hundreds-coat-15657
06/12/2019, 2:32 PMnarrow-area-11460
06/12/2019, 2:34 PMhundreds-coat-15657
06/12/2019, 2:36 PMwhite-balloon-205
pulumi
CLI - typically your CI/CD or deployment systems (or developer desktops). These credentials are used to talk to AWS, but never passed to Pulumi.
The Pulumi console manages storage of the state file used to keep track of what resources are under management. Any secrets that may end up there (inputs or outputs to individual resources) can be fully encrypted as needed per the post @narrow-area-11460 references.narrow-area-11460
06/12/2019, 2:44 PMhundreds-coat-15657
06/12/2019, 2:45 PMnarrow-area-11460
06/12/2019, 2:51 PM