I’m looking for a way for developers to add secret...
# general
I’m looking for a way for developers to add secrets to a stack config file (e.g. Pulumi.foo.yaml) without having access to the state.
pulumi config set
requires that you be logged in, and while you can do a local login, that makes it unaware of which stacks exist, so it prompts you to create the stack. Is there any way to reduce this operational overhead and just have a file-based approach?
The default secrets provider uses the Pulumi service - and thus you must be logged in to the Pulumi service to add encrypted secrets. But you can use another secrets provider if you want (with different credentials) - like KMS, Vault, etc. See: https://www.pulumi.com/docs/intro/concepts/config/#configuring-secrets-encryption