Posts Tagged esc

Feature Flagging for Your Infrastructure

Saturday, Dec 6, 2025

One of Pulumi’s foundational benefits is that it allows you to manage your infrastructure as software with rich programming languages, robust testing, and CI/CD patterns that you’d use with your application code. This post will cover applying another classic software development technique to your infrastructure: feature flagging. You can use feature flags to control change rollout, reduce the risk of new releases, and speed up the development of your infrastructure, the same way you do with your applications.

The examples in this post range from simply creating a flag and using it in a Lambda function to fully integrating with LaunchDarkly to build a comprehensive flagging system for your infrastructure.

Introducing ESC Connect: Integrate Any Secret Source with Pulumi ESC

Monday, Dec 1, 2025

We’re excited to announce ESC Connect — a new capability that lets you integrate any secret source with Pulumi ESC by building simple HTTPS adapter services. If you’ve ever needed to pull secrets from a proprietary system, a legacy tool, or a third-party service that doesn’t have native ESC support, you no longer have to wait for us to build a provider. You can build your own adapter in an afternoon and start using it immediately.

Deletion Protection for Pulumi ESC Environments

Monday, Nov 3, 2025

Pulumi ESC environments can now be protected from accidental deletion with a new deletion protection setting.

New Pulumi ESC Onboarding and OIDC Provider Experience

Friday, Oct 17, 2025

Pulumi ESC (Environments, Secrets, and Configuration) provides centralized secrets management and configuration orchestration across your infrastructure and applications. Today, we’re excited to introduce a redesigned onboarding experience and a simpler, automated way to set up Pulumi ESC as an OpenID Connect (OIDC) provider.

Pulumi ESC: Open Approvals

Monday, Oct 13, 2025

Many teams live with the fear that a production environment might be accidentally opened, exposing credentials or sensitive systems before anyone even notices.

We’re excited to announce a new feature for Pulumi ESC: Open approvals. A governance capability that lets organizations require review and sign-off before an environment is opened (i.e. activated or exposed)

Introducing Approvals in Pulumi ESC

Monday, Aug 4, 2025

Did you know that 80% of unplanned outages aren’t caused by hardware failures or cyberattacks, but by the very changes we make to improve our systems?

Pulumi ESC already enables safer change management with our innovative versioning capability which allows users to track and roll back environment revisions.

Building on this foundation, we’re excited to announce the release of Approvals in Pulumi ESC—a new feature that enables organizations to bring governance and oversight directly into their environment configuration workflows.

With Approvals, teams can require explicit review and sign-off before applying changes to ESC-managed environments, bringing the same rigor to configuration as they already have with infrastructure-as-code and application development.

Announcing Doppler Providers for Pulumi ESC: Dynamic Login and Dynamic Secrets

Thursday, Jun 26, 2025

We are excited to announce support for Doppler within Pulumi ESC! Pulumi ESC centralizes secrets and configuration management, providing a unified source of truth across your environments. With the addition of Doppler, a popular secrets management platform, ESC further extends its ecosystem, enabling seamless and secure access to secrets stored across diverse systems.

Bring Your Own Keys With Pulumi ESC

Wednesday, Jun 18, 2025

Today we’re excited to launch support for Customer-Managed Keys (CMKs) in Pulumi ESC. This feature gives your organization full control over how your secrets and state are encrypted — empowering you to meet the most demanding compliance requirements like HIPAA, GDPR, and FedRAMP, all while maintaining the ease-of-use that Pulumi is known for.

Announcing Snowflake Dynamic and Rotated Credentials with Pulumi ESC

Thursday, May 1, 2025

Snowflake is the data cloud powerhouse for countless businesses, critical for everything from customer dashboards to billing pipelines. The stakes are immense: this data must be strictly secured and always available. But managing this with static credentials or manual key rotation creates persistent security vulnerabilities and introduces operational instability, risking disruptions during clumsy updates. Pulumi ESC eliminates this dilemma with two purpose-built Snowflake integrations:

snowflake-login: Provides dynamic, short-lived OIDC tokens for temporary authentication to Snowflake.
snowflake-user: Automates the rotation of RSA keypair secrets for Snowflake users, essential for secure key-pair authentication.

Introducing Automated Database Credential Rotation for PostgreSQL and MySQL in Pulumi ESC

Wednesday, Apr 30, 2025

Securing access to critical data stores is paramount in today’s cloud-native world. Yet, managing database credentials often involves static, long-lived passwords – a significant security blind spot. These static secrets, frequently embedded in application configurations or accessible to multiple team members, represent a prime target for attackers. Manually rotating these credentials is a cumbersome, error-prone task that’s often neglected, leaving databases vulnerable for extended periods. Building on our commitment to robust secrets management, we are excited to launch Automated Database Credential Rotation for PostgreSQL and MySQL in Pulumi ESC!