At the PulumiUP virtual event, Pulumi made its security management product, ESC (Environments, Secrets and Configuration) generally available, previewed the second verson of its Insights cloud management tool, and claimed increased interest in its IaC (Infrastructure as Code) offering thanks to its support for general-purpose programming languages.
Pulumi ESC is not itself a secrets store (though there is a Pulumi Cloud Secrets offering) but can use many different stores – including AWS Secrets Manager, HashiCorp Vault, Azure Key Vault, Google Cloud Secrets Manager, and 1Password. Target environments include the main public clouds as well as GitLab, GitHub Actions, Docker and Kubernetes. It is intended to be developer-friendly, with an API and SDKs for TypeScript/JavaScript, Python and Go. User permissions for the service use role-based access control.
Insights 2.0 adds features including integration with Pulumi IaC and support for Pulumi Copilot, an AI chatbot which is said to assist with troubleshooting infrastructure issues. During the PulumiUP keynote, the Pulumi Copilot successfully spotted a typo in a Python script – not the most impressive demonstration of AI, but we presume more advanced abilities are also available.
Pulumi Copilot itself was introduced in June and, according to the docs, currently uses OpenAI GPT-4o via Azure OpenAI Service – though use of other models is expected in future. Pulumi Copilot cannot currently perform actions but this is also planned. The service only has access to the data the user has access to and does not use it for training, the docs promise.
Perhaps the best-known Pulumi product is its open source IaC tool. The best-known IaC tool is HashiCorp Terraform, but in August 2023, HashiCorp changed the license of TerraForm to a restrictive Business Source License, prohibiting “competitive services built on our community products.” As a side effect, there has been increased interest in other options such as Pulumi. There has also been the creation of OpenTF, now called OpenTofu, as a fork of TerraForm with a permissive open source license – the Mozilla Public License 2.0. Pulumi uses the Apache 2.0 license.
At the Pulumi event, co-founder and CEO Joe Duffy claimed that Pulumi’s open source Infrastructure as Code solution has, in the past month, attracted more contributors than Terraform and three times as many contributors as OpenTofu. In a round-table discussion, there was a focus on the fact that Pulumi enables infrastructure to be defined using general-purpose programming languages including Python, Java, JavaScript and C#, whereas Terraform uses the HCL (HashiCorp Configuration Language) which is a DSL (Domain Specific Language).
During the discussion, Chef inventor Adam Jacob opined that “the more complex things get, the happier you’ll be that you’ve chosen a real programming language.”
A key feature that may make transition easier is that Pulumi IaC can now use Terraform providers. Other new and recent features highlighted at the event include a Visual Studio Code extension, new debugging capabilities, and Copilot support.
Pulumi has some way to go before it can catch Terraform, though. The most recent StackOVerflow survey shows Terraform used by 10.6 percent of respondents, RedHat Ansible at 7.9 percent, Puppet 1.2 percent, Pulumi 0.9 percent and Chef 0.7 percent.
Full details of what was introduced at PulumiUp can be found in Duffy’s post.