Pulumi ESC (Environments, Secrets, Configuration) centralizes secrets management across multiple vaults and cloud providers, giving teams a single interface to manage secrets and environment configuration. ESC eliminates secrets sprawl by connecting to existing secret stores such as HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, and 1Password, while also supporting custom stores via an extensible plugin model. Security is built-in with dynamic, short-lived credentials issued via OIDC, full RBAC, versioning, and comprehensive audit logging so secrets are never stored in plaintext. ESC is engineer-friendly with CLI, API, SDKs, and Kubernetes operators for programmatic access, and it integrates natively with Pulumi infrastructure-as-code while also being usable standalone for applications and workflows. Environment composition lets teams create reusable configuration components that can be inherited and overridden, and every environment change is versioned to allow instant rollbacks. Pulumi Cloud offers a free tier to get started; organizations can also request a demo to evaluate enterprise deployment and features.
Pulumi ESC connects to major secret stores including HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, and 1Password, and supports additional stores via an extensible plugin architecture. It integrates with identity providers through SAML/SCIM for SSO and provisioning, and provides access paths for CLI, API, SDKs, and Kubernetes operators so secrets can be consumed by infrastructure code, applications, and clusters.
Pulumi is a modern infrastructure as code platform that enables developers to create, deploy, and manage cloud infrastructure using real programming languages. It integrates with major cloud providers and offers automation and scalability for cloud resources.
