Infisical Python SDK
If you’re working with Python, the official infisical-python package is the easiest way to fetch and work with secrets for your application.
Basic Usage
from flask import Flask
from infisical_client import ClientSettings, InfisicalClient, GetSecretOptions
app = Flask(__name__)
client = InfisicalClient(ClientSettings(
client_id="MACHINE_IDENTITY_CLIENT_ID",
client_secret="MACHINE_IDENTITY_CLIENT_SECRET",
))
@app.route("/")
def hello_world():
# access value
name = client.getSecret(options=GetSecretOptions(
environment="dev",
project_id="PROJECT_ID",
secret_name="NAME"
))
return f"Hello! My name is: {name.secret_value}"
This example demonstrates how to use the Infisical Python SDK with a Flask application. The application retrieves a secret named “NAME” and responds to requests with a greeting that includes the secret value.
We do not recommend hardcoding your Machine Identity Tokens. Setting it as an environment variable would be best.
Installation
Run pip to add infisical-python to your project
$ pip install infisical-python
Note: You need Python 3.7+.
Configuration
Import the SDK and create a client instance with your Machine Identity.
from infisical_client import ClientSettings, InfisicalClient
client = InfisicalClient(ClientSettings(
client_id="MACHINE_IDENTITY_CLIENT_ID",
client_secret="MACHINE_IDENTITY_CLIENT_SECRET",
))
Parameters
Caching
To reduce the number of API requests, the SDK temporarily stores secrets it retrieves. By default, a secret remains cached for 5 minutes after it’s first fetched. Each time it’s fetched again, this 5-minute timer resets. You can adjust this caching duration by setting the “cache_ttl” option when creating the client.
Working with Secrets
client.listSecrets(options)
client.listSecrets(options=ListSecretsOptions(
environment="dev",
project_id="PROJECT_ID"
))
Retrieve all secrets within the Infisical project and environment that client is connected to
Parameters
client.getSecret(options)
secret = client.getSecret(options=GetSecretOptions(
environment="dev",
project_id="PROJECT_ID",
secret_name="API_KEY"
))
value = secret.secret_value # get its value
By default, getSecret() fetches and returns a shared secret. If not found, it returns a personal secret.
Parameters
client.createSecret(options)
api_key = client.createSecret(options=CreateSecretOptions(
secret_name="API_KEY",
secret_value="Some API Key",
environment="dev",
project_id="PROJECT_ID"
))
Create a new secret in Infisical.
Parameters
client.updateSecret(options)
client.updateSecret(options=UpdateSecretOptions(
secret_name="API_KEY",
secret_value="NEW_VALUE",
environment="dev",
project_id="PROJECT_ID"
))
Update an existing secret in Infisical.
Parameters
client.deleteSecret(options)
client.deleteSecret(options=DeleteSecretOptions(
environment="dev",
project_id="PROJECT_ID",
secret_name="API_KEY"
))
Delete a secret in Infisical.
Parameters
Cryptography
Create a symmetric key
Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.
key = client.createSymmetricKey()
Returns (string)
key (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.
Encrypt symmetric
encryptOptions = EncryptSymmetricOptions(
key=key,
plaintext="Infisical is awesome!"
)
encryptedData = client.encryptSymmetric(encryptOptions)
Parameters
Returns (object)
tag (string): A base64-encoded, 128-bit authentication tag.
iv (string): A base64-encoded, 96-bit initialization vector.
ciphertext (string): A base64-encoded, encrypted ciphertext.
Decrypt symmetric
decryptOptions = DecryptSymmetricOptions(
ciphertext=encryptedData.ciphertext,
iv=encryptedData.iv,
tag=encryptedData.tag,
key=key
)
decryptedString = client.decryptSymmetric(decryptOptions)
Parameters
Returns (string)
plaintext (string): The decrypted plaintext.