Add initial project files including LICENSE, README, example Docker Compose, and infisical-init script
This commit is contained in:
commit
dea0f71a38
21
LICENSE
Normal file
21
LICENSE
Normal file
@ -0,0 +1,21 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2026 Infisical Painless Integration Contributors
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
87
README.md
Normal file
87
README.md
Normal file
@ -0,0 +1,87 @@
|
||||
# Infisical Painless Integration
|
||||
|
||||
This repository provides a simple script to integrate Infisical secrets management into your existing Docker Swarm or Docker Compose services without modifying your application code.
|
||||
|
||||
## Overview
|
||||
|
||||
The `infisical-init` script automatically installs the Infisical CLI, authenticates with your Infisical instance, and either exports secrets to a file or runs your application command with secrets injected as environment variables.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- An Infisical account and project
|
||||
- Docker and Docker Compose installed
|
||||
- Required environment variables set (see below)
|
||||
|
||||
## Environment Variables
|
||||
|
||||
The following environment variables must be set:
|
||||
|
||||
- `INFISICAL_API_URL`: URL of your Infisical API instance
|
||||
- `INFISICAL_CLIENT_ID`: Client ID for authentication
|
||||
- `INFISICAL_CLIENT_SECRET`: Client secret for authentication
|
||||
- `INFISICAL_PROJECT_ID`: ID of your Infisical project
|
||||
- `INFISICAL_ENVIRONMENT`: Environment name (e.g., "dev", "prod")
|
||||
|
||||
## Usage
|
||||
|
||||
1. Update your stack file to match the example in `compose.example.yml`
|
||||
2. Set the required environment variables
|
||||
3. Mount the `infisical-init` script as a volume
|
||||
4. Configure your service's entrypoint to run the script
|
||||
|
||||
### Example Docker Compose
|
||||
|
||||
```yaml
|
||||
services:
|
||||
your-app:
|
||||
image: your-image
|
||||
volumes:
|
||||
- ./infisical-init:/infisical-init.sh
|
||||
environment:
|
||||
INFISICAL_CLIENT_ID: ${INFISICAL_CLIENT_ID}
|
||||
INFISICAL_CLIENT_SECRET: ${INFISICAL_CLIENT_SECRET}
|
||||
INFISICAL_API_URL: ${INFISICAL_API_URL}
|
||||
INFISICAL_ENVIRONMENT: ${INFISICAL_ENVIRONMENT}
|
||||
INFISICAL_PROJECT_ID: ${INFISICAL_PROJECT_ID}
|
||||
entrypoint:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
chmod +x /infisical-init.sh
|
||||
/infisical-init.sh run "your-command-here"
|
||||
```
|
||||
|
||||
### Script Modes
|
||||
|
||||
The script supports two modes:
|
||||
|
||||
- `file <path>`: Exports secrets to a file at the specified path
|
||||
- `run <command>`: Runs the specified command with secrets injected as environment variables
|
||||
|
||||
### Supported Images
|
||||
|
||||
The script automatically detects the package manager and installs Infisical CLI:
|
||||
|
||||
- Alpine-based images (uses `apk`)
|
||||
- Debian/Ubuntu-based images (uses `apt-get`)
|
||||
|
||||
## How It Works
|
||||
|
||||
1. Detects the package manager and installs Infisical CLI if not present
|
||||
2. Validates all required environment variables
|
||||
3. Authenticates with Infisical using universal auth
|
||||
4. Either exports secrets or runs your command with secrets available
|
||||
|
||||
## Security Notes
|
||||
|
||||
- Ensure environment variables are set securely (e.g., via `.env` files or secret management)
|
||||
- The script handles authentication automatically and securely
|
||||
- Secrets are not persisted in the container after execution
|
||||
|
||||
## Contributing
|
||||
|
||||
Feel free to submit issues and pull requests to improve this integration script.
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
|
||||
38
compose.example.yml
Normal file
38
compose.example.yml
Normal file
@ -0,0 +1,38 @@
|
||||
services:
|
||||
app-debian:
|
||||
image: debian:stable-slim
|
||||
volumes:
|
||||
- ./infisical-init:/infisical-init.sh
|
||||
environment:
|
||||
INFISICAL_CLIENT_ID: ${INFISICAL_CLIENT_ID}
|
||||
INFISICAL_CLIENT_SECRET: ${INFISICAL_CLIENT_SECRET}
|
||||
INFISICAL_API_URL: ${INFISICAL_API_URL}
|
||||
INFISICAL_ENVIRONMENT: ${INFISICAL_ENVIRONMENT}
|
||||
INFISICAL_PROJECT_ID: ${INFISICAL_PROJECT_ID}
|
||||
entrypoint:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
chmod +x /infisical-init.sh
|
||||
/infisical-init.sh run "env" # Using with command
|
||||
/infisical-init.sh file /tmp/.env # Using with file
|
||||
cat /tmp/.env
|
||||
app-alpine:
|
||||
image: alpine:latest
|
||||
volumes:
|
||||
- ./infisical-init:/infisical-init.sh
|
||||
environment:
|
||||
INFISICAL_CLIENT_ID: ${INFISICAL_CLIENT_ID}
|
||||
INFISICAL_CLIENT_SECRET: ${INFISICAL_CLIENT_SECRET}
|
||||
INFISICAL_API_URL: ${INFISICAL_API_URL}
|
||||
INFISICAL_ENVIRONMENT: ${INFISICAL_ENVIRONMENT}
|
||||
INFISICAL_PROJECT_ID: ${INFISICAL_PROJECT_ID}
|
||||
entrypoint:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
chmod +x /infisical-init.sh
|
||||
/infisical-init.sh run "env" # Using with command
|
||||
/infisical-init.sh file /tmp/.env # Using with file
|
||||
cat /tmp/.env
|
||||
|
||||
37
infisical-init
Normal file
37
infisical-init
Normal file
@ -0,0 +1,37 @@
|
||||
if [ -n "$(which apk)" ]; then
|
||||
if [ -z "$(which infisical)" ]; then
|
||||
apk update
|
||||
apk add bash curl
|
||||
curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash
|
||||
apk add infisical
|
||||
fi;
|
||||
elif [ -n "$(which apt-get)" ]; then
|
||||
if [ -z "$(which infisical)" ]; then
|
||||
apt-get update && apt-get install -y curl
|
||||
curl -1sLf 'https://artifacts-cli.infisical.com/setup.deb.sh' | bash
|
||||
apt-get install infisical -y
|
||||
fi;
|
||||
else
|
||||
echo "Unsupported package manager. Exiting."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
missing=""
|
||||
[ -z "$INFISICAL_API_URL" ] && missing="$missing INFISICAL_API_URL"
|
||||
[ -z "$INFISICAL_CLIENT_ID" ] && missing="$missing INFISICAL_CLIENT_ID"
|
||||
[ -z "$INFISICAL_CLIENT_SECRET" ] && missing="$missing INFISICAL_CLIENT_SECRET"
|
||||
[ -z "$INFISICAL_PROJECT_ID" ] && missing="$missing INFISICAL_PROJECT_ID"
|
||||
[ -z "$INFISICAL_ENVIRONMENT" ] && missing="$missing INFISICAL_ENVIRONMENT"
|
||||
if [ -n "$missing" ]; then
|
||||
echo "One or more required environment variables are missing:$missing. Exiting."
|
||||
exit 1
|
||||
fi
|
||||
export INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id=$INFISICAL_CLIENT_ID --client-secret=$INFISICAL_CLIENT_SECRET --silent --plain)
|
||||
if [ "$1" = "file" ]; then
|
||||
infisical export --projectId=$INFISICAL_PROJECT_ID --env=$INFISICAL_ENVIRONMENT > $2
|
||||
elif [ "$1" = "run" ]; then
|
||||
infisical run --projectId=$INFISICAL_PROJECT_ID --env=$INFISICAL_ENVIRONMENT -- $2
|
||||
else
|
||||
echo "Invalid argument. Use 'file' or 'run'."
|
||||
exit 1
|
||||
fi
|
||||
Loading…
x
Reference in New Issue
Block a user