infisical

infisical-go

Infisical client library for golang.

Usage

Sample Code

package main

import (
	"log"

	"github.com/meinside/infisical-go"
)

// NOTE: put yours here
const (
	// authentication
	apiKey       = "ak.1234567890.abcdefghijk"
	clientID     = "abcdefgh-0987-6543-xyzw-0123abcd4567"
	clientSecret = "abcdefghijklmnopqrstuvwxyz0123456789"

	workspaceID = "012345abcdefg"
	environment = "dev"
	keyPath     = "/folder1/folder2"

	//verbose = true // => for dumping HTTP requests & responses
	verbose = false
)

func main() {
	// create a client,
	client := infisical.NewClient(apiKey, clientID, clientSecret)
	//client.SetAPIBaseURL("https://app.infisical.com") // change API base URL (eg. for self-hosted infisical servers)
	client.Verbose = verbose

	// fetch all secrets at a path,
	if res, err := client.ListSecrets(infisical.NewParamsListSecrets().
		SetWorkspaceID(workspaceID).
		SetEnvironment(environment).
		SetSecretPath(keyPath),
	); err == nil {
		log.Printf("retrieved %d secret(s) at path '%s'", len(res.Secrets), keyPath)

		for _, secret := range res.Secrets {
			// fetch a value directly with path + key
			key := keyPath + "/" + secret.SecretKey

			if value, err := client.RetrieveSecretValue(secret.Workspace, secret.Environment, secret.Type, key); err == nil {
				log.Printf("retrieved value for secret keypath '%s' = '%s'", key, value)
			} else {
				panic(err)
			}
		}
	} else {
		panic(err)
	}
}

Output:

2023/08/16 14:30:33 retrieved 2 secret(s) at path '/folder1/folder2'
2023/08/16 14:30:34 retrieved value for secret key '/folder1/folder2/KEY_A' = 'value A'
2023/08/16 14:30:36 retrieved value for secret key '/folder1/folder2/KEY_B' = 'value B'

Helper Functions

Use helper.Value() for retrieving values:

package main

import (
	"log"

	"github.com/meinside/infisical-go"
	"github.com/meinside/infisical-go/helper"
)

// NOTE: put yours here
const (
	clientID     = "abcdefgh-0987-6543-xyzw-0123abcd4567"
	clientSecret = "abcdefghijklmnopqrstuvwxyz0123456789"

	workspaceID   = "012345abcdefg"
	environment   = "dev"
	secretType    = infisical.SecretTypeShared
	secretKeyPath = "/folder1/folder2/KEY_A"
)

func main() {
	value, err := helper.Value(clientID, clientSecret, workspaceID, environment, secretType, secretKeyPath)
	if err != nil {
		panic(err)
	}

	log.Printf("retrieved value for key: %s = %s", secretKeyPath, value)
}

Implemented APIs

• Users (./users.go)

• Get My User // DEPRECATED
• Get My Organization // DEPRECATED

• Identities (./identities.go)

• Create
• Update
• Delete

• Universal Auth (./universal_auth.go)

• Login
• Attach
• Retrieve
• Update
• Create Client Secret
• List Client Secrets
• Revoke Client Secret
• Renew Access Token

• Organizations (./organizations.go)

• Get User Memberships
• Update User Membership
• Delete Membership
• List Identity Memberships
• Get Projects

• Projects (./projects.go)

• Get User Memberships
• Update User Membership
• Delete User Membership
• List Identity Memberships
• Update Identity Membership
• Delete Identity Membership
• Get Key // DEPRECATED
• Get Snapshots
• Roll Back to Snapshot

• Environments (./environments.go)

• Create
• Update
• Delete

• Folders (./folders.go)

• List
• Create
• Update
• Delete

• Secrets (./secrets.go)

• List
• Create
• Retrieve
• Update
• Delete

• Secret imports (./secret_imports.go)

• List
• Create
• Update
• Delete

• Audit Logs (./audit_logs.go)

• Export

Error Codes

There is no detailed description in error responses from API (for now),

so it's sometimes quite hard to find out what is going wrong.

In my case, the reasons for common HTTP errors were:

• HTTP 400: there were some missing parameters, or some of them were wrong/misformatted.
• HTTP 401: was trying to access something with expired or wrong API key and/or token.
• HTTP 403: was trying to access things that were not accessible with current API key and/or token.
• HTTP 404: was trying to access something that doesn't exist; wrong key-path or etc.

Test

With some environment variables:

export INFISICAL_API_KEY=ak.1234567890.abcdefghijk
export INFISICAL_WORKSPACE_ID=01234567-abcd-efgh-0987-ijklmnopqrst
export INFISICAL_CLIENT_ID=abcdefgh-0987-6543-xyzw-0123abcd4567
export INFISICAL_CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz0123456789
export INFISICAL_ENVIRONMENT=dev
#export VERBOSE=true

run test:

$ go test

CLI

I built a CLI for testing and personal use.

Known Issues / Todos

E2EE

E2EE features were removed due to the deprecation of related endpoints.

So projects with E2EE setting enabled may not work.

Version v0.2.0 will be the last version with E2EE support.