esc icon indicating copy to clipboard operation
esc copied to clipboard
verified publisher icon pulumi

Support customer managed key in ESC cloud

Open kiweezi opened this issue 9 months ago • 2 comments

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

I would like support for a customer managed encryption/decryption workflow in ESC cloud. For example, a customer managed key which can be used to encrypt all secret related data in ESC cloud, and can be rotated by the customer at any time, causing the data to be encrypted with the new key.

I’m also open to other solutions; maybe something similar to the passphrase workflow used with Pulumi IAC.

The org I work for appreciate the compliance certs and OSS nature of the platform, but want to be able to ensure they are in complete control of their own data, and this would satisfy them to use ESC cloud. We would highly prefer to not self-host, and add to our growing stack complexity that requires knowledge and maintenance. I’m sure this org is not alone in the desire for more control of their data in the platform.

Affected area/feature

kiweezi avatar Mar 21 '25 13:03 kiweezi

Hi @kiweezi thanks for opening the issue! We're actually looking into prioritizing this feature for the next quarter, and it would be helpful to know which organization you're associated with. Can you send me an email at komal at pulumi dot com so we can make sure the request is associated with the correct org?

komalali avatar Mar 25 '25 16:03 komalali

Thanks for the reply! That's great news @komalali, my org will be happy to hear. Do you know roughly what form the feature/solution will take?

kiweezi avatar Mar 27 '25 10:03 kiweezi