, no one else has access to the key ring that I have created in KMS. Any guidance would be much appreciated.