This message was deleted.

sparse-intern-71089

03/05/2021, 6:30 PM

This message was deleted.

purple-jelly-68780

03/05/2021, 6:31 PM

ultimately the real question is if those strings for the

secure

value are actually secure enough to be committed or if this file should just be in a .gitignore

purple-jelly-68780

03/05/2021, 6:35 PM

oh I just found this in the examples repo and it looks like Pulumi does recommend to ignore those config files https://github.com/pulumi/examples/blob/master/.gitignore#L14

clever-cartoon-41433

03/05/2021, 6:36 PM

Pulumi docs actually say they are intended to be safe to commit to VC. Let me see if I can find the source.

broad-dog-22463

03/05/2021, 6:39 PM

yes they are secure

clever-cartoon-41433

03/05/2021, 6:39 PM

https://www.pulumi.com/docs/intro/concepts/config/ Bottom paragraph of header.

broad-dog-22463

03/05/2021, 6:39 PM

dependending on your secrets provider - they are either, AWS kms / Azure keyvault / GCP Kms or hashivault

purple-jelly-68780

03/05/2021, 6:40 PM

Thanks Paul and Dean, that is helpful 🙂

ancient-megabyte-79588

03/08/2021, 4:26 AM

In practice with multiple developers and CI/CD pipelines using pulumi, you absolutely need to have those stack config files in git.

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.