No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

What do you use as secret backend? If it is  AWS Secrets Manager, you need to retrieve a secret version using `aws.secretsmanager.getSecretVersion` . The returned object has the secret as `secretString` or `secretBinary` depending which one you used to store it.

I am just Using pulumi as is with their backend.

Yeah, I figured that out while rereading your post :man-facepalming:

I mean using the aws secret manager *does* seem to do what I expected the config.Secret stuff to do.

The pulumi secrets are fetched using:
```const config = new pulumi.Config();
config.getSecret('my_secret');```
or
```config.requireSecret('my_secret');```


These secrets are stored encrypted in your `Pulunmi.&lt;stack-name&gt;.yaml` file in the root of your pulumi project.

Yeah and if it’s empty, you can set them.
But you don’t get to offer a key to lookup on next runs

<@U01RARQ13EC> Our yaml files are ephemeral. We don’t store them.

The docs make it sound like it has runtime support

No worries, I appreciate it. At least I can generate my keys now :slightly_smiling_face:

Seems like Pulumi is missing a “cache” of some sort that’s created at runtime.

`cache.addOrGet("key", "value") ` that also supports secrets.