# platform-blueprints

Dolev Algam

02/21/2023, 11:28 AM
Hey Guys 👋 We use Pulumi to deploy anything not deployed with Helm Charts. For example, creating a Secret happens with Pulumi. Developers are finding it difficult to work with Pulumi. We built some CI pipelines that shows the output of Pulumi Preview on PRs, but they want to edit configurations and see the potential output locally on their work stations, without pushing every change. I'm designing a better interface to Pulumi for them. If anyone has any experience with it and can give some suggestions I will appreciate it.

Hutger Hauer

02/21/2023, 1:38 PM
Hi Dolev, I'm curious... • Are you using Pulumi to store/create secrets where? (K8S cluster as secrets, AWS Secrets Manager, Hashi Vault, etc) • Are Devs adding secrets themselves via PR (they generate passwords and push to git in clear)?

Dolev Algam

02/21/2023, 1:52 PM
1. Pulumi deploys K8S Secrets to our clusters. 2. Devs are adding a Pulumi Secret to the config and import that secret to the Pulumi Code that deploys are secrets. CLI
pulumi config set --secret dbPassword S3cr37
const dbPassword = config.requireSecret("dbPassword");
They open a PR yes
It's encrypted by Pulumi

Andre Marcelo-Tanner

02/27/2023, 1:09 AM
We do similar via Atlantis for Terraform, i would look for what their friction is and trying to improve on those.

Matt Wilson

03/02/2023, 5:27 PM
Config Management isn't a solved problem. A couple of jobs ago, we decided to write our own, which worked, but there are others coming on the market. CloudTruth is one of them.