LinuxCommandLibrary

pulumi-config

Manage Pulumi configuration values

TLDR

View current configuration in JSON format

$ pulumi config --json
copy

View configuration for a specified stack
$ pulumi config --stack [stack_name]
copy

Get the value of a configuration key
$ pulumi config get [key]
copy

Remove a configuration value
$ pulumi config rm [key]
copy

Set a value for a configuration key from a file
$ cat [path/to/file] | pulumi config set [key]
copy

Set a secret value (e.g. API key) for a configuration key and store/display as ciphertext
$ pulumi config set --secret [key] [S3cr37_value]
copy

Remove multiple configuration values from a specified configuration file
$ pulumi config --config-file [path/to/file] rm-all [key1 key2 ...]
copy

SYNOPSIS

pulumi config <subcommand> [options]

PARAMETERS

set [value]
    Sets a configuration value for the given key. If value is omitted, reads from stdin.

get
    Gets the configuration value for the given key.

rm
    Removes a configuration value for the given key.

ls
    Lists all configuration key-value pairs for the current stack.

refresh
    Refreshes the configuration from the Pulumi Cloud.

push
    Push config from CLI to Cloud

pull
    Pull config from Cloud to CLI

json
    Specifies that output should be in JSON format.

--path
    Specifies that a key is a path to a deeply nested object key.

--secret
    Indicates that the value should be stored as a secret.

--stack
    Operates on a specific stack instead of the currently selected stack.

DESCRIPTION

The `pulumi-config` command allows users to manage configuration settings for Pulumi stacks. It provides functionality to set, get, and delete configuration values directly, as well as to import and export configuration data. Configuration values are stored per stack and can be accessed during Pulumi program executions to customize resource deployments based on different environments or needs.

The command supports various data types like strings, numbers, booleans, and secrets. Secrets are encrypted before being stored in the Pulumi backend state file, ensuring sensitive information is protected. The `pulumi-config` command is essential for parameterizing infrastructure deployments managed by Pulumi, making them more flexible and reusable.

CAVEATS

Secrets must be unlocked before they can be accessed. Configuration values are specific to the current stack by default. To operate on different stack, use the --stack flag.

SECRET MANAGEMENT

Pulumi provides a robust secret management system. When a configuration value is marked as a secret, it is encrypted using a randomly generated key specific to the stack. The encryption key is then stored with the Pulumi service using a KMS or similar system. It's crucial to unlock secrets before using the configuration values in your Pulumi program.

CONFIGURATION PRECEDENCE

Pulumi configuration values have a defined precedence order. Configuration values set via `pulumi-config` override default values defined in the Pulumi program. If the same key is defined with the pulumi.yaml (stack settings) the CLI config values from `pulumi config set` take precedence.

HISTORY

The `pulumi-config` command was developed as part of the Pulumi infrastructure-as-code platform to provide a mechanism for managing environment-specific settings. It has evolved over time to support more data types, secret management, and integration with the Pulumi Cloud.

SEE ALSO

pulumi(1), pulumi-stack(1)

Copied to clipboard