No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Are these secrets encrypted with the passphrase encryption (default for local backend) or the Pulumi service encryption (default for Pulumi service backend)?

If the former, it is possible you could recreate the same encryption used in the Pulumi CLI sources. If the latter, you may be able to use the Pulumi service REST API (not yet documented, but stable for use from old CLIs). 

You can see the current encryption algorithms for passphrase encryption at <https://github.com/pulumi/pulumi/blob/master/pkg/resource/config/crypt.go>. 