From 84cc7bcd6cbff089627dfd656aefd77653ded662 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Tue, 11 Mar 2025 19:01:47 -0400 Subject: [PATCH] add docs + fix nit --- cli/packages/cmd/gateway.go | 2 +- docs/cli/commands/gateway.mdx | 107 ++++++++++++++++++++++++++++++++++ docs/mint.json | 1 + 3 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 docs/cli/commands/gateway.mdx diff --git a/cli/packages/cmd/gateway.go b/cli/packages/cmd/gateway.go index ef4cdc944d..81baf3910d 100644 --- a/cli/packages/cmd/gateway.go +++ b/cli/packages/cmd/gateway.go @@ -28,7 +28,7 @@ var gatewayCmd = &cobra.Command{ Run: func(cmd *cobra.Command, args []string) { token, err := util.GetInfisicalToken(cmd) if err != nil { - util.HandleError(err, "Unable to parse flag") + util.HandleError(err, "Unable to parse token flag") } if token == nil { diff --git a/docs/cli/commands/gateway.mdx b/docs/cli/commands/gateway.mdx new file mode 100644 index 0000000000..fd035f1fde --- /dev/null +++ b/docs/cli/commands/gateway.mdx @@ -0,0 +1,107 @@ +--- +title: "infisical gateway" +description: "Run the Infisical gateway or manage its systemd service" +--- + + + + ```bash + infisical gateway --token= + ``` + + + ```bash + sudo infisical gateway install --token= --domain= + ``` + + + +## Description + +Run the Infisical gateway in the foreground or manage its systemd service installation. The gateway allows secure communication between your self-hosted Infisical instance and client applications. + +## Subcommands & flags + + + Run the Infisical gateway in the foreground. The gateway will connect to the relay service and maintain a persistent connection. + + ```bash + infisical gateway --token= --domain= + ``` + + ### Flags + + + The machine identity access token to authenticate with Infisical. + + ```bash + # Example + infisical gateway --token= + ``` + + You may also expose the token to the CLI by setting the environment variable `INFISICAL_TOKEN` before executing the gateway command. + + + + Domain of your self-hosted Infisical instance. + + ```bash + # Example + sudo infisical gateway install --domain=https://app.your-domain.com + ``` + + + + + Install and enable the gateway as a systemd service. This command must be run with sudo on Linux. + + ```bash + sudo infisical gateway install --token= --domain= + ``` + + ### Requirements + - Must be run on Linux + - Must be run with root/sudo privileges + - Requires systemd + + ### Flags + + + The machine identity access token to authenticate with Infisical. + + ```bash + # Example + sudo infisical gateway install --token= + ``` + + You may also expose the token to the CLI by setting the environment variable `INFISICAL_TOKEN` before executing the install command. + + + + Domain of your self-hosted Infisical instance. + + ```bash + # Example + sudo infisical gateway install --domain=https://app.your-domain.com + ``` + + + ### Service Details + The systemd service is installed with secure defaults: + - Service file: `/etc/systemd/system/infisical-gateway.service` + - Config file: `/etc/infisical/gateway.conf` + - Runs with restricted privileges: + - InaccessibleDirectories=/home + - PrivateTmp=yes + - Resource limits configured for stability + - Automatically restarts on failure + - Enabled to start on boot + + After installation, manage the service with standard systemd commands: + ```bash + sudo systemctl start infisical-gateway # Start the service + sudo systemctl stop infisical-gateway # Stop the service + sudo systemctl status infisical-gateway # Check service status + sudo systemctl disable infisical-gateway # Disable auto-start on boot + ``` + diff --git a/docs/mint.json b/docs/mint.json index f604ff3107..5c97790bf2 100644 --- a/docs/mint.json +++ b/docs/mint.json @@ -339,6 +339,7 @@ "cli/commands/secrets", "cli/commands/dynamic-secrets", "cli/commands/ssh", + "cli/commands/gateway", "cli/commands/export", "cli/commands/token", "cli/commands/service-token",