From 25d3fb6a8c6cb4053b73073d0a81807d3f68f5e5 Mon Sep 17 00:00:00 2001 From: Scott Wilson Date: Mon, 14 Apr 2025 13:22:25 -0700 Subject: [PATCH] improvements: address feedback --- .../cloud/aws-parameter-store.mdx | 197 +------------ .../integrations/cloud/aws-secret-manager.mdx | 269 +----------------- .../cloud/azure-app-configuration.mdx | 110 +------ docs/integrations/cloud/azure-key-vault.mdx | 79 +---- docs/integrations/cloud/databricks.mdx | 35 +-- .../integrations/cloud/gcp-secret-manager.mdx | 138 +-------- docs/integrations/cloud/terraform-cloud.mdx | 35 +-- docs/integrations/cloud/vercel.mdx | 78 +---- .../IntegrationsListPage.tsx | 4 +- 9 files changed, 10 insertions(+), 935 deletions(-) diff --git a/docs/integrations/cloud/aws-parameter-store.mdx b/docs/integrations/cloud/aws-parameter-store.mdx index 0d582d360d..d2bb36a0b8 100644 --- a/docs/integrations/cloud/aws-parameter-store.mdx +++ b/docs/integrations/cloud/aws-parameter-store.mdx @@ -5,199 +5,4 @@ description: "Learn how to sync secrets from Infisical to AWS Parameter Store." The AWS Parameter Store Native Integration will be deprecated in 2026. Please migrate to our new [AWS Parameter Store Sync](../secret-syncs/aws-parameter-store). - - - - - Infisical will assume the provided role in your AWS account securely, without the need to share any credentials. - - Prerequisites: - - - Set up and add envars to [Infisical Cloud](https://app.infisical.com) - - - To connect your Infisical instance with AWS, you need to set up an AWS IAM User account that can assume the AWS IAM Role for the integration. - - If your instance is deployed on AWS, the aws-sdk will automatically retrieve the credentials. Ensure that you assign the provided permission policy to your deployed instance, such as ECS or EC2. - - The following steps are for instances not deployed on AWS - - - Navigate to [Create IAM User](https://console.aws.amazon.com/iamv2/home#/users/create) in your AWS Console. - - - Attach the following inline permission policy to the IAM User to allow it to assume any IAM Roles: - ```json - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowAssumeAnyRole", - "Effect": "Allow", - "Action": "sts:AssumeRole", - "Resource": "arn:aws:iam::*:role/*" - } - ] - } - ``` - - - Obtain the AWS access key ID and secret access key for your IAM User by navigating to IAM > Users > [Your User] > Security credentials > Access keys. - - ![Access Key Step 1](../../images/integrations/aws/integrations-aws-access-key-1.png) - ![Access Key Step 2](../../images/integrations/aws/integrations-aws-access-key-2.png) - ![Access Key Step 3](../../images/integrations/aws/integrations-aws-access-key-3.png) - - - 1. Set the access key as **CLIENT_ID_AWS_INTEGRATION**. - 2. Set the secret key as **CLIENT_SECRET_AWS_INTEGRATION**. - - - - - - - 1. Navigate to the [Create IAM Role](https://console.aws.amazon.com/iamv2/home#/roles/create?step=selectEntities) page in your AWS Console. - ![IAM Role Creation](../../images/integrations/aws/integration-aws-iam-assume-role.png) - - 2. Select **AWS Account** as the **Trusted Entity Type**. - 3. Choose **Another AWS Account** and enter **381492033652** (Infisical AWS Account ID). This restricts the role to be assumed only by Infisical. If self-hosting, provide your AWS account number instead. - 4. Optionally, enable **Require external ID** and enter your **project ID** to further enhance security. - - - - ![IAM Role Permissions](../../images/integrations/aws/integration-aws-iam-assume-permission.png) - Use the following custom policy to grant the minimum permissions required by Infisical to sync secrets to AWS Parameter Store: - - ```json - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowSSMAccess", - "Effect": "Allow", - "Action": [ - "ssm:PutParameter", - "ssm:DeleteParameter", - "ssm:GetParameters", - "ssm:GetParametersByPath", - "ssm:DescribeParameters", - "ssm:DeleteParameters", - "ssm:AddTagsToResource", // if you need to add tags to secrets - "kms:ListKeys", // if you need to specify the KMS key - "kms:ListAliases", // if you need to specify the KMS key - "kms:Encrypt", // if you need to specify the KMS key - "kms:Decrypt" // if you need to specify the KMS key - ], - "Resource": "*" - } - ] - } - ``` - - - - ![Copy IAM Role ARN](../../images/integrations/aws/integration-aws-iam-assume-arn.png) - - - - 1. Navigate to your project's integrations tab in Infisical. - 2. Click on the **AWS Parameter Store** tile. - ![Select AWS Parameter Store](../../images/integrations.png) - - 3. Select the **AWS Assume Role** option. - ![Select Assume Role](../../images/integrations/aws/integration-aws-parameter-store-iam-assume-select.png) - - 4. Provide the **AWS IAM Role ARN** obtained from the previous step and press connect. - - - Select which Infisical environment secrets you want to sync to which AWS Parameter Store region and indicate the path for your secrets. Then, press create integration to start syncing secrets to AWS Parameter Store. - - ![integration create](../../images/integrations/aws/integrations-aws-parameter-store-create.png) - - - Infisical requires you to add a path for your secrets to be stored in AWS - Parameter Store and recommends setting the path structure to - `/[project_name]/[environment]/` according to best practices. This enables a - secret like `TEST` to be stored as `/[project_name]/[environment]/TEST` in AWS - Parameter Store. - - - - - - - Prerequisites: - - - Set up and add envars to [Infisical Cloud](https://app.infisical.com) - - - - Navigate to your IAM user permissions and add a permission policy to grant access to AWS Parameter Store. - - ![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png) - ![integration IAM 2](../../images/integrations/aws/integrations-aws-parameter-store-iam-2.png) - ![integrations IAM 3](../../images/integrations/aws/integrations-aws-parameter-store-iam-3.png) - - For enhanced security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Parameter Store for the IAM user that you can use: - - ```json - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowSSMAccess", - "Effect": "Allow", - "Action": [ - "ssm:PutParameter", - "ssm:DeleteParameter", - "ssm:GetParameters", - "ssm:GetParametersByPath", - "ssm:DescribeParameters", - "ssm:DeleteParameters", - "ssm:AddTagsToResource", // if you need to add tags to secrets - "kms:ListKeys", // if you need to specify the KMS key - "kms:ListAliases", // if you need to specify the KMS key - "kms:Encrypt", // if you need to specify the KMS key - "kms:Decrypt" // if you need to specify the KMS key - ], - "Resource": "*" - } - ] - } - ``` - - - - Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys - - ![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png) - ![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png) - ![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png) - - Navigate to your project's integrations tab in Infisical. - - ![integrations](../../images/integrations.png) - - Press on the AWS Parameter Store tile and select Access Key as the authentication mode. Input your AWS access key ID and secret access key from the previous step. - - ![integration auth](../../images/integrations/aws/integrations-aws-parameter-store-auth.png) - - - - Select which Infisical environment secrets you want to sync to which AWS Parameter Store region and indicate the path for your secrets. Then, press create integration to start syncing secrets to AWS Parameter Store. - - ![integration create](../../images/integrations/aws/integrations-aws-parameter-store-create.png) - - - Infisical requires you to add a path for your secrets to be stored in AWS - Parameter Store and recommends setting the path structure to - `/[project_name]/[environment]/` according to best practices. This enables a - secret like `TEST` to be stored as `/[project_name]/[environment]/TEST` in AWS - Parameter Store. - - - - - - + \ No newline at end of file diff --git a/docs/integrations/cloud/aws-secret-manager.mdx b/docs/integrations/cloud/aws-secret-manager.mdx index 1f88a5775a..a564619983 100644 --- a/docs/integrations/cloud/aws-secret-manager.mdx +++ b/docs/integrations/cloud/aws-secret-manager.mdx @@ -5,271 +5,4 @@ description: "Learn how to sync secrets from Infisical to AWS Secrets Manager." The AWS Secrets Manager Native Integration will be deprecated in 2026. Please migrate to our new [AWS Secrets Manager Sync](../secret-syncs/aws-secrets-manager). - - - - -Infisical will assume the provided role in your AWS account securely, without the need to share any credentials. - -Prerequisites: - -- Set up and add envars to [Infisical Cloud](https://app.infisical.com) - - - To connect your Infisical instance with AWS, you need to set up an AWS IAM User account that can assume the AWS IAM Role for the integration. - -If your instance is deployed on AWS, the aws-sdk will automatically retrieve the credentials. Ensure that you assign the provided permission policy to your deployed instance, such as ECS or EC2. - -The following steps are for instances not deployed on AWS - - - - Navigate to [Create IAM User](https://console.aws.amazon.com/iamv2/home#/users/create) in your AWS Console. - - - Attach the following inline permission policy to the IAM User to allow it to assume any IAM Roles: -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowAssumeAnyRole", - "Effect": "Allow", - "Action": "sts:AssumeRole", - "Resource": "arn:aws:iam::*:role/*" - } - ] -} -``` - - - Obtain the AWS access key ID and secret access key for your IAM User by navigating to IAM > Users > [Your User] > Security credentials > Access keys. - -![Access Key Step 1](../../images/integrations/aws/integrations-aws-access-key-1.png) -![Access Key Step 2](../../images/integrations/aws/integrations-aws-access-key-2.png) -![Access Key Step 3](../../images/integrations/aws/integrations-aws-access-key-3.png) - - - - 1. Set the access key as **CLIENT_ID_AWS_INTEGRATION**. - 2. Set the secret key as **CLIENT_SECRET_AWS_INTEGRATION**. - - - - - - - 1. Navigate to the [Create IAM Role](https://console.aws.amazon.com/iamv2/home#/roles/create?step=selectEntities) page in your AWS Console. - ![IAM Role Creation](../../images/integrations/aws/integration-aws-iam-assume-role.png) - - 2. Select **AWS Account** as the **Trusted Entity Type**. - 3. Choose **Another AWS Account** and enter **381492033652** (Infisical AWS Account ID). This restricts the role to be assumed only by Infisical. If self-hosting, provide your AWS account number instead. - 4. Optionally, enable **Require external ID** and enter your **project ID** to further enhance security. - - - - - ![IAM Role Permissions](../../images/integrations/aws/integration-aws-iam-assume-permission.png) - Use the following custom policy to grant the minimum permissions required by Infisical to sync secrets to AWS Secrets Manager: - - ```json - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowSecretsManagerAccess", - "Effect": "Allow", - "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:CreateSecret", - "secretsmanager:UpdateSecret", - "secretsmanager:DescribeSecret", - "secretsmanager:TagResource", - "secretsmanager:UntagResource", - "kms:ListKeys", - "kms:ListAliases", - "kms:Encrypt", - "kms:Decrypt" - ], - "Resource": "*" - } - ] - } - ``` - - - - - ![Copy IAM Role - ARN](../../images/integrations/aws/integration-aws-iam-assume-arn.png) - - - - 1. Navigate to your project's integrations tab in Infisical. - 2. Click on the **AWS Secrets Manager** tile. - ![Select AWS Secrets Manager](../../images/integrations.png) - - 3. Select the **AWS Assume Role** option. - ![Select Assume Role](../../images/integrations/aws/integration-aws-iam-assume-select.png) - - 4. Provide the **AWS IAM Role ARN** obtained from the previous step. - - - Select how you want to integration to work by specifying a number of parameters: - - - The environment in Infisical from which you want to sync secrets to AWS Secrets Manager. - - - The path within the preselected environment form which you want to sync secrets to AWS Secrets Manager. - - - The region that you want to integrate with in AWS Secrets Manager. - - - How you want the integration to map the secrets. The selected value could be either one to one or one to many. - - - The secret name/path in AWS into which you want to sync the secrets from Infisical. - - - ![integration create](../../images/integrations/aws/integrations-aws-secret-manager-create.png) - - Optionally, you can add tags or specify the encryption key of all the secrets created via this integration: - - - The sync mode for AWS tags. The supported options are `Secret Metadata` and `Custom`. If `Secret Metadata` is selected, - the metadata of the Infisical secrets are used as tags in AWS. If custom is selected, then the key/value of the **Secret Tag** field is used. `Secret Metadata` mode - is only supported for one-to-one integrations. - - - - The Key/Value of a tag that will be added to secrets in AWS. Please note that it is possible to add multiple tags via API. - - - The alias/ID of the AWS KMS key used for encryption. Please note that key should be enabled in order to work and the IAM user should have access to it. - - ![integration options](../../images/integrations/aws/integrations-aws-secret-manager-options.png) - - Then, press `Create Integration` to start syncing secrets to AWS Secrets Manager. - - - Infisical currently syncs environment variables to AWS Secrets Manager as - key-value pairs under one secret. We're actively exploring ways to help users - group environment variable key-pairs under multiple secrets for greater - control. - - - Please note that upon deleting secrets in Infisical, AWS Secrets Manager immediately makes the secrets inaccessible but only schedules them for deletion after at least 7 days. - - - - - - -Infisical will access your account using the provided AWS access key and secret key. - -Prerequisites: - -- Set up and add envars to [Infisical Cloud](https://app.infisical.com) -- Set up AWS and have/create an IAM user - - - - Navigate to your IAM user permissions and add a permission policy to grant access to AWS Secrets Manager. - - ![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png) - ![integration IAM 2](../../images/integrations/aws/integrations-aws-secret-manager-iam-2.png) - ![integrations IAM 3](../../images/integrations/aws/integrations-aws-secret-manager-iam-3.png) - - For better security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Secrets Manager for the IAM user that you can use: - - ```json - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowSecretsManagerAccess", - "Effect": "Allow", - "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:CreateSecret", - "secretsmanager:UpdateSecret", - "secretsmanager:DescribeSecret", // if you need to add tags to secrets - "secretsmanager:TagResource", // if you need to add tags to secrets - "secretsmanager:UntagResource", // if you need to add tags to secrets - "kms:ListKeys", // if you need to specify the KMS key - "kms:ListAliases", // if you need to specify the KMS key - "kms:Encrypt", // if you need to specify the KMS key - "kms:Decrypt" // if you need to specify the KMS key - ], - "Resource": "*" - } - ] - } - ``` - - - - Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys - - ![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png) - ![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png) - ![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png) - - 1. Navigate to your project's integrations tab in Infisical. - 2. Click on the **AWS Secrets Manager** tile. - ![Select AWS Secrets Manager](../../images/integrations.png) - - 3. Select the **Access Key** option for Authentication Mode. - ![Select Access Key](../../images/integrations/aws/integrations-aws-secret-manager-auth.png) - 4. Provide the **access key** and **secret key** for the AWS Iam User. - - - - Select how you want to integration to work by specifying a number of parameters: - - - The environment in Infisical from which you want to sync secrets to AWS Secrets Manager. - - - The path within the preselected environment form which you want to sync secrets to AWS Secrets Manager. - - - The region that you want to integrate with in AWS Secrets Manager. - - - How you want the integration to map the secrets. The selected value could be either one to one or one to many. - - - The secret name/path in AWS into which you want to sync the secrets from Infisical. - - - ![integration create](../../images/integrations/aws/integrations-aws-secret-manager-create.png) - - Optionally, you can add tags or specify the encryption key of all the secrets created via this integration: - - - The Key/Value of a tag that will be added to secrets in AWS. Please note that it is possible to add multiple tags via API. - - - The alias/ID of the AWS KMS key used for encryption. Please note that key should be enabled in order to work and the IAM user should have access to it. - - ![integration options](../../images/integrations/aws/integrations-aws-secret-manager-options.png) - - Then, press `Create Integration` to start syncing secrets to AWS Secrets Manager. - - - Infisical currently syncs environment variables to AWS Secrets Manager as - key-value pairs under one secret. We're actively exploring ways to help users - group environment variable key-pairs under multiple secrets for greater - control. - - - Please note that upon deleting secrets in Infisical, AWS Secrets Manager immediately makes the secrets inaccessible but only schedules them for deletion after at least 7 days. - - - - - - + \ No newline at end of file diff --git a/docs/integrations/cloud/azure-app-configuration.mdx b/docs/integrations/cloud/azure-app-configuration.mdx index c11c367d80..4e7dfd94f6 100644 --- a/docs/integrations/cloud/azure-app-configuration.mdx +++ b/docs/integrations/cloud/azure-app-configuration.mdx @@ -5,112 +5,4 @@ description: "How to sync secrets from Infisical to Azure App Configuration" The Azure App Configuration Native Integration will be deprecated in 2026. Please migrate to our new [Azure App Configuration Sync](../secret-syncs/azure-app-configuration). - - - - - **Prerequisites:** - - - Set up and add envars to [Infisical Cloud](https://app.infisical.com). - - Set up Azure and have an existing App Configuration instance. - - User setting up the integration on Infisical must have the `App Configuration Data Owner` role for the intended Azure App Configuration instance. - - Azure App Configuration instance must be reachable by Infisical. - - - - Navigate to your project's integrations tab - - ![integrations](../../images/integrations/azure-app-configuration/new-infisical-integration.png) - - Press on the Azure App Configuration tile and grant Infisical access to App Configuration. - - - Obtain the Azure App Configuration endpoint from the overview tab. - ![integrations](../../images/integrations/azure-app-configuration/azure-app-config-endpoint.png) - - Select which Infisical environment secrets you want to sync to your Azure App Configuration. Then, input your App Configuration instance endpoint. Optionally, you can define a prefix for your secrets which will be appended to the keys upon syncing. - - ![integrations](../../images/integrations/azure-app-configuration/create-integration-form.png) - - Press create integration to start syncing secrets to Azure App Configuration. - - - The Azure App Configuration integration requires the following permissions to be set on the user / service principal - for Infisical to sync secrets to Azure App Configuration: `Read Key-Value`, `Write Key-Value`, `Delete Key-Value`. - - Any role with these permissions would work such as the **App Configuration Data Owner** role. Alternatively, you can use the - **App Configuration Data Reader** role for read-only access or **App Configuration Data Contributor** role for read/write access. - - - - - - #### Azure references - When adding secrets in Infisical that reference Azure Key Vault secrets, Infisical will automatically sets the content type to `application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8` in Azure App Configuration. - The following reference formats are automatically detected when added on Infisical's side: - - `{ "uri": "https://my-key-vault.vault.azure.net/secrets/my-secret" }` - - `https://my-key-vault.vault.azure.net/secrets/my-secret` - - #### Azure Labels - You can sync secrets from Infisical to Azure with custom labels by enabling the `Use Labels` option during setup: - - **When enabled**: Secrets will be pushed to Azure with your specified label - - **When disabled**: Secrets will be pushed with an empty (null) label - - - If you have set the initial sync to `import` have behavior, the label selection affects which secrets are imported from Azure: - - With `Use Labels` disabled: Only secrets with empty labels are imported on initial sync - - With `Use Labels` enabled: Only secrets matching your specified label are imported on initial sync - - - - - - - Using the Azure App Configuration integration on a self-hosted instance of Infisical requires configuring an application in Azure - and registering your instance with it. - - **Prerequisites:** - - - Set up Azure and have an existing App Configuration instance. - - - - Navigate to Azure Active Directory > App registrations to create a new application. - - - Azure Active Directory is now Microsoft Entra ID. - - ![integrations Azure app config](../../images/integrations/azure-app-configuration/config-aad.png) - ![integrations Azure app config](../../images/integrations/azure-app-configuration/config-new-app.png) - - Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/azure-app-configuration/oauth2/callback`. - - The domain you defined in the Redirect URI should be equivalent to the `SITE_URL` configured in your Infisical instance. - - - ![integrations Azure app config](../../images/integrations/azure-app-configuration/app-registration-redirect.png) - - After registration, set the API permissions of the app to include the following Azure App Configuration permissions: KeyValue.Delete, KeyValue.Read, and KeyValue.Write. - ![integrations Azure app config](../../images/integrations/azure-app-configuration/app-api-permissions.png) - - - - Obtain the **Application (Client) ID** in Overview and generate a **Client Secret** in Certificate & secrets for your Azure application. - - ![integrations Azure app config](../../images/integrations/azure-app-configuration/config-credentials-1.png) - ![integrations Azure app config](../../images/integrations/azure-app-configuration/config-credentials-2.png) - ![integrations Azure app config](../../images/integrations/azure-app-configuration/config-credentials-3.png) - - Back in your Infisical instance, add two new environment variables for the credentials of your Azure application. - - - `CLIENT_ID_AZURE`: The **Application (Client) ID** of your Azure application. - - `CLIENT_SECRET_AZURE`: The **Client Secret** of your Azure application. - - Once added, restart your Infisical instance and use the Azure App Configuration integration. - - - - - + \ No newline at end of file diff --git a/docs/integrations/cloud/azure-key-vault.mdx b/docs/integrations/cloud/azure-key-vault.mdx index 2de2b2582a..b0bd80c635 100644 --- a/docs/integrations/cloud/azure-key-vault.mdx +++ b/docs/integrations/cloud/azure-key-vault.mdx @@ -5,81 +5,4 @@ description: "How to sync secrets from Infisical to Azure Key Vault" The Azure Key Vault Native Integration will be deprecated in 2026. Please migrate to our new [Azure Key Vault Sync](../secret-syncs/azure-key-vault). - - - - - Prerequisites: - - - Set up and add envars to [Infisical Cloud](https://app.infisical.com) - - Set up Azure and have an existing key vault - - - - Navigate to your project's integrations tab - - ![integrations](../../images/integrations.png) - - Press on the Azure Key Vault tile and grant Infisical access to Azure Key Vault. - You can optionally authenticate against a specific tenant by providing the Azure tenant or directory ID. - - ![integrations](/images/integrations/azure-key-vault/integrations-azure-key-vault-tenant-select.png) - - - - Obtain the Vault URI of your key vault in the Overview tab. - - ![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault-vault-uri.png) - - Select which Infisical environment secrets you want to sync to your key vault. Then, input your Vault URI from the previous step. Finally, press create integration to start syncing secrets to Azure Key Vault. - - ![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault-create.png) - - ![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault.png) - - - The Azure Key Vault integration requires the following secrets permissions to be set on the user / service principal - for Infisical to sync secrets to Azure Key Vault: `secrets/list`, `secrets/get`, `secrets/set`, `secrets/recover`. - - Any role with these permissions would work such as the **Key Vault Secrets Officer** role. - - - - - - - Using the Azure KV integration on a self-hosted instance of Infisical requires configuring an application in Azure - and registering your instance with it. - - - - Navigate to Azure Active Directory > App registrations to create a new application. - - - Azure Active Directory is now Microsoft Entra ID. - - ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-aad.png) - ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-new-app.png) - - Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/azure-key-vault/oauth2/callback`. - - ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-new-app-form.png) - - - Obtain the **Application (Client) ID** in Overview and generate a **Client Secret** in Certificate & secrets for your Azure application. - - ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-1.png) - ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-2.png) - ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-3.png) - - Back in your Infisical instance, add two new environment variables for the credentials of your Azure application. - - - `CLIENT_ID_AZURE`: The **Application (Client) ID** of your Azure application. - - `CLIENT_SECRET_AZURE`: The **Client Secret** of your Azure application. - - Once added, restart your Infisical instance and use the Azure KV integration. - - - - - + \ No newline at end of file diff --git a/docs/integrations/cloud/databricks.mdx b/docs/integrations/cloud/databricks.mdx index d582188402..e5ad229397 100644 --- a/docs/integrations/cloud/databricks.mdx +++ b/docs/integrations/cloud/databricks.mdx @@ -5,37 +5,4 @@ description: "Learn how to sync secrets from Infisical to Databricks." The Databricks Native Integration will be deprecated in 2026. Please migrate to our new [Databricks Sync](../secret-syncs/databricks). - - -Prerequisites: - -- Set up and add secrets to [Infisical Cloud](https://app.infisical.com) - - - When integrating with Databricks, Infisical is intended to be the source of truth for the secrets in the configured Databricks scope. - - Any secrets not present in Infisical will be removed from the specified scope. To prevent removal of secrets not managed by Infisical, Infisical recommends creating a designated secret scope for your integration. - - - - - Obtain a Personal Access Token in **User Settings** > **Developer** > **Access Tokens**. - - ![integrations databricks token](../../images/integrations/databricks/pat-token.png) - - Navigate to your project's integrations tab in Infisical. - - ![integrations](../../images/integrations.png) - - Press on the Databricks tile and enter your Databricks instance URL in the following format: `https://xxx.cloud.databricks.com`. Then, input your Databricks Access Token to grant Infisical the necessary permissions in your Databricks account. - - ![integrations databricks authorization](../../images/integrations/databricks/integrations-databricks-auth.png) - - - - Select which Infisical environment and secret path you want to sync to which Databricks scope. Then, press create integration to start syncing secrets to Databricks. - - ![create integration Databricks](../../images/integrations/databricks/integrations-databricks-create.png) - ![integrations Databricks](../../images/integrations/databricks/integrations-databricks.png) - - \ No newline at end of file + \ No newline at end of file diff --git a/docs/integrations/cloud/gcp-secret-manager.mdx b/docs/integrations/cloud/gcp-secret-manager.mdx index 021cc076e3..22462feefb 100644 --- a/docs/integrations/cloud/gcp-secret-manager.mdx +++ b/docs/integrations/cloud/gcp-secret-manager.mdx @@ -5,140 +5,4 @@ description: "How to sync secrets from Infisical to GCP Secret Manager" The GCP Secret Manager Native Integration will be deprecated in 2026. Please migrate to our new [GCP Secret Manager Sync](../secret-syncs/gcp-secret-manager). - - - - - - - Prerequisites: - - Set up and add envars to [Infisical Cloud](https://app.infisical.com) - - - - Navigate to your project's integrations tab in Infisical. - - ![integrations](../../images/integrations.png) - - Press on the GCP Secret Manager tile and select **Continue with OAuth** - - ![integrations GCP authorization options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth-options.png) - - Grant Infisical access to GCP. - - ![integrations GCP authorization](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth.png) - - - - In the **Connection** tab, select which Infisical environment secrets you want to sync to which GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager. - - ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png) - - Note that the GCP Secret Manager integration supports a few options in the **Options** tab: - - - Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced. - - Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced. - - Label in GCP Secret Manager: If selected, every secret will be labeled in GCP Secret Manager (e.g. as `managed-by:infisical`); labels can be customized. - - Setting a secret prefix, suffix, or enabling the labeling option ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GCP Secret Manager without the specified prefix, suffix, or attached label. - - ![integrations GCP secret manager options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create-options.png) - - ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager.png) - - - Using Infisical to sync secrets to GCP Secret Manager requires that you enable - the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment). - - Additionally, ensure that your GCP account has sufficient permission to manage secret and service resources (you can assign Secret Manager Admin and Service Usage Admin roles for testing purposes) - - - - - - Prerequisites: - - Set up and add envars to [Infisical Cloud](https://app.infisical.com) - - Have a GCP project and have/create a [service account](https://cloud.google.com/iam/docs/service-account-overview) in it - - - - Navigate to **IAM & Admin** page in GCP and add the **Secret Manager Admin** and **Service Usage Admin** roles to the service account. - - ![integrations GCP secret manager IAM](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-iam.png) - - - For enhanced security, you may want to assign more granular permissions to the service account. At minimum, - the service account should be able to read/write secrets from/to GCP Secret Manager (e.g. **Secret Manager Admin** role) - and list which GCP services are enabled/disabled (e.g. **Service Usage Admin** role). - - - Navigate to your project's integrations tab in Infisical. - - ![integrations](../../images/integrations.png) - - Press on the GCP Secret Manager tile and paste in your **GCP Service Account JSON** (you can create and download the JSON for your - service account in IAM & Admin > Service Accounts > Service Account > Keys). - - ![integrations GCP authorization IAM key](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-iam-key.png) - - ![integrations GCP authorization options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth-options.png) - - - - In the **Connection** tab, select which Infisical environment secrets you want to sync to the GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager. - - ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png) - - Note that the GCP Secret Manager integration supports a few options in the **Options** tab: - - - Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced. - - Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced. - - Label in GCP Secret Manager: If selected, every secret will be labeled in GCP Secret Manager (e.g. as `managed-by:infisical`); labels can be customized. - - Setting a secret prefix, suffix, or enabling the labeling option ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GCP Secret Manager without the specified prefix, suffix, or attached label. - - ![integrations GCP secret manager options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create-options.png) - - ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager.png) - - - Using Infisical to sync secrets to GCP Secret Manager requires that you enable - the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment). - - - - - - - - - Using the GCP Secret Manager integration (via the OAuth2 method) on a self-hosted instance of Infisical requires configuring an OAuth2 application in GCP - and registering your instance with it. - - - - Navigate to your project API & Services > Credentials to create a new OAuth2 application. - - ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-api-services.png) - ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-new-app.png) - - Create the application. As part of the form, add to **Authorized redirect URIs**: `https://your-domain.com/integrations/gcp-secret-manager/oauth2/callback`. - - ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-new-app-form.png) - - - Obtain the **Client ID** and **Client Secret** for your GCP OAuth2 application. - - ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-credentials.png) - - Back in your Infisical instance, add two new environment variables for the credentials of your GCP OAuth2 application: - - - `CLIENT_ID_GCP_SECRET_MANAGER`: The **Client ID** of your GCP OAuth2 application. - - `CLIENT_SECRET_GCP_SECRET_MANAGER`: The **Client Secret** of your GCP OAuth2 application. - - Once added, restart your Infisical instance and use the GCP Secret Manager integration. - - - - - + \ No newline at end of file diff --git a/docs/integrations/cloud/terraform-cloud.mdx b/docs/integrations/cloud/terraform-cloud.mdx index 0bcd72f4da..63398ef4ae 100644 --- a/docs/integrations/cloud/terraform-cloud.mdx +++ b/docs/integrations/cloud/terraform-cloud.mdx @@ -5,37 +5,4 @@ description: "How to sync secrets from Infisical to Terraform Cloud" The Terraform Cloud Native Integration will be deprecated in 2026. Please migrate to our new [Terraform Cloud Sync](../secret-syncs/terraform-cloud). - - -Prerequisites: - -- Set up and add envars to [Infisical Cloud](https://app.infisical.com) - - - - Obtain a Terraform Cloud API Token in User Settings > Tokens - - ![integrations terraform cloud dashboard](../../images/integrations/terraform/integrations-terraformcloud-dashboard.png) - ![integrations terraform cloud tokens](../../images/integrations/terraform/integrations-terraformcloud-tokens.png) - - Obtain your Terraform Cloud Workspace Id in Projects & Workspaces > Workspace > ID - - ![integrations terraform cloud projects & workspaces](../../images/integrations/terraform/integrations-terraformcloud-workspaces.png) - ![integrations terraform cloud workspace id](../../images/integrations/terraform/integrations-terraformcloud-workspaceid.png) - - Navigate to your project's integrations tab in Infisical. - - ![integrations](../../images/integrations.png) - - Press on the Terraform Cloud tile and input your Terraform Cloud API Token and Workspace Id to grant Infisical access to your Terraform Cloud account. - - ![integrations terraform cloud authorization](../../images/integrations/terraform/integrations-terraformcloud-auth.png) - - - - Select which Infisical environment secrets and Terraform Cloud variable type you want to sync to which Terraform Cloud workspace/project and press create integration to start syncing secrets to Terraform Cloud. - - ![integrations terraform cloud](../../images/integrations/terraform/integrations-terraformcloud-create.png) - ![integrations terraform cloud](../../images/integrations/terraform/integrations-terraformcloud.png) - - + \ No newline at end of file diff --git a/docs/integrations/cloud/vercel.mdx b/docs/integrations/cloud/vercel.mdx index 9aa5686acf..7456776bd6 100644 --- a/docs/integrations/cloud/vercel.mdx +++ b/docs/integrations/cloud/vercel.mdx @@ -5,80 +5,4 @@ description: "How to sync secrets from Infisical to Vercel" The Vercel Native Integration will be deprecated in 2026. Please migrate to our new [Vercel Sync](../secret-syncs/vercel). - - - - - - Prerequisites: - - Set up and add envars to [Infisical Cloud](https://app.infisical.com) - - - - Navigate to your project's integrations tab in Infisical. - - ![integrations](../../images/integrations.png) - - Press on the Vercel tile and grant Infisical access to your Vercel account. - - ![integrations vercel authorization](../../images/integrations/vercel/integrations-vercel-auth.png) - - - Select which Infisical environment secrets you want to sync to which Vercel app and environment. Lastly, press create integration to start syncing secrets to Vercel. - - ![integrations vercel](../../images/integrations/vercel/integrations-vercel-create.png) - ![integrations vercel](../../images/integrations/vercel/integrations-vercel.png) - - - Infisical syncs every envar to Vercel with type `encrypted` unless an existing - envar with the same name in Vercel exists with a different type. Note that - Infisical will not be able to update Vercel envars with type `sensitive` since - they can only be decrypted and modified by Vercel's deployment systems. - - - - The following environment variable names are reserved by Vercel and cannot be - synced: `AWS_SECRET_KEY`, `AWS_EXECUTION_ENV`, `AWS_LAMBDA_LOG_GROUP_NAME`, - `AWS_LAMBDA_LOG_STREAM_NAME`, `AWS_LAMBDA_FUNCTION_NAME`, - `AWS_LAMBDA_FUNCTION_MEMORY_SIZE`, `AWS_LAMBDA_FUNCTION_VERSION`, - `NOW_REGION`, `TZ`, `LAMBDA_TASK_ROOT`, `LAMBDA_RUNTIME_DIR`, - `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`, - `AWS_REGION`, and `AWS_DEFAULT_REGION`. - - - - - - Using the Vercel integration on a self-hosted instance of Infisical requires configuring an integration in Vercel. - and registering your instance with it. - - - - Navigate to Integrations > Integration Console to create a new integration. - - ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-integrations-console.png) - ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-new-app.png) - - Create the application. As part of the form, set a **URL Slug** to a unique slug like `infisical-your-domain` and keep it handy. Also, set **Redirect URL** to `https://your-domain.com/integrations/vercel/oauth2/callback`. Lastly, - be sure to set the API Scopes according to the second screenshot below. - - ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-new-app-form-1.png) - ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-new-app-form-2.png) - - - Obtain the **Client (Integration) ID** and **Client (Integration) Secret** as well as the **URL Slug** from earlier for your Vercel integration. - - ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-credentials.png) - - Back in your Infisical instance, add three new environment variables for the credentials of your Vercel integration. - - - `CLIENT_ID_VERCEL`: The **Client (Integration) ID** of your Vercel integration. - - `CLIENT_SECRET_VERCEL`: The **Client (Integration) Secret** of your Vercel integration. - - `CLIENT_SLUG_VERCEL`: The **URL Slug** of your Vercel integration. - - Once added, restart your Infisical instance and use the Vercel integration. - - - - - + \ No newline at end of file diff --git a/frontend/src/pages/secret-manager/IntegrationsListPage/IntegrationsListPage.tsx b/frontend/src/pages/secret-manager/IntegrationsListPage/IntegrationsListPage.tsx index 69b8735ee1..6a1482d98e 100644 --- a/frontend/src/pages/secret-manager/IntegrationsListPage/IntegrationsListPage.tsx +++ b/frontend/src/pages/secret-manager/IntegrationsListPage/IntegrationsListPage.tsx @@ -87,8 +87,8 @@ export const IntegrationsListPage = () => { Native Integrations Transitioning to Legacy Status

- Native integrations are now a legacy feature and will begin deprecation in 2026. - We recommend migrating to our new{" "} + Native integrations are now a legacy feature and we will begin a phased + deprecation in 2026. We recommend migrating to our new{" "}