infisical dynamic-secrets
Perform dynamic secret operations directly with the CLI
infisical dynamic-secrets
Description
Dynamic secrets are unique secrets generated on demand based on the provided configuration settings. For more details, refer to dynamics secrets section.
This command enables you to perform list, lease, renew lease, and revoke lease operations on dynamic secrets within your Infisical project.
Sub-commands
Use this command to print out all of the dynamic secrets in your project.
$ infisical dynamic-secrets
Environment variables
Used to fetch dynamic secrets via a machine identity instead of logged-in credentials. Simply, export this variable in the terminal before running this command.
# Example
export INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id=<identity-client-id> --client-secret=<identity-client-secret> --silent --plain) # --plain flag will output only the token, so it can be fed to an environment variable. --silent will disable any update messages.
Used to disable the check for new CLI versions. This can improve the time it takes to run this command. Recommended for production environments.
To use, simply export this variable in the terminal before running this command.
# Example
export INFISICAL_DISABLE_UPDATE_CHECK=true
Flags
The project ID to fetch dynamic secrets from. This is required when using a machine identity to authenticate.
# Example
infisical dynamic-secrets --projectId=<project-id>
The authenticated token to fetch dynamic secrets from. This is required when using a machine identity to authenticate.
# Example
infisical dynamic-secrets --token=<token>
Used to select the environment name on which actions should be taken. Default
value: dev
Use to select the project folder on which dynamic secrets will be accessed.
# Example
infisical dynamic-secrets --path="/" --env=dev
This command is used to create a new lease for a dynamic secret.
$ infisical dynamic-secrets lease create <dynamic-secret-name>
Flags
Used to select the environment name on which actions should be taken. Default
value: dev
The --plain flag will output dynamic secret lease credentials values without formatting, one per line.
Default value: false
# Example
infisical dynamic-secrets lease create dynamic-secret-postgres --plain
The --path flag indicates which project folder dynamic secrets will be injected from.
# Example
infisical dynamic-secrets lease create <dynamic-secret-name> --path="/" --env=dev
The project ID of the dynamic secrets to lease from. This is required when using a machine identity to authenticate.
# Example
infisical dynamic-secrets lease create <dynamic-secret-name> --projectId=<project-id>
The authenticated token to create dynamic secret leases. This is required when using a machine identity to authenticate.
# Example
infisical dynamic-secrets lease create <dynamic-secret-name> --token=<token>
The lease lifetime. If not provided, the default TTL of the dynamic secret root credential will be used.
# Example
infisical dynamic-secrets lease create <dynamic-secret-name> --ttl=<ttl>
This command is used to list leases for a dynamic secret.
$ infisical dynamic-secrets lease list <dynamic-secret-name>
Flags
Used to select the environment name on which actions should be taken. Default
value: dev
The --path flag indicates which project folder dynamic secrets will be injected from.
# Example
infisical dynamic-secrets lease list <dynamic-secret-name> --path="/" --env=dev
The project ID of the dynamic secrets to list leases from. This is required when using a machine identity to authenticate.
# Example
infisical dynamic-secrets lease list <dynamic-secret-name> --projectId=<project-id>
The authenticated token to list dynamic secret leases. This is required when using a machine identity to authenticate.
# Example
infisical dynamic-secrets lease list <dynamic-secret-name> --token=<token>
This command is used to renew a lease before it expires.
$ infisical dynamic-secrets lease renew <lease-id>
Flags
Used to select the environment name on which actions should be taken. Default
value: dev
The --path flag indicates which project folder dynamic secrets will be renewed from.
# Example
infisical dynamic-secrets lease renew <lease-id> --path="/" --env=dev
The project ID of the dynamic secret’s lease from. This is required when using a machine identity to authenticate.
# Example
infisical dynamic-secrets lease renew <lease-id> --projectId=<project-id>
The authenticated token to create dynamic secret leases. This is required when using a machine identity to authenticate.
# Example
infisical dynamic-secrets lease renew <lease-id> --token=<token>
The lease lifetime. If not provided, the default TTL of the dynamic secret root credential will be used.
# Example
infisical dynamic-secrets lease renew <lease-id> --ttl=<ttl>
This command is used to delete a lease.
$ infisical dynamic-secrets lease delete <lease-id>
Flags
Used to select the environment name on which actions should be taken. Default
value: dev
The --path flag indicates which project folder dynamic secrets will be deleted from.
# Example
infisical dynamic-secrets lease delete <lease-id> --path="/" --env=dev
The project ID of the dynamic secret’s lease from. This is required when using a machine identity to authenticate.
# Example
infisical dynamic-secrets lease delete <lease-id> --projectId=<project-id>
The authenticated token to delete dynamic secret leases. This is required when using a machine identity to authenticate.
# Example
infisical dynamic-secrets lease delete <lease-id> --token=<token>
Was this page helpful?