Pulumi ESC Released
October 10, 2023

Pulumi announced Pulumi ESC, a new solution to manage Environments, Secrets, and Configurations for cloud infrastructure and applications.

Pulumi ESC enables developers to define reusable environments that combine secrets from multiple sources, including Pulumi IaC, AWS KMS, Azure Key Vault, Google Cloud KMS, OpenID Connect (OIDC) Relying Parties, 1Password, and HashiCorp Vault. Applications can consume these environments from any cloud execution context or tool, including Pulumi, Terraform, Cloudflare Workers, GitHub Actions or Docker. Pulumi ESC gives organizations a central way to define and scale cloud applications, without worry about secrets leaking or credentials needlessly proliferating across developer desktops.

Pulumi ESC provides a simple and secure way to manage environments:

- Define Anywhere, Consume Anywhere: ESC can pull configuration and secrets from any source, and consume them in any application. Users can adopt ESC independently of Pulumi’s Infrastructure as Code offerings.

- Identity-Integrated and Auditable: ESC integrates with Pulumi Cloud’s identity and Role Based Access Control (RBAC) facilities, allowing teams finer-grained control over sensitive information. ESC includes deep integration with any SAML IdP including Azure AD, Microsoft Entra ID, Okta, Google Workspace, and many others. ESC fully supports auditing of all changes to the Environments, Secrets and Configurations it manages.

- Static and Dynamic, Short-Lived Secrets: ESC provides facilities for both static and dynamic secrets. Short-lived secrets, like those supported via OIDC, are seen as best practice, yet are not well supported across key systems, forcing teams to use static secrets, which are inherently less secure. ESC makes adopting short-lived, dynamic secrets seamless, combining the security benefits of dynamic solutions with the ease of static configuration.

- Hierarchical and Composable: Multiple environments can be defined and composed together, eliminating “copy and paste errors” and enabling auditability and traceability into shared configuration changes.

- Open Source and Managed: The ESC client SDKs, CLI, and plugins are all open source, and the Pulumi Cloud offers a fully managed experience. Pulumi Cloud can also be self-hosted on-premises behind the firewall or in any public cloud for advanced compliance needs.

“Pulumi already delivers the world’s best way to manage cloud resources. With Pulumi ESC, our community can now bring additional critical aspects of infrastructure management into their Pulumi workflow,” said Luke Hoban, CTO of Pulumi. “We wanted to build a general purpose configuration and secrets management solution that worked seamlessly with any infrastructure or application that could be used by multiple teams, with different roles, within an organization. Every interaction needed a security and auditability guarantee, and I’m incredibly proud of the work our team did to deliver.”

With Pulumi ESC, organizations can improve their security posture while enabling a developer experience that provides maximum productivity and flexibility.

Pulumi ESC is available for free as a public preview today with the intent to eventually offer multiple tiered versions, including a free offering and others with advanced Enterprise and Business Critical capabilities.

Share this

Industry News

December 19, 2024

Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).

December 19, 2024

Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.

December 18, 2024

Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.

December 18, 2024

Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.

December 17, 2024

Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.

December 17, 2024

Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.

December 17, 2024

Kindo formally launched its channel partner program.

December 16, 2024

Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.

December 16, 2024

Fastly announced the general availability of Fastly AI Accelerator.

December 12, 2024

Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.

December 12, 2024

vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.

December 11, 2024

CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.

December 11, 2024

Grid Dynamics announced the launch of its developer portal.

December 10, 2024

LTIMindtree announced a strategic partnership with GitHub.