Anyone know if there s a stack configuration that binds the

Question

Anyone know if there s a stack configuration that binds the awskms secret profile to a single defined AWS PROFILE so that $AWS DEFAULT PROFILE doesn t have to be set before invoking pulumi when using that secret provider

gorgeous-minister-41131 · Answer

essentially we have `aws profile` which sets the default profile used for the stack s AWS provider under the hood but there s no say `aws profile secrets` or such equivalent So unless one is able to grant permission to the KMS from the default profile utilized by a stack or use a custom resource provider for aws all over their code there s no easy way it seems to instruct pulumi to only say use fooprofile for JUST the stack secrets but nothing else