Pulumi Service

Key capabilities

Manage infrastructure state and secrets

• Fully-managed, single source of truth

  Store your infrastructure’s state for any cloud in Pulumi’s secure backend, which has built-in scaling, availability, and fault tolerance.

  Allow developers to safely deploy in parallel with concurrent state-locking.

  Audit changes or rollback to previous versions with a complete history of your state.

• Automatic secrets management

  Use built-in secrets management for encrypted data such as credentials or tokens. You can also bring your own secrets manager.

  Your infrastructure state is encrypted in transit and at rest.

  Sensitive configurations (e.g. database passwords, cloud tokens) are stored as secrets.

  Use Pulumi’s secrets manager or integrate with AWS KMS, Azure Key Vault, Google KMS, and HashiCorp Vault.

Increase developer productivity and collaboration

• Team-wide visibility and collaboration

  Visualize projects, stacks, and cloud resources so you and developers in your organization know what’s running and where.

  View timelines that show diffs of changed resources and who made the changes.

  Tag stacks for easier filtering and searching.

  Track the activity of users within your organization with audit logs.

• Software delivery integrations

  Integrate Pulumi with your software delivery pipeline so that you can version, build, test, and deploy infrastructure code like software.

  Work with existing tools like IDEs, test frameworks, and package managers.

  Integrate your source control system so teams can trace changes back to commits and pull requests.

  Continuously deliver infrastructure through existing pipelines with CI/CD integrations.

  Use event-based webhooks to notify external services like Slack or continuous integration tools.

  Use the Service API to manage stacks, updates, teams, and more.

Set guardrails and access controls

• Collaboration with secure access controls

  Use identity and access controls to manage who can make changes to your infrastructure.

  Invite new team members and share projects to collaborate on infrastructure.

  Single sign-on with any SAML 2.0 identity provider like Azure Active Directory, Google Workspace , Okta, and OneLogin.

  Manage Pulumi access from your central identity provider via SCIM 2.0 integration.

  Set role-based access controls that limit who can access infrastructure.

• Proactive compliance enforcement

  Set guardrails for developers in your organization and enforce configuration and deployment rules.

  Define Policy as Code rules for security, best practices, and more.

  Assign policy packs that run on specific stacks (e.g., dev/test/staging rules).

  Automatically block deployments that violate your organization’s policies.