Skip to main content

Documentation Index

Fetch the complete documentation index at: https://infisical.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

This setup is performed once per organization by an admin. After completing these steps, any project member can create honey tokens without repeating this process.

Prerequisites

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "HoneyTokenIAMManagement",
      "Effect": "Allow",
      "Action": [
        "iam:CreateUser",
        "iam:DeleteUser",
        "iam:CreateAccessKey",
        "iam:DeleteAccessKey"
      ],
      "Resource": "arn:aws:iam::*:user/inf_ht_*"
    },
    {
      "Sid": "HoneyTokenStackVerification",
      "Effect": "Allow",
      "Action": ["cloudformation:DescribeStacks"],
      "Resource": "*"
    }
  ]
}
The IAM permissions are scoped to users prefixed with inf_ht_, which is the naming convention Infisical uses for honey token IAM users.

Connect

1

Open Honey Token settings

Go to Organization SettingsProduct Settings.AWS Honey Tokens section
2

Click Connect

Click Connect to open the configuration modal.Click Connect
3

Fill required fields and save

Configure:
  • App Connection — select your AWS App Connection.
  • Webhook Signing Key — auto-generated by default; customize it if needed. This key is used to validate webhook calls from AWS.
Optionally expand Advanced Options:
  • CloudFormation Stack Name (default: infisical-honey-tokens)
  • AWS Region (default: us-east-1)
Click Save.Configure and Save
4

Deploy CloudFormation Stack

Copy the command shown under Deploy CloudFormation Stack.Run the command in a terminal with AWS credentials that can deploy CloudFormation stacks in your target account and region.Deploy CloudFormation Stack Command
5

Verify deployment

After the CloudFormation stack finishes deploying, click Verify connection in the AWS Honey Tokens section.Click Verify connectionOnce verification succeeds, confirm the status badge is updated to Verified.Verified status badge

Manage

After setup is saved, the Connect button changes to Manage. Use Manage any time you need to update:
  • AWS App Connection
  • Webhook signing key
  • CloudFormation stack name
  • AWS region
In the modal, you can also copy the pre-filled AWS CLI command under Deploy CloudFormation Stack and run it to create the stack. You can also verify directly in AWS CLI: 
aws cloudformation describe-stacks \
  --stack-name infisical-honey-tokens \
  --query "Stacks[0].StackStatus"
You can only create honey tokens after the stack status is Verified.