Introducing Pulumi ESC: Easy and Secure Environments, Secrets and Configuration

Pulumi ESC, a new product from Pulumi, is designed to manage and streamline secrets and configuration complexities across cloud infrastructure and application environments. It introduces a novel configuration-as-code approach, allowing teams to aggregate and manage secrets and configurations from various sources, and consume them across different services. Pulumi ESC integrates seamlessly with Pulumi Infrastructure as Code (IaC) but can also function independently, offering hierarchical and composable environment management. This tool supports dynamic configuration providers like AWS Secrets Manager, Azure KeyVault, and Google Cloud OIDC, among others, providing a unified interface for configuration and secrets management. Its CLI, REST API, and integration with Pulumi IaC enable environments to be accessed from any application or infrastructure provider, enhancing configuration management with audit logs and role-based access control. The open-source project supports flexible, code-based configuration management, addressing challenges such as secrets sprawl, duplication, and long-lived static secrets, and is available as a fully managed service in Pulumi Cloud. Pulumi ESC aims to simplify secrets and configuration management, offering dynamic and secure solutions across different cloud providers, with plans for further enhancements and integrations.