Claire Gaestel

Claire Gaestel

Software Engineer

Announcing Snowflake Dynamic and Rotated Credentials with Pulumi ESC

Announcing Snowflake Dynamic and Rotated Credentials with Pulumi ESC

Snowflake is the data cloud powerhouse for countless businesses, critical for everything from customer dashboards to billing pipelines. The stakes are immense: this data must be strictly secured and always available. But managing this with static credentials or manual key rotation creates persistent security vulnerabilities and introduces operational instability, risking disruptions during clumsy updates. Pulumi ESC eliminates this dilemma with two purpose-built Snowflake integrations:

  1. snowflake-login: Provides dynamic, short-lived OIDC tokens for temporary authentication to Snowflake.
  2. snowflake-user: Automates the rotation of RSA keypair secrets for Snowflake users, essential for secure key-pair authentication.

Read more →

Introducing Rotated Secrets in Pulumi ESC

Introducing Rotated Secrets in Pulumi ESC

Managing secrets effectively is no longer a “nice-to-have”—it’s a must-have for any organization building and scaling applications in the cloud. Static, long-lived credentials like database passwords, API keys, and IAM user credentials are a major security vulnerability. They’re often overexposed, residing in source code, configuration files, or other easily accessible locations. Manual rotation processes are tedious, error-prone, and infrequent, leaving a wide window of opportunity for potential breaches. Today, we’re thrilled to announce a powerful new capability in Pulumi ESC that directly addresses this challenge: Rotated Secrets.

Read more →

Secret Rotation with Pulumi ESC

Secret Rotation with Pulumi ESC

Pulumi ESC now natively supports secrets rotation that makes secrets lifecycle management much easier. Check out the launch blogpost and docs.

Managing secrets in modern cloud applications can be challenging, particularly when it comes to rotation policies. While dynamic secrets (like AWS IAM temporary credentials) handle this automatically, many systems still rely on static secrets that require periodic rotation.

Static secrets, like database passwords or API keys, should be rotated regularly to maintain security, and services depending on these secrets need time to transition to new credentials to avoid downtime. This makes rotating credentials error-prone, and often forgotten.

In this post, we’ll explore an approach for automating static secret rotation using Pulumi ESC combined with Pulumi IaC.

Read more →