vkuznetsov/infisical-painless
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
infisical-painless/README.md

2.8 KiB
Raw Blame History

Infisical Painless Integration

This repository provides a simple script to integrate Infisical secrets management into your existing Docker Swarm or Docker Compose services without modifying your application code.

Overview

The infisical-init script automatically installs the Infisical CLI, authenticates with your Infisical instance, and either exports secrets to a file or runs your application command with secrets injected as environment variables.

Prerequisites

  • An Infisical account and project
  • Docker and Docker Compose installed
  • Required environment variables set (see below)

Environment Variables

The following environment variables must be set:

  • INFISICAL_API_URL: URL of your Infisical API instance
  • INFISICAL_CLIENT_ID: Client ID for authentication
  • INFISICAL_CLIENT_SECRET: Client secret for authentication
  • INFISICAL_PROJECT_ID: ID of your Infisical project
  • INFISICAL_ENVIRONMENT: Environment name (e.g., "dev", "prod")

Usage

  1. Update your stack file to match the example in compose.example.yml
  2. Set the required environment variables
  3. Mount the infisical-init script as a volume
  4. Configure your service's entrypoint to run the script

Example Docker Compose

services:
  your-app:
    image: your-image
    volumes:
      - ./infisical-init:/infisical-init.sh
    environment:
      INFISICAL_CLIENT_ID: ${INFISICAL_CLIENT_ID}
      INFISICAL_CLIENT_SECRET: ${INFISICAL_CLIENT_SECRET}
      INFISICAL_API_URL: ${INFISICAL_API_URL}
      INFISICAL_ENVIRONMENT: ${INFISICAL_ENVIRONMENT}
      INFISICAL_PROJECT_ID: ${INFISICAL_PROJECT_ID}
    entrypoint:
      - sh
      - -c
      - |
        chmod +x /infisical-init.sh
        /infisical-init.sh run "your-command-here"

Script Modes

The script supports two modes:

  • file <path>: Exports secrets to a file at the specified path
  • run <command>: Runs the specified command with secrets injected as environment variables

Supported Images

The script automatically detects the package manager and installs Infisical CLI:

  • Alpine-based images (uses apk)
  • Debian/Ubuntu-based images (uses apt-get)

How It Works

  1. Detects the package manager and installs Infisical CLI if not present
  2. Validates all required environment variables
  3. Authenticates with Infisical using universal auth
  4. Either exports secrets or runs your command with secrets available

Security Notes

  • Ensure environment variables are set securely (e.g., via .env files or secret management)
  • The script handles authentication automatically and securely
  • Secrets are not persisted in the container after execution

Contributing

Feel free to submit issues and pull requests to improve this integration script.

License

This project is licensed under the MIT License - see the LICENSE file for details.