Core commands
infisical dynamic-secrets
Perform dynamic secret operations directly with the CLI
Description
Dynamic secrets are unique secrets generated on demand based on the provided configuration settings. For more details, refer to dynamics secrets section. This command enables you to perform list, lease, renew lease, and revoke lease operations on dynamic secrets within your Infisical project.Sub-commands
infisical dynamic-secrets
infisical dynamic-secrets
Use this command to print out all of the dynamic secrets in your project.
Environment variables
INFISICAL_TOKEN
INFISICAL_TOKEN
Used to fetch dynamic secrets via a machine identity instead of logged-in credentials. Simply, export this variable in the terminal before running this command.
INFISICAL_DISABLE_UPDATE_CHECK
INFISICAL_DISABLE_UPDATE_CHECK
Used to disable the check for new CLI versions. This can improve the time it takes to run this command. Recommended for production environments.To use, simply export this variable in the terminal before running this command.
Flags
--projectId
--projectId
The project ID to fetch dynamic secrets from.
--project-slug
--project-slug
The project slug to fetch dynamic secrets from.
--token
--token
The authenticated token to fetch dynamic secrets from. This is required when using a machine identity to authenticate.
--env
--env
Used to select the environment name on which actions should be taken. Default
value:
dev--path
--path
Use to select the project folder on which dynamic secrets will be accessed.
infisical dynamic-secrets lease create
infisical dynamic-secrets lease create
This command is used to create a new lease for a dynamic secret.
Flags
--env
--env
Used to select the environment name on which actions should be taken. Default
value:
dev--plain
--plain
The
--plain flag will output dynamic secret lease credentials values without formatting, one per line.
Default value: false--path
--path
The
--path flag indicates which project folder dynamic secrets will be injected from.--projectId
--projectId
The project ID of the dynamic secrets to lease from.
--project-slug
--project-slug
The project slug of the dynamic secrets to lease from.
--token
--token
The authenticated token to create dynamic secret leases. This is required when using a machine identity to authenticate.
--ttl
--ttl
The lease lifetime. If not provided, the default TTL of the dynamic secret root credential will be used.
Provider-specific flags
The following flags are specific to certain providers or integrations:Kubernetes
Kubernetes
--kubernetes-namespace
--kubernetes-namespace
The namespace to create the lease in. Only used for Kubernetes dynamic secrets.
infisical dynamic-secrets lease list
infisical dynamic-secrets lease list
This command is used to list leases for a dynamic secret.
Flags
--env
--env
Used to select the environment name on which actions should be taken. Default
value:
dev--path
--path
The
--path flag indicates which project folder dynamic secrets will be injected from.--projectId
--projectId
The project ID of the dynamic secrets to list leases from.
--project-slug
--project-slug
The project slug of the dynamic secrets to list leases from.
--token
--token
The authenticated token to list dynamic secret leases. This is required when using a machine identity to authenticate.
infisical dynamic-secrets lease renew
infisical dynamic-secrets lease renew
This command is used to renew a lease before it expires.
Flags
--env
--env
Used to select the environment name on which actions should be taken. Default
value:
dev--path
--path
The
--path flag indicates which project folder dynamic secrets will be renewed from.--projectId
--projectId
The project ID of the dynamic secret to lease from.
--project-slug
--project-slug
The project slug of the dynamic secret to lease from.
--token
--token
The authenticated token to create dynamic secret leases. This is required when using a machine identity to authenticate.
--ttl
--ttl
The lease lifetime. If not provided, the default TTL of the dynamic secret root credential will be used.
infisical dynamic-secrets lease delete
infisical dynamic-secrets lease delete
This command is used to delete a lease.
Flags
--env
--env
Used to select the environment name on which actions should be taken. Default
value:
dev--path
--path
The
--path flag indicates which project folder dynamic secrets will be deleted from.--projectId
--projectId
The project ID of the dynamic secret to delete lease from.
--project-slug
--project-slug
The project slug of the dynamic secret to delete lease from.
--token
--token
The authenticated token to delete dynamic secret leases. This is required when using a machine identity to authenticate.