Blog: Why Cloud Engineers need Pulumi ESC #13628
Conversation
content/blog/why-every-cloud-engineer-needs-pulumi-esc-secrets-management/index.md
Outdated
Show resolved
Hide resolved
…-management/index.md
content/blog/why-every-cloud-engineer-needs-pulumi-esc-secrets-management/index.md
Outdated
Show resolved
Hide resolved
…-management/index.md
content/blog/why-every-cloud-engineer-needs-pulumi-esc-secrets-management/index.md
Outdated
Show resolved
Hide resolved
…-management/index.md
|
Your site preview for commit 2ccf62f is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-13628-2ccf62fc.s3-website.us-west-2.amazonaws.com. |
|
Your site preview for commit 5569e2b is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-13628-5569e2bb.s3-website.us-west-2.amazonaws.com. |
content/blog/why-every-cloud-engineer-needs-pulumi-esc-secrets-management/index.md
Outdated
Show resolved
Hide resolved
…-management/index.md
|
Your site preview for commit fc57183 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-13628-fc57183a.s3-website.us-west-2.amazonaws.com. |
| # for details, and please remove these comments before submitting for review. | ||
| --- | ||
|
|
||
| Managing secrets is one of the most critical responsibilities in cloud engineering. Secrets like API keys, database credentials, and encryption tokens are the backbone of secure and seamless cloud operations. However, the complexity of modern cloud-native and multi-cloud environments has made traditional secrets management solutions inadequate. |
There was a problem hiding this comment.
Can we talk about config too? All cloud engineers need config too, and we seem to forget that in every piece of content.
|
|
||
| ## What is Pulumi ESC? | ||
|
|
||
| Pulumi ESC is a secrets management and orchestration service from Pulumi designed to secure sensitive configurations across modern cloud environments. It supports seamless integration, enabling engineers to: |
There was a problem hiding this comment.
We are not an orchestration service, but we are a "broker".
There was a problem hiding this comment.
@cleverguy25 "broker" doesn't sound as nice. Should we update the docs page too? At the bottom of https://www.pulumi.com/docs/esc/, in the "Why Pulumi ESC?" it says it is an orchestration service.
|
|
||
| ### 3. Automated Rotation and Expiry | ||
|
|
||
| Pulumi ESC minimizes security risks by automating the rotation of secrets. This feature aligns secrets management with CI/CD processes for cloud engineers focused on DevOps, ensuring credentials remain valid only when needed. |
There was a problem hiding this comment.
We actually do not do this, yet. It is on the roadmap
|
|
||
| ### 4. Secure by Design | ||
|
|
||
| Pulumi ESC follows a "secure by default" model by employing encryption, fine-grained access control, and detailed audit trails. Engineers can meet compliance regulations effortlessly while gaining full visibility into secret access patterns. |
There was a problem hiding this comment.
I would not call our current access control fine grained, it is something we are working on.
|
|
||
| ### 5. Language Flexibility | ||
|
|
||
| With SDKs available for Python, Go, JavaScript, and other major languages, cloud engineers can integrate Pulumi ESC directly into their CI/CD pipelines or custom applications. |
There was a problem hiding this comment.
We only support python, go, and javascript/typescript at the moment.
|
|
||
| Tools should make engineers' lives easier, not harder. Pulumi ESC's CLI, SDKs, and API provide intuitive ways to integrate into existing workflows. For cloud engineers leveraging Infrastructure as Code with Pulumi, managing secrets alongside the stack becomes effortless. | ||
|
|
||
| ### Using Pulumi ESC with External Secrets Operator (ESO) |
There was a problem hiding this comment.
While we should mention ESO, we should also wait and mention the upcoming CSI provider.
There was a problem hiding this comment.
When will the upcoming CSI provider be released?
content/blog/why-every-cloud-engineer-needs-pulumi-esc-secrets-management/index.md
Outdated
Show resolved
Hide resolved
content/blog/why-every-cloud-engineer-needs-pulumi-esc-secrets-management/index.md
Outdated
Show resolved
Hide resolved
content/blog/why-every-cloud-engineer-needs-pulumi-esc-secrets-management/index.md
Outdated
Show resolved
Hide resolved
content/blog/why-every-cloud-engineer-needs-pulumi-esc-secrets-management/index.md
Outdated
Show resolved
Hide resolved
|
Your site preview for commit 884e530 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-13628-884e5303.s3-website.us-west-2.amazonaws.com. |
|
Your site preview for commit abba98e is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-13628-abba98e5.s3-website.us-west-2.amazonaws.com. |
content/blog/why-every-cloud-engineer-needs-pulumi-esc-secrets-management/index.md
Outdated
Show resolved
Hide resolved
…-management/index.md
|
Your site preview for commit f52cf3c is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-13628-f52cf3c9.s3-website.us-west-2.amazonaws.com. |
|
|
||
| Pulumi ESC extends its capabilities beyond Pulumi IaC by integrating with other infrastructure tools such as Cloudflare, Terraform, and OpenTofu. These integrations enable seamless provisioning of cloud credentials and input variables directly from ESC environments. | ||
|
|
||
| ## Why Cloud Engineers Need Pulumi ESC |
There was a problem hiding this comment.
Note to self: add a config-specific point
|
Your site preview for commit 5fb5500 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-13628-5fb55007.s3-website.us-west-2.amazonaws.com. |
|
|
||
| ### Zero Downtime Through Automation | ||
|
|
||
| Manual secrets management often leads to errors such as expired credentials or outdated tokens. Pulumi ESC automates the entire lifecycle of secrets—creation, rotation, replication, and expiry—guaranteeing uninterrupted services. |
There was a problem hiding this comment.
Note to self: It doesn't seem like we can't claim this yet... rotation not available yet, check others.
ETA January 7, 2025
Proposed changes
Unreleased product version (optional)
Related issues (optional)