In SST v3, specifying an AWS profile in the providers section of sst.config.ts works correctly for sst deploy, but is ignored by the sst secret command. This requires manually setting AWS_PROFILE for every secret operation, which is inconsistent with the deployment workflow.

• SST Version: 4.6.11

Reproduction:

1. Configure sst.config.ts with stage-specific AWS profiles:

export default $config({
  app(input) {
      return {
        name: "my-app",
        home: "aws",
        providers: {
            aws: {
              profile: input.stage === "production" ? "aws-production" : "aws-dev",
            },
        },
      }
  },
  async run() { /* ... */ }
})

2. Run the secret set command for the production stage:

sst secret set MySecret --stage production MyValue

Actual Behavior:

The command attempts to use the default AWS profile (or whatever is in the current environment), ignoring the aws-production profile defined in the config. This results in SecretMissingError since secret value is not written to the production state bucket.

Expected Behavior:

The sst secret command should evaluate the app() function in sst.config.ts for the given --stage and use the resolved AWS profile, matching the behavior of sst deploy.

Workaround:

Manually prefixing the command with the profile:

AWS_PROFILE=aws-production sst secret set MySecret --stage production MyValue