Hello, quick question and sorry if this has been asked before:Do Pulumi employees have access to the following sensitive information?1. state file contents
2. Pulumi secret contents
Thank you in advance.
6 months ago
As far as I know, no, but I'm grabbing someone else who has more Pulumi background to help answer any concerns. Hang tight!
Hi @jolly-alligator-19698 just to summarize here:• We do store your state files when you use the Pulumi service
• Certain users with production access can view those state files, this access is audited
• State is encrypted by a per project key. the default encryption mechanism provisions a key for you in the service
• if you want to maintain full control over encryption, you can encrypt your stacks using an external key service, like AWS KMS, Google Cloud KMS, Azure KeyVault or hashicorp vault
• if you use this mechanism, no Pulumi user will be able to view your secrets at all