This message was deleted.
# general
s
This message was deleted.
b
Hi @bland-lamp-16797 That passphrase file doesnโ€™t take its account any security measures so we suggest to not check that into source control!!! If you create a secrets provider with the gcp or kms providers that updates the stack yaml then that is safe to check in to source control
๐Ÿ‘ 1
b
thanks for the answer! So if we would store with GCP KMS you think it's fine to save ciphertext in git? Although this is not specific question to pulumi but more to personal preference or the companies security audit. If anyone interested, pulumi has nice docs[1] about it. Yet, I can't find what kind of encryption it is using as default, I assume AES 256? [1] https://www.pulumi.com/docs/intro/concepts/secrets/#configuring-secrets-encryption
b
So we actually delegate to google/go-cloud for this - https://github.com/pulumi/pulumi/blob/master/pkg/secrets/cloud/manager.go#L56
๐Ÿ™ 1
๐Ÿ‘ 2
๐Ÿ” 1