steep-toddler-94095
03/08/2022, 3:53 AMlittle-cartoon-10569
03/08/2022, 4:08 AMgreat-sunset-355
03/08/2022, 10:12 AMkms cmk
and use aws-vault
for sessions so all my pulumi commands are either prefixed with aws-vault exec
or I run the vault in the shell.
We do not have CI/CD yet and I see the benefit of different KMS keys as an extra layer of protection against human error.
But if you are going to use Pulumi service only for secrets instead of storing the state (I think)
https://www.pulumi.com/docs/intro/concepts/secrets/#secretsechoing-dinner-19531
03/08/2022, 3:35 PMbillowy-army-68599
03/08/2022, 3:57 PM