It addresses the challenges of handling secrets and configuration at scale across various cloud environments. Pulumi ESC allows teams to gather secrets and configurations from multiple sources, and organize them into hierarchical collections called “environments.”

It then utilizes them across different infrastructure and application services. It can be used alongside Pulumi IaC for streamlined configuration management or independently to manage secrets and configuration for any project.

Pulumi ESC tackles common configuration and secrets management challenges with several key design principles by allowing users to define environments that contain secrets and configurations, offering integrations with secrets stored in various providers like AWS Secrets Manager, Vault, Azure OIDC, consume from anywhere capabilities, and much more. 

Pulumi ESC is available today in preview via the new esc CLI, as part of Pulumi Cloud, via the Pulumi Cloud REST API, and has direct integration with Pulumi IaC stack configuration and new pulumi env commands.

It also supports dynamically pulling secrets and configuration from other sources of truth, including AWS OIDC, AWS Secrets Manager, Azure OIDC, Azure KeyVault, Google Cloud OIDC, Google Secrets Manager, HashiCorp Vault, and Pulumi IaC Stack References – with many more sources like 1Password coming soon.

The creators of Pulumi ESC aim to add application-level SDKs, the ability to sync configuration to external systems, a dynamic configuration provider ecosystem, and versioning requirements in the coming months, according to this blog post.

The post Pulumi releases secrets management solution appeared first on SD Times.

The new offering leverages Pulumi’s existing IaC platform and adds extensible building blocks to allow users to build their own cloud infrastructure. This allows them to build platforms that include features like drift detection, multi-stage orchestration, and code review environments. 

It includes its own REST API to provide developers with programmatic access to the service so that they can interact with server-side deployments.

Applications that use Pulumi’s Automation API will be able to offload their infrastructure as code execution to the managed services. 

Other out-of-the-box capabilities enabled by the Automation API include Git Push to Deploy, which lets users connect to and deploy from a Git repository, and Click to Deploy, which facilitates the initiation of deployment actions such as updates, destroys, and drift detection from the Pulumi Service UI. 

“Software developers are always looking for new ways to increase velocity while following best practices,” said Martin Woodward, VP of DevRel at GitHub. “Pulumi Deployments enable teams to take their code to the cloud faster by applying familiar Git-based workflows to their infrastructure code.”

Pulumi Deployments also enables developers to select architecture templates for common cloud architectures across technologies like AWS, Microsoft Azure, Google Cloud, and Kubernetes. These templates will include best practices and will enable faster deployment at launch. 

 “The new innovations announced today take infrastructure as code automation to the next level,” said Joe Duffy, founder and CEO of Pulumi. “We’ve followed the standard Pulumi approach of shipping great out-of-the-box experiences, layered atop a foundation of highly-programmable API building blocks, to unlock limitless innovation for our community of builders. Doing more with less is on everybody’s minds lately, and though we’ve already achieved an order of magnitude increase in productivity for cloud infrastructure tasks, we are still just getting started. We can’t wait to see what our community and customers build with Pulumi Deployments.”

The post Pulumi Deployments launches to make it easier for devs to build cloud infrastructure appeared first on SD Times.

Enter infrastructure as code (IaC), touched off by the launch of public cloud services, which allowed developers to easily consume them just when they needed them. But if you had to submit a request to engage with those services, and wait for a reply, public cloud services never would have succeeded, according to Naveen Chhabra, analyst at Forrester.

So, why infrastructure as code? Why not infrastructure as infrastructure? Chhabra said, “The primary persona using those called cloud services were the application developers, and the application developers know how to code.” So, he said, this became the go-to mechanism to get storage, unit computing, a new database or containers, whereby these services could be consumed in a codified manner.

But this is not confined to the public cloud. VMware, for instance, offers a provider, which Chhabra said is an abstraction layer of an infrastructure component. “Call an API, or call that provider, and I will give you the resources,” he explained.

Growing infrastructure complexity

When cloud services first emerged, developers were able to easily set up testing and staging environments before an application was deployed. Today, organizations are dealing with hybrid and multi-cloud environments, as well as Kubernetes architectures, service meshes and serverless applications, to name but a few. According to Aaron Kao, vice president of marketing at universal IaC platform provider Pulumi, a typical application today has something like 400 different services in it. Yet many of the current IaC tools are either markup languages or DSLs (domain specific languages).

“What’s happening with these older IaC tools that are based on DSLs, they start having to add a lot of features into that DSL, and someone recently told me, it’s like DSLs are just like poor facsimiles of … real programming languages, because there’s leaky abstractions, and there’s increasing complexities that you’re trying to address that you keep having to shoehorn things into it,” Kao said.

Because of this complexity, organizations find themselves in a struggle with their competitors to hire full-stack developers, knowledgeable in application development and what’s needed on the back end to deploy those applications. But because the price tag for these developers is high, organizations might not want them struggling to create infrastructure, or letting them create IaC without guard rails. Ronak Rahman, developer relations manager at infrastructure provider Quali, said, “Who creates those guard rails? And they need things that are watching for security. Is it my developer’s problem that the Docker file or the container that I’m building … has a security flaw in it? You see companies trying to [add guardrails] with their TerraForm scripts so that developers don’t have to care about that; they can just provision their software.”

Keep productivity high

To keep developers productive, Kao said, “It’s really about streamlining. Instead of having multiple tool sets to do infrastructure and do application development, you can use one.. And instead of, let’s say you have a separate IaC system, you know, like, well, there’s a lot of tooling that needs to go get built with that.” So, IaC providers such as Pulumi are seeing the need to integrate with the tools and programming languages where developers live.

One thing related to developer productivity is infrastructure and application drift, according to Roxana Ciobanu, CTO and co-founder at Bunnyshell, an environment-as-a-service platform. “It is inevitable for issues to appear in development when engineers work in environments with out-of-sync infrastructures and old application versions,” she said. “Drift detection is one half of the solution, and automatic remediation is the other half, and that’s where we see a lot of challenges.” To properly solve code drift, she said, any change should automatically be detected, corrected or merged into all existing development, stage or production environments.”

Has DevOps marginalized IT?

There always has been territorial behavior when it comes to IT. Developers write code, operations engineers set up policies and governance that make sure infrastructure is used in a way that doesn’t hurt the organization. 

According to Forrester’s Chhabra, the infrastructure owners’ involvement arises out of the governance needs. “We have seen examples of again, these are not the only reasons, but we’ve seen examples of excessive cloud spend. So can I bring in a governance layer, which says, ‘Hey, you get the infrastructure, type of infrastructure, size of infrastructure, duration of infrastructure, what you actually need, and you don’t leave it overnight unattended, running, you know, without us.’ So can I put that time bound? A time foundation to how long? What, where, and when can you actually use the resources? So that’s the foundation of where these governance requirements are coming from.”

Rahman sees it less as developers taking something from IT and more as operations engineers not keeping their skills up to date. 

That phenomenon, though, is not limited to the technology industry. In journalism, for example, older print editors can be resentful of the shift in newspapers toward multimedia presentations and younger reporters coming in with video and social media skills. In technology, another good example is mainframe programmers who were facile with COBOL but didn’t keep up as client/server and new languages emerged for more modern software development. 

“I think the marginalization is a symptom of, you know, this whole lack of trust and … I think the solution there is just update your skills for the digitization,” Rahman said. “You know, you’re not racking and stacking servers anymore, and hopefully, you’re not going in a cold room and you know, organizing your wires. So, you know, we need new skills to get us to live our art and live our best life.”

Part of the problem, Rahman noted, is that historically, developers and IT have had different goals. Developers want to innovate on new products and features; IT wants to ensure systems stay up and running, comply with regulations such as HIPAA and Sarbanes-Oxley, and keep costs under control.

“I see developers more as creative artists deep in their art,” Rahman said.  “And IT and centralized DevOps represent the business interests, you know, they’re in a whole different org structure, and they’re in charge with making sure guardrails exist, governance exists. I’m not answering to the product team on products coming out of the pipeline faster. So there are two different concerns. There’s the business concerns with absolutely legitimate governance, costs and security. And then there’s the developer’s interest, which is a minus of interest. ‘I don’t want to care about infrastructure. You know, that’s cool that you gave me tools, but I’m just gonna learn how good enough to do what I want to do, which is bang out awesome features.'”

Governance is critical

Traditional IT involvement in infrastructure arises out of the need for governance. One area that’s particularly important to the business is security. Forrester’s Chhabra explained: “Because of security concerns, I don’t want to be running across all public cloud providers or all infrastructure vendors, and find that now as an organization, I’m responsible for patching and managing vulnerabilities. What if I can reduce my attack surface? And that can happen with standardization. Another reason is geolocation. Whether it’s because of the data sovereignty requirements, or because of geopolitical reasons, for a specific project, let’s say, a major oil and gas company wants to run a project in Australia. What is mandated by Australia, that you must be running all those applications and IT resources within Australia. So what do I do? I cannot, as a business leader, allow my application owners to even by mistake, run that in AWS East. So there are different forces that are putting this demand on how the resources where, when and what resources are being consumed, whether it is because of cost reason, geopolitical, or educational and, you know, sovereignty requirements.”

Developers are creating the infrastructure provisioning they need with code, but IT still needs to be the gateway for them to access that infrastructure. Chhabra said, “Developers can’t be expected to understand all the latest happenings in governance. So you still need to have that kind of intermediary IT person, you know, giving them the keys, only at a certain time and at a certain place, and only for a length of time.”

IaC gives you speed; governance gives you the window and the control mechanism. This, Chhabra said, “ensures that there are no speed bumps in how quickly can you go from where you are to where you want to be.”

The post Infrastructure as Code: Keeping developers productive, keeping organizations safe appeared first on SD Times.

“To support developers working on high-res displays, we have given XMLSpy and UModel an extensive UI revamp,” said Alexander Falk, CEO and president of Altova. “These UIs are now beautifully sharp on high-PPI screens of all sizes, as they now take full advantage of the higher resolution to render all graphics with a lot more precision and detail. This is especially clear when taking advantage of the graphical views for working with XML Schema, WSDL documents, and UML diagrams.”

European Commission approves Microsoft’s acquisition of GitHub
The European Commission has officially approved Microsoft’s acquisition of GitHub. According to a press release, the Commission has concluded that competition in relevant markets will still continue after the acquisition and that Microsoft has “no incentive to undermine the open nature of GitHub’s platform.”

Linux 4.19 is now available
Linux 4.19 has been released, and is the largest release of the last three releases. According to an email sent by major Linux kernel developer Greg Kroah-Hartman, this release will be a “Long Term” kernel that will be maintained for a few years.

This also marks the first release since Linus Torvalds announced he was taking a break from Linux. Kroah-Hartman emphasized the importance of the community not fighting with itself, and encouraged all Linux developers to “take a day or two off, rest, relax with friends by sharing a meal, recharge, and then get back to work, to help continue to create a system that the world has never seen the likes of, together.” Torvalds is expected to take back over after this release Kroah-Hartman wrote, “Linus, I’m handing the kernel tree back to you.”

Pulumi receives $15 million in Series A funding
Pulumi has received $15 million in Series A funding and has announced the release of its SaaS offering. The new funding will help the company accelerate growth and adoption of its cloud-native development platform.

The funding was led by Madrona Venture Group, with participation from Tola Capital. Sheila Gulati, managing director of Tola Capital will join Pulumi’s board of directors, along with S. Somasegar, managing director of Madrona Venture Group.

The post SD Times news digest: Altova Version 2019, European Commission approves Microsoft’s GitHub acquisition, and Linux 4.19 appeared first on SD Times.