Environments
Pulumi ESC (Environments, Secrets, and Configuration) lets you define collections of configuration settings and secrets called environments and use them in any application or service. Environments are YAML documents composed of static key-value pairs, programmatic expressions, dynamically retrieved values from supported providers including all major clouds through OpenID Connect (OIDC), and other Pulumi ESC environments.
Environments are accessible with the standalone esc
CLI, the pulumi
CLI, the Pulumi SDK, and the Pulumi Cloud console and REST API, and you can have as many environments as you need. Pulumi ESC is a service of Pulumi Cloud and is currently in public preview.
Environments are YAML documents composed of static key-value pairs, programmatic expressions, dynamically retrieved values from supported providers including all major clouds through OpenID Connect (OIDC), and other Pulumi ESC environments.
The following example shows a Pulumi ESC environment which dynamically pulls values from AWS OIDC and AWS Secrets Manager, as well as setting environment-specific configuration and overriding inherited configuration.
# imports allow you to compose other pre-existing environments
imports:
# AWS creds via OIDC
- aws-production
# stripe API keys imported from vault
- stripe-production
# keys for signing docker images via AWS Secrets Manager
- docker-signing-production
values:
# environment-specific configuration
desiredInstanceCount: 8
# overriding imports
aws:region: us-west-2
Getting started with Pulumi ESC
Begin your journey with Pulumi ESC through a hands-on, self-paced tutorial.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.