Provider for Pulumi short-lived access tokens

[automagic]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

With the upcoming support of short-lived Pulumi access tokens, an ESC provider could be used to generate these tokens for use with Pulumi stacks, command shell environments, applications, automation, CI/CD pipelines, etc. An example use-case could be pulumi privilege escalation or de-escalation controlled by ESC and Team RBAC.

Example:

values:
  pulumi:
      fn::open::pulumi-access-token:
          type: team
          team: foo
          duration: 1h
  environmentVariables:
     PULUMI_ACCESS_TOKEN: ${pulumi.accessToken}

Affected area/feature

ESC Providers

[cleverguy25]

This is a really interesting idea, we will discuss it in the team for a future provider.