Using Google SSO on a self-hosted instance of Infisical requires configuring an OAuth2 application in GCP and registering your instance with it.

1

Create an OAuth2 application in GCP

Navigate to your project API & Services > Credentials to create a new OAuth2 application.

GCP API services GCP create new OAuth2 application

Create the application. As part of the form, add to Authorized redirect URIs: https://your-domain.com/api/v1/sso/google.

GCP create new OAuth2 application form

2

Add your OAuth2 application credentials to Infisical

Obtain the Client ID and Client Secret for your GCP OAuth2 application.

GCP obtain OAuth2 credentials

Back in your Infisical instance, make sure to set the following environment variables:

  • CLIENT_ID_GOOGLE_LOGIN: The Client ID of your GCP OAuth2 application.
  • CLIENT_SECRET_GOOGLE_LOGIN: The Client Secret of your GCP OAuth2 application.
  • AUTH_SECRET: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with openssl rand -base64 32.
  • SITE_URL: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)

Once added, restart your Infisical instance and log in with Google

FAQ