Comments (3)
Emiliaaah
commented on May 29, 2024
The 2 options I've thought of to implement this so far (in hindsight only really 1) are as follows:
Option 1 would be implementing the just like the Cloud integrations, this option wouldn't be viable since Infisical would need to be able to access the portainer API which is hosted locally and in normal circumstances not exposed to the internet.
Option 2 would be implementing them into the cli agent. I think this would be the better option overall, since you wouldn't have the issue mentioned in option 1, you also have more control over how your config looks using the templates. Something this enables injecting secrets from other projects into this one (wouldn't really be needed that much if you could already share these variables server side). Here's just a rough example of how the config could look like with this implemented.
infisical:
address: "https://app.infisical.com"
auth:
- type: "universal-auth"
config:
client-id: "./client-id"
client-secret: "./client-secret"
remove_client_secret_on_read: false
- type: "portainer"
config:
username: "my-username"
password: "my-super-secure-password"
sinks:
- type: "file"
config:
path: "/some/path/to/store/access-token/file-name"
templates:
# type: file would in this case be the default if none specified and would act like how the agent currently works
- source-path: my-dot-ev-secret-template
destination-path: /some/path/.env
- type: portainer
source-path: my-dot-ev-secret-template
stack_id: 1For the templates you might want to also put all the setting under "config" like what is being done for auth and sinks instead of doing it like in my example.
from infisical.
Emiliaaah
commented on May 29, 2024
Depending on where and how we intend to implement this I wouldn't mind taking a shot at implementing this myself.
The comment above is like I've said only a rough sketch and in no way final, but I'd love to get some feedback on this. And hopefully work this out some more, if this feature is something you find fitting for this Infisical.
from infisical.
radhakrisri
commented on May 29, 2024
+1 to the proposal.
A couple of suggestions, I'd like to make, as modifications to the proposal:
- A stack might contain multiple containers, so we need some mechanism to specify a container that the secret template should be passed to. Maybe stack_id and container_name?
- A typical portainer usage will have stacks being brought to life at different points in time. I think we need to be able to "reload" the template configs into the agent on the fly, rather than having the agent being restarted every single time.
from infisical.
Related Issues (20)
- Propagate secret reference changes to downstream triggers HOT 1
- CLI Login and Set Process Does Not Work Per Documentation HOT 3
- Manual trigger for update resync in Kubernetes operator
- Document of installation without docker HOT 1
- Deploying with helm error when npm run migration. HOT 2
- Issue on docs HOT 1
- better error handling for `infisical secret set`
- Make secretNamespace optional
- Error while download CLI - `402 Payment required` HOT 3
- Make Project ID optional when using machine ID with `.infisical.json`
- Ability to write secrets in Ansible collection
- --path erroring out in secrets subcommand HOT 2
- Automating configuration with Infrastructure as Code HOT 1
- Error: connect ECONNREFUSED 127.0.0.1:587 HOT 2
- can't install infisical cli on alpine HOT 3
- Helm Repository is Unavailable HOT 1
- Standard Gitlab integration from self-hosted Infisical to self-hosted Gitlab gives error 400
- Integration Vercel 400 error on self-hosted infisical HOT 2
- Potential Env removal from Docs? HOT 3
- If I use the Secret API, WorkspaceSlug will not be able to find the Secret.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from infisical.