No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<@UB9PTD20L> and <@UB8A66MPS>, great question.  It's one we've thought a fair bit about.

That default experience of storing state in our service was designed to address the common pain point we hear from customers that need to statefiles by hand, but we also understand that for advanced use cases, people need more control here.  We do store checkpoints encrypted at rest and in transit, and we have ideas for advanced features here, like encrypting with your own KMS key, but no solid plans yet.  These points may make you feel better, but again, we assume advanced users like yourselves will want more control over this.

The good news do have an undocumented mode where checkpoints will be stored on your filesystem, which we used when bringing up the system initially.  To use it, run `pulumi login local://`.  (<@U87DZN4MT> is the expert here, if you hit snags.)  Naturally, it's more challenging to use, and doesn't gain benefits from the service like automatically handling team environments, but we always intended it for scenarios like this.  The backend interface is fully extensible -- so e.g., S3 backends are reasonable -- although, advance warning, it'll be a bit of a moving target in the early days as we evolve the interfaces.  It's all open source, however, and we will have a roadmap soon and will be fully transparent with where we are planning to go here, well in advance of going there.

TL;DR, we are still early, sincerely appreciate the feedback, and would love to work with you to make you happy and successful going forward on Pulumi.

Since I'm the expert I get to point out that the above command is actually slightly incorrect.  You run `pulumi login --cloud-url local://` which by default will store data in `~/.pulumi/`.  You can also augment the URL with a path to a different folder, eg `pulumi login --cloud-url local:///some/better/storage/location`.

Something else to note is some commands behave slightly differently when running against the local backend.  For example when using `<http://pulumi.com|pulumi.com>` we manage the key used to encrypt a value when you pass `--secret` to `pulumi config set`.  In the local backend, you have to provide a passphrase, which we use the generate a key.  You also have to provide that key everything you do a deployment (we have an environment variable you can set such that you don't have to type in the key all the time).

Understood. I’ll figure that part out when I get to it.