No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I found the solution. It seems it's a race condition in some way, where the secretsProvider tries to resolve before the config is set, meaning it doesn't grab the `aws:profile` from the StackSettings.

Adding the following to the `createOrSelectStack` forces the stack to use the right profile:

```stackSettings: {
   ...
},
envVars: {
    AWS_PROFILE: '{profile-name}'
}```