Hi everybody Does anyone know if it s possible to work with

Question

Hi everybody Does anyone know if it s possible to work with Pulumi Secrets in the GitOps way Ideal scenario for us would be 1 Encrypt data beforehand using any of supported providers 2 Put the encrypted value to the `Pulumi lt stack gt yaml` With regular config values unencrypted this works well Motivation remove a requirement to set up Pulumi tool locally just for secrets management and rely on Git CD workflow I ve tried to encrypt data with Google KMS but it gives me a binary output So I can t put this output to `Pulumi lt stack gt yaml`

billowy-army-68599 · Answer

< narrow vegetable 60985> if you init a stack using `pulumi stack init secrets provider= lt p gt locations lt l gt keyRings lt r gt cryptoKeys lt k gt ` then set the config value using `pulumi config set secret` it ll set the value in your stack config

billowy-army-68599 · Answer

and it ll be encrypted so you can check it in

narrow-vegetable-60985 · Answer

Ah Indeed I can encrypt a value with pulumi without granting permissions to the cloud Pulumi stack even with a local stack and then just copy the encrypted value to another file Just tested that Works fine Thanks