If you’re working with C#, the official Infisical C# SDK package is the easiest way to fetch and work with secrets for your application.
Basic Usage using Infisical. Sdk ; namespace Example{ class Program
{
static void Main ( string [ ] )
{
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
UniversalAuth = new UniversalAuthMethod
{
ClientId = "your-client-id" ,
ClientSecret = "your-client-secret"
}
}
} ;
var = new InfisicalClient ( settings) ;
var = new GetSecretOptions
{
SecretName = "TEST" ,
ProjectId = "PROJECT_ID" ,
Environment = "dev" ,
} ;
var = infisical. GetSecret ( getSecretOptions) ;
Console. WriteLine ( $"The value of secret ' { secret. SecretKey } ', is: { secret. SecretValue } " ) ;
}
}
} This example demonstrates how to use the Infisical C# SDK in a C# application. The application retrieves a secret named TEST from the dev environment of the PROJECT_ID project.
Installation $ dotnet add package Infisical.Sdk
Configuration Import the SDK and create a client instance with your Machine Identity .
using Infisical. Sdk ; namespace Example{ class Program
{
static void Main ( string [ ] )
{
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
UniversalAuth = new UniversalAuthMethod
{
ClientId = "your-client-id" ,
ClientSecret = "your-client-secret"
}
}
} ;
var = new InfisicalClient ( settings) ;
}
}
} ClientSettings methods Your machine identity client ID.
Your machine identity client secret.
An access token obtained from the machine identity login endpoint.
Time-to-live (in seconds) for refreshing cached secrets.
If manually set to 0, caching will be disabled, this is not recommended.
string
default: "https://app.infisical.com" Your self-hosted absolute site URL including the protocol (e.g. https://app.infisical.com)
The authentication object to use for the client. This is required unless you’re using environment variables.
Authentication The SDK supports a variety of authentication methods. The most common authentication method is Universal Auth, which uses a client ID and client secret to authenticate.
Universal Auth Using environment variables
INFISICAL_UNIVERSAL_AUTH_CLIENT_ID - Your machine identity client ID.INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET - Your machine identity client secret.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
UniversalAuth = new UniversalAuthMethod
{
ClientId = "your-client-id" ,
ClientSecret = "your-client-secret"
}
}
} ;
var = new InfisicalClient ( settings) ;
GCP ID Token Auth Please note that this authentication method will only work if you’re running your application on Google Cloud Platform.
Please read more about this authentication method.
Using environment variables
INFISICAL_GCP_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
GcpIdToken = new GcpIdTokenAuthMethod
{
IdentityId = "your-machine-identity-id" ,
}
}
} ;
var = new InfisicalClient ( settings) ;
GCP IAM Auth Using environment variables
INFISICAL_GCP_IAM_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.INFISICAL_GCP_IAM_SERVICE_ACCOUNT_KEY_FILE_PATH - The path to your GCP service account key file.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
GcpIam = new GcpIamAuthMethod
{
IdentityId = "your-machine-identity-id" ,
ServiceAccountKeyFilePath = "./path/to/your/service-account-key.json"
}
}
} ;
var = new InfisicalClient ( settings) ;
AWS IAM Auth Please note that this authentication method will only work if you’re running your application on AWS.
Please read more about this authentication method.
Using environment variables
INFISICAL_AWS_IAM_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
AwsIam = new AwsIamAuthMethod
{
IdentityId = "your-machine-identity-id" ,
}
}
} ;
var = new InfisicalClient ( settings) ;
Azure Auth Please note that this authentication method will only work if you’re running your application on Azure.
Please read more about this authentication method.
Using environment variables
INFISICAL_AZURE_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
Azure = new AzureAuthMethod
{
IdentityId = "YOUR_IDENTITY_ID" ,
}
}
} ;
var = new InfisicalClient ( settings) ;
Kubernetes Auth Please note that this authentication method will only work if you’re running your application on Kubernetes.
Please read more about this authentication method.
Using environment variables
INFISICAL_KUBERNETES_IDENTITY_ID - Your Infisical Machine Identity ID.INFISICAL_KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH_ENV_NAME - The environment variable name that contains the path to the service account token. This is optional and will default to /var/run/secrets/kubernetes.io/serviceaccount/token.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
Kubernetes = new KubernetesAuthMethod
{
ServiceAccountTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token" ,
IdentityId = "YOUR_IDENTITY_ID" ,
}
}
} ;
var = new InfisicalClient ( settings) ;
Caching To reduce the number of API requests, the SDK temporarily stores secrets it retrieves. By default, a secret remains cached for 5 minutes after it’s first fetched. Each time it’s fetched again, this 5-minute timer resets. You can adjust this caching duration by setting the “cacheTTL” option when creating the client.
Working with Secrets client.ListSecrets(options) var = new ListSecretsOptions{ ProjectId = "PROJECT_ID" ,
Environment = "dev" ,
Path = "/foo/bar" ,
AttachToProcessEnv = false ,
} ; var = infisical. ListSecrets ( options) ; Retrieve all secrets within the Infisical project and environment that client is connected to
Parameters The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
The project ID where the secret lives in.
The path from where secrets should be fetched from.
Whether or not to set the fetched secrets to the process environment. If true, you can access the secrets like so System.getenv("SECRET_NAME").
Whether or not to include imported secrets from the current path. Read about secret import
Whether or not to fetch secrets recursively from the specified path. Please note that there’s a 20-depth limit for recursive fetching.
Whether or not to expand secret references in the fetched secrets. Read about secret reference
client.GetSecret(options) var = new GetSecretOptions {
SecretName = "AAAA" ,
ProjectId = "659c781eb2d4fe3e307b77bd" ,
Environment = "dev" ,
} ;
var = infisical. GetSecret ( options) ; Retrieve a secret from Infisical.
By default, GetSecret() fetches and returns a shared secret.
Parameters The key of the secret to retrieve.
The project ID where the secret lives in.
The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
The path from where secret should be fetched from.
The type of the secret. Valid options are “shared” or “personal”. If not specified, the default value is “shared”.
client.CreateSecret(options) var = new CreateSecretOptions { Environment = "dev" ,
ProjectId = "PROJECT_ID" ,
SecretName = "NEW_SECRET" ,
SecretValue = "NEW_SECRET_VALUE" ,
SecretComment = "This is a new secret" ,
} ; var = infisical. CreateSecret ( options) ; Create a new secret in Infisical.
Parameters The key of the secret to create.
The project ID where the secret lives in.
The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
The path from where secret should be created.
The type of the secret. Valid options are “shared” or “personal”. If not specified, the default value is “shared”.
client.UpdateSecret(options) var = new UpdateSecretOptions { Environment = "dev" ,
ProjectId = "PROJECT_ID" ,
SecretName = "SECRET_TO_UPDATE" ,
SecretValue = "NEW VALUE"
} ; var = infisical. UpdateSecret ( options) ; Update an existing secret in Infisical.
Parameters The key of the secret to update.
The new value of the secret.
The project ID where the secret lives in.
The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
The path from where secret should be updated.
The type of the secret. Valid options are “shared” or “personal”. If not specified, the default value is “shared”.
client.DeleteSecret(options) var = new DeleteSecretOptions{ Environment = "dev" ,
ProjectId = "PROJECT_ID" ,
SecretName = "NEW_SECRET" ,
} ; var = infisical. DeleteSecret ( options) ; Delete a secret in Infisical.
Parameters The key of the secret to update.
The project ID where the secret lives in.
The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
The path from where secret should be deleted.
The type of the secret. Valid options are “shared” or “personal”. If not specified, the default value is “shared”.
Cryptography Create a symmetric key Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.
var = infisical. CreateSymmetricKey ( ) ; Returns (string) key (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.
Encrypt symmetric var = new EncryptSymmetricOptions{ Plaintext = "Infisical is awesome!" ,
Key = key,
} ; var = infisical. EncryptSymmetric ( options) ; Parameters The plaintext you want to encrypt.
The symmetric key to use for encryption.
Returns (object) Tag (string): A base64-encoded, 128-bit authentication tag.
Iv (string): A base64-encoded, 96-bit initialization vector.
CipherText (string): A base64-encoded, encrypted ciphertext.
Decrypt symmetric var = new DecryptSymmetricOptions{ Key = key,
Ciphertext = encryptedData. Ciphertext,
Iv = encryptedData. Iv,
Tag = encryptedData. Tag,
} ; var = infisical. DecryptSymmetric ( decryptOptions) ; Parameters The ciphertext you want to decrypt.
The symmetric key to use for encryption.
The initialization vector to use for decryption.
The authentication tag to use for decryption.
Returns (string) Plaintext (string): The decrypted plaintext.
