AWS Amplify

Create a machine identtiy and connect it to your Infisical project. You can read more about how to use machine identities here. The machine identity will allow you to authenticate and fetch secrets from Infisical.

1. In the Amplify console, choose App Settings, and then select Environment variables.
2. In the Environment variables section, select Manage variables.
3. Under the first Variable enter INFISICAL_MACHINE_IDENTITY_CLIENT_ID, and for the value, enter the client ID of the machine identity you created in the previous step.
4. Under the second Variable enter INFISICAL_MACHINE_IDENTITY_CLIENT_SECRET, and for the value, enter the client secret of the machine identity you created in the previous step.
5. Click save.

In the prebuild phase, add the command in AWS Amplify to install the Infisical CLI.

build:
  phases:
    preBuild:
      commands:
- sudo curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' | sudo -E bash
- sudo yum -y install infisical

You can now pull secrets from Infisical using the CLI and save them as a .env file. To do this, modify the build commands.

build:
  phases:
    build:
      commands:
- INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id=${INFISICAL_MACHINE_IDENTITY_CLIENT_ID} --client-secret=${INFISICAL_MACHINE_IDENTITY_CLIENT_SECRET} --silent --plain)
    - infisical export --format=dotenv > .env
    - <rest of the commands>

Go to your project settings in the Infisical dashboard to generate a service token. This service token will allow you to authenticate and fetch secrets from Infisical. Once you have created a service token with the required permissions, you’ll need to provide the token to the CLI installed in your Docker container.

1. In the Amplify console, choose App Settings, and then select Environment variables.
2. In the Environment variables section, select Manage variables.
3. Under Variable, enter the key INFISICAL_TOKEN. For the value, enter the generated service token from the previous step.
4. Click save.

In the prebuild phase, add the command in AWS Amplify to install the Infisical CLI.

build:
  phases:
    preBuild:
      commands:
- sudo curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' | sudo -E bash
- sudo yum -y install infisical

You can now pull secrets from Infisical using the CLI and save them as a .env file. To do this, modify the build commands.

build:
  phases:
    build:
      commands:
- INFISICAL_TOKEN=${INFISICAL_TOKEN}
    - infisical export --format=dotenv > .env
    - <rest of the commands>

Follow the Infisical AWS SSM Parameter Store Integration Guide to set up the integration. Pause once you reach the step where it asks you to select the path you would like to sync.

1. Open your AWS Amplify App console.
2. Go to Actions >> View App Settings
3. The App ID will be the last part of the App ARN field after the slash.

You need to set the path in the format /amplify/[amplify_app_id]/[your-amplify-environment-name] as the path option in AWS SSM Parameter Infisical Integration.