Secrets and configuration providers
Secrets and configuration providers dynamically import values from an external system of record into your environment. Each provider is invoked through fn::open::<name> and the returned values are evaluated lazily — secrets are fetched at open time, not at definition time.
| Provider | Description |
|---|---|
| 1password-secrets | Import secrets from 1Password. |
| aws-parameter-store | Import parameters from AWS Systems Manager Parameter Store. |
| aws-secrets | Import secrets from AWS Secrets Manager. |
| azure-secrets | Import secrets from Azure Key Vault. |
| doppler-secrets | Import secrets from Doppler. |
| gcp-secrets | Import secrets from Google Cloud Secret Manager. |
| infisical-secrets | Import secrets from Infisical. |
| vault-secrets | Import secrets from HashiCorp Vault. |
| pulumi-stacks | Import outputs from a Pulumi stack (including Terraform state stored in Pulumi Cloud). |
| terraform-state | Import outputs from a Terraform state file in S3 or Terraform Cloud. |
| external | Import secrets from a custom service adapter. |
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.