stacks provider: support stack references when the stack uses a secret backend other than Pulumi Cloud

[MitchellGerdisch]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

The pulumi-stacks provider in ESC allows one to access stack outputs - including secrets.
However, this only works if the stack being referenced uses the Pulumi service for its secret backend (https://www.pulumi.com/docs/iac/concepts/secrets/#configuring-secrets-encryption).

This feature request to support stacks that use any of the secret backends supported by Pulumi (i.e.passphrase, awskms, azurekeyvault, gcpkms, hashivault)
Presumably this would require passing in creds for the aws, azure, gcp or hashi, or setting the passphrase as a secret as part of the environment with the given stacks provider.

Affected area/feature