Pulumi Esc
Wire Pulumi ESC (environments, secrets, and configuration) into agent-driven infra workflows so configs and secrets stay out of repos.
Overview
pulumi-esc is an agent skill most often used in Build (also Ship, Operate) that helps solo builders manage secrets and environment configuration through Pulumi ESC instead of leaking values into repos or chat.
Install
npx skills add https://github.com/pulumi/agent-skills --skill pulumi-escWhat is this skill?
- Guides agents on Pulumi Environments, Secrets, and Configuration (ESC) patterns
- Keeps secrets and env-specific values out of source control
- Pairs with Pulumi IaC workflows for solo and small-team deploy pipelines
- Supports config composition across dev, staging, and production
- Fits agent-assisted infra setup without hardcoding credentials in chat
Adoption & trust: 842 installs on skills.sh; 56 GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are wiring cloud deploys but secrets and per-environment config keep ending up in git, local files, or agent transcripts.
Who is it for?
Indie builders using Pulumi who want agents to reference ESC for secrets and env config during stack and integration work.
Skip if: Teams with no Pulumi footprint who only need a generic `.env` template or a non-Pulumi secrets manager with no ESC adoption planned.
When should I use this skill?
When designing or debugging Pulumi projects that should source secrets and environment values from Pulumi ESC.
What do I get? / Deliverables
Your agent follows ESC-oriented setup so environments and secrets resolve through Pulumi’s configuration layer before you ship or rotate credentials in production.
- ESC-oriented config and secret references in Pulumi code or docs
- Step-by-step agent guidance for environment separation without committed secrets
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
ESC is primarily adopted while integrating cloud stacks and app config during product build. Secrets and environment resolution are integration concerns between code, CI, and cloud providers.
Where it fits
Configure ESC environments while the agent scaffolds a Pulumi stack for your API.
Point CI at ESC-resolved secrets before first production deploy.
Rotate or add secrets in ESC when a third-party API key changes.
How it compares
Use as a Pulumi ESC-focused integration skill, not as a substitute for full Terraform/Pulumi stack authoring or generic secret-scanning checkers.
Common Questions / FAQ
Who is pulumi-esc for?
Solo and indie developers (and small teams) who deploy with Pulumi and want coding agents to handle environments and secrets via ESC correctly.
When should I use pulumi-esc?
During build when connecting apps to cloud config, at ship when prepping production secrets for CI, and at operate when updating or rotating ESC-backed values.
Is pulumi-esc safe to install?
Review the Security Audits panel on this Prism page and treat any skill that touches secrets as high-trust; never paste production credentials into agent sessions.
SKILL.md
READMESKILL.md - Pulumi Esc
# pulumi-esc Installs: 839 Source: pulumi/agent-skills { "id": "pulumi/agent-skills/pulumi-esc", "url": "https://www.skills.sh/pulumi/agent-skills/pulumi-esc", "name": "pulumi-esc", "slug": "pulumi-esc", "source": "pulumi/agent-skills", "installs": 839, "installUrl": "https://github.com/pulumi/agent-skills", "sourceType": "github" }