gorgeous-minister-41131
06/02/2021, 7:00 PMaws:profile
which sets the default profile used for the stack’s AWS provider, under the hood… but there’s no say, aws:profile-secrets
or such equivalent. So unless one is able to grant permission to the KMS from the default profile utilized by a stack, or use a custom resource provider for aws all over their code, there’s no easy way it seems, to instruct pulumi to only say use fooprofile for JUST the stack secrets, but nothing else.