Pulumi Beefs Up IaC Platform with Security, Insights

Securityops

By: R. Scott Raynovich


Infrastructure as code (IaC) company Pulumi is ramping up its competition with industry leader HashiCorp with the addition of security products in an expansion of its platform.

The launch comes at a crucial time in the evolution of IaC, which seeks to drive automation into the management of cloud infrastructure. Pulumi rival HashiCorp is being acquired by IBM, which leaves a natural opening for Pulumi during HashiCorp's transition.

Announced at the fourth annual PulumiUP conference, Seattle-based Pulumi announced two new security products, Pulumi ESC and Pulumi Insights, designed to automate, secure, and manage cloud infrastructure.

Hammering Hashi

AI is just one of the many drivers of the need for more cloud automation. Security is also becoming more complicated and difficult to manage as cloud environments become increasingly complex. Pulumi hopes its new security products and integration with other elements of cloud automation will help practitioners tame the chaos that grows more complex by the day.

The message from the new product launch as well as comments from Pulumi CEO Joe Duffy make one thing clear: Pulumi is intent on building a large and powerful platform to go right at HashiCorp and take advantage of its competitor's tumultuous past couple of years. After its share price had plummeted, HashiCorp a year ago announced it was moving its entire product line from open-source to commercial Business Source Licensing (BSL). Its share price got hammered again, and then it announced it was being acquired by IBM.

"Pulumi is real open source," Duffy told me in an interview this week. "We still see confusion with HashiCorp. What's going to happen when the IBM deal closes? It's causing people to be nervous."

Securing Secrets

Pulumi ESC (Environments, Secrets, and Configuration) is designed to help developers and engineers automate cloud security with centralized secrets management (secrets are critical data such as passwords, API keys, and tokens). It also enables engineers and developers to store configuration information and apply it to specific development environments. Pulumi says that ESC integrates with other popular secret stores, including 1Password, AWS, Azure, Google Cloud, and HashiCorp’s Vault, enabling engineers or developers to unify their secrets environments. ESC is offered on a tiered level including Free, Team, Enterprise, and Business Critical editions.

By launching a security and secrets management product, ESC is targeting HashiCorp’s Vault, which is known as a cash cow for Hashi. Pulumi has differentiated itself from HashiCorp by supporting more software development languages and platforms (HashiCorp heavily emphasizes the use of its own language, HCL), as well as by continuing to offer its products with open-source licenses, while HashiCorp has moved all of its products including Terraform and Vault to BSL.

Pulumi has also expanded the security mission with ESC beyond managing secrets to storing IaC environments and configurations as well.

“The integration with the Pulumi SDKs is a huge productivity boost and allows us to integrate secrets seamlessly across all of our development workflows,” wrote Liam White, Platform Lead at Tetrate, in the Pulumi release statement.

Pulumi Growth Story Backed by Numbers

Recently, Pulumi has boosted its profile and made the case that it’s a growing leader in the IaC market. Pulumi has pointed out that its open-source community is growing fast, with more than 100 million downloads and 20,000 “stars,” the developer equivalent of likes. It also now claims 5,300 contributors to its open-source code. And in a shot at HashiCorp and OpenTofu, Pulumi says it now accounts for 167% of the contributions to Terraform and 300% of the contributions to IaC open-source product OpenTofu, a fork of the old Terraform open-source code that is hosted by the Linux Foundation.

"It’s one of the faster adoption rates that I have ever seen,” said Duffy. "They didn't just come to us for IaC, they came for IaC and secrets as well."

Pulumi’s platform now includes three core products: Pulumi IaC, for cloud applications of apps and infrastructure; ESC, for security automation and secrets management; and Pulumi Insights, a cloud management product that provides an analytical view of cloud resources and assets. All Pulumi products support over 150 public, private, hybrid, and SaaS clouds, including AWS, Azure, Google Cloud, Kubernetes, Cloudflare, Datadog, Snowflake, and more.

Pulumi made these announcements at PulumiUP, its annual conference for the Pulumi community. PulumiUP featured speakers from BMW, NVIDIA, JPMorgan, Wiz, Dagger, AWS, Google Cloud, Docker, SAP, Avanade, and others.

Futuriom Take: Pulumi's expansion of cloud management and security offerings comes with great timing, as cloud environments grow more complex and HashiCorp awaits its fate at IBM.