Pulumi home
Pricing
Blog
Events & workshops
Get Started
Star
Slack
Docs
Registry
Pulumi Neo
Contact Us
Pulumi Cloud
Sign In
Docs Home
Get Started
Get Started with Pulumi
Download & Install Pulumi
Infrastructure as Code
Overview
Get Started
AWS
Overview
Install Pulumi
Configure access
Create project
Deploy
Make an update
Create a component
Cleanup & destroy
Next steps
Azure
Overview
Install Pulumi
Create project
Review project
Deploy stack
Modify program
Deploy changes
Destroy stack
Next steps
Google Cloud
Overview
Install Pulumi
Create project
Review project
Deploy stack
Modify program
Deploy changes
Destroy stack
Next steps
Kubernetes
Overview
Install Pulumi
Create project
Review project
Deploy stack
Modify program
Deploy changes
Destroy stack
Next steps
Terraform Users
Overview
Install and Configure
First Look
Reference Terraform State
Import Terraform Modules
Use Terraform Providers
Convert HCL Code
Orchestrate Together
Next Steps
Concepts
Overview
How Pulumi works
Pulumi Cloud
Projects
Overview
Project file reference
Stack settings file reference
Stacks
Configuration
Resources
Overview
Names
Providers
Dynamic providers
Resource options
Overview
additionalSecretOutputs
aliases
customTimeouts
deleteBeforeReplace
deletedWith
dependsOn
hooks
hideDiffs
ignoreChanges
import
parent
protect
provider
providers
replaceOnChanges
retainOnDelete
transformations
transforms
version
Inputs & Outputs
Overview
Apply
Property Paths
All
State & backends
Secrets Handling
Functions
Overview
Provider functions
Get functions
Resource methods
Function serialization
Components
Packages
Assets & archives
Plugins
Guides
Basics
Overview
Least Privilege Security
Organizing Projects & Stacks
Update plans
Building & Extending
Overview
Components
Build a Component
Testing Components
Providers
Provider architecture
Build a provider
Provider SDKs
Overview
Pulumi Go Provider SDK
Direct implementation
Overview
Protocol reference
Python
Go
TypeScript
Packages
Publishing packages
Local Packages
Schema reference
Using Existing Tools
Use a Terraform Module
Continuous Delivery
Overview
AWS Code Services
ArgoCD
Azure DevOps
Buildkite
Bitbucket Pipelines
CircleCI
Codefresh
GitHub Actions
GitHub App
Harness
GitLab Integration
GitLab CI
Google Cloud Build
Jenkins
Octopus Deploy
Pulumi Kubernetes Operator
Travis CI
Spinnaker
TeamCity
Adding CI/CD support
Migration
Overview
Migrating from...
Terraform
AWS CDK
AWS CloudFormation
Azure Resource Manager
Kubernetes YAML or Helm Charts
Importing Resources
Conversion tools
Testing
Overview
Unit testing
Integration testing
Overview
Integration testing framework
Automation API testing
AI Integration
MCP server
Languages & SDKs
Overview
TypeScript (Node.js)
Overview
SDK docs ↗
Policy SDK docs ↗
Provider package version management
Python
Overview
SDK docs ↗
Policy SDK docs ↗
Blocking & async
C#, F#, VB (.NET)
Overview
SDK docs ↗
Go
Overview
SDK docs ↗
Java
Overview
SDK docs ↗
YAML
Overview
Component Reference
Reference
Clouds
Overview
AWS
Overview
Guides
Overview
API Gateway
AWS CDK
Auto Scaling
CloudWatch
ECR
ECS
EKS
ELB
IAM
Lambda
VPC
More
Index of AWS Services
Azure
Google Cloud
Kubernetes
Overview
Guides
Overview
Playbooks
Control Plane
Worker nodes
Access clusters
Cluster defaults
Access control
Cluster services
App services
Updating worker nodes
Identity
Apps
Managed infra
Pulumi CLI
Overview
Commands
Overview
pulumi
about
cancel
config
console
convert
destroy
env
gen-completion
import
login
logout
logs
new
org
package
plugin
policy
preview
refresh
schema
stack
state
up
version
watch
whoami
Environment variables
Command-line completion
Available versions
Automation API
Overview
Getting Started
Concepts
Comparisons
Overview
Terraform
Overview
OpenTofu vs. Terraform
Pulumi terminology
Cloud Templates
Overview
AWS CloudFormation
Cloud SDKs
Cloud Template Transpilers
Overview
Pulumi vs AWS Cloud Development Kit (CDK)
Serverless Framework
OpenTofu
Kubernetes YAML
Chef & Puppet
Crossplane
Custom solutions
Deployments & Workflows
Overview
Get Started
Overview
Onboarding Guide
Overview
Select the right model
Ways of working
Setting up for success
Migrating to Pulumi
Projects & stacks
Deployments
Overview
Get Started Guides
Overview
New Project Wizard
Pulumi and GitHub CLIs
Using Deployments
Overview
Deployments Settings
Deployment Triggers
Private Git Repositories
Post-Deployment Automation
Cloud Credentials
Deployment Permissions
Customer-managed agents
Drift detection
OIDC Setup
Overview
AWS
Azure
Google Cloud
Review stacks
Time-to-live stacks
Schedules
Security and operations
Vs. Traditional CI/CD
CI/CD assistant
Webhooks
Deploy with Pulumi button
Secrets & Configuration
Overview
Get Started
Concepts
Overview
How Pulumi ESC works
Guides
Overview
Integrate with Pulumi IaC
Managing Secrets
Running Commands with esc run
Importing Environments
Environments
Overview
Working with environments
Environment Definition Syntax
Overview
Top-Level Keys
Overview
imports
values
Interpolations and References
Built-in Functions
Overview
fn::concat
fn::fromBase64
fn::fromJSON
fn::join
fn::open
fn::rotate
fn::secret
fn::toBase64
fn::toJSON
fn::toString
Built-in Properties
Overview
context
environments
imports
Providers
Rotators
Reserved Properties
Overview
environmentVariables
files
pulumiConfig
Sample Environment Definition
Importing environments
Versioning
Rotating Secrets
Overview
AWS Lambda Rotation Connector
Database User Setup
Dynamic environment variables
Configuring OIDC
Overview
AWS
Azure
Doppler
Google Cloud
Infisical
Vault
Webhooks
Integrations
Overview
Dynamic Login Credentials
Overview
aws-login
azure-login
doppler-login
gcp-login
gh-login
infisical-login
snowflake-login
vault-login
Dynamic Secrets
Overview
1password-secrets
aws-parameter-store
aws-secrets
azure-secrets
doppler-secrets
gcp-secrets
infisical-secrets
vault-secrets
Rotated Secrets
Overview
aws-iam
mysql
passphrase
password
postgres
snowflake-user
Dev tools
Overview
Direnv
Docker
GitHub
Infrastructure
Overview
Pulumi IaC
Overview
pulumi-stacks
Terraform
Overview
terraform-state
Cloudflare
Kubernetes
Overview
External Secrets Operator (ESO)
Kubernetes Cluster Access
Secrets Store CSI Driver
ESC CLI
Overview
Download & Install
Commands
Overview
esc
esc completion
esc env
esc env edit
esc env get
esc env init
esc env ls
esc env rm
esc env set
esc login
esc open
esc run
esc version
Command-line completion
Development
Overview
Automation API
ESC VS Code Extension
Pulumi Service Provider
Languages & SDKs
Overview
TypeScript (Node.js)
Overview
SDK docs ↗
Python
Overview
SDK docs ↗
Go
Overview
SDK docs ↗
Administration
Overview
Access control
Audit Logs
Approvals
Customer Managed Keys
OIDC authentication
Self-Hosting
Deletion protection
Comparisons
Overview
HashiCorp Vault
Infisical
Doppler
Insights & Governance
Overview
Discovery
Overview
Get Started
Overview
Before You Begin
Create Accounts
Manage Accounts and Scans
Using Resource Explorer
Add Policies
Accounts
Resource Search
Visual Import
Data Export
Policies
Overview
Get Started
Policy Packs
Overview
Pre-Built Packs
Write your own
Policy Metadata
Policy Groups
Policy Findings
Integrations
Snyk Container Scanning
AWS Organizations Tag Policies
Internal Developer Platform
Overview
Get Started
Overview
Before you begin
Private Registry
Workflows
Services
Publishing Components from GitHub Actions
Developer Portals
Overview
Organization templates
New Project Wizard
Pulumi Backstage plugin
Best Practices
Overview
The Four Factors Framework
Patterns
Overview
One ESC environment per service
One ESC environment per team
One ESC environment per lifecycle stage
Composable environments
Multiple workloads on shared infrastructure
Policies as tests
Components using other Components
Validating Component Inputs using Policy functions
Cost control using Components, Policies, and constrained inputs
Security Updates using Components
Infrastructure AI
Overview
Get Started
Tasks
Pull Requests
Previews
Administration
Overview
Organizations & Teams
Overview
Accounts
Organizations
Billing managers
Access & Identity
Overview
Role-Based Access Control (RBAC)
Overview