1. Docs
  2. Clouds
  3. Azure
  4. Get started
  5. Review project

Pulumi & Azure: Review project

Let’s review some of the generated project files:

  • Pulumi.yaml defines both the project and the program that manages your stack resources.
  • src/main/java/myproject defines the project’s Java package root.
  • index.js index.ts main.py main.go Program.cs Program.fs Program.vb App.java Pulumi.yaml is the Pulumi program that defines your stack resources.

Let’s examine index.js index.ts __main__.py main.go Program.cs Program.fs Program.vb App.java Pulumi.yaml .

import * as pulumi from "@pulumi/pulumi";
import * as resources from "@pulumi/azure-native/resources";
import * as storage from "@pulumi/azure-native/storage";

// Create an Azure Resource Group
const resourceGroup = new resources.ResourceGroup("resourceGroup");

// Create an Azure resource (Storage Account)
const storageAccount = new storage.StorageAccount("sa", {
    resourceGroupName: resourceGroup.name,
    sku: {
        name: storage.SkuName.Standard_LRS,
    kind: storage.Kind.StorageV2,

// Export the primary key of the Storage Account
const storageAccountKeys = storage.listStorageAccountKeysOutput({
    resourceGroupName: resourceGroup.name,
    accountName: storageAccount.name

export const primaryStorageKey = storageAccountKeys.keys[0].value;
"""An Azure RM Python Pulumi program"""

import pulumi
from pulumi_azure_native import storage
from pulumi_azure_native import resources

# Create an Azure Resource Group
resource_group = resources.ResourceGroup("resource_group")

# Create an Azure resource (Storage Account)
account = storage.StorageAccount(

# Export the primary key of the Storage Account
primary_key = (
    pulumi.Output.all(resource_group.name, account.name)
        lambda args: storage.list_storage_account_keys(
            resource_group_name=args[0], account_name=args[1]
    .apply(lambda accountKeys: accountKeys.keys[0].value)

pulumi.export("primary_storage_key", primary_key)
package main

import (

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        // Create an Azure Resource Group
        resourceGroup, err := resources.NewResourceGroup(ctx, "resourceGroup", nil)
        if err != nil {
            return err

        // Create an Azure resource (Storage Account)
        account, err := storage.NewStorageAccount(ctx, "sa", &storage.StorageAccountArgs{
			ResourceGroupName: resourceGroup.Name,
			AccessTier:        storage.AccessTierHot,
			Sku: &storage.SkuArgs{
				Name: storage.SkuName_Standard_LRS,
			Kind: storage.KindStorageV2,
        if err != nil {
            return err

        // Export the primary key of the Storage Account
		ctx.Export("primaryStorageKey", pulumi.All(resourceGroup.Name, account.Name).ApplyT(
			func(args []interface{}) (string, error) {
				resourceGroupName := args[0].(string)
				accountName := args[1].(string)
				accountKeys, err := storage.ListStorageAccountKeys(ctx, &storage.ListStorageAccountKeysArgs{
					ResourceGroupName: resourceGroupName,
					AccountName:       accountName,
				if err != nil {
					return "", err

				return accountKeys.Keys[0].Value, nil

        return nil
using Pulumi;
using Pulumi.AzureNative.Resources;
using Pulumi.AzureNative.Storage;
using Pulumi.AzureNative.Storage.Inputs;
using System.Collections.Generic;

return await Deployment.RunAsync(() =>
    // Create an Azure Resource Group
    var resourceGroup = new ResourceGroup("resourceGroup");

    // Create an Azure resource (Storage Account)
    var storageAccount = new StorageAccount("sa", new StorageAccountArgs
        ResourceGroupName = resourceGroup.Name,
        Sku = new SkuArgs
            Name = SkuName.Standard_LRS
        Kind = Kind.StorageV2

    var storageAccountKeys = ListStorageAccountKeys.Invoke(new ListStorageAccountKeysInvokeArgs
        ResourceGroupName = resourceGroup.Name,
        AccountName = storageAccount.Name

    var primaryStorageKey = storageAccountKeys.Apply(accountKeys =>
        var firstKey = accountKeys.Keys[0].Value;
        return Output.CreateSecret(firstKey);

    // Export the primary key of the Storage Account
    return new Dictionary<string, object?>
        ["primaryStorageKey"] = primaryStorageKey
package myproject;

import com.pulumi.Pulumi;
import com.pulumi.azurenative.resources.ResourceGroup;
import com.pulumi.azurenative.storage.StorageAccount;
import com.pulumi.azurenative.storage.StorageAccountArgs;
import com.pulumi.azurenative.storage.StorageFunctions;
import com.pulumi.azurenative.storage.enums.Kind;
import com.pulumi.azurenative.storage.enums.SkuName;
import com.pulumi.azurenative.storage.inputs.ListStorageAccountKeysArgs;
import com.pulumi.azurenative.storage.inputs.SkuArgs;
import com.pulumi.core.Either;
import com.pulumi.core.Output;
import com.pulumi.deployment.InvokeOptions;

public class App {
    public static void main(String[] args) {
        Pulumi.run(ctx -> {
            var resourceGroup = new ResourceGroup("resourceGroup");
            var storageAccount = new StorageAccount("sa", StorageAccountArgs.builder()

            var primaryStorageKey = getStorageAccountPrimaryKey(

            ctx.export("primaryStorageKey", primaryStorageKey);

    private static Output<String> getStorageAccountPrimaryKey(Output<String> resourceGroupName,
                                                              Output<String> accountName) {
        return Output.tuple(resourceGroupName, accountName).apply(tuple -> {
            var actualResourceGroupName = tuple.t1;
            var actualAccountName = tuple.t2;
            var invokeResult = StorageFunctions.listStorageAccountKeys(ListStorageAccountKeysArgs.builder()
                    .build(), InvokeOptions.Empty);
            return Output.of(invokeResult)
                    .applyValue(r -> r.keys().get(0).value())
name: quickstart
runtime: yaml
description: A minimal Azure Native Pulumi YAML program
    type: azure-native:resources:ResourceGroup
    type: azure-native:storage:StorageAccount
      resourceGroupName: ${resourceGroup.name}
        name: Standard_LRS
      kind: StorageV2
      Function: azure-native:storage:listStorageAccountKeys
        resourceGroupName: ${resourceGroup.name}
        accountName: ${sa.name}
  primaryStorageKey: ${storageAccountKeys.keys[0].value}

This Pulumi program creates an Azure resource group and storage account and then exports the storage account’s primary key.

In this program, the location of the resource group is set in the configuration setting azure-native:location (check the Pulumi.dev.yaml file). This is an easy way to set a global location for your program so you don’t have to specify the location for each resource manually. The location for the storage account is automatically derived from the location of the resource group. To override the location for a resource, set the location property to one of Azure’s supported locations.

Next, you’ll deploy your stack, which will provision a resource group and your storage account.