magnificent-needle-88854
07/11/2021, 8:17 AMbillowy-army-68599
07/11/2021, 3:32 PMpulumi state export
You have some options for secret encryption, you can either use the Pulumi provider key (which is unique to your org/user) or you can use a secret provider like Amazon KMS, which of course then allows you to put key policies on those keys as well.
There's more information here: https://www.pulumi.com/docs/intro/concepts/secrets/
Happy to answer any other questions though!