No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi Rotem,

As with everything security related, layering is obviously important :slightly_smiling_face:

Pulumi specifically, the secrets themselves are encrypted both in your stack configuration and throughout your state. You can check this by setting a secret `pulumi config set my-secret "correct-horse-battery-stable" --secret and then exporting your state `pulumi state export`

You have some options for secret encryption, you can either use the Pulumi provider key (which is unique to your org/user) or you can use a secret provider like Amazon KMS, which of course then allows you to put key policies on those keys as well.

There's more information here: <https://www.pulumi.com/docs/intro/concepts/secrets/>

Happy to answer any other questions though!