https://pulumi.com logo
#general
Title
# general
g

gorgeous-minister-41131

06/02/2021, 7:00 PM
Anyone know if there’s a stack configuration that binds the awskms secret profile to a single/defined AWS_PROFILE, so that $AWS_DEFAULT_PROFILE doesn’t have to be set before invoking pulumi when using that secret provider?
essentially we have
aws:profile
which sets the default profile used for the stack’s AWS provider, under the hood… but there’s no say,
aws:profile-secrets
or such equivalent. So unless one is able to grant permission to the KMS from the default profile utilized by a stack, or use a custom resource provider for aws all over their code, there’s no easy way it seems, to instruct pulumi to only say use fooprofile for JUST the stack secrets, but nothing else.