Infisical Node.js SDK
If you’re working with Node.js, the official infisical-node package is the easiest way to fetch and work with secrets for your application.
Basic Usage
import express from "express";
import { InfisicalClient, LogLevel } from "@infisical/sdk";
const app = express();
const PORT = 3000;
const client = new InfisicalClient({
clientId: "YOUR_CLIENT_ID",
clientSecret: "YOUR_CLIENT_SECRET",
logLevel: LogLevel.Error
});
app.get("/", async (req, res) => {
// access value
const name = await client.getSecret({
environment: "dev",
projectId: "PROJECT_ID",
path: "/",
type: "shared",
secretName: "NAME"
});
res.send(`Hello! My name is: ${name.secretValue}`);
});
app.listen(PORT, async () => {
// initialize client
console.log(`App listening on port ${PORT}`);
});
This example demonstrates how to use the Infisical Node SDK with an Express application. The application retrieves a secret named “NAME” and responds to requests with a greeting that includes the secret value.
We do not recommend hardcoding your Machine Identity Tokens. Setting it as an environment variable would be best.
Installation
Run npm to add @infisical/sdk to your project.
$ npm install @infisical/sdk
Configuration
Import the SDK and create a client instance with your Machine Identity.
import { InfisicalClient, LogLevel } from "@infisical/sdk";
const client = new InfisicalClient({
clientId: "YOUR_CLIENT_ID",
clientSecret: "YOUR_CLIENT_SECRET",
logLevel: LogLevel.Error
});
Parameters
Caching
To reduce the number of API requests, the SDK temporarily stores secrets it retrieves. By default, a secret remains cached for 5 minutes after it’s first fetched. Each time it’s fetched again, this 5-minute timer resets. You can adjust this caching duration by setting the “cacheTtl” option when creating the client.
Working with Secrets
client.listSecrets(options)
const secrets = await client.listSecrets({
environment: "dev",
projectId: "PROJECT_ID",
path: "/foo/bar/",
includeImports: false
});
Retrieve all secrets within the Infisical project and environment that client is connected to
Parameters
client.getSecret(options)
const secret = await client.getSecret({
environment: "dev",
projectId: "PROJECT_ID",
secretName: "API_KEY",
path: "/",
type: "shared"
});
Retrieve a secret from Infisical.
By default, getSecret() fetches and returns a shared secret.
Parameters
client.createSecret(options)
const newApiKey = await client.createSecret({
projectId: "PROJECT_ID",
environment: "dev",
secretName: "API_KEY",
secretValue: "SECRET VALUE",
path: "/",
type: "shared"
});
Create a new secret in Infisical.
client.updateSecret(options)
const updatedApiKey = await client.updateSecret({
secretName: "API_KEY",
secretValue: "NEW SECRET VALUE",
projectId: "PROJECT_ID",
environment: "dev",
path: "/",
type: "shared"
});
Update an existing secret in Infisical.
Parameters
client.deleteSecret(options)
const deletedSecret = await client.deleteSecret({
secretName: "API_KEY",
environment: "dev",
projectId: "PROJECT_ID",
path: "/",
type: "shared"
});
Delete a secret in Infisical.
Cryptography
Create a symmetric key
Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.
const key = client.createSymmetricKey();
Returns (string)
key (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.
Encrypt symmetric
const { iv, tag, ciphertext } = await client.encryptSymmetric({
key: key,
plaintext: "Infisical is awesome!",
})
Parameters
Returns (object)
tag (string): A base64-encoded, 128-bit authentication tag.
iv (string): A base64-encoded, 96-bit initialization vector.
ciphertext (string): A base64-encoded, encrypted ciphertext.
Decrypt symmetric
const decryptedString = await client.decryptSymmetric({
key: key,
iv: iv,
tag: tag,
ciphertext: ciphertext,
});
Parameters
Returns (string)
plaintext (string): The decrypted plaintext.
Was this page helpful?