@infisical/sdk
Advanced tools
Open-source, end-to-end encrypted tool to manage secrets and configs across your team and infrastructure.
import express from "express";
import { InfisicalClient, LogLevel } from "@infisical/sdk";
const app = express();
const PORT = 3000;
const client = new InfisicalClient({
clientId: "YOUR_CLIENT_ID",
clientSecret: "YOUR_CLIENT_SECRET",
logLevel: LogLevel.Error
});
app.get("/", async (req, res) => {
// access value
const name = await client.getSecret({
environment: "dev",
projectId: "656dba7f979ebd6652586669",
path: "/",
type: "shared",
secretName: "NAME"
});
res.send(`Hello! My name is: ${name.secretValue}`);
});
app.listen(PORT, async () => {
// initialize client
console.log(`App listening on port ${port}`);
});
$ npm install @infisical/sdk
Import the SDK and create a client instance with your Machine Identity.
const { InfisicalClient, LogLevel } = require("@infisical/sdk");
const client = new InfisicalClient({
clientId: "YOUR_CLIENT_ID",
clientSecret: "YOUR_CLIENT_SECRET",
logLevel: LogLevel.Error
});
Using ES6:
import { InfisicalClient } from "@infisical/sdk";
const client = new InfisicalClient({
clientId: "YOUR_CLIENT_ID",
clientSecret: "YOUR_CLIENT_SECRET",
logLevel: LogLevel.Error
});
// your app logic
We currently provide two ways to authenticate using Machine Identities. Either provide a direct access token that you can obtain from the authentication API, or provide your Machine Identity Client ID and client secret.
| Parameter | Type | Description |
|---|---|---|
clientId | string | Your machine identity client ID. |
clientSecret | string | Your machine identity client secret. |
accessToken | string (optional) | An access token obtained from the machine identity login endpoint. |
siteUrl | string (optional) | Your self-hosted Infisical site URL. Default: https://app.infisical.com. |
logLevel | enum (optional) | The level of logs you wish to log The logs are derived from Rust, as we have written our base SDK in Rust. Default: Error. |
const secrets = await client.listSecrets({
environment: "dev",
projectId: "656dba7f979ebd6652586669",
path: "/foo/bar/",
includeImports: false
});
Retrieve all secrets within a given environment and folder path. The service token used must have access to the given path and environment.
| Parameter | Type | Description |
|---|---|---|
environment | string | The slug name (dev, prod, etc) of the environment from where secrets should be fetched from. |
projectId | string | The project ID where the secret lives in. |
secretName | string | The name of the secret you want to get. |
path | string (optional) | The path from where secrets should be fetched from. |
includeImports | boolean, (optional) | Whether or not to include imported secrets from the current path. Read about secret import. |
Retrieve a secret from Infisical:
const secret = await client.getSecret({
environment: "dev",
projectId: "656dba7f979ebd6652586669",
secretName: "API_KEY",
path: "/",
type: "shared"
});
const value = secret.secretValue; // get its value
By default, getSecret() fetches and returns a shared secret.
To explicitly retrieve a personal secret:
const secret = await client.getSecret({
environment: "dev",
projectId: "656dba7f979ebd6652586669",
secretName: "API_KEY",
path: "/",
type: "personal"
});
const value = secret.secretValue; // get its value
| Parameter | Type | Description |
|---|---|---|
secretName | string | The key of the secret to retrieve. |
projectId | string | The project ID where the secret lives in. |
environment | string | The slug name (dev, prod, etc) of the environment from where secrets should be fetched from. |
path | string (optional) | The path from where secrets should be fetched from. |
type | string (optional) | The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared". |
Create a new secret in Infisical:
const newApiKey = await client.createSecret({
projectId: "656dba7f979ebd6652586669",
environment: "dev",
secretName: "API_KEY",
secretValue: "SECRET VALUE",
path: "/",
type: "shared"
});
| Parameter | Type | Description |
|---|---|---|
secretName | string | The key of the secret to create. |
secretValue | string | The value of the secret. |
projectId | string | The project ID where the secret lives in. |
environment | string | The slug name (dev, prod, etc) of the environment where secret should be created |
path | string (optional) | The path from where secret should be created. |
type | string, (optional) | The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared". A personal secret can only be created if a shared secret with the same name exists. |
Update an existing secret in Infisical:
const updatedApiKey = await client.updateSecret({
secretName: "API_KEY",
secretValue: "NEW SECRET VALUE",
projectId: "656dba7f979ebd6652586669",
environment: "dev",
path: "/",
type: "shared"
});
| Parameter | Type | Description |
|---|---|---|
secretName | string | The key of the secret to update. |
secretValue | string | The new value of the secret. |
environment | string | The slug name (dev, prod, etc) of the environment where secret should be updated. |
projectId | string | The project ID where the secret lives in. |
path | string (optional) | The path from where secret should be updated. |
type | string (optional) | The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared". |
Delete a secret in Infisical:
const deletedSecret = await client.deleteSecret({
secretName: "API_KEY",
environment: "dev",
projectId: "656dba7f979ebd6652586669",
path: "/",
type: "shared"
});
| Parameter | Type | Description |
|---|---|---|
secretName | string | The key of the secret to delete. |
projectId | string | The project ID where the secret lives in. |
environment | string | The slug name (dev, prod, etc) of the environment where secret should be deleted. |
path | string (optional) | The path from where secret should be deleted. |
type | string, (optional) | The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared". Note that deleting a shared secret also deletes all associated personal secrets. |
Infisical Node.js SDK is distributed under the terms of the MIT license.
FAQs
The Infisical SDK provides a convenient way to interact with the Infisical API.
The npm package @infisical/sdk receives a total of 6,381 weekly downloads. As such, @infisical/sdk popularity was classified as popular.
We found that @infisical/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Newly introduced telemetry in devenv 1.4 sparked a backlash over privacy concerns, leading to the removal of its AI-powered feature after strong community pushback.
Security News
TC39 met in Seattle and advanced 9 JavaScript proposals, including three to Stage 4, introducing new features and enhancements for a future ECMAScript release.
Security News
Deno 2.2 enhances Node.js compatibility, improves dependency management, adds OpenTelemetry support, and expands linting and task automation for developers.