Pulumi Console

The Pulumi Console allows users to view the stacks they have created, see any past activities recorded for those stacks. It also allows you to manage RBAC for your users.

In order for the CLI to persist the state of a particular stack, a user must login to the CLI. In order to login to the CLI, you should have created an account using the Console first.


The Console service depends on the API service. It relies on the API service for authentication callbacks. Depending on the type of authentication mechanism you choose for your users, the services in the Console container may need to communicate with the API container.


  • Provide a server or virtual machine to install and run the Pulumi components (see Minimum System Requirements below).

You can run this container on the same host that your API container is running or on a different host. If you are running this container on a separate host than the API, be sure to set the appropriate environment variables (more on that below) in order for the Console to be able to reach the API service.

Minimum System Requirements

Compute1 CPU core w/ 1 GB memory

What’s In The Container?

The Console container is a Node 10-based image. A single web server handles delivering UI static assets to your web browser, as well as handling authentication callbacks.

Primary Environment Variables

The following are the core environment variables that are required at a minimum.

Tip: The quickstart solutions set reasonable default values for these variables, so you can get started without worrying about configuration.

Variable NameDescription
PULUMI_APIThe endpoint URL where the service APIs can be reached. This should match the value of PULUMI_API_DOMAIN. Default is http://localhost:8080.
PULUMI_API_INTERNAL_ENDPOINTThe endpoint URL local to the container using which the Console app can reach the API container using a container-to-container network.
CONSOLE_DOMAINCONSOLE_DOMAIN is used to redirect the user after they have signed-in using a social identity or SAML SSO.
HOMEPAGE_DOMAINHOMEPAGE_DOMAIN is used to redirect the user after they have signed-out.

Environment Variables For Identities

Variable NameDescription
RECAPTCHA_SITE_KEYUse for password reset requests by users. Create a new reCaptcha v2 here.

GitHub OAuth

Variable NameDescription
GITHUB_OAUTH_IDGitHub OAuth app client ID. Used for GitHub OAuth signins. Create a new GitHub OAuth app here.
GITHUB_OAUTH_SECRETGitHub OAuth app client secret. See above.

GitLab OAuth

Variable NameDescription
GITLAB_OAUTH_IDGitLab OAuth app client ID. Used for GitLab OAuth signins. Create a new GitLab OAuth app here.
GITLAB_OAUTH_SECRETGitLab OAuth app client secret. See above.

Bitbucket OAuth

Variable NameDescription
BITBUCKET_OAUTH_IDAtlassian Bitbucket OAuth consumer client ID. Used for Bitbucket OAuth signins.