I've been exploring Pulumi ESC since its GA release last month. Here are my quick thoughts:
- ESC is nice for centralizing configuration and secrets with environments that can inherit from each other
- I like how ESC can get secrets from other stores like Azure Key Vault or 1Password, it's more than just a vault. Unfortunately, some sources like Bitwarden are not yet supported
- Setup OpenID Connect can be challenging, but once done it makes retrieving short cloud access tokens from ESC very easy
- ESC has interesting integrations with other tools (like Direnv of Terraform). I've only used the Pulumi IaC integration which is very handy
- ESC is not completely open source (it seems only some parts like the CLI are) so you can't self-host it unless you pay a license . That could prevent some people or companies from using it
- The vscode extension is fairly basic but very nice to modify the environments
- I didn't check the audit logs, but I'm sure that having environments that are auditable and versioned can be valuable for some companies
In the end, I liked it, even though it's still a young product. What are your impressions?
Do you know of any other similar tools?
