Hi everybody. Does anyone know if it’s possible to work with Pulumi Secrets in the “GitOps” way? Ideal scenario for us would be:1. Encrypt data beforehand using any of supported providers.
2. Put the encrypted value to the
With regular config values (unencrypted) this works well.
Motivation: remove a requirement to set up Pulumi tool locally just for secrets management and rely on Git/CD workflow.I’ve tried to encrypt data with Google KMS, but it gives me a binary output. So I can’t put this output to
Ah. Indeed. I can encrypt a value with pulumi without granting permissions to the cloud Pulumi stack (even with a local stack) and then just copy the encrypted value to another file. Just tested that. Works fine. Thanks!