full-artist-27215
04/11/2022, 3:16 PMbillowy-army-68599
full-artist-27215
04/13/2022, 3:04 PMPulumi engineers carrying out on call shifts have access to the production environment that contains KMS keys used to encrypt secrets. Access to this environment is tracked and audited.
lemon-agent-27707
04/13/2022, 6:38 PMPulumi engineers carrying out on call shifts have access to the production environment that contains KMS keys used to encrypt secrets. Access to this environment is tracked and audited. You can use an alternative encryption provider with the Pulumi Service and manage the keys yourself. In this case, your encryption keys are fully managed by you and never stored within pulumi production environments. See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption