Hey Guys 👋 We use Pulumi to deploy anything not deployed with Helm Charts. For example, creating a Secret happens with Pulumi. Developers are finding it difficult to work with Pulumi. We built some CI pipelines that shows the output of Pulumi Preview on PRs, but they want to edit configurations and see the potential output locally on their work stations, without pushing every change. I'm designing a better interface to Pulumi for them. If anyone has any experience with it and can give some suggestions I will appreciate it.

Hi Dolev, I'm curious... • Are you using Pulumi to store/create secrets where? (K8S cluster as secrets, AWS Secrets Manager, Hashi Vault, etc) • Are Devs adding secrets themselves via PR (they generate passwords and push to git in clear)?

1. Pulumi deploys K8S Secrets to our clusters. 2. Devs are adding a Pulumi Secret to the config and import that secret to the Pulumi Code that deploys are secrets. CLI

pulumi config set --secret dbPassword S3cr37

Code

const dbPassword = config.requireSecret("dbPassword");

We do similar via Atlantis for Terraform, i would look for what their friction is and trying to improve on those.

Config Management isn't a solved problem. A couple of jobs ago, we decided to write our own, which worked, but there are others coming on the market. CloudTruth is one of them. https://www.cloudtruth.com