mirror of
https://github.com/Infisical/infisical.git
synced 2026-01-10 16:08:20 -05:00
96 lines
2.7 KiB
Plaintext
96 lines
2.7 KiB
Plaintext
---
|
|
title: "Packer"
|
|
description: "Learn how to fetch secrets from Infisical with Packer using a data source"
|
|
---
|
|
|
|
This guide demonstrates how to use the Infisical Packer plugin to fetch secret data using a data source. The Packer plugin supports both [Infisical Cloud](https://app.infisical.com) and [self-hosted instances of Infisical](https://infisical.com/docs/self-hosting/overview).
|
|
|
|
## Prerequisites
|
|
|
|
Before you begin, make sure you have:
|
|
|
|
- [Packer](https://developer.hashicorp.com/packer/install) installed
|
|
- An Infisical account with access to a project
|
|
- Basic understanding of Packer
|
|
|
|
## Project Setup
|
|
|
|
### Configure Provider
|
|
|
|
First, specify the Infisical provider in your Packer configuration:
|
|
|
|
```hcl
|
|
packer {
|
|
required_plugins {
|
|
infisical = {
|
|
source = "github.com/infisical/infisical"
|
|
version = ">=0.0.1"
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
### Authentication
|
|
|
|
Using a Machine Identity, you can authenticate with [Universal Auth](https://infisical.com/docs/documentation/platform/identities/universal-auth).
|
|
|
|
```hcl
|
|
data "infisical-secrets" "dev-secrets" {
|
|
folder_path = "/"
|
|
env_slug = "dev" # The environment to list secrets from (e.g. dev, staging, prod)
|
|
project_id = "00000000-0000-0000-0000-000000000000"
|
|
host = "https://app.infisical.com" # Optional for cloud, required for self-hosted
|
|
|
|
universal_auth {
|
|
client_id = "00000000-0000-0000-0000-000000000000"
|
|
client_secret = "..." # Optional if using INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET env variable
|
|
}
|
|
}
|
|
```
|
|
|
|
Learn more about [machine identities](/documentation/platform/identities/machine-identities).
|
|
|
|
## Using Secrets in Packer
|
|
|
|
You're able to fetch secrets from Infisical using the `infisical-secrets` Data Source:
|
|
|
|
```hcl
|
|
# Fetch all secrets from a folder
|
|
data "infisical-secrets" "dev-secrets" {
|
|
folder_path = "/"
|
|
env_slug = "dev"
|
|
project_id = "00000000-0000-0000-0000-000000000000"
|
|
|
|
universal_auth {
|
|
...
|
|
}
|
|
}
|
|
|
|
locals {
|
|
secrets = data.infisical-secrets.dev-secrets.secrets
|
|
}
|
|
|
|
source "null" "basic-example" {
|
|
communicator = "none"
|
|
}
|
|
|
|
build {
|
|
sources = [
|
|
"source.null.basic-example"
|
|
]
|
|
|
|
provisioner "shell-local" {
|
|
inline = [
|
|
"echo secret_key: ${local.secrets["SECRET_KEY"].secret_value}",
|
|
]
|
|
}
|
|
}
|
|
```
|
|
|
|
The `local.secrets` object maps secret keys to [secret objects](https://github.com/Infisical/packer-plugin-infisical/blob/main/docs/datasources/secrets.md#secret-object).
|
|
|
|
See also:
|
|
- [Packer Plugin Repository Example](https://github.com/Infisical/packer-plugin-infisical/blob/main/example/build.pkr.hcl)
|
|
- [Packer Plugin Repository Docs](https://github.com/Infisical/packer-plugin-infisical/tree/main/docs)
|
|
- [Machine Identity setup guide](/documentation/platform/identities/machine-identities)
|