ESC Pulumi IaC Integration
With support for Pulumi ESC built into the Pulumi CLI, you can expose an environment’s settings and secrets to any or all of your Pulumi stacks, bypassing the need to define and maintain individual configuration settings or secrets “locally” in Pulumi config files. The optional pulumiConfig
key enables this.
The following example updates the myorg/myapp-dev
environment by adding a pulumiConfig
block. This block specifies the Pulumi configuration settings to expose to the Pulumi stack at runtime:
# myorg/myapp-dev
imports:
- aws-dev
- stripe-dev
values:
greeting: Hello from the dev environment!
environmentVariables:
AWS_ACCESS_KEY_ID: ${aws.login.accessKeyId}
AWS_SECRET_ACCESS_KEY: ${aws.login.secretAccessKey}
STRIPE_API_KEY: ${stripe.apiKey}
STRIPE_API_URL: ${stripe.apiURL}
GREETING: ${greeting}
# Add a `pulumiConfig` block to expose these settings to your Pulumi stacks.
pulumiConfig:
aws:region: ${aws.region}
stripeApiKey: ${stripe.apiKey}
stripeApiURL: ${stripe.apiURL}
greeting: ${greeting}
Any stack belonging to the myorg
organization can inherit these settings by adding the optional environment
block to its stack-configuration file:
# Pulumi.dev.yaml
environment:
- myapp-dev
Values are accessible using the standard configuration API:
// index.ts
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Import the values using the standard Pulumi configuration API.
const config = new pulumi.Config();
const greeting = config.require("greeting");
const stripeApiKey = config.requireSecret("stripeApiKey");
const stripeApiURL= config.requireSecret("stripeApiURL");
const callbackFunction = new aws.lambda.CallbackFunction("callback", {
callback: async () => ({
statusCode: 200,
body: JSON.stringify({
greeting,
// Use them in your program as would any config value.
stripeApiURL: process.env.STRIPE_API_URL,
}),
}),.
environment: {
variables: {
STRIPE_API_URL: stripeApiURL,
},
},
});
const functionUrl = new aws.lambda.FunctionUrl("url", {
functionName: callbackFunction.name,
authorizationType: "NONE",
});
export const url = functionUrl.functionUrl;
Stacks may only read from environments that belong to the same Pulumi organization.
Automation API integration
You can use ESC with Automation API in Node, Go, and Python. The following methods are supported today:
addEnvironments(...)
: Append environments to your Pulumi stack’s import list.listEnvironments()
: Retrieve a list of environments currently imported into your stack.removeEnvironment(environment)
: Remove a specific environment from your stack’s import list.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.