infisical run
The command that injects your secrets into local environment
Description
Inject secrets from Infisical into your application process.
Subcommands & flags
infisical run
infisical run
Use this command to inject secrets into your applications process
Environment variables
INFISICAL_TOKEN
INFISICAL_TOKEN
Used to fetch secrets via a machine identity apposed to logged in credentials. Simply, export this variable in the terminal before running this command.
Alternatively, you may use service tokens.
INFISICAL_DISABLE_UPDATE_CHECK
INFISICAL_DISABLE_UPDATE_CHECK
Used to disable the check for new CLI versions. This can improve the time it takes to run this command. Recommended for production environments.
To use, simply export this variable in the terminal before running this command.
Flags
--watch
--watch
By passing the watch flag, you are telling the CLI to watch for changes that happen in your Infisical project.
If secret changes happen, the command you provided will automatically be restarted with the new environment variables attached.
--project-config-dir
--project-config-dir
Explicitly set the directory where the .infisical.json resides. This is useful for some monorepo setups.
--command
--command
Pass secrets into multiple commands at once
--projectId
--projectId
The project ID to fetch secrets from. This is required when using a machine identity to authenticate.
--token
--token
If you are using a machine identity to authenticate, you can pass the token as a flag
You may also expose the token to the CLI by setting the environment variable INFISICAL_TOKEN before executing the run command. This will have the same effect as setting the token with --token flag
--expand
--expand
Turn on or off the shell parameter expansion in your secrets. If you have used shell parameters in your secret(s), activating this feature will populate them before injecting them into your application process.
Default value: true
--include-imports
--include-imports
By default imported secrets are available, you can disable it by setting this option to false.
Default value: true
--env
--env
This is used to specify the environment from which secrets should be
retrieved. The accepted values are the environment slugs defined for your
project, such as dev, staging, test, and prod. Default value: dev
--secret-overriding
--secret-overriding
Prioritizes personal secrets with the same name over shared secrets
Default value: true
--tags
--tags
--path
--path
The --path flag indicates which project folder secrets will be injected from.
Automatically reload command when secrets change
To automatically reload your command when secrets change, use the --watch flag.
This will watch for changes in your secrets and automatically restart your command with the new secrets. When your command restarts, it will have the new environment variables injeceted into it.
Please note that this feature is intended for development purposes. It is not recommended to use this in production environments. Generally it’s not recommended to automatically reload your application in production when remote changes are made.
infisical run
The command that injects your secrets into local environment
Description
Inject secrets from Infisical into your application process.
Subcommands & flags
infisical run
infisical run
Use this command to inject secrets into your applications process
Environment variables
INFISICAL_TOKEN
INFISICAL_TOKEN
Used to fetch secrets via a machine identity apposed to logged in credentials. Simply, export this variable in the terminal before running this command.
Alternatively, you may use service tokens.
INFISICAL_DISABLE_UPDATE_CHECK
INFISICAL_DISABLE_UPDATE_CHECK
Used to disable the check for new CLI versions. This can improve the time it takes to run this command. Recommended for production environments.
To use, simply export this variable in the terminal before running this command.
Flags
--watch
--watch
By passing the watch flag, you are telling the CLI to watch for changes that happen in your Infisical project.
If secret changes happen, the command you provided will automatically be restarted with the new environment variables attached.
--project-config-dir
--project-config-dir
Explicitly set the directory where the .infisical.json resides. This is useful for some monorepo setups.
--command
--command
Pass secrets into multiple commands at once
--projectId
--projectId
The project ID to fetch secrets from. This is required when using a machine identity to authenticate.
--token
--token
If you are using a machine identity to authenticate, you can pass the token as a flag
You may also expose the token to the CLI by setting the environment variable INFISICAL_TOKEN before executing the run command. This will have the same effect as setting the token with --token flag
--expand
--expand
Turn on or off the shell parameter expansion in your secrets. If you have used shell parameters in your secret(s), activating this feature will populate them before injecting them into your application process.
Default value: true
--include-imports
--include-imports
By default imported secrets are available, you can disable it by setting this option to false.
Default value: true
--env
--env
This is used to specify the environment from which secrets should be
retrieved. The accepted values are the environment slugs defined for your
project, such as dev, staging, test, and prod. Default value: dev
--secret-overriding
--secret-overriding
Prioritizes personal secrets with the same name over shared secrets
Default value: true
--tags
--tags
--path
--path
The --path flag indicates which project folder secrets will be injected from.
Automatically reload command when secrets change
To automatically reload your command when secrets change, use the --watch flag.
This will watch for changes in your secrets and automatically restart your command with the new secrets. When your command restarts, it will have the new environment variables injeceted into it.
Please note that this feature is intended for development purposes. It is not recommended to use this in production environments. Generally it’s not recommended to automatically reload your application in production when remote changes are made.