Pulumi and Azure DevOps

Automating Infrastructure the Smart Way

If you work with cloud infrastructure, you’ve probably heard about Pulumi and Azure DevOps. When used together, these tools can transform how you build, manage, and deploy infrastructure. In this article, we’ll explain what they are and how they complement each other.

What is Pulumi?

Pulumi is an Infrastructure as Code (IaC) platform. Instead of configuring servers or networks manually, you can define them using programming languages such as TypeScript, Python, C#, or Go. Once the code is written, Pulumi provisions and manages the resources in the cloud on Azure, AWS, or GCP.

Some key advantages:

Developers use real programming languages, not just templates.
Infrastructure benefits from modern coding practices like testing and automation.
Teams reuse existing skills to manage both applications and infrastructure.

What is Azure DevOps?

Azure DevOps is Microsoft’s suite of tools for managing the entire application lifecycle. For infrastructure management, two services stand out:

Azure Repos: A version control system for storing and managing code with history and collaboration features.
Azure Pipelines: A CI/CD tool that automates building, testing, and deploying applications and infrastructure on any platform.

By combining these services, organizations gain a streamlined and automated workflow for software and infrastructure delivery.

Why Integrate Pulumi with Azure DevOps?

Using Pulumi with Azure DevOps offers clear advantages:

CI/CD Automation: With Azure Pipelines, every change to your Pulumi code goes through a consistent validation and deployment process. As a result, errors are reduced and efficiency improves.
Infrastructure Lifecycle Management: Azure Repos versions your infrastructure code just like application code. This makes it easier to track changes, revert if needed, and collaborate with teammates.
Improved Collaboration: Azure DevOps provides a single platform that combines version control, CI/CD, and project management. Together with Pulumi, it helps development and operations teams work more effectively.

Now that we know both tools, let’s see how we can start working with them. The first thing to do is to have the Pulumi code in Azure Repos, so that it can later be used in Azure Pipelines. Once we have the code in the Azure repository, we can start creating the pipeline that will continuously deploy the infrastructure.

Prerequisites for Integration

Before setting up your pipeline, you’ll need:

Pulumi extension for Azure DevOps → Install the Pulumi Azure Pipelines Task extension.

Azure Storage → Store Pulumi state in an Azure Storage Blob to track infrastructure changes.

Azure Key Vault → Safely store and access keys or secrets needed by Pulumi.

Azure Pipelines Library → Manage configuration variables and link secrets from Key Vault.

Building the Pipeline

With everything prepared, you can create a pipeline in Azure DevOps to deploy infrastructure automatically.
Two main tasks are needed:

1. Install dependencies (optional, depending on language).

For example, if your Pulumi project is in TypeScript, use pnpm to install dependencies inside the infrastructure folder.

2. Deploy the Pulumi project (via the Pulumi task extension).

cwd → folder containing Pulumi code.
createStack → creates a stack if one doesn’t already exist.
args → include --yes to bypass confirmation, plus configuration variables stored in Azure Libraries.
azureSubscription → service connection for the deployment.
command → Pulumi command, typically up.
loginArgs → connection details for Azure Storage (where the Pulumi state is stored).
stack → name of the target stack.

Add these environment variables:

AZURE_STORAGE_ACCOUNT → storage account name.

AZURE_STORAGE_KEY → key for the storage account.

PULUMI_CONFIG_PASSPHRASE → encryption key for configuration variables.

With these steps, the pipeline can continuously deploy your Pulumi-defined infrastructure.

Wrapping up

Integrating Pulumi with Azure DevOps creates a modern and reliable way to manage infrastructure as code. With Azure Repos for version control, Azure Pipelines for automation, Azure Storage for state management, and Azure Key Vault for secret handling, you get a workflow that is both secure and efficient.

This approach speeds up deployment, reduces human error, and fosters stronger collaboration across teams. Ultimately, Pulumi and Azure DevOps make it easier to scale your infrastructure with confidence.