Comments (5)
@Icaruk what would you say is the main use case for this? Why do you usually need to reference secrets from other projects?
email_secrets:
- EMAIL_USER: ****
- EMAIL_PASS: ****
api_secrets:
- EMAIL_USER: ${email_secrets.EMAIL_USER}
- EMAIL_PASS: ${email_secrets.EMAIL_PASS}
worker_secrets:
- EMAIL_USER: ${email_secrets.EMAIL_USER}
- EMAIL_PASS: ${email_secrets.EMAIL_PASS}
Easy to change or rotate shared passwords, tokens, etc...
from infisical.
Not sure how it would work if other people are not part of a certain project
Maybe just allow to reference projects you have access to.
from infisical.
With release of Secret Reference You can now reference secret from same environment or another environment and another folder.
Closing this issue as its now been resolved
from infisical.
@Icaruk what would you say is the main use case for this? Why do you usually need to reference secrets from other projects?
from infisical.
Here's an explanation about some use cases I've made in DM on Slack :
Allowing us to edit one secret in a "global" project and child project will automatically point to that new value
Here's how "global" project works (at least how I'm using it) :
# global project (dev config, rbac to only admin/authorized members)
API_STRIPE_URL=https://api.stripe.com/v1
API_STRIPE_KEY=xxxxxxxxxx-xxxxx-xxxxxxxx
PROJECT_CONFIG=dev
# A project (env names can be different, as long as the reference points to the correct secret)
STRIPE_URL=${global.dev.API_STRIPE_URL}
STRIPE_SECRET=${global.dev.API_STRIPE_KEY}
OHTER_VAR=foobar
# B project
API_URL=${global.dev.API_STRIPE_URL}
API_SECRET=${global.dev.API_STRIPE_KEY}
APP_ENV=${global.dev.PROJECT_CONFIG}
OHTER_VAR=foobar
Not tested yet on Doppler. Scoping developers' permissions to only given configs/environments secrets, so we could grant them read-only access to given config/environment to only fetch referenced secrets from projects where they're authorized (read-only).
Suggestion, user Bob have read-only permission on the "global" project but only for the dev config/environment :
# global project (dev config, rbac to only admin/authorized members)
# bob : read-only
API_STRIPE_URL=https://api.stripe.com/v1
API_STRIPE_KEY=dev-xxxxxxx-xxxxx-xxxxxxxx
PROJECT_CONFIG=dev
# global project (stg config, rbac to only admin/authorized members)
# bob : no permissions
API_STRIPE_URL=https://api.stripe.com/v1
API_STRIPE_KEY=stg-xxxxxxx-xxxxx-xxxxxxxx
PROJECT_CONFIG=stg
# A project (dev config)
# bob : can fetch the referenced secrets and override those values locally if needed
STRIPE_URL=${global.dev.API_STRIPE_URL}
STRIPE_SECRET=${global.dev.API_STRIPE_KEY}
OHTER_VAR=foobar
# A project (dev config, if bob wants to try to get the stg/prd secrets)
# bob : can't fetch the referenced secrets but can still override those values locally if needed
STRIPE_URL=${global.stg.API_STRIPE_URL} # empty (can't access)
STRIPE_SECRET=${global.stg.API_STRIPE_KEY} # empty (can't access)
OHTER_VAR=foobar # can access
I hope those text schema are clear enough, let me know if you'd prefer a visual diagram ✌️
from infisical.
Related Issues (20)
- The REDIS_URL is missing in the .env file content provided in the Local Development Documentation. HOT 3
- Error expanding a secret with another nested reference in another folder HOT 1
- Signup button cutoff on desktop display HOT 4
- Add input validation for text field HOT 6
- Email signup button does not show loading state HOT 1
- [Integration] CI/CD: Woodpecker HOT 2
- Issue on docs HOT 1
- Text overflow when the project name was lengthy. HOT 1
- Feature Req: Limit secret reading to certain IPs in web app
- Error: [Bad request]: Bot is not active HOT 2
- Add Self Signed SSL Certificate for SMTP HOT 2
- Access Control member search returns empty if search term has uppercase letters HOT 1
- Clean install ends in db-migration service completing unsuccessfully HOT 1
- Move secret referencing logic to Rest API HOT 5
- Consistent commit message style HOT 1
- Standalone chart has incomplete/broken RBAC, resulting in init container giving RBAC error
- Option to be able to override imported secrets
- db-migration error HOT 1
- YAML-based secret files HOT 1
- Add imagePullSecrets to deployments to allow private authenticated registries
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from infisical.