@infisical/backstage-backend-plugin-infisical

Backstage Infisical Backend Plugin

This plugin provides integration between Backstage and Infisical, a secrets management platform. It allows you to manage, access, and modify secrets stored in Infisical directly through your Backstage instance.

Features

• Fetch secrets from Infisical workspaces
• Create, update, and delete secrets
• List environments for workspaces
• Support for both API token and client credentials authentication methods

Installation

This plugin is published as @infisical/backstage-backend-plugin-infisical. To install it in your Backstage backend, run:

# From your Backstage root directory
yarn --cwd packages/backend add @infisical/backstage-backend-plugin-infisical

Configuration

Add the following to your app-config.yaml to configure the plugin:

infisical:
  baseUrl: https://app.infisical.com  # Optional, defaults to https://app.infisical.com
  
  # You must configure one of the following authentication methods:
  authentication:
    auth_token:
      # Option 1: API Token Authentication
      token: ${INFISICAL_API_TOKEN}
    
    # Option 2: Client Credentials Authentication
    universalAuth:
      clientId: ${INFISICAL_CLIENT_ID}
      clientSecret: ${INFISICAL_CLIENT_SECRET}

Usage

Add the plugin to your backend in packages/backend/src/index.ts:

import { createBackend } from '@backstage/backend-defaults';

const backend = createBackend();

// ... other plugins
backend.add(import('@infisical/backstage-backend-plugin-infisical'));

backend.start();

Development

To start the plugin in development mode:

# From the plugin directory
yarn start

This starts the backend in standalone mode on http://localhost:7007.

Running Tests

yarn test