No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Solved the issue. It's needed to set "Application Default Credentials" per <https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login> . Gcloud SDK cli uses different auth approach, that's why I was able to encrypt/decrypt with `gcloud kms ...`