hello 👋 I'm using AWS KMS to encrypt secrets in Pulumi, but I would like to ask if it's possible to set

passphrase

as a fallback in case you lose access to the AWS KMS key.

no this isn't possible. make sure your IAM roles and KMS key policy is correct, and you should never lose access to a KMS key