No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I don't know off the top of my head what the Lambda console's "Enable helpers for encryption in transit" does - I'm pretty sure that's not a core capbility of the underlying platform.

What I *think* it does is just make KMS calls to encrypt the value before storing it as the value of the environment key, and then it's up to you to KMS decrypt the value you get inside the Lambda implementation.  That's certainly possible to do via Pulumi as well using `aws.kms.getCipherText` to encrypt, and then `aws-sdk` KMS  APIs at runtime to decrypt.