Admin Organization Access Tokens in Pulumi Cloud

Posted on

Last year we launched Organization Access Tokens for Pulumi Cloud, service tokens not tied to individual users, ideal for garnering programmatic access for continuous integration and continuous delivery (CI/CD) tools and other automated processes. After launching this feature we saw record level adoption, with a majority of customers who could use it creating Organization Access Tokens within a matter of weeks.

Organization Access Tokens have member level permissions, meaning they can be used to perform actions that a member has permissions to perform. We heard from multiple customers that being able to provision access tokens with admin level permissions would light up several programmatic use cases. Today we are launching an Admin permission scope for Organization Access Tokens: increased privileges for when you need them.

See it in action!

Gif of creating an Admin token

Increased Privileges

Admin Organization Access Tokens have elevated permissions, please use them with caution.

Admin Organization Access Tokens can perform many actions that a regular Organization Access Token can not. Here are some of the actions you can now perform with a token that were previously not possible:

  • Transferring stacks
  • Adding and removing users in your organization
  • Update team membership roles
  • Add and remove stacks from Teams
  • Add and remove Team Access Tokens
  • Get audit log events

For a full list of all actions that can be performed by each access token type please refer to the Access Token documentation.

Wrapping up

Organization Access Tokens are available to Enterprise and Business Critical customers, as well as on our 14-day trial. You can start a trial or Contact Us about the Pulumi Service Enterprise Edition and Business Critical Edition to take it for a spin!

As always, submit any feedback on the feature in the Pulumi Cloud Requests repository.