Node

This guide demonstrates how to use Infisical to manage secrets for your Node stack from local development to production. It uses:

• Infisical (you can use Infisical Cloud or a self-hosted instance of Infisical) to store your secrets.
• The @infisical/sdk Node.js client SDK to fetch secrets back to your Node application on demand.

​

Project Setup

To begin, we need to set up a project in Infisical and add secrets to an environment in it.

​

Create a project

1. Create a new project in Infisical.

2. Add a secret to the development environment of this project so we can pull it back for local development. In the Secrets Overview page, press Explore Development and add a secret with the key NAME and value YOUR_NAME.

​

Create a Machine Identity

Now that we’ve created a project and added a secret to its development environment, we need to configure an Infisical Machine Identity that our Node application can use to access the secret.

• How to setup machine identities

​

Create a Node app

For this demonstration, we use a minimal Express application. However, the same principles will apply to any Node application such as those built on Koa or Fastify.

​

Create an Express app

Initialize a new Node.js project with a default package.json file.

npm init -y

Install express and @infisical/sdk, the client Node SDK for Infisical.

npm install express @infisical/sdk

Finally, create an index.js file containing the application code.

const express = require('express');
const { InfisicalSDK } = require("@infisical/sdk");


const app = express();

const PORT = 3000;

let client;

const setupClient = () => {  

  if (client) {
    return;
  }

  const infisicalSdk = new InfisicalSDK({
      siteUrl: "your-infisical-instance.com" // Optional, defaults to https://app.infisical.com
  });

  await infisicalSdk.auth().universalAuth.login({
    clientId: "<machine-identity-client-id>",
    clientSecret: "<machine-identity-client-secret>"
  });

  // If authentication was successful, assign the client
  client = infisicalSdk;
}



app.get("/", async (req, res) => {
    

    const name = await client.secrets().getSecret({
      environment: "dev", // dev, staging, prod, etc.
      projectId: "<project-id>",
      secretPath: "/",
      secretName: "NAME"
    });
    
    res.send(`Hello! My name is: ${name.secretValue}`);
});

app.listen(PORT, async () => {
  // initialize http server and Infisical
    await setupClient();
    console.log(`Server listening on port ${PORT}`);
});

Here, we initialized a client instance of the Infisical Node SDK with the Machine Identity that we created earlier, giving access to the secrets in the development environment of the project in Infisical that we created earlier.

Finally, start the app and head to http://localhost:3000 to see the message Hello, Your Name.

node index.js

The client fetched the secret with the key NAME from Infisical that we returned in the response of the endpoint.

At this stage, you know how to fetch secrets from Infisical back to your Node application. By using Machine Identities scoped to different projects and environments, you can easily manage secrets across various stages of your project in Infisical, from local development to production.

​

FAQ

See also:

• Explore the Node SDK