github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-09 07:28:09 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4836 from Infisical/daniel/agent-injector-doc-update-2

Browse Source 
docs(agent): credentials revocation
This commit is contained in:
Daniel Hougaard
2025-11-08 07:30:01 +04:00
committed by GitHub
parent 8eb8711f3b 8e939943f8
commit 216f5cc147
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/integrations/platforms/infisical-agent.mdx
View File

@@ -48,6 +48,8 @@ While specifying an authentication method is mandatory to start the agent, confi
| Field | Description |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `infisical.address` | The URL of the Infisical service. Default: `"https://app.infisical.com"`. |
| `infisical.exit-after-auth` | Whether to exit the agent after authentication and first secret render. Default: `"false"`. |
| `infisical.revoke-credentials-on-shutdown` | Whether to revoke all managed dynamic secret leases and identity access tokens on shutdown. Default: `"false"`. |
| `auth.type` | The type of authentication method used. Available options: `universal-auth`, `kubernetes`, `azure`, `gcp-id-token`, `gcp-iam`, `aws-iam` |
| `auth.config.identity-id` | The file path where the machine identity id is stored<br/><br/>This field is required when using any of the following auth types: `kubernetes`, `azure`, `gcp-id-token`, `gcp-iam`, or `aws-iam`. |
| `auth.config.service-account-token` | Path to the Kubernetes service account token to use (optional)<br/><br/>Default: `/var/run/secrets/kubernetes.io/serviceaccount/token` |
@@ -58,7 +60,7 @@ While specifying an authentication method is mandatory to start the agent, confi
| `sinks[].type` | The type of sink in a list of sinks. Each item specifies a sink type. Currently, only `"file"` type is available. |
| `sinks[].config.path` | The file path where the access token should be stored for each sink in the list. |
| `templates[].source-path` | The path to the template file that should be used to render secrets. |
| `templates[].template-content` | The inline secret template to be used for rendering the secrets. |
| `templates[].template-content` | The inline secret template to be used for rendering the secrets. |
| `templates[].destination-path` | The path where the rendered secrets from the source template will be saved to. |
| `templates[].config.polling-interval` | How frequently to check for secret changes. Default: `5 minutes` (optional) |
| `templates[].config.execute.command` | The command to execute when secret change is detected (optional) |

11
docs/integrations/platforms/kubernetes-injector.mdx
View File

@@ -145,6 +145,17 @@ The entire config needs to be of string format and needs to be assigned to the `
The address of your Infisical instance. This field is optional and will default to `https://app.infisical.com` if not provided.
</Accordion>
<Accordion title="infisical.revoke-credentials-on-shutdown">
Whether to revoke all managed dynamic secret leases and identity access tokens on shutdown. Default: `"false"`.
If this is set to `true`, all managed dynamic secret leases and identity access tokens will be revoked when a `SIGTERM` signal is sent to the agents container _(such as when a pod is terminated or when the pod is restarted)_.
**Note:** In disaster events such as cluster power outages, a `SIGTERM` signal won't be sent to the agents container, and the credentials will not be revoked.
<Note>
Note that this is currently unsupported on Windows-based pods, and will only work when injecting into Linux-based pods.
</Note>
</Accordion>
<Accordion title="infisical.auth.type">
The authentication type to use to connect to Infisical. Currently only the `kubernetes` authentication type is supported.
You can refer to our [Kubernetes Auth](/documentation/platform/identities/kubernetes-auth) documentation for more information on how to create a machine identity for Kubernetes Auth.