-
Notifications
You must be signed in to change notification settings - Fork 222
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ESC SDK Launch Blog #11951
Merged
Merged
ESC SDK Launch Blog #11951
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
f9ff13d
first commit
arunkumar611 9358180
adding links
arunkumar611 c555749
Apply suggestions from code review
arunkumar611 31a89ae
update meta image & example scenarios
arunkumar611 f5c8710
update post timestamp
arunkumar611 b8b563f
update typescript -> typescript/javascript
arunkumar611 f653686
update examples and links
arunkumar611 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,226 @@ | ||
--- | ||
title: "Introducing Pulumi ESC SDK: Streamline Your Application Secrets Management" | ||
allow_long_title: true | ||
date: 2024-06-05T00:00:00-04:00 | ||
draft: false | ||
meta_desc: "The new Pulumi ESC SDK allows developers to seamlessly integrate Pulumi ESC with their applications for secrets management" | ||
meta_image: "meta.png" | ||
authors: | ||
- arun-loganathan | ||
- cleve-littlefield | ||
tags: | ||
- esc | ||
- secrets | ||
- features | ||
--- | ||
|
||
Managing secrets and application configurations effectively is crucial for building secure and maintainable software. However, developers often face challenges such as hardcoded credentials, configuration inconsistencies, and security risks. [Pulumi Environments Secrets and Configuration](/product/esc) (ESC) simplifies the management of sensitive data and configuration across your entire application lifecycle. Today, we're thrilled to introduce the official Pulumi ESC SDK in [Typescript/Javascript](/docs/esc/sdk/javascript/), [Go](/docs/esc/sdk/go/), and [Python](/docs/esc/sdk/python/), making it even easier to integrate ESC directly into your applications. | ||
|
||
<!--more--> | ||
|
||
## Primer on Pulumi ESC | ||
|
||
Pulumi ESC (Environments, Secrets, and Configuration) provides a developer-first solution to simplify how you manage sensitive data and configuration across your entire application lifecycle. It's a fully managed solution allowing teams to generate [dynamic cloud provider](/docs/esc/providers/) credentials, aggregate secrets and configuration from multiple sources, and manage them through composable collections called "[environments](/docs/esc/environments/)." These environments can be consumed from anywhere, making Pulumi ESC ideal for any [application and development workflow](docs/esc/other-integrations/). Additionally, while Pulumi ESC works independently to eliminate duplication and reduce drift and sprawl of secrets and configuration for all your applications, it also [integrates](/docs/esc/get-started/integrate-with-pulumi-iac/) smoothly with Pulumi Infrastructure as Code (IaC) to enhance these capabilities within the Pulumi ecosystem. | ||
|
||
## Introducing the Pulumi ESC SDK | ||
|
||
We're excited to unveil the official Pulumi ESC SDK, making it even easier to harness the power of ESC directly within your applications using your favorite programming languages. The SDK provides a simple programmatic interface to all of Pulumi ESC's robust features, allowing you to: | ||
|
||
- **Manage the Entire Lifecycle of Your Environments:** Create new environments, list existing ones, and easily update or delete them as your needs evolve. You can even add [version tags](/docs/esc/environments/#tagging-versions) to your environments, making it simple to track changes and roll back to previous states if needed. | ||
- **Seamlessly Integrate Secrets and Configurations:** Securely access and utilize secrets and configurations within your applications, ensuring consistency of configuration across environments. The SDK provides a streamlined way to fetch the information you need, whether it's dynamic cloud credentials, database connection strings, feature flags, or any other sensitive data. | ||
|
||
The Pulumi ESC SDK streamlines secret and configuration management, promoting secure handling best practices. It handles the secure storage and retrieval of your sensitive data at runtime, eliminating the need to store credentials long-term and minimizing the risk of accidental exposure. The SDK is a natural extension of your development workflow, offering familiar objects and methods, smooth integration with your IDE, and the benefits of type safety such as compile-time checks and helpful code suggestions that reduce errors and accelerate development. | ||
|
||
## How to Get Started | ||
|
||
Here are a few examples of how to use the ESC SDK for various languages: | ||
|
||
{{< chooser language "typescript,python,go" />}} | ||
|
||
{{% choosable language typescript %}} | ||
|
||
```typescript | ||
import * as esc from "@pulumi/esc-sdk"; | ||
|
||
async function main() { | ||
const PULUMI_ACCESS_TOKEN = process.env.PULUMI_ACCESS_TOKEN!; | ||
const orgName = process.env.PULUMI_ORG!; | ||
const config = new esc.Configuration({ accessToken: PULUMI_ACCESS_TOKEN }); | ||
const client = new esc.EscApi(config); | ||
|
||
const envName = "sdk-typescript-example"; | ||
|
||
// Create a new environment | ||
await client.createEnvironment(orgName, envName); | ||
|
||
const envDef: esc.EnvironmentDefinition = { | ||
values: { | ||
my_secret: { | ||
"fn::secret": "shh! don't tell anyone", | ||
}, | ||
}, | ||
}; | ||
|
||
// Update the environment with the new definition | ||
await client.updateEnvironment(orgName, envName, envDef); | ||
|
||
// Open and read the environment | ||
const openEnv = await client.openAndReadEnvironment(orgName, envName); | ||
|
||
if (!openEnv) { | ||
console.error("Failed to open and read the environment"); | ||
return; | ||
} | ||
|
||
// Acces the value of the secret | ||
const secretValue = openEnv.values?.my_secret; | ||
console.log(`Secret value: ${secretValue}\n`); | ||
|
||
// List all the environments in the organization | ||
const orgEnvs = await client.listEnvironments(orgName); | ||
if (!orgEnvs || !orgEnvs.environments) { | ||
console.log("No environments found"); | ||
return; | ||
} | ||
|
||
for (const env of orgEnvs.environments) { | ||
console.log(`Environment: ${env.name}`); | ||
} | ||
} | ||
|
||
(async ()=>{ | ||
await main(); | ||
})(); | ||
``` | ||
|
||
{{% /choosable %}} | ||
|
||
{{% choosable language python %}} | ||
|
||
```python | ||
import pulumi_esc_sdk as esc | ||
import os | ||
|
||
accessToken = os.getenv("PULUMI_ACCESS_TOKEN") | ||
|
||
orgName = os.getenv("PULUMI_ORG") | ||
|
||
configuration = esc.Configuration(access_token=accessToken) | ||
client = esc.EscClient(configuration) | ||
|
||
envName = "sdk-python-example" | ||
|
||
# Create environment | ||
client.create_environment(orgName, envName) | ||
|
||
# create a new EnvironmentDefinition with "my_secret" as a secret in values additional_properties | ||
envDef = esc.EnvironmentDefinition( | ||
imports=[], | ||
values=esc.EnvironmentDefinitionValues( | ||
additional_properties={ | ||
"my_secret": { | ||
"fn::secret": "shh! don't tell anyone" | ||
} | ||
} | ||
) | ||
) | ||
|
||
# Update environment | ||
client.update_environment(orgName, envName, envDef) | ||
|
||
# Open and read the environment | ||
|
||
env, values, yaml = client.open_and_read_environment(orgName, envName) | ||
|
||
secret = values["my_secret"] | ||
print(f'Secret: {secret}\n') | ||
|
||
# List environments | ||
|
||
environments = client.list_environments(orgName) | ||
|
||
for env in environments.environments: | ||
print(f'Environment: {env.name}') | ||
``` | ||
|
||
{{% /choosable %}} | ||
|
||
{{% choosable language go %}} | ||
|
||
```go | ||
package main | ||
|
||
import ( | ||
"log" | ||
"os" | ||
|
||
esc "github.com/pulumi/esc-sdk/sdk/go" | ||
) | ||
|
||
func main() { | ||
accessToken := os.Getenv("PULUMI_ACCESS_TOKEN") | ||
orgName := os.Getenv("PULUMI_ORG") | ||
configuration := esc.NewConfiguration() | ||
escClient := esc.NewClient(configuration) | ||
authCtx := esc.NewAuthContext(accessToken) | ||
|
||
envName := "sdk-go-example" | ||
// Create Environment | ||
err := escClient.CreateEnvironment(authCtx, orgName, envName) | ||
if err != nil { | ||
log.Fatalf("Failed to create environment: %v", err) | ||
} | ||
|
||
// Update Environment with Secrets | ||
updatePayload := &esc.EnvironmentDefinition{ | ||
Values: &esc.EnvironmentDefinitionValues{ | ||
AdditionalProperties: map[string]interface{}{ | ||
"my_secret": map[string]string{ | ||
"fn::secret": "shh! don't tell anyone", | ||
}, | ||
}, | ||
}, | ||
} | ||
|
||
_, err = escClient.UpdateEnvironment(authCtx, orgName, envName, updatePayload) | ||
if err != nil { | ||
log.Fatalf("Failed to update environment: %v", err) | ||
} | ||
|
||
// Open and View Secrets | ||
_, values, err := escClient.OpenAndReadEnvironment(authCtx, orgName, envName) | ||
if err != nil { | ||
log.Fatalf("Failed to open environment: %v", err) | ||
} | ||
|
||
mySecret, ok := values["my_secret"] | ||
if !ok { | ||
log.Fatalf("Secret 'my_secret' not found in environment %s", envName) | ||
} | ||
|
||
log.Printf("my_secret: %v\n", mySecret) | ||
|
||
orgEnvs, err := escClient.ListEnvironments(authCtx, orgName, nil) | ||
if err != nil { | ||
log.Fatalf("Failed to list environments: %v", err) | ||
} | ||
|
||
for _, orgEnv := range orgEnvs.Environments { | ||
log.Printf("Environment: %v\n", orgEnv.Name) | ||
} | ||
|
||
} | ||
``` | ||
{{% /choosable %}} | ||
|
||
## Example Scenarios: Pulumi ESC SDK in Action | ||
|
||
Here are some real-world scenarios showcasing how you can leverage the Pulumi ESC SDK: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This whole section feels redundant. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. updated examples |
||
|
||
- **Database Credentials**: Applications can use the ESC SDK to fetch database credentials with a specified TTL, ensuring they always use valid credentials, even as the credentials are rotated in the background. This eliminates service interruptions due to expired credentials. | ||
- **Secure Serverless Deployments**: A Google Cloud Function requiring access to an AWS S3 bucket can leverage the ESC SDK to obtain temporary AWS credentials during runtime. This enables secure cross-cloud interactions without embedding long-lived AWS credentials directly within the function's code. | ||
- **Microservices Configuration**: With ESC, development teams can manage diverse configurations for their microservices, including API endpoints, retry policies, and logging levels, specific to each environment (development, staging, production). The ESC SDK allows each microservice to retrieve the correct configuration values during runtime, simplifying environment-based customizations. | ||
|
||
## Get Started Today! | ||
|
||
The Pulumi ESC SDK is available now! To learn more and start simplifying your application secrets workflow, check out the [Pulumi ESC SDK](/docs/esc/sdk/) Documentation. We're confident that this powerful new tool will streamline your development process, enhance your application security, and empower you to build innovative solutions with confidence. Join us on this journey towards a more secure and manageable future for application secrets and configurations! |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note, proper capitalization is TypeScript and JavaScript (note: Script is capitalized).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll update! Thank you!