Jun 7, 2024 4 min read

Pulumi Glossary

Explore essential terms and definitions in the comprehensive Pulumi Glossary focusing on cloud infrastructure, deployment, and automation.

Pulumi Glossary
Pulumi Glossary
Table of Contents


Embark on a journey through the intricate domain of infrastructure as code (IaC) with Pulumi.

Terms and concepts can be puzzling, but fear not! Discover our Pulumi Glossary, offering clear explanations on cloud infrastructure, deployment, and automated processes. Elevate your Pulumi understanding effortlessly and expand your expertise in modern cloud architecture.

Pulumi Terms


API: Pulumi provides a comprehensive suite of Application Programming Interfaces (APIs) that cater to a broad range of cloud platforms, in addition to offering higher-level APIs designed to simplify the process of developing and deploying cloud-based applications and infrastructure.


Checkpoint: Pulumi captures checkpoints at multiple stages to ensure reliable operation, whether it involves comparing the desired state with the current state during updates, recovering from failures, or accurately removing resources for proper cleanup post-operation.

CLI: Pulumi's Command-Line Interface (CLI) is an open-source tool that seamlessly integrates with the Pulumi Cloud, enabling users to deploy updates to their cloud-based applications and infrastructure with ease.

Component: A Pulumi component is a cohesive collection of resources that encompasses both other components and tangible cloud resources.

Config: Configuration values are consistently stored as strings but can be interpreted as values with specific data types. These values can be managed by setting and retrieving them through the CLI or by utilizing the Config object.


Deployment Engine: Pulumi's deployment engine is tasked with determining the necessary operations to transform the current state of your infrastructure into the desired state defined by your program.

Dynamic Providers: Dynamic Providers offer a flexible and low-level approach to directly integrate custom code into Pulumi's deployment process. This feature is currently in preview.


IdP: IdP is short for Identity Provider. An Identity Provider using Security Assertion Markup Language (SAML) serves as a user directory.

IdP Metadata XML: IdP Metadata XML refers to the XML configuration file supplied by your Security Assertion Markup Language (SAML) Identity Provider. This document includes public details about your user directory, enabling the service provider to initiate authentication requests.


Language Executor: The language executor is a binary named pulumi-language-<language-name> that Pulumi utilizes to launch the runtime for the programming language your code is written in, such as Node.js or Python. This binary is distributed alongside the Pulumi Command-Line Interface (CLI).

Language Host: The language host is tasked with executing a Pulumi program and establishing an environment where resources can be registered with the deployment engine.


Organization: Within the Pulumi Cloud, an organization serves as the main unit for grouping stacks.

Outputs: Outputs play a crucial role in Pulumi's management of dependencies among resources. As the values of Outputs are only accessible once resources are generated, they are represented using the specialized Output type.


Packages: Pulumi packages are standard NPM or Python packages that transitively depend on the @pulumi/pulumi package, which defines how resources created by a Pulumi program will be communicated to the Pulumi engine. The sole distinction between a Pulumi package and any other NPM package is the ability to register resources with the Pulumi engine.

Paths: In a Pulumi program, when you make references to resources in the local filesystem, they are consistently relative to the current working directory.

Program: Pulumi programs are written in versatile programming languages like JavaScript or Python. You have the flexibility to utilize any packages supported by the language's package manager, in addition to Pulumi packages.

Project: A Pulumi project is defined as any directory that includes a Pulumi.yaml file.

Project File: The Pulumi.yaml project file provides details about your project's metadata.

Pulumi Cloud: The Pulumi Cloud refers to the web application hosted at app.pulumi.com, which automatically manages deployment state and facilitates collaboration between developers and operators.


Resource Args: The arguments provided to a resource determine the inputs used to initialize the resource. These inputs can be either raw values or outputs from other resources.

Resource Plugin: A resource plugin is the binary utilized by the deployment engine to manage a specific resource.

Resource Provider: A Pulumi resource provider is comprised of two distinct components: a resource plugin and an SDK.

Resources: Every resource is assigned a name that must be unique within the Pulumi program.

Runtime Code: It is possible to develop libraries and components that enable the caller to provide JavaScript callbacks to be executed at runtime.


SAML: Security Assertion Markup Language (SAML) is a protocol that allows you to use a SAML 2.0-compatible identity provider to sign in to the Pulumi Cloud via single sign-on. This SAML SSO feature is exclusive to Pulumi Enterprise.

SDK: A Pulumi Software Development Kit (SDK) offers bindings for each type of resource that the corresponding provider can manage.

Secrets: The Pulumi CLI and programming model offer ways for you to encrypt configuration values with the --secret flag or by programmatically wrapping it as a secret at runtime.

Secrets Encryption: The Pulumi Cloud automatically manages encryption keys on a per-stack basis. Whenever you encrypt a value using the --secret flag or by programmatically wrapping it as a secret at runtime, a secure protocol is used between the CLI and Pulumi Cloud to ensure the confidentiality of the secret data during transit, at rest, and in any physical storage locations.

Self-hosted: The "self-hosted" option in Pulumi applies to on-premises deployments "behind a firewall", as well as environments hosted within your own AWS, Azure, or Google Cloud accounts.

SP: SP stands for Service Provider. In the context of Security Assertion Markup Language (SAML), the service provider relies on an identity provider to handle authentication.

Stack: A stack represents a standalone, individually configurable iteration of a Pulumi program. Stacks are frequently employed to signify distinct development stages (like development, staging, and production) or feature branches (such as feature-x-dev, jane-feature-x-dev).

Stack Output: A stack output is a value that is exported from a stack. The outputs of a stack can be easily accessed through the Pulumi CLI and are also displayed on the pulumi.com website.

Stack Reference: Stack references offer a method to retrieve the outputs of one stack from another stack.

Stack Tags: Stacks are accompanied by metadata in the form of tags, where each tag comprises a name and value. Stack tags are exclusively available when logged into the Pulumi Cloud backend.

State: Pulumi stores its own copy of the current state of your infrastructure. This is often called state, and is stored in transactional snapshots we call checkpoints.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to DevOps Tutorials - VegaStack.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.