Quickstart

Prerequisites

Pulumi CLI >= 3
Tenant identifier (for example acme)
Org-level API key for control-plane API access (recommended for CI/CD)

Node.js example

npm install @pulumi/pulumi @atensec/pulumi-thoth@0.1.11

import * as pulumi from "@pulumi/pulumi";
import * as thoth from "@atensec/pulumi-thoth";
 
const cfg = new pulumi.Config();
 
const provider = new thoth.Provider("thoth", {
  tenantId: cfg.require("tenantId"),
});
 
new thoth.governance.GovernanceSettings(
  "baseline",
  {
    complianceProfile: "soc2",
    shadowLow: "allow",
    shadowMedium: "step_up",
    shadowHigh: "block",
    shadowCritical: "block",
  },
  { provider }
);
 
new thoth.governance.WebhookSettings(
  "baseline-webhook",
  {
    webhookEnabled: true,
    webhookUrl: cfg.require("webhookUrl"),
    webhookSecret: cfg.requireSecret("webhookSecret"),
  },
  { provider }
);

Python example

pip install pulumi pulumi-thoth==0.1.11

import pulumi
import pulumi_thoth as thoth
 
config = pulumi.Config()
 
provider = thoth.Provider(
    "thoth",
    tenant_id=config.require("tenantId"),
)

When apiBaseUrl is omitted, the provider derives:

https://grid.<tenant_id>.<apex_domain>

adminBearerToken and adminBearerTokenFile remain available for bearer-token workflows. THOTH_API_KEY is also supported as an environment-variable auth fallback and must be org-scoped. THOTH_TENANT_ID is supported as a tenant fallback when tenantId/tenant_id is omitted.

Minimal env-only provider configuration:

const provider = new thoth.Provider("thoth", {});

Quickstart

Prerequisites

Node.js example

Python example

On this page