Revamp Deployments OIDC documentation

content/blog/esc-kubernetes-cluster-and-app/index.md

@@ -162,7 +162,7 @@ values:
     aws:region: us-west-2
 ```
 
-Notice that this environment uses the `aws-login` ESC provider to [dynamically load short-lived credentials using OIDC](/docs/pulumi-cloud/oidc/provider/aws/).
+Notice that this environment uses the `aws-login` ESC provider to [dynamically load short-lived credentials using OIDC](/docs/esc/environments/configuring-oidc/aws/).
 These credentials are then exposed as environment variables for consumers of this environment. We also set the AWS region
 in the `pulumiConfig` section to configure the region for `pulumi` to manage resources with the `pulumi-aws` provider.
 

content/blog/esc-table-editor-provider-config-support/index.md

@@ -31,7 +31,7 @@ In our initial launch, the Table Editor allowed you to perform CRUD operations o
 
 ## Enhancing the Table Editor: Provider Configuration Support
 
-With the addition of provider configuration support in the Table view, incorporating Pulumi ESC provider capabilities into your workflow is now more straightforward. A clean, user-friendly form provides step-by-step guidance, promoting best practices like [OIDC](/docs/pulumi-cloud/oidc/) adoption and the secure handling of sensitive data. This streamlined approach reduces the need for external documentation, making the entire process more intuitive and efficient.
+With the addition of provider configuration support in the Table view, incorporating Pulumi ESC provider capabilities into your workflow is now more straightforward. A clean, user-friendly form provides step-by-step guidance, promoting best practices like [OIDC](/docs/esc/environments/configuring-oidc) adoption and the secure handling of sensitive data. This streamlined approach reduces the need for external documentation, making the entire process more intuitive and efficient.
 
 ![Table view](esc-table-editor-provider-config.png)
 

content/blog/pulumi-release-notes-103/index.md

@@ -56,7 +56,7 @@ We've upgraded the Pulumi ESC YAML editor with features aimed at simplifying the
 
 ### Pulumi ESC OIDC customization 
 
-Pulumi ESC now offers [subject customization](/docs/pulumi-cloud/oidc/provider/azure/#subject-customization) for OIDC tokens, enhancing security across AWS, GCP and Azure by aligning federated credentials with specific identifiers. By configuring the `subjectAttributes` setting, users can include specific environment, user, and organization information in the [OIDC](/docs/pulumi-cloud/oidc/) token subject claim, offering more granular control and customization for cloud resource access. This capability is especially valuable for customers using Azure, where subject claims are required to precisely match the string specified in the policy.
+Pulumi ESC now offers [subject customization](/docs/esc/environments/configuring-oidc/azure/#subject-customization) for OIDC tokens, enhancing security across AWS, GCP and Azure by aligning federated credentials with specific identifiers. By configuring the `subjectAttributes` setting, users can include specific environment, user, and organization information in the [OIDC](/docs/esc/environments/configuring-oidc) token subject claim, offering more granular control and customization for cloud resource access. This capability is especially valuable for customers using Azure, where subject claims are required to precisely match the string specified in the policy.
 
 ### Pulumi ESC Audit Logs
 

content/blog/pulumi-release-notes-99/index.md

@@ -60,7 +60,7 @@ Pulumi AI can now write Pulumi programs for all 150 cloud providers in the [Pulu
 
 ### Pulumi ESC Preview
 
-[Pulumi Environment, Secrets and Configuration (ESC)](/docs/esc/) is our answer to the growing needs of our customers to manage secret sprawl and streamline config management. Pulumi ESC allows teams to store and aggregate secrets and configuration from various sources into a composable collection called an environment. You can dynamically generate [OIDC credentials](/docs/pulumi-cloud/oidc/provider/aws/#pulumi-esc-1) from all three major cloud providers (AWS, Azure and GCP), and integrate with other [secrets managers](/docs/esc/get-started/retrieve-external-secrets/) like AWS Secrets Manager, Hashicorp Vault, Azure Vault and GCP Secret manager to pull secrets during runtime. Its hierarchical structure simplifies the composition and reuse of configurations, ensuring secure, auditable management and robust access control. With Pulumi ESC, the trend is clear: organizations are choosing its comprehensive approach for managing secrets and configurations, and they are here to stay. [Get started](/docs/esc/get-started/) with Pulumi ESC
+[Pulumi Environment, Secrets and Configuration (ESC)](/docs/esc/) is our answer to the growing needs of our customers to manage secret sprawl and streamline config management. Pulumi ESC allows teams to store and aggregate secrets and configuration from various sources into a composable collection called an environment. You can dynamically generate [OIDC credentials](/docs/esc/environments/configuring-oidc) from all three major cloud providers (AWS, Azure and GCP), and integrate with other [secrets managers](/docs/esc/get-started/retrieve-external-secrets/) like AWS Secrets Manager, Hashicorp Vault, Azure Vault and GCP Secret manager to pull secrets during runtime. Its hierarchical structure simplifies the composition and reuse of configurations, ensuring secure, auditable management and robust access control. With Pulumi ESC, the trend is clear: organizations are choosing its comprehensive approach for managing secrets and configurations, and they are here to stay. [Get started](/docs/esc/get-started/) with Pulumi ESC
 
 ![Pulumi ESC Growth](pulumi-esc-growth.png)
 

content/docs/esc/concepts/how-esc-works.md

@@ -37,7 +37,7 @@ Pulumi ESC integrates with many popular cloud login providers and secrets manage
 * [HashiCorp Vault OIDC](/docs/esc/integrations/dynamic-login-credentials/vault-login/) and [Vault Secrets](/docs/esc/integrations/dynamic-secrets/vault-secrets/)
 * [1Password](/docs/esc/integrations/dynamic-secrets/1password-secrets/), [Kubernetes](/docs/esc/integrations/kubernetes/), among others.
 
-Teams can setup [OpenID Connect integration](/docs/pulumi-cloud/oidc/) in their cloud providers to allow ESC environments to pull short-lived credentials via **OIDC** for secure, time-limited access to secrets. These credentials can then be used in both [Pulumi IaC](/docs/pulumi-cloud/esc/environments/#using-with-pulumi-iac) workflows and [external CLIs](/docs/pulumi-cloud/esc/environments/#running-third-party-commands-using-pulumi-esc-secrets-and-config) like `aws`, `kubectl`, etc.
+Teams can setup [OpenID Connect integration](/docs/esc/environments/configuring-oidc/) in their cloud providers to allow ESC environments to pull short-lived credentials via **OIDC** for secure, time-limited access to secrets. These credentials can then be used in both [Pulumi IaC](/docs/pulumi-cloud/esc/environments/#using-with-pulumi-iac) workflows and [external CLIs](/docs/pulumi-cloud/esc/environments/#running-third-party-commands-using-pulumi-esc-secrets-and-config) like `aws`, `kubectl`, etc.
 
 ## The ESC data model
 

content/docs/esc/environments/configuring-oidc/gcp.md

@@ -38,7 +38,7 @@ Please note that this guide provides step-by-step instructions based on the offi
 
 ## Configure a Service Account
 
-Once you have created your workload identity pool and provider, you will be directed to the pool details page. If you already have an appropriate service account created, skip ahead to the steps found in the [Grant access to the service account](/docs/pulumi-cloud/oidc/provider/gcp/#grant-access-to-the-service-account) section. Otherwise, continue through the steps below to create a new one.
+Once you have created your workload identity pool and provider, you will be directed to the pool details page. If you already have an appropriate service account created, skip ahead to the steps found in the [Grant access to the service account](#grant-access-to-the-service-account) section. Otherwise, continue through the steps below to create a new one.
 
 ### Create a new service account
 

content/docs/esc/get-started/begin.md

@@ -80,11 +80,11 @@ Logged in to https://api.pulumi.com/ as your-pulumi-org (https://app.pulumi.com/
 
 ### [Optional] Configure OpenID Connect (OIDC)
 
-Pulumi supports [OpenID Connect (OIDC) integration](/docs/pulumi-cloud/oidc/) across various services including Pulumi ESC. OIDC enables secure interactions between Pulumi and cloud providers by leveraging signed, short-lived tokens issued by the Pulumi Cloud. Use one of the following guides below to configure OIDC between Pulumi ESC and your chosen cloud provider:
+Pulumi supports [OpenID Connect (OIDC) integration](/docs/esc/environments/configuring-oidc) across various services including Pulumi ESC. OIDC enables secure interactions between Pulumi and cloud providers by leveraging signed, short-lived tokens issued by the Pulumi Cloud. Use one of the following guides below to configure OIDC between Pulumi ESC and your chosen cloud provider:
 
-- [OIDC Configuration for AWS](/docs/pulumi-cloud/oidc/provider/aws/)
-- [OIDC Configuration for Azure](/docs/pulumi-cloud/oidc/provider/azure/)
-- [OIDC Configuration for Google Cloud](/docs/pulumi-cloud/oidc/provider/gcp/)
+- [OIDC Configuration for AWS](/docs/esc/environments/configuring-oidc/aws/)
+- [OIDC Configuration for Azure](/docs/esc/environments/configuring-oidc/azure/)
+- [OIDC Configuration for Google Cloud](/docs/esc/environments/configuring-oidc/gcp/)
 
 This is an optional step that is not required to get started with Pulumi ESC. There are some steps in this series that will require OIDC configuration to complete, but that will be indicated on the relevant pages.
 

content/docs/esc/get-started/retrieve-external-secrets.md

@@ -127,7 +127,7 @@ To retrieve secret values from Azure Key Vault, you must first:
 
 - [create an Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/quick-create-portal)
 - add a Key Vault role assignment
-  - On your Key Vault's service page, follow steps 3 - 8 in the [Azure OIDC guide](/docs/pulumi-cloud/oidc/provider/azure/#create-a-service-principal), making sure to select the "Key Vault Secrets Officer" role under the **Job functions role** tab
+  - On your Key Vault's service page, follow steps 3 - 8 in the [Azure OIDC guide](/docs/esc/environments/configuring-oidc/azure#create-a-service-principal), making sure to select the "Key Vault Secrets Officer" role under the **Job functions role** tab
 - [create an Azure Key Vault secret](https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-portal)
 
 Once that is complete, you will need to update your environment definition to add the [`azure-secrets` provider](/docs/esc/integrations/dynamic-secrets/azure-secrets/) configuration. To do this, add the following configuration to your environment definition, making sure to:

content/docs/esc/get-started/use-short-term-credentials.md

@@ -138,10 +138,10 @@ ESC dynamic credentials and the `esc run` command can be used for various scenar
 
 See the following guides to set up OIDC between Pulumi ESC and your specific cloud provider:
 
-- [Configuring OIDC for AWS](/docs/pulumi-cloud/oidc/provider/aws/)
-- [Configuring OIDC for Azure](/docs/pulumi-cloud/oidc/provider/azure/)
-- [Configuring OIDC for Google Cloud](/docs/pulumi-cloud/oidc/provider/gcp/)
-- [Configuring OIDC for Vault](/docs/pulumi-cloud/oidc/provider/vault/)
+- [Configuring OIDC for AWS](/docs/esc/environments/configuring-oidc/aws/)
+- [Configuring OIDC for Azure](/docs/esc/environments/configuring-oidc/azure/)
+- [Configuring OIDC for Google Cloud](/docs/esc/environments/configuring-oidc/gcp/)
+- [Configuring OIDC for Vault](/docs/esc/environments/configuring-oidc/vault/)
 
 In the next section, you will learn how to retrieve secret values from external sources.
 

content/docs/esc/integrations/dynamic-login-credentials/aws-login.md

@@ -35,7 +35,7 @@ values:
 
 ## Configuring OIDC
 
-To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see the [OpenID Connect integration](/docs/pulumi-cloud/oidc/provider/aws/) documentation.
+To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see the [OpenID Connect integration](/docs/esc/environments/configuring-oidc/aws/) documentation.
 
 ## Inputs
 

content/docs/esc/integrations/dynamic-secrets/_index.md

@@ -13,7 +13,7 @@ menu:
 
 Pulumi ESC providers enable you to dynamically import secrets and configuration from the provider into your environment.
 
-To learn how to set up and use each provider, follow the links below. To learn how to configure OpenID Connect (OIDC) for the providers that support it, see [OpenID Connect integration](/docs/pulumi-cloud/oidc/) in the Pulumi Cloud documentation.
+To learn how to set up and use each provider, follow the links below. To learn how to configure OpenID Connect (OIDC) for the providers that support it, see [OpenID Connect integration](/docs/esc/environments/configuring-oidc) in the Pulumi ESC documentation.
 
 | Provider                                                                           | Description                                                                                                                     |
 |------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------|

content/docs/esc/integrations/dynamic-secrets/aws-parameter-store.md

@@ -45,7 +45,7 @@ values:
 
 ## Configuring OIDC
 
-To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see the [OpenID Connect integration](/docs/pulumi-cloud/oidc/provider/aws/) documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:
+To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see the [OpenID Connect integration](/docs/esc/environments/configuring-oidc/aws/) documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:
 
 * `esc open <org>/<project>/<environment>` command of the [Pulumi ESC CLI](/docs/esc-cli/)
 * `pulumi env open <org>/<project>/<environment>` command of the [Pulumi CLI](/docs/install/)

content/docs/esc/integrations/dynamic-secrets/aws-secrets.md

@@ -68,7 +68,7 @@ values:
 
 ## Configuring OIDC
 
-To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see [Configuring OpenID Connect for AWS](/docs/pulumi-cloud/oidc/provider/aws/). Once you have completed these steps, you can validate that your configuration is working by running either of the following:
+To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see [Configuring OpenID Connect for AWS](/docs/esc/environments/configuring-oidc/aws/). Once you have completed these steps, you can validate that your configuration is working by running either of the following:
 
 * `esc open <org>/<project>/<environment>` command of the [Pulumi ESC CLI](/docs/esc-cli/)
 * `pulumi env open <org>/<project>/<environment>` command of the [Pulumi CLI](/docs/install/)

content/docs/esc/integrations/dynamic-secrets/azure-secrets.md

@@ -39,7 +39,7 @@ values:
 
 ## Configuring OIDC
 
-To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and Azure, see the [OpenID Connect integration](/docs/pulumi-cloud/oidc/provider/azure/) documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:
+To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and Azure, see the [OpenID Connect integration](/docs/esc/environments/configuring-oidc/azure/) documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:
 
 * `esc open <org>/<project>/<environment>` command of the [Pulumi ESC CLI](/docs/esc-cli/)
 * `pulumi env open <org>/<project>/<environment>` command of the [Pulumi CLI](/docs/install/)

content/docs/esc/integrations/dynamic-secrets/gcp-secrets.md

@@ -40,7 +40,7 @@ values:
 
 ## Configuring OIDC
 
-To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and Google Cloud, see the [OpenID Connect integration](/docs/pulumi-cloud/oidc/provider/gcp/) documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:
+To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and Google Cloud, see the [OpenID Connect integration](/docs/esc/environments/configuring-oidc/gcp/) documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:
 
 * `esc open <org>/<project>/<environment>` command of the [Pulumi ESC CLI](/docs/esc-cli/)
 * `pulumi env open <org>/<project>/<environment>` command of the [Pulumi CLI](/docs/install/)

content/docs/esc/integrations/rotated-secrets/_index.md

@@ -13,7 +13,7 @@ menu:
 
 Pulumi ESC Rotators are ESC functions that enable you to rotate various credentials both automatically and manually for a number of supported services. Rotated credentials are stored in your ESC Environments, allowing you to easily and securely use them from anywhere. Some of the rotators require you to deploy [Rotation Connectors](/docs/esc/environments/rotation/#rotation-connectors) in order to rotate credentials inside private networks.
 
-To learn how to set up and use each rotator, follow the links below. All rotators use [login providers](/docs/esc/integrations/dynamic-login-credentials/) for authorization, with the most secure way being OpenID Connect (OIDC) login providers. Learn more about how to configure them in [OpenID Connect](/docs/pulumi-cloud/oidc/) Pulumi Cloud documentation.
+To learn how to set up and use each rotator, follow the links below. All rotators use [login providers](/docs/esc/integrations/dynamic-login-credentials/) for authorization, with the most secure way being OpenID Connect (OIDC) login providers. Learn more about how to configure them in [OpenID Connect](/docs/esc/environments/configuring-oidc) Pulumi Cloud documentation.
 
 | Rotator                                                                  | Required connector                     | Description                                                                                                        |
 |--------------------------------------------------------------------------|----------------------------------------|--------------------------------------------------------------------------------------------------------------------|

content/docs/esc/integrations/rotated-secrets/aws-iam.md

@@ -63,7 +63,7 @@ values:
 
 ## Configuring OIDC
 
-To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see the [OpenID Connect integration](/docs/pulumi-cloud/oidc/provider/aws/) documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:
+To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see the [OpenID Connect integration](/docs/esc/environments/configuring-oidc/aws/) documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:
 
 * `esc open <org>/<project>/<environment>` command of the [Pulumi ESC CLI](/docs/esc-cli/)
 * `pulumi env open <org>/<project>/<environment>` command of the [Pulumi CLI](/docs/install/)