If you’re working with Ruby , the official Infisical Ruby SDK package is the easiest way to fetch and work with secrets for your application.

Basic Usage

require 'infisical-sdk'

# 1. Create the Infisical client
infisical = InfisicalSDK::InfisicalClient.new('https://app.infisical.com')

infisical.auth.universal_auth(client_id: 'YOUR_CLIENT_ID', client_secret: 'YOUR_CLIENT_SECRET')

test_secret = infisical.secrets.get(
  secret_name: 'API_KEY',
  project_id: 'project-id',
  environment: 'dev'
)
puts "Secret: #{single_test_secret}"

This example demonstrates how to use the Infisical Ruby SDK in a simple Ruby application. The application retrieves a secret named API_KEY from the dev environment of the YOUR_PROJECT_ID project.

We do not recommend hardcoding your Machine Identity Tokens. Setting it as an environment variable would be best.

Installation

$ gem install infisical-sdk

Configuration

Import the SDK and create a client instance.

infisical = InfisicalSDK::InfisicalClient.new('https://app.infisical.com') # Optional parameter, default is https://api.infisical.com

Client parameters

options
object

Authentication

The SDK supports a variety of authentication methods. The most common authentication method is Universal Auth, which uses a client ID and client secret to authenticate.

Universal Auth

Using environment variables

Call auth.universal_auth() with empty arguments to use the following environment variables:

  • INFISICAL_UNIVERSAL_AUTH_CLIENT_ID - Your machine identity client ID.
  • INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET - Your machine identity client secret.

Using the SDK directly

infisical.auth.universal_auth(client_id: 'your-client-id', client_secret: 'your-client-secret')

GCP ID Token Auth

Please note that this authentication method will only work if you’re running your application on Google Cloud Platform. Please read more about this authentication method.

Using environment variables

Call .auth.gcp_id_token_auth() with empty arguments to use the following environment variables:

  • INFISICAL_GCP_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.

Using the SDK directly

infisical.auth.gcp_id_token_auth(identity_id: 'MACHINE_IDENTITY_ID')

GCP IAM Auth

Using environment variables

Call .auth.gcp_iam_auth() with empty arguments to use the following environment variables:

  • INFISICAL_GCP_IAM_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.
  • INFISICAL_GCP_IAM_SERVICE_ACCOUNT_KEY_FILE_PATH - The path to your GCP service account key file.

Using the SDK directly

infisical.auth.gcp_iam_auth(identity_id: 'MACHINE_IDENTITY_ID', service_account_key_file_path: 'SERVICE_ACCOUNT_KEY_FILE_PATH')

AWS IAM Auth

Please note that this authentication method will only work if you’re running your application on AWS. Please read more about this authentication method.

Using environment variables

Call .auth.aws_iam_auth() with empty arguments to use the following environment variables:

  • INFISICAL_AWS_IAM_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.

Using the SDK directly

infisical.auth.aws_iam_auth(identity_id: 'MACHINE_IDENTITY_ID')

Azure Auth

Please note that this authentication method will only work if you’re running your application on Azure. Please read more about this authentication method.

Using environment variables

Call .auth.azure_auth() with empty arguments to use the following environment variables:

  • INFISICAL_AZURE_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.

Using the SDK directly

infisical.auth.azure_auth(identity_id: 'MACHINE_IDENTITY_ID')

Kubernetes Auth

Please note that this authentication method will only work if you’re running your application on Kubernetes. Please read more about this authentication method.

Using environment variables

Call .auth.kubernetes_auth() with empty arguments to use the following environment variables:

  • INFISICAL_KUBERNETES_IDENTITY_ID - Your Infisical Machine Identity ID.
  • INFISICAL_KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH_ENV_NAME - The environment variable name that contains the path to the service account token. This is optional and will default to /var/run/secrets/kubernetes.io/serviceaccount/token.

Using the SDK directly

# Service account token path will default to /var/run/secrets/kubernetes.io/serviceaccount/token if empty value is passed
infisical.auth.kubernetes_auth(identity_id: 'MACHINE_IDENTITY_ID', service_account_token_path: nil)

Working with Secrets

client.secrets.list(options)

secrets = infisical.secrets.list(
  project_id: 'PROJECT_ID',
  environment: 'dev',
  path: '/foo/bar',
)

Retrieve all secrets within the Infisical project and environment that client is connected to

Parameters

Parameters
object

client.secrets.get(options)

secret = infisical.secrets.get(
  secret_name: 'API_KEY',
  project_id: project_id,
  environment: env_slug
)

Retrieve a secret from Infisical.

By default, Secrets().Retrieve() fetches and returns a shared secret.

Parameters

Parameters
object

client.secrets.create(options)

new_secret = infisical.secrets.create(
  secret_name: 'NEW_SECRET',
  secret_value: 'SECRET_VALUE',
  project_id: 'PROJECT_ID',
  environment: 'dev',
)

Create a new secret in Infisical.

Parameters

Parameters
object

client.secrets.update(options)

updated_secret = infisical.secrets.update(
  secret_name: 'SECRET_KEY_TO_UPDATE',
  secret_value: 'NEW_SECRET_VALUE',
  project_id: 'PROJECT_ID',
  environment: 'dev',
)

Update an existing secret in Infisical.

Parameters

Parameters
object

client.secrets.delete(options)

deleted_secret = infisical.secrets.delete(
  secret_name: 'SECRET_TO_DELETE',
  project_id: 'PROJECT_ID',
  environment: 'dev',
)

Delete a secret in Infisical.

Parameters

Parameters
object

Cryptography

Create a symmetric key

Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.

key = infisical.cryptography.create_symmetric_key

Returns (string)

key (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.

Encrypt symmetric

encrypted_data = infisical.cryptography.encrypt_symmetric(data: "Hello World!", key: key)

Parameters

Parameters
object
required

Returns (object)

tag (string): A base64-encoded, 128-bit authentication tag. iv (string): A base64-encoded, 96-bit initialization vector. ciphertext (string): A base64-encoded, encrypted ciphertext.

Decrypt symmetric

decrypted_data = infisical.cryptography.decrypt_symmetric(
  ciphertext: encrypted_data['ciphertext'],
  iv: encrypted_data['iv'],
  tag: encrypted_data['tag'],
  key: key
)

Parameters

Parameters
object
required

Returns (string)

Plaintext (string): The decrypted plaintext.