This message was deleted.
# getting-started
s
This message was deleted.
m
In your use case, use Pulumi to set the arn of the SNS Topic as an environment variable for the lambda function.
m
ok great, thank you. What would be idiomatic for secrets? I’m imagining ssm/secretsmanager would still be necessary unless pulumi provides a way to decrypt secrets at runtime?
m
Pulumi secrets would be encrypted in the pulumi state file, but not in the lambda environment variables.
m
Yeah that was my assumption. Is it possible to set the env variable to the encrypted value and then decrypt at runtime?
m
I tend to provision a SSM Parameter and set a lambda environment variable to the parameter name. The nice thing with pulumi is you can also setup IAM permissions for the function to read these parameters.
m
That makes sense.
Thank you