1. Docs
  2. Pulumi Cloud
  3. Pulumi Copilot

Pulumi Copilot Overview

    Pulumi Copilot is a new conversational chat interface integrated throughout Pulumi Cloud, enabling Pulumi Cloud users to quickly accomplish a variety of cloud infrastructure management tasks by leveraging the combination of generative AI and the rich capabilities of Pulumi Cloud.


    Through Pulumi Copilot, you can explore your cloud infrastructure and gain insights across an incredible breadth of use cases, including:

    Copilot use cases

    Pulumi Copilot enables these use cases via the following:

    Access any data in Pulumi Cloud

    • The state of every resource you are managing with Pulumi across any Cloud, any account, and any region. With Pulumi Insights’ Cloud Supergraph support for 160+ cloud providers, this offers an unprecedented breadth of cloud infrastructure data to explore and interrogate with Pulumi Copilot.
    • Pulumi stacks, projects, updates, deployments, environments, policies, audit logs and more - enabling historical understanding of what happened when, by who, and why across all of your cloud engineering systems managed by Pulumi.

    Pulumi IaC Authoring and Deployment

    • The same great Pulumi AI features for authoring IaC are now available inside Pulumi Copilot as well, enabling you to quickly solve new IaC problems within Pulumi Cloud, and even deploy code directly from Pulumi Copilot.

    Access cloud metadata from the clouds themselves

    • Through the use of new skills, Pulumi Copilot can access cloud metadata in real time in AWS, Azure, Kubernetes, and more, allowing it to join Pulumi’s IaC world view with information about usage, costs, and more – as well as infrastructure not yet under the management of Pulumi.

    Frequently Asked Questions

    What model does Pulumi Copilot use?

    Pulumi Copilot currently uses OpenAI GPT-4o, hosted in Azure OpenAI Service in a Pulumi owned and managed Azure subscription. Over time we expect to use a combination of models to improve the user experience and answer quality.

    Will my data be used to train Pulumi Copilot?

    We are not using either a self-fine tuned model or a fine tuning product, therefore today data is not being used to train Pulumi Copilot.

    How does Copilot handle user identities and access permissions?

    Pulumi Copilot leverages Pulumi Cloud’s Role Based Access Control model, therefore it only has access to the data that the user using it has access to. Behind the scenes, Pulumi Copilot is making API calls on the user’s behalf, meaning it does not expose information the user has no access to.

    Can Copilot also make changes or is it limited to read-only scenarios?

    At this time Pulumi Copilot can only perform read operations, such as making GET requests on the user’s behalf. If you ask Pulumi Copilot to perform an action, such as making a member an admin, it will confirm it is not able to.

    In the near future we plan to expand Copilot functionality to perform actions on your behalf, with confirmation actions to ensure you are aware of the steps it is taking. Controls will be available to disable read-write capabilities at the organization level.

    What data do we send to Azure OpenAI API?

    Pulumi Copilot transmits data to Pulumi’s Azure tenant to generate responses, including both contextual data and data about the user’s actions. The transmitted data is encrypted both in transit and at rest; Pulumi Copilot-related data is encrypted in transit using transport layer security (TLS).

    Are my secrets exposed to Pulumi Copilot or third parties?

    No. Pulumi Copilot does not have the ability to decrypt secrets. Therefore, no secret data is exposed to either users or the Pulumi’s Azure tenant by Pulumi Copilot.

    What data is Pulumi Copilot storing?

    We store conversation data, similar to all other product metrics logging in Pulumi Cloud, including the response from Azure’s OpenAI API in order to debug issues and measure model quality. This data is treated sensitively and used only for operational purposes.

    Can I turn Pulumi Copilot off for my organization?

    Pulumi Copilot is off by default at public beta launch. Organization admins can turn it on by navigating to organization Settings > Access Management > Pulumi Copilot. You can make it available for all members, just admins or no one in your organization. It can be turned off at any point.

    How can I report bugs or provide feedback about Pulumi Copilot?

    You can respond “/bug” in the chat and it will be logged to provide us feedback on response quality.

      PulumiUP - September 18, 2024. Register Now.