In bin/actions folder someone commit VIM temporary files for push.js. pls, delete it ;-)

Currently, we have to define and update the version of the CLI which is hard coded here https://github.com/Infisical/infisical/blob/main/cli/packages/cmd/root.go#L18

Instead, what would be most ideal is if we are able to read this value from either the github tag, or the version listed on the repository file for the package manager.

Feature description

Review Express security best practices and ensure backend is implementing all of them.

Why would it be useful?

This would further tighten API security beyond existing security measures taken with Helmet, Cloudflare, etc.

Feature description

Many frameworks have their own start/dev commands. For instance, the command to start up a Remix development server is much different than for Next.js. It would be helpful to throw in some boilerplate framework integrations with Infisical CLI in an examples folder or include them somewhere in the docs.

Some "frameworks" that come to mind:

• React
• Vue
• Express/Fastify/Koa
• Next.js
• NestJS
• Nuxt
• Vite
• Remix
• Fiber
• Django
• Gatsby
• Flask
• Laravel
• Ruby on Rails

Why would it be useful?

This would give developers additional reference for how to integrate Infisical with their own tech stacks.

Describe the bug

The whole Dashboard component is rerendered when textfield value is changed
should separate big component to small many components, and change textfield component to uncontrolled component

To Reproduce

Expected behavior

Screenshots

Platform you are having the issue on:

Additional context

Add any other context about the problem here.

Checks to implement

• Automatically capitalize all the variable names
• Don't start with a digit
• Check for variable name conflicts
• Make sure no variable names appear twice

Why would it be useful?

Avoid mistakes in people's code and adhere to general conventions.

I would to be able to answer questions like: When was this variable changed and by whom?

It would be awesome to have a Slack integration that posts to a channel whenever anything changes (new env var, new value, new configuration)

I would love to be able to see what are the keys that are different between the development and production environments.

I'd love to have the role-based access control that allows me to prevent certain users from modifying certain environments

Feature description

Convert all the files in frontend to TypeScript

Why would it be useful?

Mainly because of the improved developer experience

Additional context

There are quite a few JS files, so it might take a while to convert all of them

Describe the feature

I would be awesome to have a project setting in which you would be able to add/remove/edit available environments.

Why would it be useful?

Infisical currently support supports 4 default environments (Development, Staging, Production, and Testing). Many users have requested to have their own custom environments.

HI. I have an issue about email validation when installing the new CLI. It raise an exception on my email that ending with .tech domain. The exception thrown is the following: >> this doesn't look like an email address

Feature description

When a user logs in, they should (optionally) be prompted to do a 2FA.

Why would it be useful?

Many users have asked for it. This would increase security of Infisical significantly.

Bug Description

The dots that show up over a secret when it's not hovered, can sometimes go outside of the input field.
I tried a bunch of options but couldn't get the desired result easily with our current setup. I think the whole structure of how we generate those dots could be rethought. It's currently very lengthy and suboptimal. This is the file that would have to be changed.

To Reproduce

Steps to reproduce the behavior:

1. Add a long key value
2. Decrease your browser size if needed
3. See error

Expected behavior

It should be the bahavior like "overflow-hidden" in tailwind

Screenshots

Feature description

Add localizing package to frontend. Such as next-translate next-i18next.

Why would it be useful?

People in many countries will be able to use the web UI more convenient.

Additional context

Feature description

A new export command that exports secrets in one of a few available formats. Some good initial formats may be:

• dotenv
• json
• csv

Why would it be useful?

This would allow users to process secrets into a structure compatible with other tools.

Additional context

This is similar to and inspired by chamber's export command.

Describe the bug

Backup key can't be used yet to recover account.

To Reproduce

Steps to reproduce the behavior:

1. Get a backup key (either via signing up or through settings).
2. Logout.
3. There isn't a way to redeem the backup key.

Expected behavior

There should be an option to redeem the key to recover an account.

Additional context

The functionality was started but left unfinished; we just need to complete the last account recovery step.

Additionally, the backup key structure can probably be optimized.

Feature description

You should be able to update the secrets in Infisical, and then they are automatically updated in Netlify.

Why would it be useful?

People shouldn't waste time managing their environment variables in Netlify with a potential to introduce some accidental errors. Just update them in one place, and they will be updated everywhere (including Netlify) automatically.

Additional context

Netlify seems to be using Oauth 2.0, which we already have an example of (see the integration with Heroku).

Currently, we just say that secrets have been injected upon a successful injection. It would be helpful to also point out how many secrets have been injected along with the successful injection text. This would help the user know for sure how many secrets if any were injected.

This is the current text we output: https://github.com/Infisical/infisical/blob/main/cli/packages/cmd/run.go#L97

If we can say something along the lines of "Successfully injected 23 secrets..." that would be great.

Feature description

Something that we want to do is to make it possible to input multi-line environment variables into the Dashboard. Currently it's not possible yet, but some users have asked for it.

Why would it be useful?

It would allow Infisical to support this type of environment variables. It is less common, but still many people need it

We have an issue in my team, when we add envs that depends on others, we need dependencies came after the source env, so sometime we reorder them, or even grouping them by microservice by adding comments (monorepo), but the order is absolutely not kept and same for comments. So each time we pull envs we have to reorder them and add comments.

To be honnest, commenting is not critical, but reordring each time the envs is really annoying.

Feature description

Instead of building the frontend separately from the image, Infisical should pre-build the frontend within the image build process and make it so that envars can be injected into containers at runtime.

Why would it be useful?

This would expedite the frontend deployment process and reduce downtime between deployments by 1-2 mins.

Additional context

The difficulty stems from Next.js baking environment variables in at build time which wouldn't work for self-hosting since everyone uses their own environment variables; passing in environment variables into Next.js at runtime results in undefined environment variables.

Feature description

The API needs documentation for every endpoint for users and contributors to know what routes are available as well as API keys so users can make requests to the API. We need to update the existing docs to have a new "anchor" being the API docs; it uses Mintlify.

Why would it be useful?

This would make it easier for contributors to visualize, test, and know what APIs are available on Infisical.

Additional context

You can check out the /docs folder to see examples of how the existing documentation is being created.

Feel free to direct any API-related questions to me.

Feature description

It would be great to reset the passwords when we forgot it.

Why would it be useful?

One of my teammate forgot his password, and he is know unable to reset it and get back to his account.

Would be awesome

Feature description

Right now, if you have duplicated secret names (or if a secret name starts with a number), you will not be able to save these secrets to the database.
Users have a visual indication of an error (wrong secret names turn red). However, when they try to save, nothing happens. It would be ideal to show a notification saying "Your secrets weren't saved, please fix the conflicts first."

Why would it be useful?

This is especially useful if users have many secrets. They might not even know that they have some errors. However, they would see a notification as described above.

For example: if I want a JWT secret, it'd be nice to be able to come into Infiscal, press a button and a new secure secret is generated for me.

Feature description

1. A user should be able to drag and drop a .yml file into the dashboard and then it is parsed into secrets immediately (similar how .env is right now)
2. A use should be able to download secrets as a .yml file (currently only .env).

Why would it be useful?

Currently only .env files are supported. Frameworks like Rails use .yml.

Additional context

This is more of a frontend issue but a similar thing could be done in the CLI

Feature description

Be able to automatically send secrets from Infisical to GitHub repositories (for GitHub actions).

Why would it be useful?

Many people are using GitHub Actions. Being able to sync secrets automatically would save them a lot of time and effort.

Additional context

GitHub seems to be using Oauth 2.0, which we already have an example of (see the integration with Heroku).

Describe the bug

When you are changing the names of the secrets, they are automatically jumping to maintain the alphabetical order.

Expected behavior

Ideally the order is only specified on the first load. All the further secrets that are added should, for example, just appear at the top.

Additional context

This might require in general how we approach the loading of secrets to the dashboard (the data structure), and/or how we track the order of secrets.

Hey there,

I was following Infisical's doc and, at first, tried the auto sync approach in my NestJS project. Everything seemed to work fine (it asked for credentials and the project's ID), but the .env.infisical file content was just the project ID and no variables.

So then I tried the manual approach where I emptied the env file and executed npx infisical pull dev, and as a result, I got the following message: The "path" argument must be of type string. Received undefined. This time no info about credentials or project ID was asked (maybe because I informed it in the previous step?). Also, the env file remained empty.

Hashicorp Vault has official support through the Spring Cloud Vault library. I would love to see either a feature-compatible API in infisical, or a separate spring library that can connect to a common infisical API.

Feature description

When a user is leaving the dashboard page and they have any saved changes, they should be asked "Do you want to save?". This is for use cases like (some of them are already implemented):

• A page is being refreshed
• A tab is being closed
• A user is returning to the previous page (aka accidentally swiping right on Chrome)
• A user is switching between environments
• 'Add new tags' is clicked

Why would it be useful?

Helps prevent use cases when users forgot to save changes.

Additional context

This is a bit problematic because of the loading screen that shows up when the page components are being loaded. I think the whole structure of the loading animation could be rethought.

Describe the bug

An error should only apply to the new entry. It doesn't make sense to have an error present on submitted keys as well.

To Reproduce

Steps to reproduce the behavior:

1. Go to /dashboard
2. Create a duplicate key
3. See error is present on the new key and the original one

Expected behavior

The error should apply only to the new key, similar to the no-number-in-the-beginning behavior.

Screenshots

Platform you are having the issue on:

N/A. It's a frontend issue.

Additional Context:

I believe this is due to the way errors are mapped. It seems like it's checking every entry with the same key name, regardless of whether it's an old key or not.

Feature description

If someone accidentally deleted any secret then it is very helpful to get it back by Cltr + Z.

Feature description

When a user exists and they try to signup again, we should redirect them to login or tell them that this email is already taken.

Why would it be useful?

Would save people time and avoid a lot of confusion.

Feature description

Automatic secret sync with Vercel. As soon as the secrets are added to Infisical, they should be propagated to Vercel.

Why would it be useful?

Saves time and effort from users. Reduces secret sprawl across different platforms. Decreases room for error with secrets.

Additional context

Vercel supports Oauth, so this would a similar integration compared to what we already with Heroku.

I'm interested in this project and want to integrate it with our codebase. Currently if I put npx infisical dev node dist/index.js in docker environment, I got an error ENXIO: no such device or address, open '/dev/tty'. Maybe it hasn't supported docker yet or I'm just missing some steps? Thanks for reading.

Feature description

Have an option when generating a service token to make it not expire

Why would it be useful?

There are use cases (especially in smaller projects), where it is better to not expire the service token.

Having a code linter would standardize our format and catch invalid code during pull request. It would be best to set up a Github action such as https://github.com/marketplace/actions/super-linter. I have attempted to add the linter but have ran into the following issue.

level=warning msg="[runner] Can't run linter goanalysis_metalinter: inspect: failed to load package : could not load export data: no export data for \"github.com/Infisical/infisical/packages/cmd\""
level=error msg="Running error: 1 error occurred:
	* can't run linter goanalysis_metalinter: inspect: failed to load package : could not load export data: no export data for \"github.com/Infisical/infisical/packages/cmd\"

This needs further investigation

I know you prefer we modify our package.json but we often enhance .env using a .env.local and appreciate being able to persist our configs.

Feature description

Add a mock server to the codebase such as msw.

Preferably use a popular, production-ready library.

Why would it be useful?

This would allow developers to mock implementation of backend server logic prior to building out the full thing.

The current error handeling is not comprehensive as there is no way to add a equivalent friendly message from the cause of an error.

For example, here in the login command we check if the user is already logged in. In the method to check if they are logged in, we just retrun the error as is shown

This is problematic because at the command level package, we have to guess exactly why the login check failed. It would be much better, if we can add a helpful message from the login check method so that we do not have to guess the exact cause at command package level.

I propose that we add a new Error type like so

type Error struct {
	Err             error
	DebugMessage    string
	FriendlyMessage string
}

This will allow us to add a FriendlyMessage for every error, allowing us to print the exact message we want to show to the end user for any error message. Please ask questions if you need more clarification.

Describe the bug

CLI doesn't work for injecting envars into Vite; the run command doesn't work with vite dev, build, and preview commands.

To Reproduce

Steps to reproduce the behavior:

1. Set up envars in Infisical cloud (prefixed with VITE)
2. Create a base Vite project (selected React, Javascript) using the instructions here.
3. Add a console log in a React component to print out the envars from step 1.
4. In package.json, change dev script to infisical run -- vite; do the same with the build and preview scripts.
5. Start up the Vite development server with npm run dev.
6. Open the browser page for Vite and check logs to see if envars were injected.

Expected behavior

The envars should print in the browser console.

Additional context

Works with a standard .env at the root of the Vite project, just not with the Infisical run command.

Feature description

During signup, users get an email with a 6-digit code that they later need to copy and paste into the next signup step. Ideally, we would not to substitute it to an email link that people click and it automatically opens up the next signup step (after verifying that the link is correct).

Why would it be useful?

Links are both more secure and effortless than 6-digit codes. This would be very good to have!

Describe the feature

It would be nice to reference secrets from other projects

Additional context

Not sure how it would work if other people are not part of a certain project