Pulumi Launches New Features to Enhance Cloud Security

Highlights:

• Pulumi ESC introduces Rotated Secrets, enhancing secure management and injection of sensitive data into cloud infrastructure and CI/CD workflows.
• Pulumi Insights now features a dedicated dashboard for monitoring policy violations, enabling quick detection and resolution of noncompliant resources.

A leading Infrastructure-as-Code provider, Pulumi Corp., introduced four product enhancements aimed at enhancing security, optimizing automation, and offering greater control over cloud resources.

Pulumi has launched new features to enhance cloud security and automation, including automated secrets rotation, secure GitHub Actions integration, and granular role-based access controls. Additionally, the company has extended its policy-as-code capabilities to encompass all cloud resources—both those managed via infrastructure as code and those discovered—ensuring unified governance and large-scale compliance.

The first announcement is the launch of Rotated Secrets in Pulumi ESC. This secrets and configuration management service is designed to securely handle and inject sensitive data into cloud infrastructure and CI/CD workflows. The new automated secrets rotation helps organizations reduce security risks by eliminating static, long-lived credentials while seamlessly integrating with existing workflows.

This feature employs a two-secret strategy, ensuring that two valid secrets are always available during credential transitions to maintain seamless access. Rotated Secrets also provides comprehensive auditing and tracking, documenting the complete history of credentials, including rotation timestamps and access details.

The second announcement, Pulumi ESC GitHub Action, enables teams to securely inject secrets and configurations into GitHub Actions workflows on demand, eliminating the need for static, long-lived secrets. This dynamic approach enhances security by minimizing the risk of credential leakage while optimizing CI/CD pipeline efficiency.

Next, Pulumi has introduced a new Role-Based Access Control (RBAC) system, offering precise control over who can access and manage resources within an organization. This unified system extends across Pulumi Cloud, enabling organizations to create custom roles with specific permissions, assign them to users and teams, and regulate access to individual resources like Infrastructure-as-Code (IaC) stacks, Pulumi ESC environments, and Pulumi Insights accounts.

The final announcement expands Pulumi Insights, the company’s visibility and governance tool, with enhanced policy-as-code capabilities to automatically govern all cloud resources, including those discovered outside of IaC. Organizations can now define policies once and enforce them consistently across both IaC-managed and discovered resources across Amazon Web Services, Microsoft Azure, Oracle Cloud Infrastructure, and Kubernetes environments.

Pulumi Insights now offers a dedicated dashboard for comprehensive visibility into policy violations, allowing for swift identification and remediation of noncompliant resources.

To date, the startup has secured approximately USD 99 million in venture funding, including a USD 41 million Series C round in October 2023. Its investors include Madrona Venture Group, New Enterprise Associates Inc., Tola Capital, and Strike Capital.