Hi, Google raised a security issue with us regarding a GCP service account which had been compromised and the key had been found here: https://www.bountysource.com/teams/pulumi/issues. The issue no longer exists so I need some assistance understanding what the issue was. This service account is encrypted in my Pulumi scripts but I use GCP storage for backend.

Hmm - I suspect that would have been an issue that was opened on one of the Pulumi GitHub repos? Does GitHub search for the encrypted service account key raise anything? Feel free to follow up in DM if needed.