Your CI pipeline is humming along until someone pushes a new infrastructure update. Suddenly, your Terraform state is outdated, secrets are mismatched, and no one remembers which account has the right access. That’s when JetBrains Space Pulumi enters the chat.
JetBrains Space is the all‑in‑one platform for code, automation, and collaboration. Pulumi is the infrastructure as code engine that treats your cloud like a well‑typed program. Pair them, and you get secure, versioned infrastructure updates that run directly from your dev workflow instead of a mystery box in the corner.
The integration is simple in concept but powerful in effect. JetBrains Space runs Pulumi commands inside automation jobs tied to your repository. The Space project token handles authentication with APIs, while Pulumi manages cloud and state backends. Each pipeline run is reproducible, traceable, and under policy control. Forget manually exporting credentials or running local builds that “should work.” Infrastructure updates live where your code review already happens.
When connecting JetBrains Space and Pulumi, think through three layers of trust. First, identity. Use Space service accounts mapped to OIDC providers like Okta or AWS IAM rather than static keys. Second, permissions. Align Space project roles with Pulumi stacks so developers can preview infrastructure without full deploy rights. Third, automation. Trigger Pulumi updates only after review, package build, and security checks. Your IaC becomes part of the same audit trail as your application code.
A few best practices keep everything healthy:
- Rotate tokens often, or better yet, eliminate them using OIDC federation.
- Centralize stack secrets in Pulumi’s backend, not in Space job variables.
- Keep configuration files versioned so every change is diffable and repeatable.
- Use Space’s built‑in environments for preview runs to validate before merge.
The benefits show up fast.
- Faster onboarding through unified credentials
- Predictable deployment flows with traceable logs
- Cleaner security posture with limited human access
- Reduced context switching during reviews
- Fewer “works on my machine” excuses
Developers love this setup because it shortens the gap between commit and cloud. Less waiting for approval queues. No more juggling infrastructure repos in parallel. Just code, review, and push. Pulumi updates follow automatically, and Space keeps the conversation around every change right where it belongs.
Platforms like hoop.dev take this a step further. They can layer identity‑aware policies over your build and deploy systems, enforcing permissions dynamically. Instead of hoping engineers use the right role, hoop.dev turns those access rules into guardrails you never have to think about again.
How do I connect JetBrains Space with Pulumi?
Use Space Automation jobs to run Pulumi CLI tasks. Authenticate through OIDC or temporary tokens, reference your stack settings, and store the state remotely. Once configured, deployments become another automated step in your pipeline—fully repeatable and version‑controlled.
Modern infrastructure isn’t just about clean YAML. It’s about giving developers a fast, safe feedback loop. JetBrains Space and Pulumi deliver exactly that—a feedback loop you can trust.
See an Environment Agnostic Identity-Aware Proxy in action with hoop.dev. Deploy it, connect your identity provider, and watch it protect your endpoints everywhere—live in minutes.