Skip to main content

Documentation Index

Fetch the complete documentation index at: https://infisical.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

The Infisical Milvus dynamic secret allows you to generate Milvus credentials on demand, with configurable privileges scoped to the lease.

Prerequisites

  1. Ensure that authentication and RBAC are enabled on your Milvus instance by setting common.security.authorizationEnabled=true.
  2. Have an admin user (defaults to root / Milvus) available to manage users, roles, and privileges via the Milvus REST API.

Set up Dynamic Secrets with Milvus

1

Open Secret Overview Dashboard

Open the Secret Overview dashboard and select the environment in which you would like to add a dynamic secret.
2

Click on the 'Add Dynamic Secret' button

Add Dynamic Secret Button
3

Select Milvus

Choose Milvus from the list of available dynamic secret providers.Milvus Option
4

Provide the inputs for dynamic secret parameters

Milvus form
Secret Name
string
required
Name by which you want the secret to be referenced
Default TTL
string
required
Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
Max TTL
string
required
Maximum time-to-live for a generated secret.
Host
string
required
Your Milvus endpoint. Include the URL scheme (http:// or https://). Example: http://localhost. If the scheme is omitted, http:// is assumed.
Port
number
required
The port your Milvus REST API listens on. Defaults to 19530.
Admin Username
string
required
The admin username used to manage users, roles, and privileges (e.g. root).
Admin Password
string
required
The password for the admin user.
Default Database
string
required
Default Milvus database used as the dbName for granted privileges when not explicitly overridden per privilege. Defaults to default.
Privileges
array
Privileges granted to an ephemeral role bound to the lease user. Leave empty to create a user with only the built-in public role.Each privilege entry has:
  • Object Type — Milvus object type (Collection, Database, Global, Cluster, or User).
  • Object Name — Name of the target object (e.g. a collection name) or * to apply to all.
  • Privilege — Milvus privilege name or built-in privilege group (e.g. Search, Query, COLL_RO, DB_Admin). See the Milvus privilege reference for the full list.
  • DB Name — Optional override for the target database. Falls back to the provider’s Default Database when blank.
Examples:
  • Read-only on all collections: { Object Type: Collection, Object Name: *, Privilege: COLL_RO }
  • Full database admin: { Object Type: Database, Object Name: *, Privilege: DB_Admin }
  • Search on a specific collection: { Object Type: Collection, Object Name: my_collection, Privilege: Search }
Username Template
string
default:"{{randomUsername}}"
Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.Allowed template variables are:
  • {{randomUsername}}: Random username string.
  • {{unixTimestamp}}: Current Unix timestamp at the time of lease creation.
  • {{identity.name}}: Name of the identity that is generating the lease.
  • {{dynamicSecret.name}}: Name of the associated dynamic secret.
  • {{dynamicSecret.type}}: Type of the associated dynamic secret.
  • {{random N}}: Random string of N characters.
Allowed template functions are:
  • truncate: Truncates a string to a specified length.
  • replace: Replaces a substring with another value.
  • uppercase: Converts a string to uppercase.
  • lowercase: Converts a string to lowercase.
Examples:
{{ randomUsername }}                                            // 3POnzeFyK9gW2nioK0q2gMjr6CZqsRiX
{{ unixTimestamp }}                                             // 17490641580
{{ identity.name }}                                             // <identity-name>
{{ random 5 }}                                                  // x9K2m
{{ truncate identity.name 4 }}                                  // test
{{ replace identity.name '<identity-name>' 'new-value' }}       // new-value
Gateway
string
A gateway may be required if your Milvus instance is not publicly accessible (e.g. in a private VPC). Select a configured gateway to route traffic through it.
CA Certificate
string
Optional PEM-encoded CA certificate for verifying the Milvus server’s TLS certificate. Required when Milvus uses a self-signed or private CA. Providing a CA also enables HTTPS automatically.
SSL Reject Unauthorized
boolean
default:"true"
If enabled, the server certificate will be verified against the list of supplied CAs. Disable this option if you are using a self-signed certificate.
5

Click `Submit`

After submitting the form, you will see the Milvus dynamic secret created in the dashboard.
Infisical validates the connection by calling the Milvus /v2/vectordb/users/describe endpoint. If validation fails, double-check the host, port, and admin credentials.
6

Generate dynamic secrets

Once configured, click Generate (or New Lease) on the dynamic secret to issue an on-demand credential.Each lease creates a Milvus user with a random username and password. When you configure privileges, Infisical also creates an ephemeral role per lease, grants the configured privileges to it, and assigns the role to the user. On revoke, the user and role are deleted together.Provision Lease
Ensure that the TTL for the lease falls within the maximum TTL defined when configuring the dynamic secret.
Once you click the Submit button, a new secret lease will be generated and the credentials from it will be shown to you.Provision Lease

Audit or Revoke Leases

Once you have created one or more leases, you can access them by clicking on the dynamic secret item on the dashboard. From there you can view the expiration time or revoke a lease early. Provision Lease

Renew Leases

To extend the life of a generated lease, click the Renew button. Provision Lease
Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret.