1. Docs
  2. Pulumi CLI
  3. Commands
  4. pulumi new

pulumi new

Create a new Pulumi project


Create a new Pulumi project and stack from a template.

To create a project from a specific template, pass the template name (such as aws-typescript or azure-python). If no template name is provided, a list of suggested templates will be presented which can be selected interactively. For testing, a path to a local template may be passed instead (such as ~/templates/aws-typescript)

By default, a stack created using the pulumi.com backend will use the pulumi.com secrets provider and a stack created using the local or cloud object storage backend will use the passphrase secrets provider. A different secrets provider can be selected by passing the --secrets-provider flag.

To use the passphrase secrets provider with the pulumi.com backend, use:

  • pulumi new --secrets-provider=passphrase

To use a cloud secrets provider with any backend, use one of the following:

  • pulumi new --secrets-provider="awskms://alias/ExampleAlias?region=us-east-1"
  • pulumi new --secrets-provider="awskms://1234abcd-12ab-34cd-56ef-1234567890ab?region=us-east-1"
  • pulumi new --secrets-provider="azurekeyvault://mykeyvaultname.vault.azure.net/keys/mykeyname"
  • pulumi new --secrets-provider="gcpkms://projects/p/locations/l/keyRings/r/cryptoKeys/k"
  • pulumi new --secrets-provider="hashivault://mykey"

To create a project from a specific source control location, pass the url as follows e.g.

  • pulumi new https://gitlab.com/<user>/<repo>
  • pulumi new https://bitbucket.org/<user>/<repo>
  • pulumi new https://github.com/<user>/<repo>

To create the project from a branch of a specific source control location, pass the url to the branch, e.g.

  • pulumi new https://gitlab.com/<user>/<repo>/tree/<branch>
  • pulumi new https://bitbucket.org/<user>/<repo>/tree/<branch>
  • pulumi new https://github.com/<user>/<repo>/tree/<branch>
pulumi new [template|url] [flags]


  -c, --config stringArray        Config to save
      --config-path               Config keys contain a path to a property in a map or list to set
  -d, --description string        The project description; if not specified, a prompt will request it
      --dir string                The location to place the generated project; if not specified, the current directory is used
  -f, --force                     Forces content to be generated even if it would change existing files
  -g, --generate-only             Generate the project only; do not create a stack, save config, or install dependencies
  -h, --help                      help for new
  -l, --list-templates            List locally installed templates and exit
  -n, --name string               The project name; if not specified, a prompt will request it
  -o, --offline                   Use locally cached templates without making any network requests
      --secrets-provider string   The type of the provider that should be used to encrypt and decrypt secrets (possible choices: default, passphrase, awskms, azurekeyvault, gcpkms, hashivault) (default "default")
  -s, --stack string              The stack name; either an existing stack or stack to create; if not specified, a prompt will request it
  -y, --yes                       Skip prompts and proceed with default values

Options inherited from parent commands

      --color string                 Colorize output. Choices are: always, never, raw, auto (default "auto")
  -C, --cwd string                   Run pulumi as if it had been started in another directory
      --disable-integrity-checking   Disable integrity checking of checkpoint files
  -e, --emoji                        Enable emojis in the output
      --logflow                      Flow log settings to child processes (like plugins)
      --logtostderr                  Log to stderr instead of to files
      --non-interactive              Disable interactive mode for all commands
      --profiling string             Emit CPU and memory profiles and an execution trace to '[filename].[pid].{cpu,mem,trace}', respectively
      --tracing file:                Emit tracing to the specified endpoint. Use the file: scheme to write tracing data to a local file
  -v, --verbose int                  Enable verbose logging (e.g., v=3); anything >3 is very verbose


Auto generated by spf13/cobra on 19-May-2023