Skip to main content
POST
/
api
/
v1
/
additional-privilege
/
identity
/
temporary
cURL
curl --request POST \
  --url https://app.infisical.com/api/v1/additional-privilege/identity/temporary \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "identityId": "<string>",
  "projectSlug": "<string>",
  "slug": "<string>",
  "permissions": [
    {
      "action": "read",
      "subject": "role",
      "conditions": {
        "environment": "<string>",
        "secretPath": {
          "$glob": "<string>"
        }
      }
    }
  ],
  "privilegePermission": {
    "actions": [
      "read"
    ],
    "subject": "secrets",
    "conditions": {
      "environment": "<string>",
      "secretPath": {
        "$glob": "<string>"
      }
    }
  },
  "temporaryMode": "relative",
  "temporaryRange": "<string>",
  "temporaryAccessStartTime": "2023-11-07T05:31:56Z"
}'
{
  "privilege": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "slug": "<string>",
    "projectMembershipId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "isTemporary": false,
    "temporaryMode": "<string>",
    "temporaryRange": "<string>",
    "temporaryAccessStartTime": "2023-11-07T05:31:56Z",
    "temporaryAccessEndTime": "2023-11-07T05:31:56Z",
    "permissions": [
      {
        "subject": "<string>",
        "action": "<string>",
        "conditions": {
          "environment": "<string>",
          "secretPath": {
            "$glob": "<string>"
          }
        }
      }
    ],
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z"
  }
}

Authorizations

Authorization
string
header
required

An access token in Infisical

Body

application/json
identityId
string
required

The ID of the identity to create.

Minimum length: 1
projectSlug
string
required

The slug of the project of the identity in.

Minimum length: 1
temporaryMode
enum<string>
required

Type of temporary access given. Types: relative

Available options:
relative
temporaryRange
string
required

TTL for the temporay time. Eg: 1m, 1h, 1d

temporaryAccessStartTime
string<date-time>
required

ISO time for which temporary access should begin.

slug
string

The slug of the privilege to create.

Required string length: 1 - 60
permissions
object[]

@deprecated - use privilegePermission The permission object for the privilege.

  • Read secrets
{ "permissions": [{"action": "read", "subject": "secrets"]}
  • Read and Write secrets
{ "permissions": [{"action": "read", "subject": "secrets"], {"action": "write", "subject": "secrets"]}
  • Read secrets scoped to an environment and secret path
- { "permissions": [{"action": "read", "subject": "secrets", "conditions": { "environment": "dev", "secretPath": { "$glob": "/" } }}] }
privilegePermission
object

The permission object for the privilege.

Response

200 - application/json

Default Response

privilege
object
required
I