infisical secrets
Perform CRUD operations with Infisical secrets
Description
This command enables you to perform CRUD (create, read, update, delete) operations on secrets within your Infisical project. With it, you can view, create, update, and delete secrets in your environment.
Sub-commands
infisical secrets
infisical secrets
Use this command to print out all of the secrets in your project
Environment variables
INFISICAL_TOKEN
INFISICAL_TOKEN
Used to fetch secrets via a machine identity apposed to logged in credentials. Simply, export this variable in the terminal before running this command.
Alternatively, you may use service tokens.
INFISICAL_DISABLE_UPDATE_CHECK
INFISICAL_DISABLE_UPDATE_CHECK
Used to disable the check for new CLI versions. This can improve the time it takes to run this command. Recommended for production environments.
To use, simply export this variable in the terminal before running this command.
Flags
--expand
--expand
Parse shell parameter expansions in your secrets
Default value: true
--projectId
--projectId
The project ID to fetch secrets from. This is required when using a machine identity to authenticate.
--env
--env
Used to select the environment name on which actions should be taken on
Default value: dev
--path
--path
The --path flag indicates which project folder secrets will be injected from.
--plain
--plain
The --plain flag will output all your secret values without formatting, one per line.
--silent
--silent
The --silent flag disables output of tip/info messages. Useful when running in scripts or CI/CD pipelines.
Can be used inline to replace INFISICAL_DISABLE_UPDATE_CHECK
infisical secrets get
infisical secrets get
This command allows you selectively print the requested secrets by name
Flags
--env
--env
Used to select the environment name on which actions should be taken on
Default value: dev
--plain
--plain
The --plain flag will output all your requested secret values without formatting, one per line.
Default value: false
When running in CI/CD environments or in a script, set INFISICAL_DISABLE_UPDATE_CHECK=true or add the --silent flag. This will help hide any CLI info/debug output and only show the secret value.
--silent
--silent
The --silent flag disables output of tip/info messages. Useful when running in scripts or CI/CD pipelines.
Can be used inline to replace INFISICAL_DISABLE_UPDATE_CHECK
--raw-value (deprecated)
--raw-value (deprecated)
Use --plain instead, as it supports single and multiple secrets.
Used to print the plain value of a single requested secret without any table style.
Default value: false
Example: infisical secrets get DOMAIN --raw-value
When running in CI/CD environments or in a script, set INFISICAL_DISABLE_UPDATE_CHECK=true or add the --silent flag. This will help hide any CLI info/debug output and only show the secret value.
infisical secrets set
infisical secrets set
This command allows you to set or update secrets in your environment. If the secret key provided already exists, its value will be updated with the new value. If the secret key does not exist, a new secret will be created using both the key and value provided.
When setting secret values:
- Use
secretName=@path/to/fileto load the secret value from a file - Use
secretName=\@valueif you need the literal ’@’ character at the beginning of your value
Example:
Flags
--env
--env
Used to select the environment name on which actions should be taken on
Default value: dev
--path
--path
Used to select the project folder in which the secrets will be set. This is useful when creating new secrets under a particular path.
--type
--type
Used to select the type of secret to create. This could be either personal or shared (defaults to shared)
--file
--file
Used to set secrets from a file, supporting both .env and YAML formats. The file path can be either absolute or relative to the current working directory.
The file should contain secrets in the following formats:
key=valuefor.envfileskey: valuefor YAML files
Comments can be written using # comment or // comment. Empty lines will be ignored during processing.
infisical secrets delete
infisical secrets delete
This command allows you to delete secrets by their name(s).
Flags
--env
--env
Used to select the environment name on which actions should be taken on
Default value: dev
--path
--path
The --path flag indicates which project folder secrets will be injected from.
infisical secrets folders
infisical secrets folders
This command allows you to fetch, create and delete folders from within a path from a given project.
sub commands
get
get
Used to fetch all folders within a path in a given project
Flags
--path
--path
The path from where folders should be fetched from
Default value: /
--token
--token
Fetch folders using a machine identity access token.
Default value: “
create
create
Used to create a folder by name within a path.
Flags
--path
--path
Path to where the folder should be created
Default value: /
--name
--name
Name of the folder to be created in selected --path
Default value: “
delete
delete
Used to delete a folder by name within a path.
Flags
--path
--path
Path to where the folder should be created
Default value: /
--name
--name
Name of the folder to be deleted within selected --path
Default value: “
infisical secrets generate-example-env
infisical secrets generate-example-env
This command allows you to generate an example .env file from your secrets and with their associated comments and tags. This is useful when you would like to let others who work on the project but do not use Infisical become aware of the required environment variables and their intended values.
To place default values in your example .env file, you can simply include the syntax DEFAULT:<value> within your secret’s comment in Infisical. This will result in the specified value being extracted and utilized as the default.
Flags
--env
--env
Used to select the environment name on which actions should be taken on
Default value: dev