Infrastructure-as-code provider Pulumi Corp. today announced a new service called Pulumi ESC for managing the configurations and secrets of modern application environments, similar to how it automates cloud infrastructure management.

Pulumi is a leader in the emerging IaC market, selling tools to help companies automate the management of their cloud computing infrastructure. More specifically, Pulumi’s tools make it easier for teams to use code to provision and manage cloud infrastructure automatically, rather than adjusting hundreds of settings manually.

The IaC approach has a lot of merit because the process of launching an application on cloud infrastructure is complicated and tedious. Teams must provision and configure each infrastructure resource that the application will use. They also need to define security rules and set up the individual components of each app. All of these tasks can be simplified by using code.

Pulumi, which just last week raised $41 million in a Series C funding round, said it’s now turning its attention to managing application environments with code.

As Pulumi explains, modern cloud applications are extremely dynamic. Each application will have multiple development, test and production environments that span different cloud regions. And each of these environments will have numerous configurations that need to be taken care of, including their network settings, deployment options and “secrets,” such as database credentials and application programming interface keys for internal and external services. Adding to the confusion, different teams may rely on different secrets managers, or even use plaintext to store and access their secrets.

As with infrastructure, the configuration of application environments has always been done manually, using large collections of YAML files and spreadsheets that lack access controls. Pulumi says this has led to “configuration sprawl” that is complex, time-consuming and risky, because it provides very little visibility into downstream dependencies that might be disrupted by any changes made to an environment’s configuration. There’s also the risk of secrets being leaked.

Available now in preview, Pulumi ESC aims to solves these problems by giving engineers a unified way to manage application environment configurations and secrets, similar to how its core IAC offering enables them to manage cloud infrastructure and security policies. It allows engineers to define environments made up of multiple sources, including Pulumi Secrets, OpenID Connect, public cloud secret stores and more. These environments can be consumed by applications and infrastructure from any execution environment, including Pulumi itself, Terraform, Kubernetes, Docker, Amazon Web Services, Google Cloud, Microsoft Azure and GitHub Actions.

Luke Hoban, Pulumi’s chief technology officer, explained that the company has already tackled cloud resources management with code. Now, it’s aiming to do the same for all other aspects of infrastructure management.

“We wanted to build a general purpose configuration and secrets management solution that works seamlessly with any infrastructure or application,” he explained. “We also wanted the same access controls used in a Pulumi organization to be applied to every environment in ESC. Lastly, we wanted every read or access of an environment to be auditable.”

With Pulumi ESC, engineers can create environments made up of collections of key/value pairs that contain secrets and configuration values. These environments can be composed of multiple other environments, creating nested relationships between different configurations. The relationships between them are fully traceable, ensuring teams have visibility into the downstream effect that any configuration update will have.

Because Pulumi ESC is “secrets agnostic,” it can aggregate key/values from numerous sources, including Pulumi Secrets, OIDC, 1Password and HashiCorp Vault, and will support many more soon. It also uses the same role-based access controls as Pulumi Cloud, ensuring granular access for different teams and roles.

Image: Pulumi