Infisical .NET SDK
If you’re working with C#, the official Infisical C# SDK package is the easiest way to fetch and work with secrets for your application.
Basic Usage
using Infisical.Sdk;
namespace Example
{
class Program
{
static void Main(string[] args)
{
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
UniversalAuth = new UniversalAuthMethod
{
ClientId = "your-client-id",
ClientSecret = "your-client-secret"
}
}
};
var infisicalClient = new InfisicalClient(settings);
var getSecretOptions = new GetSecretOptions
{
SecretName = "TEST",
ProjectId = "PROJECT_ID",
Environment = "dev",
};
var secret = infisical.GetSecret(getSecretOptions);
Console.WriteLine($"The value of secret '{secret.SecretKey}', is: {secret.SecretValue}");
}
}
}
This example demonstrates how to use the Infisical C# SDK in a C# application. The application retrieves a secret named TEST from the dev environment of the PROJECT_ID project.
We do not recommend hardcoding your Machine Identity Tokens. Setting it as an environment variable would be best.
Installation
$ dotnet add package Infisical.Sdk
Configuration
Import the SDK and create a client instance with your Machine Identity.
using Infisical.Sdk;
namespace Example
{
class Program
{
static void Main(string[] args)
{
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
UniversalAuth = new UniversalAuthMethod
{
ClientId = "your-client-id",
ClientSecret = "your-client-secret"
}
}
};
var infisicalClient = new InfisicalClient(settings); // <-- Your SDK client is now ready to use
}
}
}
ClientSettings methods
Authentication
The SDK supports a variety of authentication methods. The most common authentication method is Universal Auth, which uses a client ID and client secret to authenticate.
Universal Auth
Using environment variables
INFISICAL_UNIVERSAL_AUTH_CLIENT_ID- Your machine identity client ID.INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET- Your machine identity client secret.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
UniversalAuth = new UniversalAuthMethod
{
ClientId = "your-client-id",
ClientSecret = "your-client-secret"
}
}
};
var infisicalClient = new InfisicalClient(settings);
GCP ID Token Auth
Please note that this authentication method will only work if you’re running your application on Google Cloud Platform. Please read more about this authentication method.
Using environment variables
INFISICAL_GCP_AUTH_IDENTITY_ID- Your Infisical Machine Identity ID.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
GcpIdToken = new GcpIdTokenAuthMethod
{
IdentityId = "your-machine-identity-id",
}
}
};
var infisicalClient = new InfisicalClient(settings);
GCP IAM Auth
Using environment variables
INFISICAL_GCP_IAM_AUTH_IDENTITY_ID- Your Infisical Machine Identity ID.INFISICAL_GCP_IAM_SERVICE_ACCOUNT_KEY_FILE_PATH- The path to your GCP service account key file.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
GcpIam = new GcpIamAuthMethod
{
IdentityId = "your-machine-identity-id",
ServiceAccountKeyFilePath = "./path/to/your/service-account-key.json"
}
}
};
var infisicalClient = new InfisicalClient(settings);
AWS IAM Auth
Please note that this authentication method will only work if you’re running your application on AWS. Please read more about this authentication method.
Using environment variables
INFISICAL_AWS_IAM_AUTH_IDENTITY_ID- Your Infisical Machine Identity ID.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
AwsIam = new AwsIamAuthMethod
{
IdentityId = "your-machine-identity-id",
}
}
};
var infisicalClient = new InfisicalClient(settings);
Azure Auth
Please note that this authentication method will only work if you’re running your application on Azure. Please read more about this authentication method.
Using environment variables
INFISICAL_AZURE_AUTH_IDENTITY_ID- Your Infisical Machine Identity ID.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
Azure = new AzureAuthMethod
{
IdentityId = "YOUR_IDENTITY_ID",
}
}
};
var infisicalClient = new InfisicalClient(settings);
Kubernetes Auth
Please note that this authentication method will only work if you’re running your application on Kubernetes. Please read more about this authentication method.
Using environment variables
INFISICAL_KUBERNETES_IDENTITY_ID- Your Infisical Machine Identity ID.INFISICAL_KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH_ENV_NAME- The environment variable name that contains the path to the service account token. This is optional and will default to/var/run/secrets/kubernetes.io/serviceaccount/token.
Using the SDK directly
ClientSettings settings = new ClientSettings
{
Auth = new AuthenticationOptions
{
Kubernetes = new KubernetesAuthMethod
{
ServiceAccountTokenPath = "/var/run/secrets/kubernetes.io/serviceaccount/token", // Optional
IdentityId = "YOUR_IDENTITY_ID",
}
}
};
var infisicalClient = new InfisicalClient(settings);
Caching
To reduce the number of API requests, the SDK temporarily stores secrets it retrieves. By default, a secret remains cached for 5 minutes after it’s first fetched. Each time it’s fetched again, this 5-minute timer resets. You can adjust this caching duration by setting the “cacheTTL” option when creating the client.
Working with Secrets
client.ListSecrets(options)
var options = new ListSecretsOptions
{
ProjectId = "PROJECT_ID",
Environment = "dev",
Path = "/foo/bar",
AttachToProcessEnv = false,
};
var secrets = infisical.ListSecrets(options);
Retrieve all secrets within the Infisical project and environment that client is connected to
Parameters
client.GetSecret(options)
var options = new GetSecretOptions
{
SecretName = "AAAA",
ProjectId = "659c781eb2d4fe3e307b77bd",
Environment = "dev",
};
var secret = infisical.GetSecret(options);
Retrieve a secret from Infisical.
By default, GetSecret() fetches and returns a shared secret.
Parameters
client.CreateSecret(options)
var options = new CreateSecretOptions {
Environment = "dev",
ProjectId = "PROJECT_ID",
SecretName = "NEW_SECRET",
SecretValue = "NEW_SECRET_VALUE",
SecretComment = "This is a new secret",
};
var newSecret = infisical.CreateSecret(options);
Create a new secret in Infisical.
Parameters
client.UpdateSecret(options)
var options = new UpdateSecretOptions {
Environment = "dev",
ProjectId = "PROJECT_ID",
SecretName = "SECRET_TO_UPDATE",
SecretValue = "NEW VALUE"
};
var updatedSecret = infisical.UpdateSecret(options);
Update an existing secret in Infisical.
Parameters
client.DeleteSecret(options)
var options = new DeleteSecretOptions
{
Environment = "dev",
ProjectId = "PROJECT_ID",
SecretName = "NEW_SECRET",
};
var deletedSecret = infisical.DeleteSecret(options);
Delete a secret in Infisical.
Parameters
Cryptography
Create a symmetric key
Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.
var key = infisical.CreateSymmetricKey();
Returns (string)
key (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.
Encrypt symmetric
var options = new EncryptSymmetricOptions
{
Plaintext = "Infisical is awesome!",
Key = key,
};
var encryptedData = infisical.EncryptSymmetric(options);
Parameters
Returns (object)
Tag (string): A base64-encoded, 128-bit authentication tag.
Iv (string): A base64-encoded, 96-bit initialization vector.
CipherText (string): A base64-encoded, encrypted ciphertext.
Decrypt symmetric
var decryptOptions = new DecryptSymmetricOptions
{
Key = key,
Ciphertext = encryptedData.Ciphertext,
Iv = encryptedData.Iv,
Tag = encryptedData.Tag,
};
var decryptedPlaintext = infisical.DecryptSymmetric(decryptOptions);
Parameters
Returns (string)
Plaintext (string): The decrypted plaintext.
Was this page helpful?