https://pulumi.com logo
#general
Title
# general
l

limited-rain-96205

01/03/2020, 12:33 AM
I’m looking for a way for developers to add secrets to a stack config file (e.g. Pulumi.foo.yaml) without having access to the state.
pulumi config set
requires that you be logged in, and while you can do a local login, that makes it unaware of which stacks exist, so it prompts you to create the stack. Is there any way to reduce this operational overhead and just have a file-based approach?
w

white-balloon-205

01/03/2020, 2:10 AM
The default secrets provider uses the Pulumi service - and thus you must be logged in to the Pulumi service to add encrypted secrets. But you can use another secrets provider if you want (with different credentials) - like KMS, Vault, etc. See: https://www.pulumi.com/docs/intro/concepts/config/#configuring-secrets-encryption