Guides
How-to guides for consuming Pulumi ESC from the tools you already use. Each page is a self-contained walkthrough — install steps, the YAML or commands you need, and where ESC fits in the flow.
For first-party ESC integrations (the Pulumi Service Provider, Automation API, the VS Code extension, the External Secrets Operator, and the Secrets Store CSI Driver), see Integrations.
Authentication
- Configuring OIDC — set up OpenID Connect trust between ESC and AWS, Azure, GCP, Doppler, Infisical, or Vault.
Use ESC with Pulumi IaC
- Manage ESC with Pulumi IaC — consume environments from a Pulumi program.
Development tools
- Run commands with esc run — inject environment values into any command or script.
- Docker — load environment variables and secrets into Docker workflows.
- direnv — load ESC values automatically when you
cdinto a directory.
CI / CD
- GitHub Actions — inject ESC values and short-lived cloud credentials into workflows.
Kubernetes
- Kubernetes cluster access — store and consume
kubeconfigfiles and cluster credentials in ESC.
Infrastructure tools
- Terraform — supply temporary credentials and input variables to the Terraform CLI via
esc run.
Cloud platforms
- Cloudflare — manage Cloudflare Workers secrets via ESC.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.