Blog post 3 min read

Infisical Update – May 2024

Published on
Authors
Blog image

May 2024 has been one of the most exciting months for Infisical yet! Our team released many great features and has a lot of awesome news to share!

1: AWS, GCP, Azure, and Kubernetes Native Auth Methods

It is now possible for applications to fetch secrets back from Infisical without needing to explicitly manage an additional secret to authenticate with the platform in the first place.

Here’s how each method works:

  • Kubernetes Auth: Pods can use Kubernetes-native service accounts to have a service account credential mounted at a specified path. This credential can be used to authenticate with Infisical.

  • AWS Auth: AWS IAM principals for services like EC2 and Lambda can send a signed query containing a computed signature specific to the underlying IAM principal to authenticate with Infisical.

  • GCP Auth: GCP services like Compute Engine, App Engine, Cloud Functions, and Kubernetes Engine can use GCP-native ID tokens to authenticate with Infisical.

  • Azure Auth: Azure services like VMs, App Services, Functions, and Kubernetes Service can use Azure-native managed identity access tokens to authenticate with Infisical.

By treating Kubernetes, AWS, GCP, and Azure as trusted identity providers to supply and verify native platform tokens, we achieve a near “secretless” authentication pattern for applications running on these platforms. It’s now as seamless as pointing your application to Infisical to fetch back secrets.

Infisical Auth Methods

2: Secret Sharing Infrastructure

Developers frequently need to share secrets with team members, contractors, or other third parties. This can be risky due to potential leaks or misuse. Infisical now offers a secure solution for sharing secrets over the Internet in a time-bound manner. With its zero-knowledge architecture, secrets shared via Infisical remain unreadable even to Infisical itself.

Infisical Secret Sharing

3: Access Requests and JIT Access

Infisical users can now request access to particular environments, folders, and secrets directly from Infisical. Based on the predefined policies, admins are able to approve or deny such requests to automatically provision access to users. Such access can be either permanent or temporary (also known as Just-in-time Access Provisioning).

Infisical Access Requests

4: Secret Referencing Update

Secret Referencing is probably one of Infisical's most popular features. This month, our team has worked to expand support of secret references and imports to all Infisical clients (e.g., CLI, Kubernetes Operator, SDKs, integrations, and more) – no matter in which environments you are operating secrets with Infisical, Secret References will now be supported seamlessly.

On top of that, when creating secret references via UI, secret references are now automatically suggested in a dropdown. Just start typing ${} to see a list of possible secret references:

Infisical Auto Reference

5: Infisical Jenkins Plugin

Even though it was already possible to operate secrets in Jenkins with Infisical CLI, you can now use the official Infisical Jenkins Plugin to fetch secrets in your pipelines and projects. On top of that, secrets are masked in the build log, so users can’t accidentally print them.

6: Statuses and Manual Sync for integrations

The integration experience has been significantly improved. It is now possible to manually trigger integrations. In addition, users can easily track statuses of their integrations as well as corresponding failure reasons in case something goes wrong.

Infisical Integration Sync

Much more

That's it for our May 2024 update! If you have any feature requests or feedback for Infisical, please join our Slack community and share those in the #infisical-feedback channel.

If you have any questions about Infisical Pro or Enterprise, you can contact us at [email protected] or sign up for a demo.

Starting with Infisical is simple, fast, and free.
Full Infisical Logo

PRODUCT

Secret Management

Secret Scanning

Pricing

Security

RESOURCES

Blog

Infisical vs Vault

Careers

Hiring

Forum

Open Source Friends

Customers

Company Handbook

Trust Center

LEGAL

Terms of Service

Privacy Policy

Subprocessors

Service Level Agreement

CONTACT

Team Email

Sales

Support