mirror of
https://github.com/Infisical/infisical.git
synced 2026-01-06 22:23:53 -05:00
Remove outdated documentation files: deleted usage, REST API, and platform guides to streamline content and improve clarity.
This commit is contained in:
Victor Santos
@@ -1,18 +0,0 @@
|
||||
---
|
||||
title: "Usage"
|
||||
---
|
||||
|
||||
Prerequisites:
|
||||
|
||||
- Set up and add envars to [Infisical Cloud](https://app.infisical.com) or your self-hosted instance.
|
||||
- Obtain an API Key in your user settings to be included in requests to the Infisical API.
|
||||
|
||||
Using Infisical's API to manage secrets requires a basic understanding of the system and its underlying cryptography detailed [here](/security/overview).
|
||||
|
||||
## Concepts
|
||||
|
||||
- Each user has a public/private key pair that is stored with the platform; private keys are encrypted locally by the user's password before being sent off to the server during the account signup process.
|
||||
- Each (encrypted) secret belongs to a project and environment.
|
||||
- Each project has an (encrypted) project key used to encrypt the secrets within that project; Infisical stores copies of the project key, for each member of that project, encrypted under each member's public key.
|
||||
- Secrets are encrypted symmetrically by your copy of the project key belonging to the project containing.
|
||||
- Infisical uses AES256-GCM and [TweetNaCl.js](https://tweetnacl.js.org/#/) for symmetric and asymmetric encryption/decryption operations.
|
||||
@@ -1,128 +0,0 @@
|
||||
---
|
||||
title: "REST API"
|
||||
---
|
||||
|
||||
Infisical's REST API is the most flexible way to read/write secrets for your application.
|
||||
|
||||
In this brief, we'll explore how to fetch a secret back from a project on [Infisical Cloud](https://app.infisical.com) via the REST API.
|
||||
|
||||
<Steps>
|
||||
<Step title="Create a project with a secret">
|
||||
To create a project, head to your Organization Overview and press **Add New Project**; we'll call the project **Demo App**.
|
||||
|
||||
|
||||
|
||||
|
||||
Next, let's head to the **Development** environment of the project and add a secret `FOO=BAR` to it.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<Note>
|
||||
For this brief, you'll need to disable end-to-end encryption in your Project Settings
|
||||
</Note>
|
||||
</Step>
|
||||
<Step title="Create an identity">
|
||||
Next, we need to create an identity to represent your application. To create one, head to your Organization Settings > Access Control > Machine Identities and press **Create identity**.
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
Once you've created an identity, you'll be prompted to configure the **Universal Auth** authentication method for it.
|
||||
|
||||
|
||||
|
||||
</Step>
|
||||
<Step title="Create a Client Secret">
|
||||
In order to use the identity, you'll need the non-sensitive **Client ID**
|
||||
of the identity and a **Client Secret** for it; you can think of these credentials akin to a username
|
||||
and password used to authenticate with the Infisical API. With that, press on the key icon on the identity to generate a **Client Secret**
|
||||
for it.
|
||||
|
||||
|
||||
|
||||
|
||||
</Step>
|
||||
<Step title="Add the identity to the project">
|
||||
To enable the identity to access your project, we need to add it to the project. To do this, head over to the **Demo App** Project Settings > Access Control > Machine Identities and press **Add identity**.
|
||||
|
||||
Next, select the identity you want to add to the project and the role you want to assign it.
|
||||
|
||||
|
||||
|
||||
|
||||
</Step>
|
||||
<Step title="Get an access token for the Infisical API">
|
||||
To access the Infisical API as the identity, you should first perform a login operation
|
||||
that is to exchange the **Client ID** and **Client Secret** of the identity for an access token
|
||||
by making a request to the `/api/v1/auth/universal-auth/login` endpoint.
|
||||
|
||||
#### Sample request
|
||||
|
||||
```
|
||||
curl --location --request POST 'https://app.infisical.com/api/v1/auth/universal-auth/login' \
|
||||
--header 'Content-Type: application/x-www-form-urlencoded' \
|
||||
--data-urlencode 'clientSecret=<client_secret>' \
|
||||
--data-urlencode 'clientId=<client_id>'
|
||||
```
|
||||
|
||||
#### Sample response
|
||||
|
||||
```
|
||||
{
|
||||
"accessToken": "...",
|
||||
"expiresIn": 7200,
|
||||
"tokenType": "Bearer"
|
||||
}
|
||||
```
|
||||
|
||||
Next, we can use the access token to authenticate with the [Infisical API](/api-reference/overview/introduction) to read/write secrets
|
||||
|
||||
<Note>
|
||||
Each identity access token has a time-to-live (TTL) which you can infer from the response of the login operation;
|
||||
the default TTL is `7200` seconds which can be adjusted.
|
||||
|
||||
If an identity access token expires, it can no longer authenticate with the Infisical API. In this case,
|
||||
a new access token should be obtained from the aforementioned login operation.
|
||||
</Note>
|
||||
</Step>
|
||||
<Step title="Fetch back secret">
|
||||
Finally, you can fetch the secret `FOO=BAR` back from **Step 1** by including the access token in the previous step in another request to the `/api/v3/secrets/raw/{secretName}` endpoint.
|
||||
|
||||
### Sample request
|
||||
|
||||
```
|
||||
curl --location --request GET 'http://localhost:8080/api/v3/secrets/raw/FOO?workspaceId=657830d579cfc8415d06ce5b&environment=dev' \
|
||||
--header 'Authorization: Bearer <access_token>'
|
||||
```
|
||||
|
||||
### Sample response
|
||||
|
||||
```
|
||||
{
|
||||
"secret": {
|
||||
"_id": "6564234b934d634e1fcd6cdf",
|
||||
"version": 1,
|
||||
"workspace": "6564173e934d634e1fcd6950",
|
||||
"type": "shared",
|
||||
"environment": "dev",
|
||||
"secretKey": "FOO2",
|
||||
"secretValue": "BAR2",
|
||||
"secretComment": ""
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Note that you can fetch a list of secrets back by making a request to the `/api/v3/secrets/raw` endpoint.
|
||||
</Step>
|
||||
</Steps>
|
||||
|
||||
See also:
|
||||
|
||||
- [API Reference](/api-reference/overview/introduction)
|
||||
@@ -1,65 +0,0 @@
|
||||
---
|
||||
title: "Platform"
|
||||
---
|
||||
|
||||
This quickstart provides an overview of functionalities offered by Infisical.
|
||||
|
||||
## Managing your Organization
|
||||
|
||||
When you first make an account with Infisical, you also create a new **organization** where you are assigned the `admin` role by default.
|
||||
From there, you can invite external members to the organization and start creating **projects** to house secrets.
|
||||
|
||||
### Projects
|
||||
|
||||
The **Projects** page shows you all the projects that you have access to within your organization.
|
||||
Here, you can also create a new project.
|
||||
|
||||
|
||||
|
||||
### Members
|
||||
|
||||
The **Members** page lets you add or remove external members to your organization.
|
||||
Note that you can configure your organization in Infisical to have members authenticate with the platform via protocols like SAML 2.0 and OpenID Connect.
|
||||
|
||||
|
||||
|
||||
## Managing your Projects
|
||||
|
||||
As mentioned before, projects house secrets which are further organized into environments such as development, testing and production.
|
||||
A project can be anything from a single application to a collection of micro-services that you wish to manage secrets for.
|
||||
|
||||
### Secrets Overview
|
||||
|
||||
The **Secrets Overview** screen provides a bird's-eye view of all the secrets in a project and is useful for comparing secrets and identifying missing ones across environments.
|
||||
|
||||
|
||||
|
||||
In the above image, you can already see that:
|
||||
|
||||
- `STRIPE_API_KEY` is missing from the **Staging** environment.
|
||||
- `JWT_SECRET` is missing from the **Production** environment.
|
||||
- `BAR` is `EMPTY` in the **Production** environment.
|
||||
|
||||
### Dashboard
|
||||
|
||||
The secrets dashboard lets you manage secrets for a specific environment in a project.
|
||||
Here, developers can override secrets, version secrets, rollback projects to any point in time and much more.
|
||||
|
||||
|
||||
|
||||
### Integrations
|
||||
|
||||
The integrations page provides native integrations to sync secrets from a project environment to a [host of ever-expanding integrations](/integrations/overview).
|
||||
|
||||
|
||||
|
||||
### Members
|
||||
|
||||
The members page lets you add/remove members to/from a project and provision them access to environments via roles. By default, Infisical provides the `admin`, `developer`, and `viewer` roles
|
||||
which you can assign to members.
|
||||
|
||||
|
||||
|
||||
That's it for the platform quickstart! — We encourage you to continue exploring the documentation to gain a deeper understanding of the extensive features and functionalities that Infisical has to offer.
|
||||
|
||||
Next, head back to [Getting Started > Introduction](/documentation/getting-started/overview) to explore ways to fetch secrets from Infisical to your apps and infrastructure.
|
||||
@@ -199,7 +199,7 @@ Next, navigate to your project's integrations tab in Infisical and press on the
|
||||
Opting in for the Infisical-Vercel integration will break end-to-end encryption since Infisical will be able to read
|
||||
your secrets. This is, however, necessary for Infisical to sync the secrets to Vercel.
|
||||
|
||||
Your secrets remain encrypted at rest following our [security guide mechanics](/security/mechanics).
|
||||
Your secrets remain encrypted at rest following our [security guide mechanics](/internals/security).
|
||||
</Note>
|
||||
|
||||
Now select **Production** for (the source) **Environment** and sync it to the **Production Environment** of the (target) application in Vercel.
|
||||
@@ -238,7 +238,7 @@ At this stage, you know how to use the Infisical-Vercel integration to sync prod
|
||||
<Accordion title="Is opting out of end-to-end encryption for the Infisical-Vercel integration safe?">
|
||||
Yes. Your secrets are still encrypted at rest. To note, most secret managers actually don't support end-to-end encryption.
|
||||
|
||||
Check out the [security guide](/security/overview).
|
||||
Check out the [security guide](/internals/security).
|
||||
</Accordion>
|
||||
</AccordionGroup>
|
||||
|
||||
|
||||
@@ -75,7 +75,7 @@ Infisical’s access control framework is unified for both human users and machi
|
||||
|
||||
### 7.3 Attribute-Based Access Control (ABAC)
|
||||
|
||||
[Attribute-based Access Controls](/documentation/platform/access-controls/attribute-based-access-controls) allow restrictions based on tags or attributes linked to secrets. These can be integrated with SAML assertions and other security frameworks for dynamic access management.
|
||||
[Attribute-based Access Controls](/documentation/platform/access-controls/abac/overview) allow restrictions based on tags or attributes linked to secrets. These can be integrated with SAML assertions and other security frameworks for dynamic access management.
|
||||
|
||||
### 7.4 User Groups
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ In the following steps, we explore how to create and use user groups to provisio
|
||||
|
||||
|
||||
|
||||
When creating a group, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating a group, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -88,7 +88,7 @@ To create an identity, head to your Organization Settings > Access Control > [Id
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization-level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
|
||||
When creating an identity, you specify an organization-level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -66,7 +66,7 @@ access the Infisical API using the AWS Auth authentication method.
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -66,7 +66,7 @@ access the Infisical API using the Azure Auth authentication method.
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -72,7 +72,7 @@ access the Infisical API using the GCP ID Token authentication method.
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
@@ -241,7 +241,7 @@ access the Infisical API using the GCP IAM authentication method.
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -61,7 +61,7 @@ In the following steps, we explore how to create and use identities to access th
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -218,7 +218,7 @@ In the following steps, we explore how to create and use identities for your app
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -102,7 +102,7 @@ To create an identity, head to your Organization Settings > Access Control > [Id
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization-level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
|
||||
When creating an identity, you specify an organization-level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -59,7 +59,7 @@ In the following steps, we explore how to create and use identities to access th
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@ In the following steps, we explore how to create and use identities to access th
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -60,7 +60,7 @@ In the following steps, we explore how to create and use identities to access th
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -59,7 +59,7 @@ In the following steps, we explore how to create and use identities to access th
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -59,7 +59,7 @@ In the following steps, we explore how to create and use identities to access th
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -94,7 +94,7 @@ In the following steps, we explore how to create and use identities to access th
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -68,7 +68,7 @@ To create an identity, head to your Organization Settings > Access Control > [Id
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization-level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
|
||||
When creating an identity, you specify an organization-level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -42,7 +42,7 @@ using the Token Auth authentication method.
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -47,7 +47,7 @@ using the Universal Auth authentication method.
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@ description: "Read more about the concept of user identities in Infisical."
|
||||
|
||||
A **user identity** (also known as **user**) represents a developer, admin, or any other human entity interacting with resources in Infisical.
|
||||
|
||||
Users can be added manually (through Web UI) or programmatically (e.g., API) to [organizations](../organization) and [projects](../projects).
|
||||
Users can be added manually (through Web UI) or programmatically (e.g., API) to [organizations](../organization) and [projects](../project).
|
||||
|
||||
Upon being added to an organization and projects, users assume a certain set of roles and permissions that represents their identity.
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ Infisical can be used as a Key Management System (KMS), referred to as Infisical
|
||||
|
||||
By default your Infisical data such as projects and the data within them are encrypted at rest using Infisical's own KMS. This ensures that your data is secure and protected from unauthorized access.
|
||||
|
||||
If you are on-premise, your KMS root key will be created at random with the `ROOT_ENCRYPTION_KEY` environment variable. You can also use a Hardware Security Module (HSM), to create the root key. Read more about [HSM](/docs/documentation/platform/kms/encryption-strategies).
|
||||
If you are on-premise, your KMS root key will be created at random with the `ROOT_ENCRYPTION_KEY` environment variable. You can also use a Hardware Security Module (HSM), to create the root key. Read more about [HSM](/documentation/platform/kms/hsm-integration).
|
||||
|
||||
<Note>
|
||||
Keys managed in KMS are not extractable from the platform. Additionally, data
|
||||
@@ -109,7 +109,7 @@ In the following steps, we explore how to generate a key and use it to encrypt d
|
||||
</Step>
|
||||
<Step title="Encrypting data with the KMS key">
|
||||
To encrypt data, make an API request to the [Encrypt
|
||||
Data](/api-reference/endpoints/kms/keys/encrypt) API endpoint,
|
||||
Data](/api-reference/endpoints/kms/encryption/encrypt) API endpoint,
|
||||
specifying the key to use.
|
||||
|
||||
<Note>
|
||||
@@ -168,7 +168,7 @@ In the following steps, we explore how to use decrypt data using an existing key
|
||||
<Steps>
|
||||
<Step title="Decrypting data">
|
||||
To decrypt data, make an API request to the [Decrypt
|
||||
Data](/api-reference/endpoints/kms/keys/decrypt) API endpoint,
|
||||
Data](/api-reference/endpoints/kms/encryption/decrypt) API endpoint,
|
||||
specifying the key to use.
|
||||
|
||||
### Sample request
|
||||
|
||||
@@ -255,7 +255,7 @@ In the following steps, we explore how to set up ACME Certificate Authority inte
|
||||
The issued certificate and private key are now available through Infisical and can be:
|
||||
|
||||
- Downloaded directly from the Infisical UI
|
||||
- Retrieved via the Infisical API for programmatic access using the [latest certificate bundle endpoint](/api-reference/endpoints/pki/subscribers/get-latest-cert-bundle)
|
||||
- Retrieved via the Infisical API for programmatic access using the [latest certificate bundle endpoint](/api-reference/endpoints/certificate-profiles/get-latest-active-bundle)
|
||||
</Step>
|
||||
</Steps>
|
||||
|
||||
|
||||
@@ -106,13 +106,14 @@ In the following steps, we'll explore how to use a project template when creatin
|
||||
Your project will be provisioned with the configured template roles and environments.
|
||||
</Tab>
|
||||
<Tab title="API">
|
||||
To use a project template, make an API request to the [Create Project](/api-reference/endpoints/workspaces/create-workspace) API endpoint with the specified template name included.
|
||||
To use a project template, make an API request to the [Create Project](/api-reference/endpoints/projects/create-project) API endpoint with the specified template name included.
|
||||
|
||||
### Sample request
|
||||
|
||||
```bash Request
|
||||
curl --request POST \
|
||||
--url https://app.infisical.com/api/v2/workspace \
|
||||
--url https://app.infisical.com/api/v1/projects \
|
||||
--header 'Authorization: Bearer <token>' \
|
||||
--header 'Content-Type: application/json' \
|
||||
--data '{
|
||||
"projectName": "My Project",
|
||||
|
||||
@@ -16,7 +16,7 @@ customized depending on the intended use case.
|
||||
|
||||
## Secrets Overview
|
||||
|
||||
The **Secrets Overview** page captures a birds-eye-view of secrets and [folders](./folder) across environments.
|
||||
The **Secrets Overview** page captures a birds-eye-view of secrets and [folders](/documentation/platform/folder) across environments.
|
||||
This is useful for comparing secrets, identifying if anything is missing, and making quick changes.
|
||||
|
||||
|
||||
|
||||
@@ -21,6 +21,6 @@ Because certificates are time-bound and centrally managed, they’re easier to a
|
||||
|
||||
Infisical SSH gives you a secure, scalable way to manage infrastructure access using SSH certificates — without the overhead of running your own certificate authority, wiring trust across hosts, or building issuance workflows from scratch.
|
||||
|
||||
It replaces long-lived SSH keys with short-lived, identity-bound certificates and handles all the moving parts for you: operating CAs, configuring trust between users and hosts, and issuing certificates on demand. With Infisical SSH, you can register a host with [`infisical ssh add-host`](/docs/cli/commands/ssh#infisical-ssh-add-host), then connect with [`infisical ssh connect`](/docs/cli/commands/ssh#infisical-ssh-connect) — that’s all it takes.
|
||||
It replaces long-lived SSH keys with short-lived, identity-bound certificates and handles all the moving parts for you: operating CAs, configuring trust between users and hosts, and issuing certificates on demand. With Infisical SSH, you can register a host with [`infisical ssh add-host`](/cli/commands/ssh#infisical-ssh-add-host), then connect with [`infisical ssh connect`](/cli/commands/ssh#infisical-ssh-connect) — that’s all it takes.
|
||||
|
||||
The result is centralized, auditable SSH access that’s easy to use and built to scale with your infrastructure.
|
||||
|
||||
@@ -77,7 +77,7 @@ Prerequisites:
|
||||
</Steps>
|
||||
|
||||
<Tip>
|
||||
If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite OIDC login.
|
||||
If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](/documentation/platform/admin-panel/server-admin#default-organization) to expedite OIDC login.
|
||||
</Tip>
|
||||
|
||||
|
||||
|
||||
@@ -103,7 +103,7 @@ description: "Learn how to configure Keycloak OIDC for Infisical SSO."
|
||||
</Steps>
|
||||
|
||||
<Tip>
|
||||
If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite OIDC login.
|
||||
If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](/documentation/platform/admin-panel/server-admin#default-organization) to expedite OIDC login.
|
||||
</Tip>
|
||||
|
||||
<Note>
|
||||
|
||||
@@ -4,7 +4,7 @@ description: "Learn how to manage secrets in Docker Swarm services."
|
||||
---
|
||||
|
||||
In this guide, we'll demonstrate how to use Infisical for managing secrets within Docker Swarm.
|
||||
Specifically, we'll set up a sidecar container using the [Infisical Agent](/infisical-agent/overview), which authenticates with Infisical to retrieve secrets and access tokens.
|
||||
Specifically, we'll set up a sidecar container using the [Infisical Agent](/integrations/platforms/infisical-agent), which authenticates with Infisical to retrieve secrets and access tokens.
|
||||
These secrets are then stored in a shared volume accessible by other services in your Docker Swarm.
|
||||
|
||||
## Prerequisites
|
||||
@@ -12,7 +12,7 @@ These secrets are then stored in a shared volume accessible by other services in
|
||||
- Docker version 20.10.24 or newer
|
||||
- Basic knowledge of Docker Swarm
|
||||
- [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) installed on your system
|
||||
- Familiarity with the [Infisical Agent](/infisical-agent/overview)
|
||||
- Familiarity with the [Infisical Agent](/integrations/platforms/infisical-agent)
|
||||
|
||||
## Objective
|
||||
Our goal is to deploy an Nginx instance in your Docker Swarm cluster, configured to display Infisical secrets on its landing page. This will provide hands-on experience in fetching and utilizing secrets from Infisical within Docker Swarm. The principles demonstrated here are also applicable to Docker Compose deployments.
|
||||
|
||||
@@ -7,7 +7,7 @@ description: "Learn how to deliver secrets to Amazon Elastic Container Service."
|
||||
|
||||
This guide will go over the steps needed to access secrets stored in Infisical from Amazon Elastic Container Service (ECS).
|
||||
|
||||
At a high level, the steps involve setting up an ECS task with an [Infisical Agent](/infisical-agent/overview) as a sidecar container. This sidecar container uses [AWS Auth](/documentation/platform/identities/aws-auth) to authenticate with Infisical to fetch secrets/access tokens.
|
||||
At a high level, the steps involve setting up an ECS task with an [Infisical Agent](/integrations/platforms/infisical-agent) as a sidecar container. This sidecar container uses [AWS Auth](/documentation/platform/identities/aws-auth) to authenticate with Infisical to fetch secrets/access tokens.
|
||||
Once the secrets/access tokens are retrieved, they are then stored in a shared [Amazon Elastic File System](https://aws.amazon.com/efs/) (EFS) volume. This volume is then made accessible to your application and all of its replicas.
|
||||
|
||||
This guide primarily focuses on integrating Infisical Cloud with Amazon ECS on AWS Fargate and Amazon EFS.
|
||||
@@ -21,7 +21,7 @@ This guide requires the following prerequisites:
|
||||
- Git installed
|
||||
- Terraform v1.0 or later installed
|
||||
- Access to AWS credentials
|
||||
- Understanding of [Infisical Agent](/infisical-agent/overview)
|
||||
- Understanding of [Infisical Agent](/integrations/platforms/infisical-agent)
|
||||
|
||||
## What we will deploy
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@ This CRD offers the following features:
|
||||
### Prerequisites
|
||||
|
||||
- A project within Infisical.
|
||||
- A [machine identity](/docs/documentation/platform/identities/overview) ready for use in Infisical that has permissions to create dynamic secret leases in the project.
|
||||
- A [machine identity](/documentation/platform/identities/machine-identities) ready for use in Infisical that has permissions to create dynamic secret leases in the project.
|
||||
- You have already configured a dynamic secret in Infisical.
|
||||
- The operator is installed on to your Kubernetes cluster.
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@ This CRD offers the following features:
|
||||
### Prerequisites
|
||||
|
||||
- A project within Infisical.
|
||||
- A [machine identity](/docs/documentation/platform/identities/overview) ready for use in Infisical that has permissions to create secrets in your project.
|
||||
- A [machine identity](/documentation/platform/identities/machine-identities) ready for use in Infisical that has permissions to create secrets in your project.
|
||||
- The operator is installed on to your Kubernetes cluster.
|
||||
|
||||
## Example usage
|
||||
|
||||
@@ -256,7 +256,7 @@ spec:
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
@@ -432,7 +432,7 @@ spec:
|
||||
|
||||
|
||||
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
|
||||
|
||||
|
||||
|
||||
@@ -803,7 +803,7 @@ Follow the instructions below to create and store the service token in a Kuberne
|
||||
|
||||
#### 1. Generate service token
|
||||
|
||||
You can generate a [service token](../../documentation/platform/token) for an Infisical project by heading over to the Infisical dashboard then to Project Settings.
|
||||
You can generate a [service token](/documentation/platform/token) for an Infisical project by heading over to the Infisical dashboard then to Project Settings.
|
||||
|
||||
#### 2. Create Kubernetes secret containing service token
|
||||
|
||||
|
||||
@@ -77,7 +77,7 @@ description: "Learn how to configure a DigitalOcean App Platform Sync for Infisi
|
||||
</Tab>
|
||||
|
||||
<Tab title="API">
|
||||
To create a **DigitalOcean App Platform Sync**, make an API request to the [Create DigitalOcean Sync](/api-reference/endpoints/secret-syncs/digital-ocean/create) API endpoint.
|
||||
To create a **DigitalOcean App Platform Sync**, make an API request to the [Create DigitalOcean Sync](/api-reference/endpoints/secret-syncs/digital-ocean-app-platform/create) API endpoint.
|
||||
|
||||
### Sample request
|
||||
|
||||
|
||||
@@ -85,5 +85,5 @@ The following operators are available for conditions:
|
||||
| `$in` | Matches any value in array | `{ environment: { $in: ["staging", "production"] } }` |
|
||||
| `$glob` | Pattern matching using glob syntax | `{ secretPath: { $glob: "/app/\*" } }` |
|
||||
|
||||
These details are especially useful if you're using the API to [create new project roles](../api-reference/endpoints/project-roles/create).
|
||||
These details are especially useful if you're using the API to [create new project roles](/api-reference/endpoints/project-roles/create).
|
||||
The rules outlined on this page, also apply when using our Terraform Provider to manage your Infisical project roles, or any other of our clients that manage project roles.
|
||||
|
||||
@@ -56,7 +56,7 @@ This example demonstrates how to use the Infisical Go SDK in a simple Go applica
|
||||
|
||||
<Warning>
|
||||
We do not recommend hardcoding your [Machine Identity
|
||||
Tokens](/platform/identities/overview). Setting it as an environment variable
|
||||
Tokens](/documentation/platform/identities/machine-identities). Setting it as an environment variable
|
||||
would be best.
|
||||
</Warning>
|
||||
|
||||
|
||||
@@ -36,7 +36,7 @@ puts "Secret: #{single_test_secret}"
|
||||
This example demonstrates how to use the Infisical Ruby SDK in a simple Ruby application. The application retrieves a secret named `API_KEY` from the `dev` environment of the `YOUR_PROJECT_ID` project.
|
||||
|
||||
<Warning>
|
||||
We do not recommend hardcoding your [Machine Identity Tokens](/platform/identities/overview). Setting it as an environment variable would be best.
|
||||
We do not recommend hardcoding your [Machine Identity Tokens](/documentation/platform/identities/machine-identities). Setting it as an environment variable would be best.
|
||||
</Warning>
|
||||
|
||||
# Installation
|
||||
|
||||
@@ -1,202 +0,0 @@
|
||||
---
|
||||
title: "Standalone"
|
||||
description: "Learn how to deploy Infisical in a standalone environment."
|
||||
---
|
||||
|
||||
# Self-Hosting Infisical with Standalone Infisical
|
||||
|
||||
Deploying Infisical in a standalone environment is a great way to get started with Infisical without having to use containers. This guide will walk you through the process of deploying Infisical in a standalone environment.
|
||||
This is one of the easiest ways to deploy Infisical. It is a single executable, currently only supported on Debian-based systems.
|
||||
|
||||
The standalone deployment implements the "bring your own database" (BYOD) approach. This means that you will need to provide your own databases (specifically Postgres and Redis) for the Infisical services to use. The standalone deployment does not include any databases.
|
||||
|
||||
If you wish to streamline the deployment process, we recommend using the Ansible role for Infisical. The Ansible role automates the end to end deployment process, and will take care of everything like databases, redis deployment, web serving, and availability.
|
||||
- [Automated Deployment with high availability (HA)](/self-hosting/deployment-options/native/high-availability)
|
||||
|
||||
|
||||
## Prerequisites
|
||||
- A server running a Debian-based operating system (e.g., Ubuntu, Debian)
|
||||
- A Postgres database
|
||||
- A Redis database
|
||||
|
||||
## Installing Infisical
|
||||
Installing Infisical is as simple as running a single command. You can install Infisical by running the following command:
|
||||
|
||||
```bash
|
||||
$ curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-core/cfg/setup/bash.deb.sh' | sudo bash && sudo apt-get install -y infisical-core
|
||||
```
|
||||
|
||||
## Running Infisical
|
||||
Running Infisical and serving it to the web has a few steps. Below are the steps to get you started with running Infisical in a standalone environment.
|
||||
* Setup environment variables
|
||||
* Running Postgres migrations
|
||||
* Create system daemon
|
||||
* Exposing Infisical to the internet
|
||||
|
||||
|
||||
<Steps>
|
||||
<Step title="Setup environment variables">
|
||||
To use Infisical you'll need to configure the environment variables beforehand. You can acheive this by creating an environment file to be used by Infisical.
|
||||
|
||||
|
||||
#### Create environment file
|
||||
```bash
|
||||
$ mkdir -p /etc/infisical && touch /etc/infisical/environment
|
||||
```
|
||||
|
||||
After creating the environment file, you'll need to fill it out with your environment variables.
|
||||
|
||||
#### Edit environment file
|
||||
```bash
|
||||
$ nano /etc/infisical/environment
|
||||
```
|
||||
|
||||
```bash
|
||||
DB_CONNECTION_URI=postgres://user:password@localhost:5432/infisical # Replace with your Postgres database connection URI
|
||||
REDIS_URL=redis://localhost:6379 # Replace with your Redis connection URI
|
||||
ENCRYPTION_KEY=your_encryption_key # Replace with your encryption key (can be generated with: openssl rand -hex 16)
|
||||
AUTH_SECRET=your_auth_secret # Replace with your auth secret (can be generated with: openssl rand -base64 32)
|
||||
```
|
||||
|
||||
<Info>
|
||||
The minimum required environment variables are `DB_CONNECTION_URI`, `REDIS_URL`, `ENCRYPTION_KEY`, and `AUTH_SECRET`. We recommend You take a look at our [list of all available environment variables](/docs/self-hosting/configuration/envars#general-platform), and configure the ones you need.
|
||||
</Info>
|
||||
</Step>
|
||||
<Step title="Running Postgres migrations">
|
||||
|
||||
Assuming you're starting with a fresh Postgres database, you'll need to run the Postgres migrations to syncronize the database schema.
|
||||
The migration command will use the environment variables you configured in the previous step.
|
||||
|
||||
|
||||
```bash
|
||||
$ eval $(cat /etc/infisical/environment) infisical-core migration:latest
|
||||
```
|
||||
|
||||
<Info>
|
||||
This step will need to be repeated if you update Infisical in the future.
|
||||
</Info>
|
||||
|
||||
</Step>
|
||||
|
||||
<Step title="Create service file">
|
||||
```bash
|
||||
$ nano /etc/systemd/system/infisical.service
|
||||
```
|
||||
</Step>
|
||||
<Step title="Create Infisical service">
|
||||
|
||||
Create a systemd service file for Infisical. Creating a systemd service file will allow Infisical to start automatically when the system boots or in case of a crash.
|
||||
|
||||
```bash
|
||||
$ nano /etc/systemd/system/infisical.service
|
||||
```
|
||||
|
||||
```ini
|
||||
[Unit]
|
||||
Description=Infisical Service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
# The path to the environment file we created in the previous step
|
||||
EnvironmentFile=/etc/infisical/environment
|
||||
Type=simple
|
||||
# Change the user to the user you want to run Infisical as
|
||||
User=root
|
||||
ExecStart=/usr/local/bin/infisical-core
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
Now we need to reload the systemd daemon and start the Infisical service.
|
||||
|
||||
```bash
|
||||
$ systemctl daemon-reload
|
||||
$ systemctl start infisical
|
||||
$ systemctl enable infisical
|
||||
```
|
||||
|
||||
<Info>
|
||||
You can check the status of the Infisical service by running `systemctl status infisical`.
|
||||
It is also a good idea to check the logs for any errors by running `journalctl --no-pager -u infisical`.
|
||||
</Info>
|
||||
</Step>
|
||||
<Step title="Exposing Infisical to the internet">
|
||||
Exposing Infisical to the internet requires setting up a reverse proxy. You can use any reverse proxy of your choice, but we recommend using HAProxy or Nginx. Below is an example of how to set up a reverse proxy using HAProxy.
|
||||
|
||||
#### Install HAProxy
|
||||
```bash
|
||||
$ apt-get install -y haproxy
|
||||
```
|
||||
|
||||
#### Edit HAProxy configuration
|
||||
```bash
|
||||
$ nano /etc/haproxy/haproxy.cfg
|
||||
```
|
||||
|
||||
```ini
|
||||
global
|
||||
log /dev/log local0
|
||||
log /dev/log local1 notice
|
||||
chroot /var/lib/haproxy
|
||||
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
|
||||
stats timeout 30s
|
||||
user haproxy
|
||||
group haproxy
|
||||
daemon
|
||||
|
||||
defaults
|
||||
log global
|
||||
mode http
|
||||
option httplog
|
||||
option dontlognull
|
||||
timeout connect 5000
|
||||
timeout client 50000
|
||||
timeout server 50000
|
||||
|
||||
frontend http-in
|
||||
bind *:80
|
||||
default_backend infisical
|
||||
|
||||
backend infisical
|
||||
server infisicalapp 127.0.0.1:8080 check
|
||||
```
|
||||
|
||||
<Warning>
|
||||
If you decide to use Nginx, then please be aware that the configuration will be different. **Infisical listens on port 8080**.
|
||||
</Warning>
|
||||
|
||||
#### Restart HAProxy
|
||||
```bash
|
||||
$ systemctl restart haproxy
|
||||
```
|
||||
|
||||
</Step>
|
||||
</Steps>
|
||||
|
||||
And that's it! You have successfully deployed Infisical in a standalone environment. You can now access Infisical by visiting `http://your-server-ip`.
|
||||
|
||||
<Note>
|
||||
Please take note that the Infisical team cannot provide infrastructure support for **free self-hosted** deployments.<br/>If you need help with infrastructure, we recommend upgrading to a [paid plan](https://infisical.com/pricing) which includes infrastructure support.
|
||||
|
||||
You can also join our community [Slack](https://infisical.com/slack) for help and support from the community.
|
||||
</Note>
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
<Accordion title="I'm getting a error related to the HAProxy (Missing LF on last line, file might have been truncated at position X)">
|
||||
This is a common issue related to the HAProxy configuration file. The error is caused by the missing newline character at the end of the file. You can fix this by adding a newline character at the end of the file.
|
||||
|
||||
```bash
|
||||
$ echo "" >> /etc/haproxy/haproxy.cfg
|
||||
```
|
||||
</Accordion>
|
||||
<Accordion title="I'm unable to connect to access the Infisical instance on the web">
|
||||
This issue can be caused by a number of reasons, mostly realted to the network configuration. Here are a few things you can check:
|
||||
1. Ensure that the firewall is not blocking the connection. You can check this by running `ufw status`. Ensure that port 80 is open.
|
||||
2. If you're using a cloud provider like AWS or GCP, ensure that the security group allows traffic on port 80.
|
||||
3. Ensure that the HAProxy service is running. You can check this by running `systemctl status haproxy`.
|
||||
4. Ensure that the Infisical service is running. You can check this by running `systemctl status infisical`.
|
||||
</Accordion>
|
||||
@@ -11,7 +11,7 @@ Choose from a number of deployment options listed below to get started.
|
||||
title="Docker"
|
||||
color="#000000"
|
||||
icon="docker"
|
||||
href="deployment-options/standalone-infisical"
|
||||
href="./deployment-options/standalone-infisical"
|
||||
>
|
||||
Use the fully packaged docker image to deploy Infisical anywhere.
|
||||
</Card>
|
||||
@@ -20,7 +20,7 @@ Choose from a number of deployment options listed below to get started.
|
||||
title="Docker Compose"
|
||||
color="#000000"
|
||||
icon="docker"
|
||||
href="deployment-options/docker-compose"
|
||||
href="./deployment-options/docker-compose"
|
||||
>
|
||||
Install Infisical using our Docker Compose template.
|
||||
</Card>
|
||||
@@ -28,7 +28,7 @@ Choose from a number of deployment options listed below to get started.
|
||||
title="Kubernetes"
|
||||
color="#000000"
|
||||
icon="gear-complex-code"
|
||||
href="deployment-options/kubernetes-helm"
|
||||
href="./deployment-options/kubernetes-helm"
|
||||
>
|
||||
Use our Helm chart to Install Infisical on your Kubernetes cluster.
|
||||
</Card>
|
||||
@@ -36,7 +36,7 @@ Choose from a number of deployment options listed below to get started.
|
||||
<Card
|
||||
title="Linux package"
|
||||
color="#000000"
|
||||
href="deployment-options/native/linux-package/installation"
|
||||
href="./deployment-options/native/linux-package/installation"
|
||||
>
|
||||
Install Infisical on your system without containers using our Linux package.
|
||||
</Card>
|
||||
|
||||
Reference in New Issue
Block a user