No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Is there any way to use Pulumi’s config &amp; secrets-management facility to securely manage and check in files that are a bit too large to comfortably fit in the config itself? I’m thinking of private keys, etc.

I believe you can store fairly large text in config if you want to - but two alternatives:
1. Store the keys in some other location, and use a key pointing to that location as the config setting, then look up the value inside your Pulumi program (using `aws-sdk` or whatever other process you want).
2. Store files (potentially encrypted) in the source tree for each known target, and then a config key that picks which one to use and loads it from disk.

We're looking into options to make (1) simpler in the future - allowing pluggable storage for config/secrets such that the secret can be stored in Secrets Manager, Vault, etc. and just the key to look it up stored in the Pulumi config, but then the value will be pulled from that store before Pulumi does the deployment.  <https://github.com/pulumi/pulumi/issues/1547> is tracking this - though the issue isn't quite up to date with current thinking.