pulumi-login

Log in to the managed Pulumi Cloud backend, defaults to app.pulumi.cloud

$ pulumi login

$ pulumi login [url]

$ pulumi login [[-l|--local]]

pulumi login [url] [flags]

url
    The URL of the Pulumi Cloud, a self-hosted Pulumi service, or a local filesystem path. If omitted, it defaults to the Pulumi Cloud (https://api.pulumi.com).

--cloud-url <url>
    Specifies a URL to log in to a particular Pulumi Cloud instance or self-hosted Pulumi service. This flag is an alternative to providing the URL as a positional argument.

--cloud-url-insecure
    Disables SSL certificate validation when logging into the Pulumi Cloud or a self-hosted Pulumi service. Use with extreme caution, as it makes your connection vulnerable to man-in-the-middle attacks.

--local-state <path>
    Designates a local directory path to use for storing Pulumi state files. This flag allows state to be managed entirely on your local machine without a remote backend.

--login-secrets-provider <string>
    Defines the type of secrets provider to use for encrypting and decrypting secrets. Supported values include 'default', 'aws', 'azure', 'gcp', 'hashicorp', or 'passphrase'. Defaults to 'default'.

--non-interactive
    Suppresses interactive prompting during the login process, useful for automation scripts and CI/CD environments. Requires a --token for authentication when used with remote backends.

--organization <string>
    Specifies the Pulumi organization to log into. This is relevant for managing access and resources within a specific organizational context in the Pulumi Cloud.

--save-url
    Persists the provided URL as the default backend for all future Pulumi commands, eliminating the need to specify it repeatedly.

--token <string>
    Provides a Pulumi access token for authentication, primarily used in non-interactive scenarios or for logging in with specific credentials without a browser prompt.

--team <string>
    Specifies the team within an organization to log into. This helps scope access and operations to specific teams.

The pulumi login command establishes a connection between your Pulumi CLI and a specified backend service. This backend is crucial for storing your Pulumi program's state, managing secrets, and enabling collaboration on infrastructure projects. It supports logging into the official Pulumi Cloud (the default if no URL is specified), a self-hosted Pulumi service, or even a local filesystem path for state management.

Upon successful login, the CLI is configured to use the specified backend for all subsequent Pulumi commands, such as pulumi up, pulumi destroy, and pulumi stack. This command handles the authentication process, which might involve interactive browser-based authentication for the Pulumi Cloud or using an access token for automated environments.

The --service-url flag is deprecated; use --cloud-url instead. Using --cloud-url-insecure is a significant security risk and should be avoided in production environments.

For non-interactive use (e.g., in CI/CD pipelines), an access token (via --token) is typically required, as browser-based authentication is not possible.

By default, if no URL is provided, pulumi login attempts to authenticate with the Pulumi Cloud at https://api.pulumi.com. If you're not already logged in, it will typically open a browser window to guide you through the authentication flow.

Upon successful login, your Pulumi credentials (including the access token for the active backend) are securely stored in your home directory, typically at ~/.pulumi/credentials.json on Linux systems. This file is protected with appropriate file permissions to safeguard your sensitive information.

The pulumi login command has been a fundamental part of the Pulumi CLI since its public release around 2018. As Pulumi gained traction for Infrastructure as Code, the ability to seamlessly connect to various state backends, especially the Pulumi Cloud, became central to its design. The command has evolved to support different authentication methods and backend types, reflecting the growing needs for secure and flexible state management in cloud environments.

pulumi(1), pulumi logout(1), pulumi stack(1), pulumi up(1)