If you’re working with C#, the official Infisical C# SDK package is the easiest way to fetch and work with secrets for your application.

Basic Usage

using Infisical.Sdk;

namespace Example
{
    class Program
    {
        static void Main(string[] args)
        {

          ClientSettings settings = new ClientSettings
          {
            Auth = new AuthenticationOptions
            {
              UniversalAuth = new UniversalAuthMethod
              {
                ClientId = "your-client-id",
                ClientSecret = "your-client-secret"
              }
            }
          };


          var infisicalClient = new InfisicalClient(settings);

            var getSecretOptions = new GetSecretOptions
            {
                SecretName = "TEST",
                ProjectId = "PROJECT_ID",
                Environment = "dev",
            };
            var secret = infisical.GetSecret(getSecretOptions);


            Console.WriteLine($"The value of secret '{secret.SecretKey}', is: {secret.SecretValue}");
        }
    }
}
This example demonstrates how to use the Infisical C# SDK in a C# application. The application retrieves a secret named TEST from the dev environment of the PROJECT_ID project.
We do not recommend hardcoding your Machine Identity Tokens. Setting it as an environment variable would be best.

Installation

$ dotnet add package Infisical.Sdk

Configuration

Import the SDK and create a client instance with your Machine Identity. 
using Infisical.Sdk;

namespace Example
{
    class Program
    {
        static void Main(string[] args)
        {
          ClientSettings settings = new ClientSettings
          {
            Auth = new AuthenticationOptions
            {
              UniversalAuth = new UniversalAuthMethod
              {
                ClientId = "your-client-id",
                ClientSecret = "your-client-secret"
              }
            }
          };


          var infisicalClient = new InfisicalClient(settings); // <-- Your SDK client is now ready to use
        }
    }
}

ClientSettings methods

options
object

Authentication

The SDK supports a variety of authentication methods. The most common authentication method is Universal Auth, which uses a client ID and client secret to authenticate.

Universal Auth

Using environment variables
  • INFISICAL_UNIVERSAL_AUTH_CLIENT_ID - Your machine identity client ID.
  • INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET - Your machine identity client secret.
Using the SDK directly 
    ClientSettings settings = new ClientSettings
    {
      Auth = new AuthenticationOptions
      {
        UniversalAuth = new UniversalAuthMethod
        {
          ClientId = "your-client-id",
          ClientSecret = "your-client-secret"
        }
      }
    };

    var infisicalClient = new InfisicalClient(settings);

GCP ID Token Auth

Please note that this authentication method will only work if you’re running your application on Google Cloud Platform. Please read more about this authentication method.
Using environment variables
  • INFISICAL_GCP_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.
Using the SDK directly 
  ClientSettings settings = new ClientSettings
  {
    Auth = new AuthenticationOptions
    {
      GcpIdToken = new GcpIdTokenAuthMethod
      {
        IdentityId = "your-machine-identity-id",
      }
    }
  };


  var infisicalClient = new InfisicalClient(settings);

GCP IAM Auth

Using environment variables
  • INFISICAL_GCP_IAM_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.
  • INFISICAL_GCP_IAM_SERVICE_ACCOUNT_KEY_FILE_PATH - The path to your GCP service account key file.
Using the SDK directly 
  ClientSettings settings = new ClientSettings
  {
    Auth = new AuthenticationOptions
    {
      GcpIam = new GcpIamAuthMethod
      {
        IdentityId = "your-machine-identity-id",
        ServiceAccountKeyFilePath = "./path/to/your/service-account-key.json"
      }
    }
  };


  var infisicalClient = new InfisicalClient(settings);

AWS IAM Auth

Please note that this authentication method will only work if you’re running your application on AWS. Please read more about this authentication method.
Using environment variables
  • INFISICAL_AWS_IAM_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.
Using the SDK directly 
  ClientSettings settings = new ClientSettings
  {
    Auth = new AuthenticationOptions
    {
      AwsIam = new AwsIamAuthMethod
      {
        IdentityId = "your-machine-identity-id",
      }
    }
  };


  var infisicalClient = new InfisicalClient(settings);

Azure Auth

Please note that this authentication method will only work if you’re running your application on Azure. Please read more about this authentication method.
Using environment variables
  • INFISICAL_AZURE_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.
Using the SDK directly 
  ClientSettings settings = new ClientSettings
  {
    Auth = new AuthenticationOptions
    {
      Azure = new AzureAuthMethod
      {
        IdentityId = "YOUR_IDENTITY_ID",
      }
    }
  };

  var infisicalClient = new InfisicalClient(settings);

Kubernetes Auth

Please note that this authentication method will only work if you’re running your application on Kubernetes. Please read more about this authentication method.
Using environment variables
  • INFISICAL_KUBERNETES_IDENTITY_ID - Your Infisical Machine Identity ID.
  • INFISICAL_KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH_ENV_NAME - The environment variable name that contains the path to the service account token. This is optional and will default to /var/run/secrets/kubernetes.io/serviceaccount/token.
Using the SDK directly 
  ClientSettings settings = new ClientSettings
  {
    Auth = new AuthenticationOptions
    {
      Kubernetes = new KubernetesAuthMethod
      {
        ServiceAccountTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token", // Optional
        IdentityId = "YOUR_IDENTITY_ID",
      }
    }
  };

  var infisicalClient = new InfisicalClient(settings);

Caching

To reduce the number of API requests, the SDK temporarily stores secrets it retrieves. By default, a secret remains cached for 5 minutes after it’s first fetched. Each time it’s fetched again, this 5-minute timer resets. You can adjust this caching duration by setting the “cacheTTL” option when creating the client.

Working with Secrets

client.ListSecrets(options)

var options = new ListSecretsOptions
{
    ProjectId = "PROJECT_ID",
    Environment = "dev",
    Path = "/foo/bar",
    AttachToProcessEnv = false,
};

var secrets = infisical.ListSecrets(options);
Retrieve all secrets within the Infisical project and environment that client is connected to

Parameters

Parameters
object

client.GetSecret(options)

var options = new GetSecretOptions
    {
        SecretName = "AAAA",
        ProjectId = "659c781eb2d4fe3e307b77bd",
        Environment = "dev",
    };
var secret = infisical.GetSecret(options);
Retrieve a secret from Infisical. By default, GetSecret() fetches and returns a shared secret.

Parameters

Parameters
object

client.CreateSecret(options)

var options = new CreateSecretOptions {
    Environment = "dev",
    ProjectId = "PROJECT_ID",

    SecretName = "NEW_SECRET",
    SecretValue = "NEW_SECRET_VALUE",
    SecretComment = "This is a new secret",
};

var newSecret = infisical.CreateSecret(options);
Create a new secret in Infisical.

Parameters

Parameters
object

client.UpdateSecret(options)

var options = new UpdateSecretOptions {
    Environment = "dev",
    ProjectId = "PROJECT_ID",

    SecretName = "SECRET_TO_UPDATE",
    SecretValue = "NEW VALUE"
};

var updatedSecret = infisical.UpdateSecret(options);
Update an existing secret in Infisical.

Parameters

Parameters
object

client.DeleteSecret(options)

var options = new DeleteSecretOptions
{
    Environment = "dev",
    ProjectId = "PROJECT_ID",
    SecretName = "NEW_SECRET",
};

var deletedSecret = infisical.DeleteSecret(options);
Delete a secret in Infisical.

Parameters

Parameters
object

Cryptography

Create a symmetric key

Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption. 
var key = infisical.CreateSymmetricKey();

Returns (string)

key (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.

Encrypt symmetric

var options = new EncryptSymmetricOptions
{
    Plaintext = "Infisical is awesome!",
    Key = key,
};

var encryptedData = infisical.EncryptSymmetric(options);

Parameters

Parameters
object
required

Returns (object)

Tag (string): A base64-encoded, 128-bit authentication tag. Iv (string): A base64-encoded, 96-bit initialization vector. CipherText (string): A base64-encoded, encrypted ciphertext.

Decrypt symmetric

var decryptOptions = new DecryptSymmetricOptions
{
    Key = key,
    Ciphertext = encryptedData.Ciphertext,
    Iv = encryptedData.Iv,
    Tag = encryptedData.Tag,
};

var decryptedPlaintext = infisical.DecryptSymmetric(decryptOptions);

Parameters

Parameters
object
required

Returns (string)

Plaintext (string): The decrypted plaintext.