Pulumi today extended the reach of its Environments, Secrets and Configurations (ESC) platform for managing infrastructure-as-code (IaC) into the realm of DevSecOps by adding the ability to manage secrets and implement policies.
For example, DevSecOps teams via Pulumi ESC can now automate the rotation of secrets to ensure static, long-lived credentials are regularly updated. Additionally, DevSecOps teams can also securely inject secrets and configurations into a GitHub Actions workflow as needed.
Pulumi is also now making it possible to write policies once and apply them across their IaC environments, including Amazon Web Services (AWS), Microsoft Azure, Oracle Cloud Infrastructure (OCI cloud services and Kubernetes clusters.
Finally, Pulumi has revamped its role-based access controls (RBAC) to provide more granular control over who on an IT team can access the capabilities provided.
Pulumi CEO Joe Duffy said the overall goal is to streamline processes by making it simpler to manage these tasks within an integrated workflow that doesn’t require them to acquire and deploy a separate vault to manage application secrets.
Many organizations are revisiting their DevOps workflows with an eye toward improving the security of their software supply chains. Cybercriminals are now routinely scanning for misconfigurations they can exploit to either inject malware into IT environments or simply exfiltrate data via an open port.
Additionally, developers all too often leave application secrets exposed in a way that enables cybercriminals to simply log into an application environment using a set of valid credentials.
Making it simpler for DevOps teams to address those issues as they provision IT infrastructure reduces the number of opportunities to wreak havoc that cybercriminals are presented with today.
Pulumi has been making a case for an IaC platform that enables application developers to provision infrastructure using standard programming languages such as Java, JavaScript, Go or .NET rather than having to, for example, interact with a set of YAML files. The company claims that more than 3,000 organizations are now using the Pulumi platform to centralize the provisioning of IT infrastructure as an alternative open open-source Terraform tools.
The company is also working toward adding generative artificial intelligence (GenAI) capabilities to the platform to make it possible to provision those resources via a natural language interface.
It’s not clear how many organizations are moving away from Terraform, but with the rise of platform engineering as a methodology for managing DevOps workflows at scale, the number of organizations reviewing legacy DevOps tools and platforms has increased. The Pulumi platform, in general, makes it simpler for those teams to set up workflows that enable application developers to self-service their requirements within the context of a well-defined set of guardrails, said Duffy.
At this point, it’s not so much a question of whether DevOps teams will be applying best DevSecOps practices to secure their supply chains as much as it is the degree to which they will be applied. The challenge, as always, is ensuring that, rather than resisting any change made to the workflows, they are actually embraced by application developers.
