Attach

cURL

curl --request POST \
  --url https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "caCertificate": "<string>",
  "allowedCommonNames": "<string>",
  "accessTokenTrustedIps": [
    {
      "ipAddress": "0.0.0.0/0"
    },
    {
      "ipAddress": "::/0"
    }
  ],
  "accessTokenTTL": 2592000,
  "accessTokenMaxTTL": 2592000,
  "accessTokenNumUsesLimit": 0
}
'

{
  "identityTlsCertAuth": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z",
    "identityId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "encryptedCaCertificate": "<unknown>",
    "accessTokenTTL": 7200,
    "accessTokenMaxTTL": 7200,
    "accessTokenNumUsesLimit": 0,
    "accessTokenTrustedIps": "<unknown>",
    "allowedCommonNames": "<string>"
  }
}

POST

api

auth

tls-cert-auth

identities

{identityId}

cURL

curl --request POST \
  --url https://us.infisical.com/api/v1/auth/tls-cert-auth/identities/{identityId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "caCertificate": "<string>",
  "allowedCommonNames": "<string>",
  "accessTokenTrustedIps": [
    {
      "ipAddress": "0.0.0.0/0"
    },
    {
      "ipAddress": "::/0"
    }
  ],
  "accessTokenTTL": 2592000,
  "accessTokenMaxTTL": 2592000,
  "accessTokenNumUsesLimit": 0
}
'

{
  "identityTlsCertAuth": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z",
    "identityId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "encryptedCaCertificate": "<unknown>",
    "accessTokenTTL": 7200,
    "accessTokenMaxTTL": 7200,
    "accessTokenNumUsesLimit": 0,
    "accessTokenTrustedIps": "<unknown>",
    "allowedCommonNames": "<string>"
  }
}

Authorizations

Authorization

string

header

required

An access token in Infisical

Path Parameters

identityId

string

required

The ID of the machine identity to attach the configuration onto.

Body

application/json

caCertificate

string

required

The PEM-encoded CA certificate to validate client certificates.

Required string length: 1 - 10240

allowedCommonNames

string | null

The comma-separated list of trusted common names that are allowed to authenticate with Infisical.

Minimum string length: 1

accessTokenTrustedIps

object[]

The IPs or CIDR ranges that access tokens can be used from.

Minimum array length: 1

Show child attributes

accessTokenTrustedIps.ipAddress

string

required

accessTokenTTL

integer

default:2592000

The lifetime for an access token in seconds.

Required range: 0 <= x <= 315360000

accessTokenMaxTTL

integer

default:2592000

The maximum lifetime for an access token in seconds.

Required range: 1 <= x <= 315360000

accessTokenNumUsesLimit

integer

default:0

The maximum number of times that an access token can be used.

Required range: x >= 0

Response

Default Response

identityTlsCertAuth

object

required

Show child attributes

identityTlsCertAuth.id

string<uuid>

required

identityTlsCertAuth.createdAt

string<date-time>

required

identityTlsCertAuth.updatedAt

string<date-time>

required

identityTlsCertAuth.identityId

string<uuid>

required

identityTlsCertAuth.encryptedCaCertificate

any

required

identityTlsCertAuth.accessTokenTTL

number

default:7200

identityTlsCertAuth.accessTokenMaxTTL

number

default:7200

identityTlsCertAuth.accessTokenNumUsesLimit

number

default:0

identityTlsCertAuth.accessTokenTrustedIps

any

identityTlsCertAuth.allowedCommonNames

string | null

Overview

Organization

Project

Shared

Identity Auth

Secrets Management

Infisical PKI

Secret Scanning

Infisical SSH

Infisical KMS

Other

Authorizations

Path Parameters

Body

Response