How to use Infisical to inject, push, and manage secrets within Kubernetes clusters
InfisicalSecret
).InfisicalPushSecret
).InfisicalDynamicSecret
).InfisicalPushSecret
and InfisicalSecret
CRDs.Function | Description | Signature |
---|---|---|
decodeBase64ToBytes | Given a base64 encoded string, this function will decode the base64-encoded string. | decodeBase64ToBytes(encodedString string) string |
encodeBase64 | Given a string, this function will encode the string to a base64 encoded string. | encodeBase64(plainString string) string |
pkcs12key | Extracts all private keys from a PKCS#12 archive and encodes them in PKCS#8 PEM format. | pkcs12key(input string) string |
pkcs12keyPass | Same as pkcs12key. Uses the provided password to decrypt the PKCS#12 archive. | pkcs12keyPass(pass string, input string) string |
pkcs12cert | Extracts all certificates from a PKCS#12 archive and orders them if possible. If disjunct or multiple leaf certs are provided they are returned as-is. Sort order: leaf / intermediate(s) / root . | pkcs12cert(input string) string |
pkcs12certPass | Same as pkcs12cert . Uses the provided password to decrypt the PKCS#12 archive. | pkcs12certPass(pass string, input string) string |
pemToPkcs12 | Takes a PEM encoded certificate and key and creates a base64 encoded PKCS#12 archive. | pemToPkcs12(cert string, key string) string |
pemToPkcs12Pass | Same as pemToPkcs12 . Uses the provided password to encrypt the PKCS#12 archive. | pemToPkcs12Pass(cert string, key string, pass string) string |
fullPemToPkcs12 | Takes a PEM encoded certificates chain and key and creates a base64 encoded PKCS#12 archive. | fullPemToPkcs12(cert string, key string) string |
fullPemToPkcs12Pass | Same as fullPemToPkcs12 . Uses the provided password to encrypt the PKCS#12 archive. | fullPemToPkcs12Pass(cert string, key string, pass string) string |
filterPEM | Filters PEM blocks with a specific type from a list of PEM blocks.. | filterPEM(pemType string, input string) string |
filterCertChain | Filters PEM block(s) with a specific certificate type (leaf , intermediate or root ) from a certificate chain of PEM blocks (PEM blocks with type CERTIFICATE ). | filterCertChain(certType string, input string) string |
jwkPublicKeyPem | Takes an json-serialized JWK and returns an PEM block of type PUBLIC KEY that contains the public key. See here for details. | jwkPublicKeyPem(jwkjson string) string |
jwkPrivateKeyPem | Takes an json-serialized JWK and returns an PEM block of type PRIVATE KEY that contains the private key. See here for details. | jwkPrivateKeyPem(jwkjson string) string |
toYaml | Takes an interface, marshals it to yaml. It returns a string, even on marshal error (empty string). | toYaml(v any) string |
fromYaml | Function converts a YAML document into a map[string]any . | fromYaml(str string) map[string]any |
expandEnv
and env
from the supported functions for security reasons.InfisicalSecret
, you can define these configurations in a Kubernetes ConfigMap.
For example, you can configure all InfisicalSecret
instances to fetch secrets from a single backend API without specifying the hostAPI
parameter for each instance.
Property | Description | Default value |
---|---|---|
hostAPI | If hostAPI in InfisicalSecret instance is left empty, this value will be used | https://app.infisical.com/api |
infisical-config
in the namespace infisical-operator-system
.
To apply global configuration to the operator, copy the following yaml into infisical-config.yaml
file.
status.conditions
field to report its current state and any errors encountered.