Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
q
quaint-salesmen-18327
10/14/2022, 6:58 AMIs there a way to constrain the organization(s) to which a stack may be deployed? We want to prevent leaking of company secrets into developers' accounts.
e
echoing-dinner-19531
10/14/2022, 7:37 AMNot currently, could maybe be done by adding a way to set the org in Pulumi.yaml
Although this is only "prevent mistakes" protection, a developer could just remove the line and deploy into their own stack if they wanted to be malicious
q
quaint-salesmen-18327
10/14/2022, 8:02 AMThanks @echoing-dinner-19531. What would be your suggested approach to protect company secrets when a developer leaves the company?
e
echoing-dinner-19531
10/14/2022, 8:23 AMOh lordy that's a big topic and I am not an expert on that.
q
quaint-salesmen-18327
10/14/2022, 8:44 AM🙈