Pulumi has launched a new product called Pulumi ESC, aimed at simplifying the management of secrets and configuration in cloud infrastructure and applications. 

It addresses the challenges of handling secrets and configuration at scale across various cloud environments. Pulumi ESC allows teams to gather secrets and configurations from multiple sources, and organize them into hierarchical collections called “environments.”

It then utilizes them across different infrastructure and application services. It can be used alongside Pulumi IaC for streamlined configuration management or independently to manage secrets and configuration for any project.

Pulumi ESC tackles common configuration and secrets management challenges with several key design principles by allowing users to define environments that contain secrets and configurations, offering integrations with secrets stored in various providers like AWS Secrets Manager, Vault, Azure OIDC, consume from anywhere capabilities, and much more. 

Pulumi ESC is available today in preview via the new esc CLI, as part of Pulumi Cloud, via the Pulumi Cloud REST API, and has direct integration with Pulumi IaC stack configuration and new pulumi env commands.

It also supports dynamically pulling secrets and configuration from other sources of truth, including AWS OIDC, AWS Secrets Manager, Azure OIDC, Azure KeyVault, Google Cloud OIDC, Google Secrets Manager, HashiCorp Vault, and Pulumi IaC Stack References – with many more sources like 1Password coming soon.

The creators of Pulumi ESC aim to add application-level SDKs, the ability to sync configuration to external systems, a dynamic configuration provider ecosystem, and versioning requirements in the coming months, according to this blog post.