Secrets and configuration providers
Secrets and configuration providers dynamically import values from an external system of record into your environment. Each provider is invoked through fn::open::<name> and the returned values are evaluated lazily — secrets are fetched at open time, not at definition time.
| Provider | Description |
|---|---|
| 1password-secrets | Import secrets from 1Password. |
| aws-parameter-store | Import parameters from AWS Systems Manager Parameter Store. |
| aws-secrets | Import secrets from AWS Secrets Manager. |
| azure-secrets | Import secrets from Azure Key Vault. |
| doppler-secrets | Import secrets from Doppler. |
| gcp-secrets | Import secrets from Google Cloud Secret Manager. |
| infisical-secrets | Import secrets from Infisical. |
| vault-secrets | Import secrets from HashiCorp Vault. |
| external | Import secrets from a custom service adapter. |
To import outputs from a Pulumi stack or a Terraform state file, see the infrastructure as code providers.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.