PATCH
/
api
/
v1
/
auth
/
kubernetes-auth
/
identities
/
{identityId}
curl --request PATCH \
  --url https://us.infisical.com/api/v1/auth/kubernetes-auth/identities/{identityId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "kubernetesHost": "<string>",
  "caCert": "<string>",
  "tokenReviewerJwt": "<string>",
  "allowedNamespaces": "<string>",
  "allowedNames": "<string>",
  "allowedAudience": "<string>",
  "accessTokenTrustedIps": [
    {
      "ipAddress": "<string>"
    }
  ],
  "accessTokenTTL": 157680000,
  "accessTokenNumUsesLimit": 1,
  "accessTokenMaxTTL": 157680000
}'
{
  "identityKubernetesAuth": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "accessTokenTTL": 7200,
    "accessTokenMaxTTL": 7200,
    "accessTokenNumUsesLimit": 0,
    "accessTokenTrustedIps": "<any>",
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z",
    "identityId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "kubernetesHost": "<string>",
    "allowedNamespaces": "<string>",
    "allowedNames": "<string>",
    "allowedAudience": "<string>",
    "caCert": "<string>",
    "tokenReviewerJwt": "<string>"
  }
}

Authorizations

​
Authorization
string
header
required

An access token in Infisical

Path Parameters

​
identityId
string
required

The ID of the identity to update the auth method for.

Body

application/json
​
kubernetesHost
string

The new host string, host:port pair, or URL to the base of the Kubernetes API server.

Minimum length: 1
​
caCert
string

The new PEM-encoded CA cert for the Kubernetes API server.

​
tokenReviewerJwt
string

The new long-lived service account JWT token for Infisical to access the TokenReview API to validate other service account JWT tokens submitted by applications/pods.

Minimum length: 1
​
allowedNamespaces
string

The new comma-separated list of trusted namespaces that service accounts must belong to authenticate with Infisical.

​
allowedNames
string

The new comma-separated list of trusted service account names that can authenticate with Infisical.

​
allowedAudience
string

The new optional audience claim that the service account JWT token must have to authenticate with Infisical.

​
accessTokenTrustedIps
object[]

The new IPs or CIDR ranges that access tokens can be used from.

​
accessTokenTTL
integer

The new lifetime for an acccess token in seconds.

Required range: 0 < x < 315360000
​
accessTokenNumUsesLimit
integer

The new maximum number of times that an access token can be used.

Required range: x > 0
​
accessTokenMaxTTL
integer

The new maximum lifetime for an acccess token in seconds.

Required range: 0 < x < 315360000

Response

200
application/json
Default Response
​
identityKubernetesAuth
object
required

Was this page helpful?

Suggest editsRaise issue
RetrieveRevoke