No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Anyone know if there’s a stack configuration that binds the awskms secret profile to a single/defined AWS_PROFILE, so that $AWS_DEFAULT_PROFILE doesn’t have to be set before invoking pulumi when using that secret provider?

essentially we have `aws:profile` which sets the default profile used for the stack’s AWS provider, under the hood… but there’s no say, `aws:profile-secrets` or such equivalent. So unless one is able to grant permission to the KMS from the default profile utilized by a stack, or use a custom resource provider for aws _all over their code_, there’s no easy way it seems, to instruct pulumi to only say use *fooprofile* for JUST the stack secrets, but nothing else.