Infrastructure as code (IaC) specialist Pulumi has announced new products to manage configuration and secrets sprawl as well as to support platform engineering.One of the products, Pulumi ESC, enables organizations to manage Environments, Secrets, and Configurations for cloud infrastructure and applications.“I’m excited by the ESC product because it’s category creation,” Eric Rudder, co-founder and chairman of Pulumi, told The New Stack. “You know, a lot of times you will have a slightly better way of doing something. I think Pulumi is 10x better than coding in YAML or CloudFormation. But our goal is to get to 100x better, partly by using some of the generative AI technology that we launched on Pulumi AI and Insights. But there is no product on the market that really solves this set of problems. Most of the stuff we’ve done at Pulumi you need to use Pulumi as your IaC solution to benefit from it. With ESC that’s not the case. So even if you’re a CloudFormation customer or a Terraform customer, you can still keep your security information in ESC. So this is sort of the first product out there that appeals to the broadest set of infrastructure developers.”Pulumi ESC enables developers to define reusable environments that combine secrets from multiple sources, including Pulumi IaC, AWS KMS, Azure Key Vault, Google Cloud KMS, OpenID Connect (OIDC) Relying Parties, 1Password, and HashiCorp Vault, the company said. Applications can consume these environments from any cloud execution context or tool, including Pulumi, Terraform, Cloudflare Workers, GitHub Actions or Docker.Moreover, Pulumi ESC gives organizations a central way to define and scale cloud applications, without worrying about secrets leaking or credentials needlessly proliferating across developer desktops, the company said.“With Pulumi ESC, our community can now bring additional critical aspects of infrastructure management into their Pulumi workflow,” said Luke Hoban, CTO of Pulumi, in a statement. “We wanted to build a general purpose configuration and secrets management solution that worked seamlessly with any infrastructure or application that could be used by multiple teams, with different roles, within an organization. Every interaction needed a security and auditability guarantee.”Cloud applications typically rely on many different cloud and SaaS services. Every application has multiple development, test, and production environments, often spread across multiple regions. Each environment accesses a multitude of configurations, which include network settings, deployment options, API Keys, and other important secrets, such as database credentials. At scale, this complexity too often leads to sprawl, lack of visibility and control, and improper scope, the company said.“Pulumi makes it easy to manage infrastructure across complex environments,” said Dennis Sauvé, DevOps Engineer, Washington Trust Bank. “We need to manage an ever-growing number of environments, each with its own configuration and secrets.Pulumi ESC includes several features and capabilities, including:“With these announcements, Pulumi fills some blanks in its portfolio and becomes a viable alternative for Infrastructure as Code (IaC) solutions,” Larry Carvalho, an analyst at RobustCloud. “The new Series C investment [$41M] and the fact that they are still an open source solution should comfort customers. As managing secrets gets complex in a multicloud environment, Pulumi ESC can reduce operational costs while reducing risks.”Currently, Pulumi ESC is available for free as a public preview with the company’s intent to eventually offer multiple tiered versions, including a free offering and others with advanced Enterprise and Business Critical capabilities.“Pulumi IaC simplifies infrastructure management so that our developers can release Fusion, our hardware development platform, fast and reliably,” said Alfred Stappenbeck, Principal Cloud Software Engineer, Stoke Space, in a statement. “We deliver new features and updates to our customers at a very rapid pace, and we can’t allow configuration sprawl to slow us down. Without a modular configuration model, our teams could lose track of changes and dependencies. We welcome these comprehensive tools to manage our configurations and secrets.”“Today, IT teams need to securely connect everyone and everything. Too often, cloud, SaaS, internet, and on-premises domains are painfully disconnected. Making all these systems talk to each other is simply too difficult,” said Dane Knecht, SVP, Emerging Technology and Incubation at Cloudflare, in a statement. Cloudflare is a design partner for Pulumi ESC helping to eliminate the burden of ad-hoc secrets and configuration management, he noted.Meanwhile, the company also introduced Pulumi for Platform Teams, to help platform engineering teams increase agility, compliance, and security. It includes the Pulumi Developer Portal for self-serve provisioning, a CNCF Backstage plugin, Compliance-ready Policies and Remediation Policies, for automatic adherence to organizational best practices. In addition, the company also announced general availability of Pulumi Deployments for deployment orchestration.“Infrastructure as Code is an essential piece of every developer platform,” said David Tuite, Chief Roadie. “We’re excited to have Pulumi join the Backstage ecosystem because it helps teams collaborate using their favorite programming language instead of relying on domain-specific languages.”Internal developer portals (IDPs) enable developers to quickly provision approved infrastructure, boosting productivity with pre-configured architectures and automated testing.“Pulumi delivers a set of capabilities that aim to optimize developer productivity through self-service, while simultaneously providing the platform team with the governance needed to consistently ensure compliance, reliability, performance, and cost control,” said Torsten Volk, an analyst at Enterprise Management Associates. With this release, Pulumi positions its IaC platform as the standard for implementing infrastructure-as-code in a scalable manner, by providing a simple vending machine for consistent infrastructure stacks across projects, apps, and clouds. Pulumi nicely complements its consistency — and simplicity — story by also introducing a solution for the centralized management of configuration data and secrets. This provides platform engineers with the central control they need to proactively manage security and compliance within complex distributed applications.”Organizations can now use Pulumi’s building blocks for creating and customizing IDPs. These platforms are inherently many-cloud and frequently center around the adoption of Kubernetes, the company said.“Pulumi for Platform Teams is essentially empowering platform engineering,” Rudder said. It supports security policy, policy as code, templates, role-based access control and more. “So a lot of elements of platform engineering are definitely things that we think about in the Pulumi offering. “Whether we market it as platform engineering, or market it as platform teams or developer portal, there’s lots of terms that are very similar or slightly adjacent,” he said.“Combined, the new developer platform capabilities and the centralized management solution for configuration and security of app stacks can help bring organizations closer to their goal of providing developers with the maximum degree of freedom, while at the same time delivering a solution for centralized governance to platform engineers. This is exciting news!” Volk told The New Stack.New Pulumi capabilities for platform teams include:In addition, the general availability of Pulumi Deployments, which the company introduced last November. Pulumi Deployments is a fast and flexible way to deploy infrastructure on any cloud and at any scale, using GitHub pull requests, API calls, and console. No CLI setup is needed since Pulumi Cloud manages deployments.“Pulumi Deployments is easier to set up for new projects than our in-house developed CI/CD pipelines for running Pulumi,” said Mark Morlino, DevOps Engineer at Boost Insurance, in a statement. “It’s more fully featured and has much better integration with our version control system. The best part is that I don’t have to maintain it myself, so I can spend more time focused on other tasks.”Pulumi Deployments allows platform teams to orchestrate automated deployment workflows, standardizing deployment processes and eliminating custom provisioning systems.Rudder said it contains features that are difficult to build in-house, such as Git Push-to-deploy, ephemeral environments, and UI-based deployment triggers. API extensibility enables drift detection and remediation, stale infrastructure cleanup, and blue/green and multi-region deployments. Enhancements also include OIDC configuration, Slack and Microsoft Teams integration, GitHub Enterprise support, and self-hosted runners, the company said.The product experienced 2,500% growth during its Beta and is now available to Team Edition customers. Pulumi said the first 3,000 deploy minutes per month are free, and $0.010 per deploy minute thereafter. Custom pricing is available to Pulumi Enterprise and Business Critical customers.“Pulumi has been pivotal in our Kubernetes migration and simplified cluster upgrade rollouts down to single-line code changes, and we’re on a path to have all resources managed by Pulumi,” said Raildo Mascena, Senior Software Engineer, VTEX, in a statement.Pulumi Platform Teams is viewed as an organization’s internal developer platform in a box, Rudder said.“When we spend time with our community, it’s clear that empowered platform teams are an absolute must,” said Joe Duffy, CEO of Pulumi, in a statement. “Unfortunately, we see too many folks recreating the same wheel. The new Pulumi for Platform Teams capabilities help companies get up and running more quickly, with built-in security and reliability, allowing them to focus on unique business value with greater impact.”Community created roadmaps, articles, resources and journeys fordevelopers to help you choose your path and grow in your career.