No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

The best service for this would be Azure Key Vault.

I was afraid that would be the answer :slightly_smiling_face:

I'm doing that with secrets now, but it's a terrible interface compared to SSM Parameters

image.png

its 3 clicks to get to the tags which I put the description of the resource in :slightly_smiling_face:

That UX depends on how you do it.
Plus, if you don't care about encryption of values in the UI / API then maybe cosmos DB or storage accounts tables might be enough
<https://docs.microsoft.com/en-us/azure/cosmos-db/table-storage-overview|https://docs.microsoft.com/en-us/azure/cosmos-db/table-storage-overview>

must be encrypted &amp; hidden and RBAC'd for secrets

In which case it'll be Key Vault.
Understand though that RBAC (for now) only works on the vault, not on secrets.