From 9a167ec1e79210126195a884252e454d64813679 Mon Sep 17 00:00:00 2001
From: Sarah Hughes <sarah@pulumi.com>
Date: Thu, 27 Jun 2024 15:59:41 -0700
Subject: [PATCH] separate esc vs infisical into its own PR

---
 content/docs/esc/vs/_index.md           |  21 +++
 content/docs/esc/vs/infisical.md        | 173 ++++++++++++++++++++++++
 layouts/shortcodes/get-started-esc.html |  33 +++++
 static/logos/tech/vault-2.png           | Bin 0 -> 13210 bytes
 4 files changed, 227 insertions(+)
 create mode 100644 content/docs/esc/vs/_index.md
 create mode 100644 content/docs/esc/vs/infisical.md
 create mode 100644 layouts/shortcodes/get-started-esc.html
 create mode 100644 static/logos/tech/vault-2.png

diff --git a/content/docs/esc/vs/_index.md b/content/docs/esc/vs/_index.md
new file mode 100644
index 000000000000..bc2220c61cf9
--- /dev/null
+++ b/content/docs/esc/vs/_index.md
@@ -0,0 +1,21 @@
+---
+title_tag: "Pulumi ESC Compared to Alternatives"
+meta_desc: Learn how Pulumi ESC compares with alternative Environments, Secrets, and Configurations solutions.
+title: Compare to...
+h1: Compare Pulumi ESC to other solutions
+meta_image: /images/docs/meta-images/docs-meta.png
+menu:
+    pulumiesc:
+        weight: 7
+        identifier: esc-vs
+aliases:
+---
+
+Pulumi ESC is centralized environments, secrets, and configuration manager for cloud applications and infrastructure. It provides the ability to create environments which are collections of secrets and configuration that can be versioned, branched, and composed inside other collections. ESC supports pulling and centralizing the management of secrets from 1Password, AWS OIDC, AWS Secrets Manager, Azure OIDC, Azure Key Vault, Google Cloud OIDC, Google Cloud Secrets Manager, Pulumi stacks, Vault OIDC, and Vault.
+
+There are many tools that overlap with Pulumi ESC's capabilities. Many
+of these are complementary and can be used together, whereas some are "either or" decisions.
+
+Here are several useful comparisons that will help you understand Pulumi's place in the cloud tooling ecosystem:
+
+* [Infisical](/docs/esc/vs/infisical/)
diff --git a/content/docs/esc/vs/infisical.md b/content/docs/esc/vs/infisical.md
new file mode 100644
index 000000000000..282c452812a5
--- /dev/null
+++ b/content/docs/esc/vs/infisical.md
@@ -0,0 +1,173 @@
+---
+title_tag: "Pulumi ESC vs Infisical"
+meta_desc: Learn about the major differences between Pulumi ESC and Infisical.
+title: Pulumi ESC vs Infisical
+h1: Pulumi ESC vs Infisical
+meta_image: /images/docs/meta-images/docs-meta.png
+menu:
+    pulumiesc:
+        identifier: infisical
+        parent: esc-vs
+        weight: 2
+aliases:
+---
+
+<style>
+    main table {
+        font-size: 0.94em;
+    }
+
+    main table th,
+    main table td {
+        width: 33.3%;
+    }
+</style>
+
+Choosing the right [secrets management](/what-is/what-is-secrets-management/) tool is important, and we want you to have as much information as possible to make the choice that best suits your needs. We’ve created this document to help you understand how Pulumi ESC compares with Infisical.
+
+## What is Infisical?
+
+Infisical is a secrets management tool that provides a centralized platform for managing and controlling access to secrets. It supports dynamic secret generation, encryption as a service, and comprehensive access policies.
+
+## Pulumi ESC vs. Infisical: Similarities {#similarities}
+
+Like Infisical, Pulumi ESC is a secrets manager for cloud applications and infrastructure. In both ESC and Infisical, secrets can be stored and accessed through a CLI, SDK, or Web editor interface. Granular access controls can be implemented across all secrets.
+
+## Pulumi ESC vs. Infisical: Key Differences {#differences}
+
+There are a couple of fundamental differences between Infisical and Pulumi ESC. First, ESC and Infisical differ in that Infisical can only add and manage secrets stored in Infisical. ESC adopts an open ecosystem approach, allowing you to pull secrets stored in most secrets and password managers during runtime and use them anywhere. This allows teams to use the best secrets management solution according their purposes and needs. Second, Infisical lacks the composability and hierarchical nature of ESC, which increases getting started speed and duplication of secrets. Third, ESC takes a software engineering approach to versioning with ability to add tags and import specific collections of secrets and configuration via those tags, similar to Docker. Fourth, ESC takes a more secure limited privilege path to provisioning dynamic short-term credentials as compared to Infisical.
+
+Here's a detailed comparison of the two:
+
+<table>
+    <tr>
+        <th>Feature</th>
+        <th>Pulumi ESC</th>
+        <th>Infisical</th>
+    </tr>
+    <tr>
+        <th colspan=3>Architecture</th>
+    </tr>
+    <tr>
+        <td>OSS License</td>
+        <td>Yes, Apache License 2.0</td>
+        <td>Yes, MIT expat license</td>
+    </tr>
+     <tr>
+        <td>Document Store</td>
+        <td>Yes</td>
+        <td>No</td>
+    </tr>
+    <tr>
+        <td>Key-value Store</td>
+        <td>Yes</td>
+        <td>Yes</td>
+    </tr>
+    <tr>
+        <td>Open Ecosystem</td>
+        <td>Yes, supports pulling and using secrets from multiple sources including HashiCorp Vault, 1Password, AWS Secrets Manager, etc.</td>
+        <td>No, can only store and manage secrets stored in Infisical</td>
+    </tr>
+    <tr>
+        <th colspan=3>Developer Experience</th>
+    </tr>
+    <tr>
+        <td>Editing and Authoring</td>
+        <td>Yes, supports both GUI and powerful Document Editor with autocomplete, docs hover, and error checking</td>
+        <td>Limited, has GUI editor without YAML support</td>
+    </tr>
+    <tr>
+        <td>CLI</td>
+        <td>Yes, available as <code>esc</code> CLI or <code>pulumi</code> CLI</td>
+        <td>Yes</td>
+    </tr>
+    <tr>
+        <td>Client SDKs</td>
+        <td>Yes</td>
+        <td>Yes</td>
+    </tr>
+      <tr>
+        <td>Declarative Provider</td>
+        <td>Yes, support via the Pulumi Service Provider, which allows management (create, update, delete) of collections of secrets and configuration as a resource through infrastructure as code.</td>
+        <td>No</td>
+    </tr>
+    <tr>
+        <td>Composability</td>
+        <td>Yes, simple set up of hierarchical environments that inherit values from imported environments</td>
+        <td>No, can only reference singular secrets from other environments and references have to be duplicated in multiple environments</td>
+    </tr>
+    <tr>
+        <td>Versioning</td>
+        <td>Yes, entire environments can be versioned and tagged and imported based on the specific version tags or revision numbers</td>
+        <td>Limited</td>
+    </tr>
+    <tr>
+        <td>Immutable History & Point in Time Recovery</td>
+        <td>Yes</td>
+        <td>Yes</td>
+    </tr>
+    <tr>
+        <td>Values Can Be of Type Secret and Plaintext</td>
+        <td>Yes</td>
+        <td>No, values can only be secrets</td>
+    </tr>
+    <tr>
+        <td>Interpolate Values from Other Values</td>
+        <td>Yes, new dynamic values can be constructed through string interpolation</td>
+        <td>No</td>
+    </tr>
+    <tr>
+        <td>Branching / Personal configs</td>
+        <td>Yes, environments can be forked for testing without rewriting entire environments and overriding specific values</td>
+        <td>Limited, requires careful copying since secrets need to be downloaded in plaintext locally and then uploaded</td>
+    </tr>
+    <tr>
+        <td>Compare Secrets across Environments</td>
+        <td>No</td>
+        <td>Yes</td>
+    </tr>
+    <tr>
+        <td>In-built Functions</td>
+        <td>Yes, support for functions like <code>toJSON, fromJSON, fromBase64, toString</code> allows data manipulation for any scenario</td>
+        <td>No</td>
+    </tr>
+    <tr>
+        <th colspan=3>Security and Compliance</th>
+    </tr>
+    <tr>
+        <td>Audit Logs</td>
+        <td>Yes</td>
+        <td>Yes</td>
+    </tr>
+    <tr>
+        <td>Encrypted Secrets Storage</td>
+        <td>Yes, TLS is used for encryption in transit and unique encryption keys per environment are employed for encryption at rest</td>
+        <td>Yes</td>
+    </tr>
+    <tr>
+        <td>Access Controls</td>
+        <td>Yes</td>
+        <td>Yes</td>
+    </tr>
+    <tr>
+        <td>Secure Dynamic Cloud Provider Credentials</td>
+        <td>Yes, uses OIDC flows to generate dynamic credentials. Available for AWS, Azure, and Google Cloud.</td>
+        <td>No, less secure as it requires access keys for highly privileged root accounts</td>
+    </tr>
+    <tr>
+        <td>OIDC Trust</td>
+        <td>Yes, trust relationships are established with third-party OIDC providers</td>
+        <td>No</td>
+    </tr>
+    <tr>
+        <td>Secure Environment Variables</td>
+        <td>Yes, the <code>esc run</code> CLI command can be used to specify which secrets are available as environment variables</td>
+        <td>No, all values are available as environment variables</td>
+    </tr>
+        <td>Plaintext Read Only Mode</td>
+        <td>Yes, ESC offers a <code>read</code> mode that allows reading only plaintext values while not being able to decrypt secrets or  access dynamic credentials</td>
+        <td>No</td>
+    </tr>
+</table>
+
+{{< get-started-esc >}}
diff --git a/layouts/shortcodes/get-started-esc.html b/layouts/shortcodes/get-started-esc.html
new file mode 100644
index 000000000000..f86fec3bf9f4
--- /dev/null
+++ b/layouts/shortcodes/get-started-esc.html
@@ -0,0 +1,33 @@
+<section id="get-started" class="py-16 px-4">
+    <div class="container mx-auto max-w-5xl md:flex my-8 align-top justify-center text-center">
+        <div class="md:w3-/12 mr-4">
+            <h2>Get Started with Pulumi</h2>
+            <p>{{ "Use Pulumi ESC to easily centralize and manage environments, secrets, and configurations. Follow our [Get Started guide](/docs/esc/get-started/) for ESC to begin. If you want to use Vault or any other secrets manager with ESC, follow the below guides to import secrets from existing secrets managers into ESC environments." | markdownify }}</p>
+        </div>
+    </div>
+
+    <div class="mx-auto max-w-4xl">
+        <div class="tiles flex-wrap mt-4">
+            <div class="pb-4 md:pr-4 md:w-1/2">
+                <a class="tile p-8" href="/docs/pulumi-cloud/esc/providers/aws-secrets/">
+                    <img class="h-10 mx-auto" src="/logos/tech/aws.svg" alt="AWS" />
+                </a>
+            </div>
+            <div class="pb-4 md:w-1/2">
+                <a class="tile p-8" href="/docs/pulumi-cloud/esc/providers/azure-secrets/">
+                    <img class="h-10 mx-auto" src="/logos/tech/azure.svg" alt="Azure" />
+                </a>
+            </div>
+            <div class="pb-4 md:pr-4 md:w-1/2">
+                <a class="tile p-8" href="/docs/pulumi-cloud/esc/providers/gcp-secrets/">
+                    <img class="h-10 mx-auto" src="/logos/tech/gcp.svg" alt="Google Cloud" />
+                </a>
+            </div>
+            <div class="pb-4 md:w-1/2">
+                <a class="tile p-8" href="/docs/pulumi-cloud/esc/providers/vault-secrets/">
+                    <img class="h-10 mx-auto" src="/logos/tech/vault-2.png" alt="Vault" />
+                </a>
+            </div>
+        </div>
+    </div>
+</section>
\ No newline at end of file
diff --git a/static/logos/tech/vault-2.png b/static/logos/tech/vault-2.png
new file mode 100644
index 0000000000000000000000000000000000000000..e8eaa97686a4edb27752f1d12d928d454cb474f6
GIT binary patch
literal 13210
zcmZ8|2|SeT*Z;^9rKCr)h9cQQS+jeTEf1oQ>{(JW$!@GIQrVK7Y$4f6jG?hq_GHUC
zwvv6BgqfIz_uTY*|Nr0H=hJe#@9Vm+`?}8gp6~gd)00d3T8s>w3@8+eQAhiN5el_u
z1pZCgM+bkJrJw%{f9-eGHgiXz4je&#)1Z=Hu%l2?|LR=$=ZepZrO{CXbJObPl|I8e
zE+ZBXepDGrpk&Y<-x-)?6ki)3lera;f9Rpt%foqknDBhb{0u=3nVidUw~iTq=zje+
zhd)HbMOdh<O8E-A48tit(nkdb{l6?OJax9W79^2)>v7sjp8I73hy0e<f>e8+GuQix
zh2LvdjUQOOD#XHBgIUk#Lk;%h+-I7qYihDIOFkTWGgRp3=;-L0OXfc3di+{D^;lGM
zTwL5yhg@<*czAeUxr&r8Y3N3bA8E05okY^K6gMp{C=ea$?~g~jxac{{XyGWOc)arH
zz<`|PLd6wh&(YcdLQU`b@bGYtn3xzYGBVO0zp%F}`+8X--^0P{XV^){c%lUH6%_*P
z!{HZIrOsz|T@@Q(2vN72Dt1_#$!ioM;~KA@)hLi}8x0MtQ>`YrtZuw>_VV)TnpqWC
z*r?@XXW!?%fjh%~kP<oW>FupW4cvZ%ve8ZV|Jj<@?Tq^5c=ztvuHoV2Wg@Zenf6Ii
zKZbHeq)$akYSryj%-w}jC6w%{;t8JLxS<J8RM)-c$)Upa&iUZcj*bq-P3l$<D?>=U
zW=S7>V!w?J>h`j?`o4eK7zdBc$^I~3@v)eLX*2rP6%-X?u2~)k4xkqQVlqP4TWMqO
zX;G&nf;f7AV)S#Ra;Mf&gT0fDK`fV-wNJWrwd|$oqMMUVZn#HF|1$H^Y%~^r<znkx
z?Cd_6&w0Q2@U?|kHBia_$3(*{sfaHpH^BmrF~)fl(+V1LXr1_?61HYWaPD@|+V-ul
z8&NxRX?S~k_i3HAstdFfCaZ*gh~6Hk+se73@RRuC>j&Et57{|5@?4@($z#Ne+aIjZ
z^*qQLr`+UCab)Tw?>76izY7ZE>rdg*#?d(Qk5)<;8(S_cER2Bx2&C%QT+WL%-*=+&
zPK*$pARdqJX0!G`YoU80FF#+D`N?1L2?=pmM5b!pXCf8jE>^IO6IXm>(=qdTZx5?4
z60j0;UNyazmX@s;F44UF`KQg3ZA%0!zOjh2(Qfm1;I`YHJ9pOB=6a7zkuEy-{n9KU
zCPhRr5)D+TELSZp*T?FD#*H^CM8*;*q$S<u(HglqGUY?f(te2npPM!|Hq~!4FUh8O
z25oK3d>9Yf4w!&PmV2U<gSLKO%^}<<HzU7)uWobmrVh@JTwL>OU8tBGXKJ;dOePzY
z2XVh{&<}N|P`6&6`RBtSx(9}o#MD%7>CNCEMW!sy@qhL77zZecKYWztZgIXvt`v_&
zS}40Odf?r7xxyM_hlYk4?%liRTCvbMvs!#@`9mt_c*||+x3#s)MeE*qaFk0Vb`kQg
zunT<mii*UdTkS_0Y+S3?0+Rl1!V?A@z?jd(v{n^Rlh47#clGHWlu-s(B0SRV&lJkf
zisWsd$)D)|HshAFC$Hz47uQs^LOkUc=IN%Jdt%u{8Z7np_l57P8_%cGY-0V6y-@b^
z`nEV!enb&}hZ0ldrm8q^CYmbC5kB8^hvdpumcUhdii9R4u+AuNe`N|vG%@b0pf2U-
zS8Hl%slFyx8z`+@D2|UR$^H88NoM)P4#&}oG5yNM#zwWQ8Gk|MCwPf>Kh)pG6T+jS
z>ZDXuwm$0<33JZ1mUESv*M6@=1-&Sq@lq=vDw|-v?~bD>uq9UF<x@W+1}*0np`O|G
z^GpCWLi;4M)A#C5rPY7mL=#LGY^$Ab!Ir3pEu4fGxVyVQxMoq{^CFYSDDMj8+qdg#
zB@47(D=lHC!p_0+S$kY2BO)UMyR?norC`Sc{WcS<1MjM?ev)b>kw|O$E{#%2;gt6w
z2OdlXdP#_h3E!#Rn7%Makd>1gotl1;nyNh1*B7@qJFD$jZsrXjz&0~9GU8EET#WHn
zSiQy+*ME}^Swr0OZ#HLsdCqZ+i;9Z2fw>!!WN&<a!O{Co$3xjV9qv^OEa-W8dJ1^^
z{cBm{r6<gjv@aw4B1Lboy~F0JU8%SE*t2!_vTo0KzlJgWs5m#j6nZ+k_YsA**v{^+
zuHWxBOn97R-p@ilJy5MR_OD+Rw(e?~M=U`#y>rGg&dLHu-5XV*v;~i?kqAVRr##^9
z1srv9isYL>u<o=u6Ugm=josG(zAU1REwcn4^2o&wyfMZ0<A?fwQmF0a<>i9L#-0HH
z+7CjRc(=%ReN49Smz7@KtpSVWZ4;;mY$ErWS~JGiIIc)ARIszN|2h%V`g^OqQ-$la
zvWTl3GKK2augR}&%~bq)zj<#(@!opcqX*C@2HP1Ex&5$ZF|_oDE^y&BPcj>>`DA{B
zfFeC4Vk<jUX|Y(@j5jiT*UK?E^~=B3yzJ^?m-l!8+v}Vz@!^|c%qW+|Yp&+<E~sRh
zIoY-67juRQ!^45TOBDm}tpnEkel#^b8km*Ie8(k+_E~UI`%BH*!CKnv>2gf4d^9>m
z_a<A@t=q(JR||UB&Z4oEmD5Ee1*YB~Ol|leN5|=@q@<*Tki+j`pQCtHc>?Eh65hYN
zbO@Dy*|?$OiNMYj?dEszGRl&Yk|s;d>8e42h5eWHrl+UrL{r%fqn4MKUw6*b7~lSC
zsgrrhDe1)vrL*$#zQ}~C)V1ESrQ9?WD$sdAOh99Citba0N6p4TMn*lr6zeYj-@i6y
z(&MgSnUL^tIai;$)ETt3`mle22Bnx+J>e)JXCt0X=$QJwv1%6+6C=1*UE4eNN$m7#
zA!L*4>+6{+M!fv}e{+j^-1`fab;Z*407RX{y>nix8{fht=o~)vj*fCumurZ7%+1ZC
z8n2g~hbVGBz0=znODHNS@e?@BggTw~>V8Tr*BSbrrRnD#j_tKoZZ<X(q1q>Zro&q<
z%_Sx$Z(hz?^@6CWrK#D39;y1;VJ}%%66?P(q;d>ZSe(zM7thJVlQz*96MR=2n_`eN
zEokk((rAOz6u5Q^B7P8g)cYPBPd1mlSz{q98yjszTJ<+T{)*Z=7UHJ*?F%$#H1+ml
z533(j@jtf+H`cEn3?7X}XT^qJuel=D%#*B_^G$~Rp#JOp`CH#Nr<PMjD`_G0#svhK
znwq|embobmp(nzM*2Y*ya710{SIGGIc+fu!ji}e*9$W+nCBs%81^M&&Ip;I;^NRsj
zX6NRfn9N^#ou9w3xxO%l8MyV9N+D~t<0T+0ft9=(52P&3Wobn{^4?7R_tfMVxPET$
zP4BV@%KP{Cjr_N311QfGse8}C<4ka#K|fmsqu%O8LB!&^^X{x6+A=jYwe@Lw?4$nv
z{&&c~Q`0`W+`jE2VfBuEaLx<x^CLem(*$;2q>8e+`Kt4Uyp&_Js^}g^&Faw?B1bI|
z{9GIL9#3_0cGfK^EEFmzC>Yz=@Xfg-^!AD$b$#9Q&e;oh&mG%<WecYJe0wrNivPa5
z>kGHKFIwH<=H_m_I1|AJmbJ37;@#BTJf1hRSyH#P>477#c8W^`aDPEZMA6aF1wPwg
z3*WK6FL{@PL{;c6j+@>Toy$BQ`Vv#ZSXy1pfIb1ieh7{>0n9Is!21FilI&)A)mu>q
zuz6ut)5hiJeb16U%3g<GRk^uZ<)2$~f^262JeT`V7RL{$;i)9Tk%*E~ubilRw~ooX
zoh+PmLz%z!W%4$(wjP)E!_oM{^aRAyiUulTTC=gy1o{UJB@RS^5>sF-9$sFgY?A>(
z;IVIui?{2+ySVUZA(qY3ni|F7S<f{u(&Er|-do1~^|YRBBkGq>s5c0ffb+Q6+uIi=
zua@c>b3Oe%zD-TX7Hd4AkLoZ`*|4t~BXDJwl-$7}v$KY*kl3y%q<$U&M8Wo#80TFQ
zTKn44(sDJ+xi<xTe0|K17{P%*RL{UEQl*2Vkw10n)FUvuaPn%Ws%VYpJr6jJ@*AC7
z2B%^+s6pH0AcHIJaD)NgeC!7UE!#WYfo(B`sPk_9UhRBp+_Pj95D?Hibi1FMAw;Ec
zhMWk|5BSAYstOs5W-WqC?i~WF1!C{G4{52u6sfKDfp<vPYkpPK-JN_i@YLF`eqWS}
zi;IlMJsb}A56O*oa|Pf$NALs+X2qA59&VX(EB;0pCJ=U56~e3e2ar$>q(dyNrHo1y
zPY@k|F!%PoSLikS-8g5eFgi7to30N#VS$TL60!6P2pFxo?0%eoxwDza?{>5GZv+=~
zb#=wlJ8Ka0&WS2{iJ<!use<0#scM2%{jp%We@}eGVU*P4#_OTK_R_0~#xbA+`%#-t
zPP#gO!*K`vqHZ|^((FOmxFoZT05q=MT^_-m%^HAgh%-y4LF_MKxeS>e7ZhsopK=7B
zx>)CAQ7BS|+3u~QJGajF?%V>747W0G?%e7U+PS3><6ecGv_NMBz6d#>W{@-EN&$oT
zPfh|6_7y;4FP%7JshA}Ly4qmRdS<~%6uxotZVu2dy}OJpS-Ly(U1HjqPis|q1cC5d
zAI6YH>0lq4?=wPYux1lbsKFRCpjY;YT7@>2230Cyc?9v8d$*pUX;C)T)u%?(pSjW2
zoEW7;)sJ}?RD~R$D*i|$OOPQsa>iRKq<R_X>!%5kw-B;GSkfQBj24)dh(v3DpU@|+
z`Y5H`fspD^G{B<%xVyWXX&z@ObsU*%y0Ws;gBNV%f%;>yrYwFIhKN4*^rq`)b9y}O
z$`Xw_J&{BS=L`vo6F!P2i+H0vQgit--Gc_3Gxm}GD#WLa*V`5s7i}QXYqys~XARiL
ztyDeB0FT)Glq6-BJyL%sRnZ&$X;ub>x)ci}58<K^LOZ~$`udECfIXIq)OAYzJz7If
zA!DtJ4PqZ3;72^t{|an`T?+oYlC96Q#L5_W_RPhT%zhD8DV92-;5+xm`QQU)bFN-N
zpbcm7*>iPTj|lG?`C{Aj%w#8wu|&h}tw~EsNwwVDJDo`>3(naDq*UhVeDz75MhclA
z!&h6ZDrCX}9qhq{3ZCZk)O~Uojz}9@q-ShAu(?@n+GGLPtCQQC6mvF#<0v_!Eip{6
z0kw7#55yBc;$)RgAa(WjmY=js`{V41;kZvu9v&XofgCvCXI3`+u}H-0^W#Bv=x)X{
z1D}bQ)~I#~07@ix=FE==;W%;2YL;hbqs&@`Dnkx`LugWaBE8zGWcKbmRNx(VXS*_A
zhx;-=`Dg{{lH{~x3Q*<XLYx(Z$<jg`N?Py(1KJ2J&DG;VIp_9W`)a>MwD!s4&f-!y
zucc%@JD#ZK@}chT=-9Jt!P5>`ckD8mey$S#7D82k%D5PZd&q~c!QsB2rYXcark2EJ
zB3aAf6Kw{L<LAp(KK;{w^Fe@|T&XfzSVBBD;$2-2rVURV!}}Fu`Wbp$6fuw#Wl0Vn
z@9gXp#dO-ra&d84nbombVdip5!+lZGIB<&d&0s7Uhp&e<lrH?BPz|%{I@yP#LbYfw
z`W}SzyK%PDbQ;(KXT0Y)Clx2jj)}M=B;C|`YW3jxT>?7DJ6Eaf>EUq_0L`k&Vs&+u
zhGR9cajHFmR&qMpbNC>N-OBX<Fx5deKkU-dua!w#j#Uesn@056C=Q7IPcQJ%JA692
z@2~fg(=;~ke3Xh$i;L5JPFGcxm6nzc_}&uz8Uj@7u!!?4&oUp$?L)CPOp}vf#eg_i
zmtWcizB0L#j%vj7F`W+5NhL?-fC#iD9|*2}Y8ea(fuFm3FTT2Z9v`$_`&RHr%~=iD
z>rp{lRX9Y!)deJxtF5iQX|~ES)yx}o5H@;db@bLF!85_Bf8evEsL0nH_hMnbui)un
z^~9Xl#UG{j$_dLYKJp-JJ+%~c@VIa=^us+zp(_69$9#5aGwDGpB6d8e^)TQL)>}Ul
z%KXU7IQth2If9oLzlvX%kXyX(QRCY(uOM8|fs3~1q5rkHP-1|X7}dnYBo@&L<{K*y
zpSoBT;`BLI5#j{3S#|4fbw8m9mST{qu#R;jrXwT{;Y$4rfvX*I52i@jn*fJLjvV<=
zVRd=m2@D1kKaWc_jz-Hxg<1->2TI(!36hBGuODAa!*St1dJR<f+JBmKJ@?Zi;jiN{
zc|Zx0??_+)tQMjlBFW7HZn>@PsnK!(g0RuU%aI;6IF=gyHf@_?%bHh%xQSYiIU}_u
zr8oKsG{JnAU4;LJ#LqSW0<>0tppDtm=ZK8_{I|-<$n+_5Fg@fA3w)z!{Wm1qT%$bF
zZP|tRvkA9%y`ol&rp2)hfqoMWpiA~%sTNnS?rTZZs+^i~&}dSkrKMFp2kB%u4wcao
zyBC4xQXZhUr<|>S^z=Lje;N`89tKWZc-aA!5qt9hINw#qIWKobpC2|?nv?)^B!DkI
zKbvqG9AOL+Qa-!l(A+ju@Re79ILD_Rc|JpbAd*8JIt0q8xPu5=%n0|L72jVk^hz86
z&h}_F!BrtuzHYqkw4J!wQl|sXZR#n!xLSA5nWuS>7ir^c1G5Q2n5j5Zu;%E#EsICU
zH+mjBJ}N-N-nfR?%%?~XE{!)NdSnAY=qL%tt+9qRvT&?+SuzJl|7*R2ldF8Ant9;V
zZwrGbfXhA&_g!N>6bcTNS#uJ_Z}xKH)YK!hXtZ68U2|lJ!zcHRpHl!7YqF}UB`t}e
z%g<5a_D}93u`H2kPS(q9ZMGX6o-exPp8{Sc_NeBgX3aD|@eK9aQC#@oTkGrVdg=1+
zj;De5a^YFUEJ1JjTRprFQ{$nqRJ^tYNwlM@gM&t%yRu?6s5}%Tb*ZrG1xGB4L2@PF
zIPF3w`J=UwD07YIyC$is%KPjr6Y|j=l5kW^M$21UTL&~t&g((|v;lSD^}45^prC<M
zKnEhpDJX2->mR7#>v6f__WRdLDbM%=f|!JasEK%0-S!p*J`Fhqr}!ZwzQ6o%wmjK{
z*B49%bj+5z)}KKHd$V<2$6E)bS$+i^8}2LhxGZX#479=#U+<fwVPj?8BRRbSF&7Nc
zM!NmzNcPAXPS_Xz@`dk+&IC5oA0HnNXV9V`Lx&P6v)BRS@blFXw_4{FeCK*{U<q$!
zK{<RA?rWdQNsEfRI<FC<;iX*m*R&Qqr92|{TMj>?1Mv`&ZnHU-NF)}7`yM+4*}cIt
z_!*L!E#O=LrIL%z278*lnP7dNCKz8oqK!2SyFQ@9(Gc7hN&jv)GMJ4DgoV6?tcHNS
z<A(sxbVrKS37%uQ`RjJ|08Yc@Hw->cu4Ip*y*CkB2RhOz;TD?JH@6#H5@Hou7y`~A
zsqMnjx0R|M2!&UcsR+GOZv48jI@2t|O~qDJtY6(BAN*R87uL^hT{_j{@@0Oo%<e0a
zSgfTr-)g39Q#f>Kq4zo>4Fg;BqmW#P^Yi)SEh<HvKd@K;^ctq^jT9W<e&F^NwRLQ4
zY&J}ymVFsAgf=UJ7tmE8w<DO(-9tl3(wh=WpqX~BZh{yrFXgYi08FFYyz_6dLIAY&
zw5;-SDPf>Krxjnldi5yeu(=5jWFduVoyx3X!g0k2Mq`S(7($vvEU{xHapS}&&H!sU
z$=`uNUuK&XKVa;z#LGpGzz{j8I1@!4R%@f$J0KSqM0;xTMXLc9T7}pKR9$Lw=8|$$
zn9Z4UmP8`0SQEPL@>_Pzz`({#^32sv;&G`_vSyG3yYkPCckRz5l26YQiRoVFj`?N{
z&`|hCHI)JE*VA$#Uz<%Wy{XZEH#o2^2p9k5GEfsxt8AQ{oHknp)BlD2rG6t*w&lUH
z{{eFsD%gvU2W`9k`}glp($dm$fJ;kK5n2I=B#E(9E58fCqRTddh%#Fgq5(Vp&>)u|
zwtJr$<*`GB&Yds2@icELHnF63^Hx<(&Q$F<aeD^l+h1_Uctl4e?v|?O{Fm`-5C&&D
z(|M&Z%4+3h9t~m-59b=BrvbX9X(Q8F3YJ*lUbZCW{+*wHk+5o^>)i^b{~}QIYy!B8
zB&@d~#y};hvdvlpCAtbs>0#+V4SH>i%8<DmzNywf1;-92D`r=WX%+c#Ye^hR04D3r
z!y2#v;@q4W-xA$g#f{Fi7l&nqc0e@{UMmD-P4v_;jNdOlz2420W?n$DyowroDb+k4
zZf@#C#emg;ax7O@f*8V>W=}x88~s%GI5Sml%*XCplhRk$bI0w{FdBS+Lm*i9NLT}3
zRyf_r3>6Ejz^@@}FIh%|Nu(u00?YeTJCUJlEJ^A{Q@9oFqAi%FA;;<`pg{1>W=I1~
zo5KEHSQ6j(a@ioK!aBke5gw^jsx2JxU_|>=+kV?DBnn+)pnG85Tfum34zXwLO9w*K
z!wM_sDyjpi)ezz_1|f4xOA)tfm=~S^g9&}~=v9Ojy^U6-@Xl9zX=5`hu91%p=$a7L
zuI-5Iv1bkNx$jvnzjl;E#H2!lVU#Ea+&4yjun@s>Ru~dGljbK5%)!j1*BMlef^2SF
z@x1cUS5RunTe?`dz!dcBgER$4<HEw_I+PDwG?puZfAkU0AzqbZ@hj!RfZ!=hKJ_4m
zJUeSpG%BF$3CK`k8R2;pB!jxG^%6VH657%u1Ox(|{sQUE1409kSo;ctlK!7R-@u1m
ztJX!&cqq6(l&Rz7<qc}SZ7_lo6;VkF8kz8%{e}qjya8+7uHc<#F=914l2nNmKK~1*
z2H`j&_#hu2pO-#^7%@owCLwwt0OO2*by(e^E^ySmbIBgoo3`hkn$Ip7H@kMtXv}}L
zV?TZ-ufH*j4Y7=zn(z7~;&^&&-~L_(mF?fFU!zpFd<JJdQ6?l}T{UFKLv9b%GtZv*
z$ojx=X&>E#UQJar2Z?9He@tLu<@ValwPR4du;NHBX`a-PtL}&VU7wxm-tzAU&=@%J
z1`fZ)BO9+j?T&KCt7_Ga^H%%}xU*(A)MEIK={7be`!Rmx^-<WHQ{@ZUX8Os$0AV41
zbbn)E#}ZP}{sJUJA(m^1Scn|BagHj{#oV<#fvduXC~F_x=V@fZwLWT5?IC>Jjz>)Y
z-q-BsT1j|6VH?LBb3b?z)VzrKX!Lnja7Bj-!;+K0T^)|m&jJkto%WC%CKbs5Ckx8h
zq`W2e7JiHe6cTwgl9iRk%Z_JFWSf(<7x7B{Qq$oJ9ydNX_`?gh_xg+6=T}d^0=87p
zYt6YKKLL7M*wR<s8WSEU=T%ef6roC$)6ABiKaZ&zppI|X1yCyG654U-v3GMaKSN%G
zsAmfBM2U`$jv8k5qptQLQdnaUp&FvpHHcE|*@S0H|1UbsAe<z6FSc-L-#xYCg?$xB
z9S65(074T6M6=!<c^|0;BIQBQy5u$=j?Q^ZSF*h&9H9Wi2XCa`+9KC6wQU7dzImhG
z5b@|E=$Pvx%PDtiIbML?nz@d-sHdk#)hSuB&k2$#4`>)I6viT=EU_#YBY4MAy_%6<
zi9F(N$g!7<V524vlaRBbI(}5Z8&t@iL!lpPg0{EpK^T9FEClor>7P%+4y${B<XHnn
zPa>W?HVD-N`O~Z3!w}X?`z=ayG3lj6kh=~Se>a4Rm5#81P=v}wt)`ZlRdI+NM^2sN
z(d>UsPRw>x)ISS#n}|Sv$z=DI&7@dR?KS-anXoalTN@kxwb|X)x>?KCW>J}%krvXu
z-5!`jU}*)s2U;eZo0|8;fBVS1_|St(^Ld}AB<#B6^bk5QPzCJ8EVnjM52Udx{oPR=
zYo-Qj5_*P^JUtQcVe!M-o)jZ<n_mC25^P#*VQBw}f8h(8)co>tBqaYO4xb#p9FeOR
zPksehqAA?t!d{e{E4TwCeY&j*hq@+LZgb+X!%lzE2g^w7?GT*6MhRi|qKXO`v8)Aq
zaOfehrg>$9ypWI(gzwCX-}HoZ<0kOkLb8&xv$GX`2DMlSd4dso-#^uit3K;}rXLWV
zYlU}$3L7MJtfK-;8EYeV@Za6!6UN+8Uj0{g@c8)XBj0zwzJ)>R*K(`G3Iu@FH)HNj
zeU?3kylxfK)>|YO!?MxnY{HosAVdGlq~?^P4y(5)$e-^QmM}S<B@h6*%7QYz%?&+M
z#F0inX=80=p*SpJm$rj>ofXalJ2Y;pk-`4qzPu}KMdV|_sWJ`_!bV@f!<rKKHKVId
zO6~3KK&oqZ$>rNc@%<=_a~r~#mmM!uGfF+LU@~i32}S~4md;Z!yD30KOeZbs+Rb4I
z4mCK)6h0v`YnR_4jvb~{YF4AWr?hxClR%$>50NsXMAv~t`j2u+5W>&X1|)7x12r$q
zgH*w2d0MTSu{;LgqSI>uYH$cS#}`{)03K`d<qK>YNe|}-2^^2#Vp-9(W{_R!HA^g=
zVO~W5jw4S#jzMP8KRJw$s>y0Xt3uyi)Y~sehJnRLqd$n)d!~j1#_<eLk#LK#@K!X-
ztwsgMC)a{Y*9yzQUT{M=2g(%8GZ1ls51t&2L{|6szWFmZ0^naEQ0!Jvr!^Lw(I9dI
zMhQ(yv!S|Z_ma<NkC4t+GZsXbsp5bOIpN1Q0TGg|N{&G)R4T%-9IB053i04FIq4kq
z^Y?Fmwe|%t!At!&#ZehD49m<g9PCH*d4;N3J89ufB<&gy4IgI4`g|Ta42`4FzqlnI
zX)CD{qmSYk4<7t|1~Hd3_w3!2vHu$dLiS&r*4@kYso!4iHPbq|r}PlRvWtGYit<Xg
z7B3^{<E&W&_c!5?+91+gCEhoGOz$!{4q@hrW=Z+GcZJgL5=B}R8gp1-`^?PD3{6Z;
z@!rHSPo&DJS+YM^-q7{V`8F4qY(lAm86`FWk^?b@<uEo0I!<dn2gf;asC^@?2tR&K
zwbO7AoKS=GepTM}R%l3XAN4`bkf-sqwyf-H+{%DjR*f!H8_8W=T^_o+?NmgRkGRgI
zRwM)io(S}Vxz+gW2sP7Y78VDk-6-jSn|YZ8)ArZP&%rPr0kc4gV@MUs_9G{1kan*(
zNA^fR?0=09b$uWg(!Zr)nVe{XHN>2Zj*B8vFKfO78O;F4*2`p6JHRsH@XXEpz?|%2
zc2*X@@Z|m={$^T;1kYFa{^76IO@s2+Cn9+}hOLvfi(#+#UYHzCr$#>Tx6f6gJW_~7
z#Pc))k`H)!w`OK$-n5ctQgdb*ISTXA!o1r3wNn_vn@}*OO3|UDPs`7dD(dYMG#T^^
z%a+gFQh4E^*C6YIpTcv99))16WQ{IjSriIIq9yTw+G^&+*j`~Q4$Qash5ilwrmZOu
zLM|B_n~GtdG*3Par*^=IG$miRYyB3eWTw5|N40SsVIEvwUb|A<Ef)<H$UM7l2-FD_
z)O<I!4v_gbK^uj6IZ?bv7z>rd56h9q<eB5ob^@PZe?2vcP~q9~=hm%@;u}y<i)=+S
zK6sj07`p++vy3>=1-^?FyeW`nO7_@5UN!@9Uw(@zcuc6O;6j@Vl=7TdC9C!O-IQ!j
zvtC}a?4W(4e{*B4*C2F9sxx#Q2#zHv0S7(}lNDC#)f7&m9A5PBi5AhL7?wF<Z(swH
zpA;6y^i|$WPfGGNo5^{MRA`YMAo|+ptfSN#EcuPllR&_ST4oiJpiZ;wr8I#Q$BCZ%
zP7pofcLfsEkE-qirODUZ^cJk`o}sfi@M}G~wjA7t|0L$sBa{-5ZD#RwC%&hCHfj&k
zsF(oKK_L?jFiL4}LH2R>bqN%tnbvHu4DHP|Fz{dN*81@7jipMDi!?ugP69M~T--}0
zj|cH~`7yq!)&(27m}9hr>E!?TAOp#L)I04C30Kj$+v)0X54O7;gn^<k5UGy|k!ukt
z#4w}nT%5+f6a51Nc*$vC&f6P9H_{o~6fPe_oNnL=e&i>7Xj1FofCaFuHg2XWD0y`G
z1;U!!o+IgG=UEw<_1q7kOrh&(^uZg*m{@ahc$1<TB^klnhSagzw{Np&m9dB}aq+$!
z6#p?+;}HL#86f2d<}*#bf>0HgTALVXBgv_-^NJNNrpA2&ljqbpa?4uW76;2pp?}DR
zhh>EE_*DD@4=x|Irmg8eI-~A5D+nm~nWO4f-a029YUlQ%l}qXXJhIaU=xxMc4Bu2g
z*!z$A?kp{cjzeRIr*~yV)Bc;M)%QhT%o)L0)q(U{G_!7d2s|9oIvv*(Yyx-30>k@J
zfXFK0g1-m^Z2P&AYbM@0Y6lwCYrvyBqQhU)?Zwg|U}w9=x%kwB>z5b@<;Bd*Ox(9R
zIa%3vl99BreU{8lA4%#dfyZ96!oy%o;*e9htSNwE$>sB<;Q@UXrW2vDPbrlp)^)|R
z%ISxH>f7F<?q=h5(2Jx9>g#Avk6XGr*Luc8|2~~UQkB6ytqtlHNJ-N(Gqmda?jm7r
z%)ND9e7|4MLd!*v!4bdjRH58{Q(o@w>E`zHA<t@t{3TcCYy^zjinx1RY;Hh~J42=<
ztf$Si#fd)MsolC=BI4{l6CNseeERgxqS*GbGEz})l&-0(+g9g`9xUjquvL*vw%Pwr
zLy<7E*^;aEo+<p#Hc?yr48(oE8#ivyucvA4^M#B@dFA5~dF2ubyA;|$&!690Z^Ek9
zM=BHTk&>>ezdFUBXK}g=VgLwb_st=a4MW{UB&K3~1Il{by?%$1kV&AWr22Exzo+nU
zR9EmJuTqgL5y;RS6y+L5RZMpC{RyPB{}CD{Qcj;5LW=o=DWm>7D&&gtTGiMQ=@h9O
zpTk!^RRtaj<u|BiywVTtXe3BpG3h*fS-(mzd$$^~Nmw0(jx|AX<tT+K#(nEk3D$>#
z5YNMObiYO_a3P0{B0EG`7{nk+W!nU-geu!q0EHv~J$U;2P9UL+OdR*Ng!D?+Fv19!
z{8YO{-7y{x4vt=T9tL#8(aY$k%bV|j>m11@)GtSJE3)z+ncb|X^u?w;QAJ-Q35D;3
zNd9}hB#4{xYceXdqSos_ZB;?rlyQ1t9&gqs7Y?=gP-zxzJv`PPK*Nm(lzBa}2B4+u
zBAkF5CB~&Pb~gB7r3!p)XVSEqCqUkpl)}rVl`-A+H=w5>^;YG%D_K>YzgnXCyCKc7
zMk?54>SbVO&!sSorNyB^C!$}%nZHM(CA{C%j|+|ug0wvJa}7F|;90#CQgMiY0>yG7
zDN5jLKaH?=z*x{Wb-zLfO`ot=>Ra`0<H&KMwd}l~l?m4dqC0|oaF`+Fku!C{Qi;bD
z5!iJT#P=3rj2`_>S-pqRgE~SYMAxsY8)*FIe1Yu=9u_M2C3?Je>8Sc+3-Ot1-_=*-
z&#8*bZiG#w)Itbqy5zd>5I<4@^}k!*h-4WT^tt7nOAa#!Wg^7K_4eqePoLUV(uw^+
zzng<jf=)L)<u+AaUHx2rU)h^CFIiMcP)oR&WBuL4eqHd<8GYElp2xljt$Qwrlc}RS
z0i_*mUBrEJ!R$XTfquZ(aY0S&qn15HvMzqRlFEFC69Mlx>747Ow=7+eY8we#7HY1w
zI8}UTPWBRS7D?5)0pb1BJvXzgN{4P^{QRKXlcrxFt2?0|$<N2OWEs%hcg4Lup(Ah;
z>JfRNh@u=}b>6_h;LEIxG%eoX;XS<B%6@{r`Fo)%Pt7(<jyc&b_AK&01MLTM3;$EA
z${Miseq)uv;P>3u=t;aRz);S1?nFO_u(v}tLCr3FjNXz7QYbmyzex~i_1W=sHSVBz
zr443SH6BR{x6&$-ObV}A+h!SIe&$Am1`j8TvW4vKh1VfT)w)pYEIk^OWZr?aVYsYu
z+E_YnCK(oeJ9}T_f1mGq#6dbg@cv&36A!Quq&Ey&2nJJ+ZZp%avU74KpTRIz3<pXd
z--|t&JyNGp&FIv8kdo<aTiI(2EdcnlM(BVFsJj(y?y+Vs0h)BPqS-(s&Mjdp{k}P~
z(K1rod~27Z9I5G*aJm_C*&UNZzIx_!Di>nA;swfqmFda`4Pt)_lWDUF!K6qYWlk9k
zW8ayDJQ03=e!F+22G&S|U62!7fwX9WN=D^{DYSNeIEn?6d%FE<BK~nKg{H?v%@0!R
z+iRTpw$u1`Y~mK|(ilcBGH4NpxbSq!e?iJ8mGp@S+IH;rX2~{upR(6ZGlSWj#y6yQ
z^IM&8m4GuTHpPRhD|CpYLHu}dR6rCFvp#?RoF<LoUPlD3l9CctyEO$7<mcDKa!xmc
zxja(OWLn+$eIy;4$81*0IyRO!L7l{HgKWTf)!~5UTz4?b$a5LLHoa=b*$)gixXr&x
z#~~H8f}^7#hsv{tac?e`chV^;C_HxzI_Cd-rTK%SwVeP`!MVT}z5Nb4G5w%}<96=&
z%}&*A|0`Q<$>+7Sw0>G|Zzfz1d5P5PEPu=G#nL3pOr08~TXP_lM;5syKQ(^3d_5Cd
zATnZQnct|F?X+l^h*U$Zv?wnxPt`#(X?&+G2_Xlf0lybY>QuyTICQj%Xps8~Od&i9
zS21=K3d_yOW|SbEL15<cj`QMX5wQ3<q&Ld(cZgMSmpEn_H^bwbGK7?yhQgM6_$W;g
zTw`+M{_Zb_#SEbdM@LG<YllqZfaA-o+RY+0*P!hi&dy=B^*&W4Hww%UEqZFzH=&!X
z_`sI@6(kAGpgN*7bo9OLChIBlgM2_m#A`|?Xi`W!Aao;|mZOUxGExndm&c)!59iaX
zIbN5OKJ(?v7uO21drs!mjBzKG7i93Y+B#^YzP?7D1&IZz&w@xTpT(<6Xs)kU`!zlu
zqdBhAq4a6(ye9E)cs#tejw9TW9V{;O%qAru_bli^PHO?ZEzrvGbWu>Mkxvm)s#}&N
z{RYfyB2{7ha24+JW)^x&kui@i@X-{V&xCf@fB1>pjv`gqN**O&P(<xCS;qkEp=f>>
zX-6H|^1<8&y{DcXGG`EfNMYRzT`8~=(1$BW&_PihpdDpSbh6_m$o)4%(`f+Nfs@^#
zLux^@cLSh_Z2`LHqIi@s(jzUb$BKCA|MZSSpOEMcG#ZT*ExGj}<X6;I!o0-sI@KWp
zfhzzBVTc<k^TvQ1U5pBGzMxF53s2wcNUcpvN#R1uvq)Ru`U}LuRVa()t>;4zY19BB
z$JO2dyFiM~MFULe@_o?E6A3Nv&=iE~>H(HLF<jx?){!EIA1JXVBTap`?wFt6LeyrD
zn$fw@Kr^`%V769JtUL`Jr%?aCC`K-VW^(`eyxbmWabJS|XZl0O9#>XW<aGF-6j(d*
zr?uYGvkxRwOK)X^X@4+bWk1q)1fc)4?-Z`L0?%t$OmmAt(>k4koyuDaEI)PMq?8cQ
zeuVYQb!>A?zd?^sm0ta4#H3LuCoh(fQ#J#L$D>fe?p1mX#WQa1%Wwy^AA5694Dlrt
z$|v|C;pAdGGAjzDr1sv0&r1iV11&D7K#l)%A!%ap=T6u|f_>r6N>HfZtoyP1&2~H!
zW@Gt37dmEt-ZRLtANyYyPs{{%S0EJiknpka`R)p0wcfk9IsSQ%2>(}E`SRQmr2hsL
z7wu{uY<3xqbm~Ck;QzUJIApYYXa1S1`F~wJHv7*V81r8j;oZ9%rRJhtCDt^%yHOdk
zCr4QAuOMIs4Ka$$=mU}>yX$<-y&tR5s=vDh^XK2Y7{2+lnoW3TV&R|hfiV7*=$|3H
z`>~C4sk@&h{pca#+uEP;oG_jile7D25&T~(Y4CrR*%a+cc-X(YvS3;5Di`&I-I>+6
zPL9aFG~QiV1~)UBtNYK&x(@Bfc6@}crrg{cd1Hi~qjZ8Zazy?+2U3yx|9<vpUT^mc
z-oj3wUw^f`f?-%e-nHG&K?OW>C0r@`vjP=ZLE&&L0o(*oZ9vRc2hKt-^dX@sUk|6c
z@jd43{&p}Hr;D&StofhCNid^R2!9T~i*3L65ut?LJ(!JpShGJ?cXtJATJJ|sR{l9&
zw`Z<$PnQ0?^w`M}z3jx@AuX$r#|A4k#!|kw#`J2I>_wq6%-~_<zXjZZFwp~b02E3(
aY@43n2TLlt`I-YRQ92s>7mC$w?*9*5?iaHF

literal 0
HcmV?d00001