Retrieving Secret Values Using REST Services in Infisical
- 1. Generate ClientId and ClientSecret
- 2. Attach the Machine Identities to The Project
- 3. Obtain accessToken using ClientId and ClientSecret
- 4. Retrieving Secret Value Using AccessToken
- 5. Conclusion
- 6. Reference
Infisical is the open source secret management platform that developers use to centralize their application configuration and secrets like API keys.
What Attracts Me Most: The Ability to Self-Host and a Community Edition That Fully Meets Personal Needs
This article simply introductions how to configure and obtain new credentials.
1. Generate ClientId and ClientSecret
Go to your Infisical dashboard page, and you will see the “Access Control” menu on left panel.
Click in sequence: “Access Control” -> “Machine identities” -> “Create Identify“,enter the “Name” and select the “Role”, Finally, click the “Create” button to enter the configuration page.
On the confiuration page, you can confiure the token expiration time or the trusted IPs. You can also keep all setting at their default, click the “Configure” button.
Return to the Machine Identities list page, click the key icon button on the right, and you will see the Client ID, then, click the “Create” button to generate the Client Secret.
Finally, Copy the Client ID and Client Secret to secure location. Be careful, the Client Secret will only be displayed once, if you lose it,you will have to regenerate it.
2. Attach the Machine Identities to The Project
Return to the Infisical dashboard page, and click the “Add new Project” button to create a test project.
Click the “Explorer” button to enter the “test project”, click in sequence, “Access Control” -> “Machine Identities” -> “Add identity”, Select the machine identities you previously created, and choose the role “Developer”, finally to the “Create” button.
3. Obtain accessToken using ClientId and ClientSecret
Now we have the ClientID and the ClientSecret, the next step is to request an accessToken from the Infisical server using them.
$ curl --request POST \
--url https://<your infisical host>/api/v1/auth/universal-auth/login \
--header 'Content-Type: application/json' \
--data '{
"clientId": "<Client ID>",
"clientSecret": "<Client Secret>"
}'
{
"accessToken": "eyJhbGciOiJ...........w8KsMTs",
"expiresIn": 2592000,
"accessTokenMaxTTL": 2592000,
"tokenType": "Bearer"
}
4. Retrieving Secret Value Using AccessToken
# workspaceId, you can find it in the browser's URL
# secretKey, the secret key
# environment, dev or prod, maybe more
# secretPath, the secret directory
$ curl --request GET \
--url https://<your infisical host>/api/v3/secrets/raw/<secretKey>?workspaceId=66f10299543f9f3255dfba57&environment=dev \
--header 'Authorization: Bearer <your access token>'
{
"secret": {
"_id": "66f11438543f9f3255dfc08f",
"version": 1,
"workspace": "66f10299543f9f3255dfba57",
"type": "shared",
"environment": "dev",
"secretKey": "MY_PASSWORD",
"secretValue": "123321",
"secretComment": ""
}
}
5. Conclusion
REST services are more universal, as they can be implemented in any language, and of course, different SDKs can be used according to one’s enviroment. In summary, this is a process of authentication to obtain the secret value, which is sufficient to meet my normal needs.
For more details, please refer to the “Reference” section.