No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi <@U036KV0KSDS>, I assume you mean for the pulumi service?

we use AES256GCM to encrypt values with the stack-specific key.
It uses AWS KMS behind the scenes.
If you need more information, we have a security whitepaper we can share, but you'd need to engage with an account executive

thanks. So I guess it is OK to put Pulumi.*.yaml in public source control , if it has hashed secrets?

it is indeed, I do it myself :slightly_smiling_face: if you want extra control, you can always init the stack with your own KMS key
`pulumi stack init <awskms://key>`