Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@dmno/infisical-plugin
Advanced tools
Check out the docs for more information on how to use DMNO with Infisical.
*** THIS IS PREVIEW SOFTWARE AND SUBJECT TO RAPID CHANGE ***
If you have any questions, please reach out to us on Discord.
@dmno/infisical-plugin 
Securely use your secrets and data from Infisical within DMNO Config Engine.
Plugin
Initialization
You must initialize an instance of the plugin, giving it a unique ID and wiring up the access token to its location within your config schema.
Then you can use the plugin instance which now has authentication, to fetch individual items by their name.
For example:
import { DmnoBaseTypes, defineDmnoService, configPath, NodeEnvType, switchBy, configPath } from 'dmno';
import { InfisicalDmnoPlugin, InfisicalTypes } from '@dmno/infisical-plugin';
// automatically injects the required config items by type
const infisicalPlugin = new InfisicalDmnoPlugin('infisical', {
environment: "dev",
});
// or you can explicitly wire it up by path, this is equivalent to the above
const infisicalPlugin2 = new InfisicalDmnoPlugin('infisical', {
environment: "dev",
clientId: configPath('..', 'INFISICAL_CLIENT_ID'),
clientSecret: configPath('..', 'INFISICAL_CLIENT_SECRET'),
projectId: configPath('..', 'INFISICAL_PROJECT_ID'),
});
export default defineDmnoService({
schema: {
//...
INFISICAL_CLIENT_ID: {
extends: InfisicalTypes.clientId,
},
INFISICAL_CLIENT_SECRET: {
extends: InfisicalTypes.clientSecret,
},
INFISICAL_PROJECT_ID: {
extends: InfisicalTypes.projectId,
},
// USES IMPLICIT CONFIG ITEM NAME, must match the name in Infisical
ITEM_FROM_INFISICAL: {
value: infisicalPlugin.secret()
},
// USES EXPLICIT NAME from Infisical
ITEM_FROM_INFISICAL_BY_NAME: {
value: infisicalPlugin.secret('MY_SECRET_NAME')
},
//...
Since the access token is sensitive, you'll need to populate the value of INFISICAL_CLIENT_SECRET using an override. For local development, you can store the machine access token in your .dmno/.env.local file, and in deployed environments you can set it as an environment variable.
Value Resolvers
Fetch item by Name
infisicalPlugin.secret(nameOverride)
Data Types
InfisicalTypes.clientIdInfisicalTypes.clientSecretInfisicalTypes.environmentInfisicalTypes.projectId
FAQs
dmno plugin to pull secrets from Infisical
The npm package @dmno/infisical-plugin receives a total of 1 weekly downloads. As such, @dmno/infisical-plugin popularity was classified as not popular.
We found that @dmno/infisical-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 08 Nov 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024