App Connections enable your organization to integrate Infisical with third-party services in a secure and versatile way.

Concept

App Connections are an organization-level resource used to establish connections with third-party applications that can be used across Infisical projects. Example use cases include syncing secrets, generating dynamic secrets, and more.


Workflow

App Connections require initial setup in both your third-party application and Infisical. Follow these steps to establish a secure connection:

For step-by-step guides specific to each application, refer to the App Connections section in the Navigation Bar.

  1. Create Access Entity: If necessary, create an entity such as a service account or role within the third-party application you want to connect to. Be sure to limit the access of this entity to the minimal permission set required to perform the operations you need. For example:
    • For secret syncing: Read/write permissions to specific secret stores
    • For dynamic secrets: Permissions to create temporary credentials

Whenever possible, Infisical encourages creating a designated service account for your App Connection to limit the scope of permissions based on your use-case.

  1. Generate Authentication Credentials: Obtain the required credentials from your third-party application. These can vary between applications and might be:

    • an API key or access token
    • A client ID and secret pair
    • other credentials, etc.
  2. Create App Connection: Configure the connection in Infisical using your generated credentials through either the UI or API.

Some App Connections can only be created via the UI such as connections using OAuth.

  1. Utilize the Connection: Use your App Connection for various features across Infisical such as our Secrets Sync by selecting it via the dropdown menu in the UI or by passing the associated connectionId when generating resources via the API.

Infisical is continuously expanding its third-party application support. If your desired application isn’t listed, you can still use previous methods of connecting to it such as our Native Integrations.

Was this page helpful?