Pulumi Strengthens Cloud Security and Automation

New offerings include secure GitHub Actions integration, automated credential rotation, unified policy governance, and granular access controls to help enterprises manage cloud infrastructure more securely at scale

SEATTLE, WA, March 26, 2025 — Pulumi, a leader in infrastructure as code and platform engineering solutions, today announced four significant product enhancements designed to improve security, streamline automation, and provide greater control over cloud resources. These new capabilities build upon Pulumi's commitment to helping organizations manage their cloud infrastructure more effectively and securely.

Rotated Secrets in Pulumi ESC: Automating Credential Security
Pulumi ESC now provides automated secrets rotation to address the challenges of managing static, long-lived credentials. This feature helps organizations minimize security risks while integrating seamlessly with existing workflows. Secrets can be rotated on-demand and through a rotation schedule. All secrets are rotated with a two-secret strategy where two secrets are valid at any time, ensuring availability during credential transitions. Rotated Secrets has complete auditing and tracking of the full history of credentials, when they were rotated, and who accessed them. Read the blog post.

Pulumi ESC GitHub Action: Secure Secrets Management in CI/CD
The Pulumi ESC GitHub Action enables teams to inject secrets and configuration securely into GitHub Actions workflows as needed, rather than storing them as static, long-lived secrets. This dynamic approach significantly reduces the risk of credential leakage while streamlining CI/CD pipelines. The GitHub Action can download the Pulumi ESC CLI, inject all environment variables from an ESC environment, or inject specific environment variables as needed. Read the blog post.

Granular Access Controls: Enhanced Authorization at Scale
Pulumi's new Role-Based Access Control (RBAC) system provides fine-grained control over who can access and modify resources within an organization. The RBAC system unifies control across all products in Pulumi Cloud, and it allows organizations to define custom roles with specific permissions, apply these roles to users and teams, and control access to individual resources like IaC stacks, ESC environments, and Insights accounts. The system also supports role-based access tokens, ensuring that automated processes only have the permissions they need. Pulumi RBAC is coming soon.

Policy as Code for Discovered Resources: Unified Governance
Pulumi Insights now extends policy as code capabilities to automatically govern all cloud resources, including those discovered outside of infrastructure as code. Organizations can now write policies once and apply them universally across both IaC and discovered resources in AWS, Azure, OCI, and Kubernetes environments. Pulumi Insights now provides comprehensive visibility into policy violations through a dedicated dashboard, enabling quick identification and resolution of non-compliant resources. This unified approach to policy enforcement marks a significant advancement in cloud security and compliance management, offering organizations a more streamlined and effective way to maintain their infrastructure standards. Read the blog post.

About Pulumi
Pulumi is an infrastructure management platform for everything running in the cloud. It's the smartest way for organizations to automate, secure, and manage infrastructure across hundreds of clouds. It’s used by over 3,000 innovative companies and hundreds of thousands of end users. Powered by the industry’s leading open source infrastructure as code, programming languages, and generative AIs, Pulumi empowers infrastructure, development, and security teams to seamlessly collaborate to get to market faster with less risk and more control, turning the cloud into a competitive advantage. For more information, visit pulumi.com.

###

Media contact:

Media Contact:
Ray George
650-922-3825
ray@peripety.com