Infisical’s Public (REST) API is the most flexible, platform-agnostic way to read/write secrets for your application.

Prerequisites:

To keep it simple, we’re going to fetch secrets from the API with End-to-End Encryption (E2EE) disabled.

It’s possible to use the API with E2EE enabled but this means learning about how encryption works with Infisical and performing client-side encryption/decryption operations yourself. yourself.

If E2EE is a must for your team, we recommend either using one of the Infisical SDKs or checking out the examples for E2EE.

Configuration

Head to your Project Settings, where you created your service token, and un-check the E2EE setting.

Retrieve Secret

Retrieve a secret from the project and environment in Infisical scoped to your service token by making a HTTP request with the following format/details:

curl --location --request GET 'https://app.infisical.com/api/v3/secrets/raw/secretName?workspaceId=workspaceId&environment=environment' \
    --header 'Authorization: Bearer serviceToken'
secretNamerequired
string

Name of secret to retrieve

workspaceIdrequired
string

The ID of the workspace

environmentrequired
string

The environment slug

secretPath
Default: "/"
string

Path to secrets in workspace

type
Default: "personal"
string

The type of the secret. Valid options are “shared” or “personal”

Depending on your application requirements, you may wish to use Infisical’s API in different ways such as by retaining E2EE or fetching multiple secrets at once instead of one at a time.

Whatever the case, we recommend glossing over the API Examples to gain a deeper understanding of how you to best leverage the Infisical API for your use-case.

See also: