Pulumi ESC: Go SDK
The Go SDK for Pulumi ESC (Environments, Secrets, and Configuration) allows you to automate Pulumi ESC.
Here are some of the scenarios the SDK can automate:
- List environments and read environment definitions
- Open enviroments to access config and resolve secrets
- Create, update, decrypt, and delete environment definitions
- Supports both structured types and yaml text
- List environment revisions and create new revision tags
- Check environment definitions for errors
Install the SDK package
Run go get github.com/pulumi/esc-sdk/sdk
to install the SDK package.
Examples
These samples show how to create an EscClient
with an access token and use it to perform varias ESC tasks.
All of these example expects a PULUMI_ACCESS_TOKEN
and PULUMI_ORG
environment variable to be set.
Manage environment example
This example creates a new environment, opens that environment to access a secret, and the list the environments.
package main
import (
"log"
"os"
esc "github.com/pulumi/esc-sdk/sdk/go"
)
func main() {
accessToken := os.Getenv("PULUMI_ACCESS_TOKEN")
orgName := os.Getenv("PULUMI_ORG")
configuration := esc.NewConfiguration()
escClient := esc.NewClient(configuration)
authCtx := esc.NewAuthContext(accessToken)
projName := "examples"
envName := "sdk-go-example"
// Create Environment
err := escClient.CreateEnvironment(authCtx, orgName, projName, envName)
if err != nil {
log.Fatalf("Failed to create environment: %v", err)
}
// Update Environment with Secrets
updatePayload := &esc.EnvironmentDefinition{
Values: &esc.EnvironmentDefinitionValues{
AdditionalProperties: map[string]interface{}{
"my_secret": map[string]string{
"fn::secret": "shh! don't tell anyone",
},
},
},
}
_, err = escClient.UpdateEnvironment(authCtx, orgName, projName, envName, updatePayload)
if err != nil {
log.Fatalf("Failed to update environment: %v", err)
}
// Open and View Secrets
_, values, err := escClient.OpenAndReadEnvironment(authCtx, orgName, projName, envName)
if err != nil {
log.Fatalf("Failed to open environment: %v", err)
}
mySecret, ok := values["my_secret"]
if !ok {
log.Fatalf("Secret 'my_secret' not found in environment %s/%s", projName, envName)
}
log.Printf("my_secret: %v\n", mySecret)
orgEnvs, err := escClient.ListEnvironments(authCtx, orgName, nil)
if err != nil {
log.Fatalf("Failed to list environments: %v", err)
}
for _, orgEnv := range orgEnvs.Environments {
log.Printf("Environment: %v/%v\n", orgEnv.Project, orgEnv.Name)
}
}
Tag revision example
This example lists revisions for an environment, tags a revision, and lists revision tags.
package main
import (
"log"
"os"
esc "github.com/pulumi/esc-sdk/sdk/go"
)
func main() {
accessToken := os.Getenv("PULUMI_ACCESS_TOKEN")
orgName := os.Getenv("PULUMI_ORG")
configuration := esc.NewConfiguration()
escClient := esc.NewClient(configuration)
authCtx := esc.NewAuthContext(accessToken)
projName := "examples"
envName := "sdk-go-example"
revs, err := escClient.ListEnvironmentRevisions(authCtx, orgName, projName, envName)
if err != nil {
log.Fatalf("Failed to list environment revisions: %v", err)
}
if len(revs) < 2 {
return
}
// get the second latest revision
secondLatestRev := revs[1]
err = escClient.CreateEnvironmentRevisionTag(authCtx, orgName, projName, envName, "stable", secondLatestRev.Number)
if err != nil {
log.Fatalf("Failed to tag environment revision: %v", err)
}
log.Printf("Tagged revision %d as 'stable'", secondLatestRev.Number)
tags, err := escClient.ListEnvironmentRevisionTags(authCtx, orgName, projName, envName)
if err != nil {
log.Fatalf("Failed to list environment revision tags: %v", err)
}
for _, tag := range tags.Tags {
log.Printf("Tag %s at revision %d", tag.Name, tag.Revision)
}
}
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.