1. Docs
  2. Pulumi ESC
  3. Integrations
  4. Infrastructure
  5. Pulumi IaC

ESC Pulumi IaC Integration

    With support for Pulumi ESC built into the Pulumi CLI, you can expose an environment’s settings and secrets to any or all of your Pulumi stacks, bypassing the need to define and maintain individual configuration settings or secrets “locally” in Pulumi config files. The optional pulumiConfig key enables this.

    The following example updates the myorg/myapp-dev environment by adding a pulumiConfig block. This block specifies the Pulumi configuration settings to expose to the Pulumi stack at runtime:

    # myorg/myapp-dev
    imports:
      - aws-dev
      - stripe-dev
    
    values:
      greeting: Hello from the dev environment!
    
      environmentVariables:
        AWS_ACCESS_KEY_ID: ${aws.login.accessKeyId}
        AWS_SECRET_ACCESS_KEY: ${aws.login.secretAccessKey}
        STRIPE_API_KEY: ${stripe.apiKey}
        STRIPE_API_URL: ${stripe.apiURL}
        GREETING: ${greeting}
    
      # Add a `pulumiConfig` block to expose these settings to your Pulumi stacks.
      pulumiConfig:
        aws:region: ${aws.region}
        stripeApiKey: ${stripe.apiKey}
        stripeApiURL: ${stripe.apiURL}
        greeting: ${greeting}
    

    Any stack belonging to the myorg organization can inherit these settings by adding the optional environment block to its stack-configuration file:

    # Pulumi.dev.yaml
    environment:
      - myapp-dev
    

    Values are accessible using the standard configuration API:

    // index.ts
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    // Import the values using the standard Pulumi configuration API.
    const config = new pulumi.Config();
    const greeting = config.require("greeting");
    const stripeApiKey = config.requireSecret("stripeApiKey");
    const stripeApiURL= config.requireSecret("stripeApiURL");
    
    const callbackFunction = new aws.lambda.CallbackFunction("callback", {
        callback: async () => ({
            statusCode: 200,
            body: JSON.stringify({
                greeting,
    
                // Use them in your program as would any config value.
                stripeApiURL: process.env.STRIPE_API_URL,
             }),
        }),.
        environment: {
            variables: {
                STRIPE_API_URL: stripeApiURL,
            },
        },
    });
    
    const functionUrl = new aws.lambda.FunctionUrl("url", {
        functionName: callbackFunction.name,
        authorizationType: "NONE",
    });
    
    export const url = functionUrl.functionUrl;
    

    Stacks may only read from environments that belong to the same Pulumi organization.

    Automation API integration

    You can use ESC with Automation API in Node, Go, and Python. The following methods are supported today:

    • addEnvironments(...): Append environments to your Pulumi stack’s import list.
    • listEnvironments(): Retrieve a list of environments currently imported into your stack.
    • removeEnvironment(environment): Remove a specific environment from your stack’s import list.
      PulumiUP 2024. Watch On Demand.