No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi, I'm new to plumi and trying to run the cli inside AWS code build. I'm using an `S3` bucket as the backend. I believe the `Pulumi.&lt;stack&gt;.yaml` should not be committed (pls correct me if I'm wrong). May I please know the recommended way of setting the configs? Should I set the each config from environment variable using `pulumi config set/set-all` command? If so How should I set the  `secretsprovider` and the `encryptedkey` ? Or can I retrieve those configs from backend?

&gt;  I believe the `Pulumi.&lt;stack&gt;.yaml` should not be committed
You should commit it if others are using the same stack.

&gt;  Should I set the each config from environment variable using `pulumi config set/set-all` command?
If you've just got an envvar that controls things you could just read the envvar in your pulumi program, it doesn't _have_ to go via config.

&gt; If so How should I set the  `secretsprovider` and the `encryptedkey` ?
Those should normally be set for you on stack initialisation.

Hi Fraser ! Please let me know if a separate post is required. But when you said committed, is it possible for Pulumi to look for the `Pulumi.&lt;STACK&gt;.yaml` file from another location say S3 bucket or Github?

Something like this perhaps
```pulumi preview -s STACK_NAME --config-file <s3://pulumi-backend-aws/stack_files/Pulumi.STACK_NAME.yaml>```

Not really. There is the `stackConfigDir` option in Pulumi.yaml (<https://www.pulumi.com/docs/reference/pulumi-yaml/>) but that's just a folder path (and the docs do say relative to Pulumi.yaml, although I suspect an absolute path there would happen to work)

Oh k. The use case was to try to save the STACK file somewhere while using a self managed backend.

Just found out, there is a flag called `--show-config` available with both pulumi up and pulumi preview. So saving the staet file should suffice.

Thanks for the stackConfigDir advice too Fraser :slightly_smiling_face: I am going to use that too in my project

Hi Sushant &amp; Fraser, I'm wondering if it is ok to make `encryptionSalt` value visible in `Pulumi.&lt;STACK&gt;.yaml` file in a public git repository.

<https://en.wikipedia.org/wiki/Salt_(cryptography)|Salts> are not <https://security.stackexchange.com/questions/131731/why-can-salts-be-public|secrets>, so yes this should be ok