Pulumi
Provision and manage Prisma Postgres with Pulumi using the Prisma Terraform provider bridge.
Use Pulumi with the Prisma Postgres Terraform provider through the Pulumi Terraform bridge.
This is the currently supported path for managing Prisma Postgres from Pulumi.
Conceptual model
Pulumi lets you define infrastructure with a general-purpose language, but still deploys declaratively:
- You write resource code in TypeScript.
- Pulumi builds a dependency graph and previews changes (
pulumi preview/pulumi up). - Stack state tracks what exists, including secret outputs.
In this guide, Pulumi consumes the Prisma Terraform provider through a generated SDK, so you get typed resources while reusing the same provider capabilities.
When to use Pulumi
Pulumi is a strong fit when:
- You want infrastructure and application code in the same language.
- You prefer typed APIs and IDE support over HCL.
- You already use Pulumi stacks for environment management.
Prerequisites
- Pulumi CLI
- A Pulumi TypeScript project (create one with
pulumi new typescript) - A Prisma service token (see Management API authentication docs)
1. Optional: use Bun for dependency installs
If you want Pulumi to use Bun in this project, set this in Pulumi.yaml:
runtime:
name: nodejs
options:
packagemanager: bun2. Add the Prisma Postgres provider package
From your Pulumi project directory, run:
pulumi package add terraform-provider registry.terraform.io/prisma/prisma-postgres 0.2.0This command:
- Generates a local SDK in
sdks/prisma-postgres - Adds
packages.prisma-postgresmetadata toPulumi.yaml - Adds
@pulumi/prisma-postgrestopackage.jsonas a local file dependency
Alternative: local provider binary
If you are developing the provider locally, you can also add it from a local binary path:
pulumi package add terraform-provider /absolute/path/to/terraform-provider-prisma-postgresFor most users, the registry form in step 2 is the recommended approach.
3. Configure authentication
Use one of these methods:
Option A: environment variable
export PRISMA_SERVICE_TOKEN="prsc_your_token_here"Option B: Pulumi config secret
pulumi config set prisma-postgres:serviceToken "prsc_your_token_here" --secret4. Define resources in index.ts
import * as pulumi from "@pulumi/pulumi";
import * as prismaPostgres from "@pulumi/prisma-postgres";
const project = new prismaPostgres.Project("project", {
name: "my-app",
});
const database = new prismaPostgres.Database("database", {
projectId: project.id,
name: "production",
region: "us-east-1",
});
const connection = new prismaPostgres.Connection("connection", {
databaseId: database.id,
name: "api-key",
});
const availableRegions = prismaPostgres.getRegionsOutput().regions.apply((regions) =>
regions.filter((r) => r.status === "available").map((r) => `${r.id} (${r.name})`)
);
export const projectId = project.id;
export const databaseId = database.id;
export const connectionString = pulumi.secret(connection.connectionString);
export const directUrl = pulumi.secret(database.directUrl);
export const regions = availableRegions;5. Deploy
pulumi upTo read secret outputs:
pulumi stack output connectionString --show-secrets
pulumi stack output directUrl --show-secrets6. Clean up
pulumi destroyProduction notes
- Store Pulumi state in a managed backend (Pulumi Cloud, S3-compatible backend, etc.).
- Keep service tokens in Pulumi secrets/config or your secret manager, never in source files.
- The generated SDK is a local dependency (
file:sdks/prisma-postgres), so keep it available in CI/CD. - Pin the Terraform provider version in
pulumi package addfor reproducible deployments.
Common troubleshooting
Package add failed
Confirm you're running the command inside a Pulumi project directory containing Pulumi.yaml.
Missing credentials
If provider auth fails, verify either PRISMA_SERVICE_TOKEN is set or prisma-postgres:serviceToken is configured for the current stack.
SDK not found in CI
If CI cannot resolve @pulumi/prisma-postgres, make sure sdks/prisma-postgres exists in the workspace or rerun pulumi package add during CI setup.