Today we’re excited to announce Azure Native Provider v3.8, featuring several enhancements that simplify authentication and extend support to private Azure environments. These updates make it easier than ever to manage Azure infrastructure using credentials provided by the hosting environment, such as in Azure Kubernetes Service (AKS), Azure VM, and Azure Cloud Shell. Simplified Authentication Across Environments The highlight of this release is a new authentication mode based on DefaultAzu...| Pulumi Blog
Sometimes infrastructure needs a clean slate. A VM with a corrupted disk, an expired certificate, or a stuck Kubernetes object. Pulumi CLI v3.192.0 introduces pulumi state taint and pulumi state untaint commands that let you mark resources for replacement—especially valuable when you have state access but restricted cloud permissions. The New Commands pulumi state taint <resource-urn> - Mark a resource for replacement pulumi state untaint <resource-urn> - Cancel the replacement (use --all t...| Pulumi Blog
Building and maintaining reusable infrastructure has always been about more than just writing good code. It’s about making that code discoverable, understandable, and easy to adopt across your organization. Today, we’re excited to announce a new feature that removes significant friction from sharing and consuming infrastructure components: automatic multi-language API documentation in Pulumi Private Registry. The Challenge of Sharing Infrastructure at Scale Platform teams invest significa...| Pulumi Blog
Azure Resource Manager (ARM) templates are powerful, but painful. If you’ve ever tried to provision cloud infrastructure using ARM, you know the challenges: Templates that started simple… and now span thousands of lines Manual configuration stitched together with bespoke deployment logic Lack of support for key services like Databricks Slow, error-prone deployments that require multiple manual steps No reuse, no testing, and no relief ARM wasn’t built for the complexity of modern Azure ...| Pulumi Blog
Build reusable infrastructure using components and templates to create golden paths that enable scalable, self-service internal developer platforms.| pulumi
Welcome to the first post in our IDP Best Practices series. In this guide, we’ll walk through the strategic foundations for designing an Internal Developer Platform that empowers developers without sacrificing governance, security, or operational control. At Pulumi, we’ve worked with hundreds of teams facing the same core challenge: How do you give developers the infrastructure access they need, while maintaining the governance and security your organization requires? That tension is at t...| Pulumi Blog
Developers are losing days every month to infrastructure bottlenecks, compliance hurdles, and inconsistent environments. Platform engineering promised to fix that, yet too many platforms fail before they deliver real impact. In this comparison of Backstage vs Pulumi IDP, we’ll explore why choosing the right architectural approach matters more than the tool itself. Quick comparison: Backstage vs Pulumi IDP Backstage is an open-source developer portal framework from Spotify that focuses on se...| Pulumi Blog
Pulumi AWS provider 7.0 is here with powerful new capabilities that simplify and scale infrastructure as code on AWS. As the most widely used provider in the Pulumi ecosystem, it offers access to the full surface area of the upstream Terraform AWS Provider in Pulumi projects in all supported languages, like TypeScript, Python, Go, C#, Java, and YAML. The 7.0 release brings fixes and improvements to the provider, including several breaking changes as part of the major version release. What’s...| Pulumi Blog
Approvals enables effective change management by bringing governance and oversight directly into their environment configuration workflows.| pulumi
It’s funny how technology has a way of sneaking back into your life just when you think you’ve moved on for good. Jenkins and I have quite the history. Think of it as that reliable but slightly temperamental friend from your college days who you haven’t seen in years. A Blast from the Jenkins Past The last time Jenkins and I were on speaking terms was during my tenure at my former workplace, back when the CI/CD landscape looked very different than it does today. We weren’t just casual...| Pulumi Blog
Today, we are announcing a new addition that allows Pulumi users to use Bun as their package manager, offering an alternative to npm, Yarn, or pnpm. Bun, a recently released JavaScript runtime, bundler, transpiler, and package manager, provides a faster way to manage Pulumi project dependencies. What is this Bun thing you’re talking about? If you’ve spent time around the JavaScript ecosystem, then you’ve probably heard of Bun. If you haven’t, then be aware that it presents itself as a...| Pulumi Blog
We’re excited to introduce Google Cloud support to Insights Account Discovery. This new capability expands Pulumi’s resource discovery to help you uncover infrastructure in Google Cloud, regardless of how those resources are managed. With full visibility into all of your cloud resources, you can monitor, search, and manage your environments more effectively. Scan an Entire Google Cloud Project in Minutes With Pulumi Insights, gaining visibility into your Google Cloud environment is fast a...| Pulumi Blog
Compare secrets management tools and find the best solution for your infrastructure with expert analysis and recommendations.| pulumi
Pulumi now allows you to run custom code at any point in the resource lifecycle| pulumi
Infrastructure as Code (IaC) has evolved beyond simple automation into a fundamental shift toward applying software engineering practices to infrastructure management. In 2025, leading organizations aren’t just provisioning infrastructure—they’re treating it as software, complete with testing, version control, code reviews, and continuous integration. As infrastructure complexity grows, teams increasingly seek approaches that provide the same developer productivity tools they use for ap...| Pulumi Blog
We are excited to announce support for Doppler within Pulumi ESC! Pulumi ESC centralizes secrets and configuration management, providing a unified source of truth across your environments. With the addition of Doppler, a popular secrets management platform, ESC further extends its ecosystem, enabling seamless and secure access to secrets stored across diverse systems. This release introduces two distinct dynamic providers for Doppler, each designed to improve security and streamline your work...| Pulumi Blog
Today, we’re excited to announce a major advancement in Pulumi’s mission to make modern infrastructure as code accessible to every developer: direct support for executing Terraform modules. This new capability addresses one of the most significant challenges our users face when migrating from Terraform to Pulumi—complex projects with extensive module dependencies. The Path to Modern Infrastructure as Code At Pulumi, we believe the ideal infrastructure as code experience leverages the fu...| Pulumi Blog
AWS RDS supports blue/green deployments to support database maintainence. In a blue/green deployment, you have one production (blue) and one staging (green) database. You can safely make changes to the green instance without affecting production and promote it to be the main instance. When you enable blue/green updates, Pulumi will temporarily set up a blue/green deployment for the duration of the update to minimize downtime. There are many benefits to using blue/green deployments for updates...| Pulumi Blog
When managing infrastructure as code at scale, reliable state storage is essential. Pulumi Cloud provides a fully managed, secure, and scalable solution out of the box. For teams that choose to build and maintain their own backend, Pulumi now offers support for PostgreSQL as a DIY state storage option—though this requires additional operational overhead and careful consideration around performance, security, and maintenance. The Need for Database-Backed State Storage Traditional DIY backend...| Pulumi Blog
Today we’re excited to launch support for Customer-Managed Keys (CMKs) in Pulumi ESC. This feature gives your organization full control over how your secrets and state are encrypted — empowering you to meet the most demanding compliance requirements like HIPAA, GDPR, and FedRAMP, all while maintaining the ease-of-use that Pulumi is known for. Why Customer-Managed Keys? Pulumi encrypts secrets and other sensitive information stored in ESC using data keys, which are encrypted with Pulumi-Ma...| Pulumi Blog
Transform governance from manual bureaucracy into an automated enabler by embedding policy-as-code, RBAC, and automated controls directly into your platform.| pulumi
Frustratedly trying to figure out what's actually happeningIn previous articles in this series, we’ve shown how platform engineering turns infrastructure chaos into consistency, gives teams self-service tools, smooths developer workflows, and bakes security into the platform. Each pillar builds on the last. Together, they create an internal developer platform that cuts friction and speeds innovation. Even so, teams still face a big challenge: seeing what’s really happening. Whether things...| Pulumi Blog
Introducing Pulumi IAM: A new era of granular access control across Pulumi Cloud, starting with Custom Roles and scoped Access Tokens for enhanced security and automation.| pulumi
Learn how to transform infrastructure management from configuration chaos to programming languages using effective change management strategies.| pulumi
How SEITENBAU built a flexible platform serving 20+ independent projects with Pulumi's buffet approach, offering reusable components teams can mix and match.| pulumi
We’re excited to announce the new AI capabilities for Pulumi CLI powered by Pulumi Copilot that translate complex infrastructure changes into clear, human-readable explanations and help resolve deployment errors with actionable guidance. Enable these preview features with the --copilot flag. At Pulumi, we’re committed to helping you deploy infrastructure efficiently and with minimal friction. Anyone who has worked with cloud infrastructure knows the frustration of sifting through large pr...| Pulumi Blog
Pulumi Go Provider SDK is now generally available: Build custom infrastructure providers in hours, not weeks, while unlocking cross-team collaboration and standardization| pulumi
Discover how Pulumi Cloud can accelerate speed, ensure security, scale operations, and save costs in your multi-cloud environment.| pulumi
Introducing Pulumi Visual Import—discover, codify, and generate clean infrastructure code with AI assistance.| pulumi
Pulumi now supports excluding specific resources from stack operations, giving you more control and efficiency in managing your infrastructure| pulumi
2 Months ago, user deacon91, after years of working in the industry has declared DevOps to be a dead end on Reddit’s r/devops. And I’ve been thinking about his thoughts on the industry since then. His point was that DevOps, the breaking down of silos between development and operations, had been tried. We learned the lessons of this approach and need to do something better: Platform Engineering. And platform engineering has certainly emerged as a new hot area. But is it truly an evolutiona...| Pulumi Blog
As part of the Pulumi IDP announcement at PulumiUP, we introduced the Pulumi Private Registry. For years, we’ve worked with organizations that have built their own internal developer platforms on top of Pulumi. During that time, we identified what we believe is the best method for creating flexible golden paths – a bottom-up approach that utilizes a central source of truth to drive golden paths. Thanks to Pulumi Private Registry, this approach has never been simpler. Codified Security and...| Pulumi Blog
Today, we’re excited to introduce Pulumi IDP, the latest evolution of the Pulumi Cloud Platform, designed to help organizations automate, secure, and manage everything they run in the cloud. Get Started with Pulumi IDP For the past eight years, we’ve helped organizations simplify the deployment and management of their infrastructure. Pulumi launched at the height of DevOps, bringing general-purpose programming languages to infrastructure as code (IaC) at a time when application teams were...| Pulumi Blog
Infrastructure as Code (IaC) tools such as Pulumi can provide enormous amounts of leverage, but they must be used correctly to also provide safety. One of our main jobs as infrastructure engineers is to not break things, so leverage without safety is useless. If something is safe, we can change things easily without even thinking about it. If it isn’t, we’ll be up until 2 a.m. fixing what we broke. At Oso, we recently had to do a large infrastructure migration and learned three key princi...| Pulumi Blog
Snowflake is the data cloud powerhouse for countless businesses, critical for everything from customer dashboards to billing pipelines. The stakes are immense: this data must be strictly secured and always available. But managing this with static credentials or manual key rotation creates persistent security vulnerabilities and introduces operational instability, risking disruptions during clumsy updates. Pulumi ESC eliminates this dilemma with two purpose-built Snowflake integrations: snowfl...| Pulumi Blog
Securing access to critical data stores is paramount in today’s cloud-native world. Yet, managing database credentials often involves static, long-lived passwords – a significant security blind spot. These static secrets, frequently embedded in application configurations or accessible to multiple team members, represent a prime target for attackers. Manually rotating these credentials is a cumbersome, error-prone task that’s often neglected, leaving databases vulnerable for extended per...| Pulumi Blog
We are thrilled to announce enhanced integration support for Infisical within Pulumi ESC! Pulumi ESC centralizes secrets and configuration management, providing a unified source of truth across your environments. With the addition of Infisical, a popular open-source secrets management platform, ESC further extends its ecosystem, enabling seamless and secure access to secrets stored across diverse systems. This release introduces two distinct dynamic providers for Infisical, each designed to i...| Pulumi Blog
We’ve been busy over the past two months, shipping significant enhancements across the Pulumi ecosystem. From major improvements to our core IaC platform with Azure Native V3 and cross-language Components to powerful new capabilities in Pulumi ESC and Insights, these updates deliver on our commitment to making cloud management more powerful, accessible, and secure. We’re particularly excited about our AI integration through the MCP Server, enabling developers to work with infrastructure i...| Pulumi Blog
In previous articles, we looked at how platform engineering fixes infrastructure chaos, enables self-service, and improves developer workflows. These pillars work together to boost both developer productivity and organizational speed. But there’s still one critical element that can make or break all this progress: security. Traditional security efforts — even “shift-left” initiatives — often create friction instead of clearing the way for innovation. Embedding security directly into...| Pulumi Blog
Infrastructure as Code (IaC) has revolutionized how we manage cloud resources, but navigating complex cloud provider APIs, writing boilerplate code, and iterating through deployment cycles can still be time-consuming. Pulumi offers a fantastic developer experience using familiar programming languages. But what if we could make it even faster and more intuitive by integrating powerful AI assistants directly into the development loop? This is where the Pulumi Model Context Protocol (MCP) Server...| Pulumi Blog
Today we’re excited to announce the release of Pulumi Azure Native V3 - a major leap forward for the most comprehensive infrastructure as code solution for Microsoft Azure. This release delivers a remarkable 75% reduction in SDK size while maintaining our complete coverage of the Azure ecosystem. Pulumi Azure Native provides direct access to the Azure Resource Manager API, making it hands-down the best infrastructure as code solution for Microsoft Azure. Unlike traditional providers that ab...| Pulumi Blog
Pulumi enables teams to manage their infrastructure using the programming languages and tools they are already familiar with, supporting use cases such as complex authentication workflows, dynamically configured resources, and more. In this post we’re excited to announce an improvement to the pulumi refresh and pulumi destroy commands: the --run-program flag! This new feature makes Pulumi even more powerful for teams with complex infrastructure workflows. This enhancement is particularly va...| Pulumi Blog
By this point in 2025, we’ve all heard about “vibe coding”: the AI-fueled craze that enables even my 2 year old nephew to build new applications by simply giving into the vibes, embracing exponentials, and forgetting that the code even exists. Vibe coding enables anybody who can type on a keyboard or speak to a computer to build IPO-worthy software businesses overnight. Today we are excited to introduce vibe coding’s similarly revolutionary close cousin: “vibe clouding”. By giving...| Pulumi Blog
Pulumi Components enable you to create, share, and consume reusable infrastructure building blocks across your organization and the broader community. Today, we’re excited to announce significant enhancements to Pulumi Components that make them more powerful, accessible, and easier to use than ever before. With this release, we’ve made it possible to author components in one language and consume them in any other Pulumi language—including Pulumi YAML. This breakthrough enables platform ...| Pulumi Blog
Kubernetes has transformed cloud infrastructure by enabling scalable, containerized applications. While it initially gained traction for managing web applications and microservices, its capabilities now extend to AI/ML workloads, making it the go-to platform for data scientists and machine learning engineers. Running AI/ML workloads on Kubernetes presents unique challenges, including: Specialized hardware requirements (e.g., GPUs, TPUs) Scalability for model training and inference Complex dat...| Pulumi Blog
Pulumi Cloud empowers engineers to automate, secure, and manage modern infrastructure platforms. Many companies are building internal developer platforms or modern infrastructure platforms to provide developer self-service while maintaining security and compliance. Companies adopt Pulumi IaC so they can apply software engineering practices to their infrastructure scaling problems and because it is fully open source with a strong community and public roadmap. At Pulumi, we’re committed to op...| Pulumi Blog
Pulumi is excited to announce the addition of 27 new providers to the Pulumi Registry, significantly expanding our ecosystem and empowering developers with more choices for infrastructure as code. This expansion includes providers like Temporal, Vantage, and Honeycomb, among many others, making it even easier to manage diverse cloud and SaaS services with Pulumi. This milestone is made possible by Pulumi’s new ability to use any Terraform provider (bridging existing Terraform providers for ...| Pulumi Blog
Pulumi’s integration with GitLab has reached new heights with enhancements designed to streamline your infrastructure as code workflows. Today, we’re excited to announce several significant improvements to our GitLab integration that make managing cloud infrastructure with Pulumi and GitLab more seamless than ever before: GitLab as a first-class VCS in Pulumi Cloud, enhanced merge request comments, organizational templates in GitLab, and later this year, Pulumi Deployments for GitLab. Pul...| Pulumi Blog
Pulumi now handles secrets more efficiently through optimized encryption and decryption processes, reducing deployment times while maintaining security standards. Users of Pulumi Cloud for state management will notice the most improvement due to new batch API capabilities. Secrets Management in Pulumi Pulumi Infrastructure as Code (IaC)’s built-in secrets management encrypts individual secrets within the stack for fine-grained protection. Pulumi Cloud transmits and stores stack state secure...| Pulumi Blog
Learn how to boost developer experience, productivity, and velocity with an internal developer platform using service catalogs, templates, and CI/CD.| pulumi
Unlock developer productivity with self-service infrastructure through modular abstraction and intent-based specifications for your internal developer platform.| pulumi
Build a reliable infrastructure provisioning foundation with version control, automation, and golden-path templates for your internal developer platform.| pulumi
Explore the essential pillars of Platform Engineering and learn how to transform infrastructure chaos into a streamlined development experience.| pulumi
Managing secrets in the cloud is harder than ever. Learn how cloud engineers can streamline security, eliminate risks, and simplify secrets management at scale.| pulumi
Pulumi ESC's Rotated Secrets automates credential rotation, enhancing security, reducing manual effort, and ensuring compliance for long-lived secrets| pulumi
Learn how to manage Kubernetes secrets securely with Pulumi ESC and the Secrets Store CSI Driver.| pulumi
Manage Amazon EKS Hybrid Nodes with Pulumi: Use AWS's control plane while running workloads on-premises or at the edge.| pulumi
Release of the next version of the Pulumi Provider for AWS EKS| pulumi
In this post in the continuing series on IaC recommended practices, the Zephyr teams starts using the Pulumi Automation API to orchestrate multiple stacks.| pulumi
This is the fifth post in a series on recommended practices for infrastructure as code with Pulumi. This post focuses on RBAC and security.| pulumi
Automatically keep dependent stacks up to date with Deployment Webhook Destinations and the pulumi-auto-deploy package.| pulumi
Review Stacks give you an automated cloud environment for every pull request so your team can ship faster, safer, and more collaboratively.| pulumi
