Does anyone know how to add new secrets to a stack without having to actually deploy them? We deploy through gitlab CI so those hosts will need to be able to access the secrets via pulumi config, but creating a secret on my machine with

pulumi config set --secret

seems to be purely a local modification until I were to deploy from my machine I guess. But I obviously don't want to deploy to production from my laptop just to update the config.

When you set a config option, you should see a Pulumi.stackname.yaml file appear in your repo. Is that not happening?

It is, it was unclear whether or not we actually needed to commit that since we didn't have any config before I did this. I guess I thought it was hard to believe that I was the first to use config but I guess that's the case. Thanks for the pointer

You should also notice the value in the file js encrypted too, so it's safe to check in!

thanks again