No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Is there a way to constrain the organization(s) to which a stack may be deployed? We want to prevent leaking of company secrets into developers' accounts.

Not currently, could maybe be done by adding a way to set the org in Pulumi.yaml

Although this is only "prevent mistakes" protection, a developer could just remove the line and deploy into their own stack if they wanted to be malicious

Thanks <@U02J3T6A8LB>. What would be your suggested approach to protect company secrets when a developer leaves the company?

Oh lordy that's a big topic and I am _not_ an expert on that.