Skip to main content
  1. Docs
  2. Secrets & Configuration
  3. Guides

Guides

    How-to guides for consuming Pulumi ESC from the tools you already use. Each page is a self-contained walkthrough — install steps, the YAML or commands you need, and where ESC fits in the flow.

    For first-party ESC integrations (the Pulumi Service Provider, Automation API, the VS Code extension, the External Secrets Operator, and the Secrets Store CSI Driver), see Integrations.

    Authentication

    • Configuring OIDC — set up OpenID Connect trust between ESC and AWS, Azure, GCP, Doppler, Infisical, or Vault.

    Use ESC with Pulumi IaC

    Run commands

    Integrate with external tools

    Use ESC with tools that don’t have a dedicated Pulumi-built integration component:

    • GitHub Actions — inject ESC values and short-lived cloud credentials into workflows.
    • Docker — load environment variables and secrets into Docker workflows.
    • direnv — load ESC values automatically when you cd into a directory.
    • Terraform — supply temporary credentials and input variables to the Terraform CLI via pulumi env run.
    • Cloudflare — manage Cloudflare Workers secrets via ESC.
    • Kubernetes cluster access — store and consume kubeconfig files and cluster credentials in ESC.