Infrastructure-as-code provider Pulumi Corp. today announced four product enhancements that are designed to improve security, streamline automation and provide greater control over cloud resources.

Pulumi has introduced new features to enhance cloud security and automation, including automated secrets rotation, secure GitHub Actions integration and granular role-based access controls. The company has also expanded its policy-as-code capabilities to cover all cloud resources, both managed through infrastructure as code and discovered, ensuring unified governance and compliance at large scale.

The first announcement is the introduction of Rotated Secrets in Pulumi ESC. The company’s secrets and configuration management service is designed to securely manage and inject sensitive data into cloud infrastructure and continuous integration/continuous deployment or CI/CD workflows. The new automated secrets rotation addresses the challenge of managing static, long-lived credentials by helping organizations minimize security risks while integrating with existing workflows.

With the feature, all secrets are rotated with a two-secret strategy where two secrets are valid at any time, ensuring availability during credential transitions. Rotated Secrets also offers full auditing and tracking of the full history of credentials, when they were rotated and who accessed them.

The second announcement, Pulumi ESC GitHub Action, allows teams to inject secrets and configuration securely into GitHub Actions workflows as needed rather than storing them as static, long-lived secrets. The dynamic approach significantly reduces the risk of credential leakage while streamlining CI/CD pipelines.

Up next, Pulumi has launched a new Role-Based Access Control system that provides fine-grained control over who can access and modify resources within an organization. The RBAC system unifies control across the Pulumi Cloud and allows organizations to define custom roles with specific permissions, apply these roles to users and teams and control access to individual resources such as IaC stacks, ESC environments and Insights accounts.

The last announcement sees Pulumi Insights, the company’s visibility and governance tool, gain extended policy-as-code capabilities to automatically govern all cloud resources, including those discovered outside of IaC. Organizations can now write policies once and apply them universally across both IaC and discovered resources in Amazon Web Services, Microsoft Azure, Oracle Cloud Infrastructure and Kubernetes environments.

Pulumi Insights now provides comprehensive visibility into policy violations through a dedicated dashboard, enabling quick identification and resolution of noncompliant resources.

The startup has raised about $99 million in venture capital to date, including a Series C round of $41 million in October 2023. Investors in the company include Madrona Venture Group, New Enterprise Associates Inc., Tola Capital and Strike Capital.

Image: Pulumi