https://pulumi.com logo
#general
Title
# general
b

broad-carpenter-48576

10/21/2019, 12:12 PM
Is it ok to commit Pulumi.[stackname].yaml to git when using AWS KMS for secrets encryption? It has an
encryptedkey
line in there which I’m assuming is the encryption salt which is encrypted using the kms key?
h

happy-parrot-60128

10/21/2019, 1:30 PM
yes, that’s my understand at least. Assuming you’re using the
--secret
option when setting the config value
w

white-balloon-205

10/21/2019, 2:50 PM
Yes - that’s right. This file is safe to check in as long as you are using —secret for any sensitive configuration, and it is recommended to to so for any “long-lived” stacks.
b

broad-carpenter-48576

10/21/2019, 3:12 PM
Thanks! I guess it’s sort of covered here already: https://www.pulumi.com/docs/intro/concepts/project/#stack-settings-file
3 Views