Quickstart
Manage secrets with Infisical CLI
The CLI is designed for a variety of secret management applications ranging from local development to CI/CD and production scenarios.
In the following steps, we explore how to use the Infisical CLI to fetch back environment variables from Infisical and inject them into your local development process.
Log in with the CLI
Start by running the infisical login
command to authenticate with Infisical.
If you are in a containerized environment such as WSL 2 or Codespaces, run infisical login -i
to avoid browser based login
Initialize Infisical for your project
Next, navigate to your project and initialize Infisical.
The infisical init
command creates a .infisical.json
file, containing local project settings, at the location where the command is executed.
The .infisical.json
file does not contain any sensitive data, so you may commit it to your git repository.
Inject environment variables
Finally, pass environment variables from Infisical into your application.
Custom aliases can utilize secrets from Infisical. Suppose there is a custom alias yd
in custom.sh
that runs yarn dev
and needs the secrets provided by Infisical.
To make the secrets available from Infisical to yd
, you can run the following command:
View all available options for run
command here
In the following steps, we explore how to use the Infisical CLI to fetch back environment variables from Infisical and inject them into your local development process.
Log in with the CLI
Start by running the infisical login
command to authenticate with Infisical.
If you are in a containerized environment such as WSL 2 or Codespaces, run infisical login -i
to avoid browser based login
Initialize Infisical for your project
Next, navigate to your project and initialize Infisical.
The infisical init
command creates a .infisical.json
file, containing local project settings, at the location where the command is executed.
The .infisical.json
file does not contain any sensitive data, so you may commit it to your git repository.
Inject environment variables
Finally, pass environment variables from Infisical into your application.
Custom aliases can utilize secrets from Infisical. Suppose there is a custom alias yd
in custom.sh
that runs yarn dev
and needs the secrets provided by Infisical.
To make the secrets available from Infisical to yd
, you can run the following command:
View all available options for run
command here
In the following steps, we explore how to use the Infisical CLI in a non-local development scenario to fetch back environment variables and export them to a file.
Create a machine identity and obtain credentials for it
Follow the steps listed here to create a machine identity and obtain a client ID and client secret for it.
Obtain a machine identity access token
Run the following command to authenticate with Infisical using the client ID and client secret credentials from step 1 and set the INFISICAL_TOKEN
environment variable to the retrieved access token.
The CLI is configured to look out for the INFISICAL_TOKEN
environment variable, so going forward any command used will be authenticated.
Alternatively, assuming you have an access token on hand, you can also pass it directly to the CLI using the --token
flag in conjunction with other CLI commands.
Keep in mind that the machine identity access token has a limited lifetime. It is recommended to use it only for the duration of the task at hand. You can refresh the token if needed.
Export environment variables back into a file
Finally, export the environment variables from Infisical to a file of choice.
History
Your terminal keeps a history with the commands you run. When you create Infisical secrets directly from your terminal, they’ll stay there for a while.
For security and privacy concerns, we recommend you to configure your terminal to ignore those specific Infisical commands.
FAQ
Was this page helpful?