Infrastructure management platform Pulumi has announced significant product enhancements to improve security, streamline automation, and provide greater control over cloud resources.
"At Pulumi, we believe that cloud security can no longer be an afterthought. Instead, security must be built into the tools and methods we use to automate and manage cloud applications and infrastructure, so things are secure from the outset," said Joe Duffy, Founder/CEO, Pulumi
Automating credential security
Pulumi ESC now provides automated secrets rotation, helping minimise security risks while integrating seamlessly with existing workflows.
Secrets can be rotated on demand and through a rotation schedule. A two-secret strategy, where two secrets are valid at any time, ensures availability during credential transitions. Rotated Secrets provides comprehensive auditing and tracking of the entire credential history, including the date of rotation and the individuals who accessed them.
Securing secrets management
The Pulumi ESC GitHub Action enables teams to securely inject secrets and configuration into GitHub Actions workflows as needed rather than storing them as static, long-lived secrets. This reduces the risk of credential leakage while streamlining CI/CD pipelines.
The Pulumi ESC GitHub Action is designed for ease of use. It can download the Pulumi ESC CLI, inject all environment variables from an ESC environment, or inject specific environment variables as needed.
Enhancing authorisation at scale
Pulumi's new Role-Based Access Control (RBAC) system, which will be available soon, provides access control and modification of resources within an organisation.
It also unifies control across all products in Pulumi Cloud, allowing organisations to define custom roles with specific permissions, apply these roles to users and teams, and control access to individual resources. The system also supports role-based access tokens, ensuring that automated processes have only the necessary permissions.
Unified governance
Pulumi Insights now extends policy-as-code capabilities to automatically govern all cloud resources, enabling organisations to write policies once and apply them universally across IaC and discovered resources in AWS, Azure, OCI, and Kubernetes environments.
It also provides comprehensive visibility into policy violations through a dedicated dashboard, enabling quick identification and resolution of non-compliant resources.
"The recently announced capabilities help the entire team enhance their security posture across many scenarios: whether it is developers securely managing credentials and secrets, platform teams delivering secure CI/CD pipelines, or security teams applying governance across their entire cloud estate, this announcement has something for everyone," Duffy added.
