This message was deleted.
# platform-blueprintss
Slackbot
02/21/2023, 11:28 AMThis message was deleted.
h
Hutger Hauer
02/21/2023, 1:38 PMHi Dolev, I'm curious...
• Are you using Pulumi to store/create secrets where? (K8S cluster as secrets, AWS Secrets Manager, Hashi Vault, etc)
• Are Devs adding secrets themselves via PR (they generate passwords and push to git in clear)?
d
Dolev Algam
02/21/2023, 1:52 PM1. Pulumi deploys K8S Secrets to our clusters.
2. Devs are adding a Pulumi Secret to the config and import that secret to the Pulumi Code that deploys are secrets.
CLI
pulumi config set --secret dbPassword S3cr37const dbPassword = config.requireSecret("dbPassword");Dolev Algam
02/21/2023, 1:52 PMThey open a PR yes
Dolev Algam
02/21/2023, 1:52 PMIt's encrypted by Pulumi
a
Andre Marcelo-Tanner
02/27/2023, 1:09 AMWe do similar via Atlantis for Terraform, i would look for what their friction is and trying to improve on those.
m
Matt Wilson
03/02/2023, 5:27 PMConfig Management isn't a solved problem. A couple of jobs ago, we decided to write our own, which worked, but there are others coming on the market. CloudTruth is one of them. https://www.cloudtruth.com
94 Views