06/21/2018, 8:54 PM
I wanted to echo some of what other folks have commented on with respect to using Pulumi without the requirement of the service (despite assurances around encryption). I was excited to use it in place of CloudFormation for my day job but veered off once I realized this was the case. Being able to use it without the service would be a welcome officially supported feature.


06/21/2018, 10:14 PM
Just want to ensure that your concerns are the same as the previous conversation - what's the specific blocker for you in this case? (We need to publish some security FAQ for sure!)


06/21/2018, 11:23 PM
Basically, ensuring that any data doesn't leak to a third party. I think having the option to use Pulumi without interacting with the service or perhaps an internally hosted version of the service would be good
iirc, Terraform maintains state in a private S3 bucket. This has me thinking..what happens when/if the Pulumi service goes down? Does that impact the ability to use the framework?


06/22/2018, 1:48 AM
We will always have a way to use Pulumi without the service in the picture. It'll definitely mean loss of some key features that just using the service makes possible -- one thing we prefer over Terraform (things work in a team environment out of the box without needing to manually set up state/lock management) -- but we definitely understand some folks want more control. @bitter-oil-46081 is working on a FAQ page as this has come up a few times now, and he will reply back with it with more details on how to get this going.


06/22/2018, 1:59 AM
Awesome. Thanks guys