87 lines
2.8 KiB
Markdown
87 lines
2.8 KiB
Markdown
# Infisical Painless Integration
|
|
|
|
This repository provides a simple script to integrate Infisical secrets management into your existing Docker Swarm or Docker Compose services without modifying your application code.
|
|
|
|
## Overview
|
|
|
|
The `infisical-init` script automatically installs the Infisical CLI, authenticates with your Infisical instance, and either exports secrets to a file or runs your application command with secrets injected as environment variables.
|
|
|
|
## Prerequisites
|
|
|
|
- An Infisical account and project
|
|
- Docker and Docker Compose installed
|
|
- Required environment variables set (see below)
|
|
|
|
## Environment Variables
|
|
|
|
The following environment variables must be set:
|
|
|
|
- `INFISICAL_API_URL`: URL of your Infisical API instance
|
|
- `INFISICAL_CLIENT_ID`: Client ID for authentication
|
|
- `INFISICAL_CLIENT_SECRET`: Client secret for authentication
|
|
- `INFISICAL_PROJECT_ID`: ID of your Infisical project
|
|
- `INFISICAL_ENVIRONMENT`: Environment name (e.g., "dev", "prod")
|
|
|
|
## Usage
|
|
|
|
1. Update your stack file to match the example in `compose.example.yml`
|
|
2. Set the required environment variables
|
|
3. Mount the `infisical-init` script as a volume
|
|
4. Configure your service's entrypoint to run the script
|
|
|
|
### Example Docker Compose
|
|
|
|
```yaml
|
|
services:
|
|
your-app:
|
|
image: your-image
|
|
volumes:
|
|
- ./infisical-init:/infisical-init.sh
|
|
environment:
|
|
INFISICAL_CLIENT_ID: ${INFISICAL_CLIENT_ID}
|
|
INFISICAL_CLIENT_SECRET: ${INFISICAL_CLIENT_SECRET}
|
|
INFISICAL_API_URL: ${INFISICAL_API_URL}
|
|
INFISICAL_ENVIRONMENT: ${INFISICAL_ENVIRONMENT}
|
|
INFISICAL_PROJECT_ID: ${INFISICAL_PROJECT_ID}
|
|
entrypoint:
|
|
- sh
|
|
- -c
|
|
- |
|
|
chmod +x /infisical-init.sh
|
|
/infisical-init.sh run "your-command-here"
|
|
```
|
|
|
|
### Script Modes
|
|
|
|
The script supports two modes:
|
|
|
|
- `file <path>`: Exports secrets to a file at the specified path
|
|
- `run <command>`: Runs the specified command with secrets injected as environment variables
|
|
|
|
### Supported Images
|
|
|
|
The script automatically detects the package manager and installs Infisical CLI:
|
|
|
|
- Alpine-based images (uses `apk`)
|
|
- Debian/Ubuntu-based images (uses `apt-get`)
|
|
|
|
## How It Works
|
|
|
|
1. Detects the package manager and installs Infisical CLI if not present
|
|
2. Validates all required environment variables
|
|
3. Authenticates with Infisical using universal auth
|
|
4. Either exports secrets or runs your command with secrets available
|
|
|
|
## Security Notes
|
|
|
|
- Ensure environment variables are set securely (e.g., via `.env` files or secret management)
|
|
- The script handles authentication automatically and securely
|
|
- Secrets are not persisted in the container after execution
|
|
|
|
## Contributing
|
|
|
|
Feel free to submit issues and pull requests to improve this integration script.
|
|
|
|
## License
|
|
|
|
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. |