If you’re working with Ruby, the official Infisical Ruby SDK package is the easiest way to fetch and work with secrets for your application.

Deprecation NoticeAll versions prior to 2.3.9 should be considered deprecated and are no longer supported by Infisical. Please update to version 2.3.9 or newer. All changes are fully backwards compatible with older versions.

Basic Usage

require 'infisical-sdk'

# 1. Create the Infisical client
infisical = InfisicalSDK::InfisicalClient.new('https://app.infisical.com')

infisical.auth.universal_auth(client_id: 'YOUR_CLIENT_ID', client_secret: 'YOUR_CLIENT_SECRET')

test_secret = infisical.secrets.get(
  secret_name: 'API_KEY',
  project_id: 'project-id',
  environment: 'dev'
)
puts "Secret: #{single_test_secret}"

This example demonstrates how to use the Infisical Ruby SDK in a simple Ruby application. The application retrieves a secret named API_KEY from the dev environment of the YOUR_PROJECT_ID project.

We do not recommend hardcoding your Machine Identity Tokens. Setting it as an environment variable would be best.

Installation

$ gem install infisical-sdk

Configuration

Import the SDK and create a client instance.

infisical = InfisicalSDK::InfisicalClient.new('https://app.infisical.com') # Optional parameter, default is https://api.infisical.com

Client parameters

options

object

Show properties

Site URL

string

The URL of the Infisical API. Default is https://api.infisical.com.

Cache TTL

string

required

How long the client should cache secrets for. Default is 5 minutes. Disable by setting to 0.

Authentication

The SDK supports a variety of authentication methods. The most common authentication method is Universal Auth, which uses a client ID and client secret to authenticate.

Universal Auth

Using environment variables Call auth.universal_auth() with empty arguments to use the following environment variables:

INFISICAL_UNIVERSAL_AUTH_CLIENT_ID - Your machine identity client ID.
INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET - Your machine identity client secret.

Using the SDK directly

infisical.auth.universal_auth(client_id: 'your-client-id', client_secret: 'your-client-secret')

GCP ID Token Auth

Please note that this authentication method will only work if you’re running your application on Google Cloud Platform. Please read more about this authentication method.

Using environment variables Call .auth.gcp_id_token_auth() with empty arguments to use the following environment variables:

INFISICAL_GCP_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.

Using the SDK directly

infisical.auth.gcp_id_token_auth(identity_id: 'MACHINE_IDENTITY_ID')

GCP IAM Auth

Using environment variables Call .auth.gcp_iam_auth() with empty arguments to use the following environment variables:

INFISICAL_GCP_IAM_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.
INFISICAL_GCP_IAM_SERVICE_ACCOUNT_KEY_FILE_PATH - The path to your GCP service account key file.

Using the SDK directly

infisical.auth.gcp_iam_auth(identity_id: 'MACHINE_IDENTITY_ID', service_account_key_file_path: 'SERVICE_ACCOUNT_KEY_FILE_PATH')

AWS IAM Auth

Please note that this authentication method will only work if you’re running your application on AWS. Please read more about this authentication method.

Using environment variables Call .auth.aws_iam_auth() with empty arguments to use the following environment variables:

INFISICAL_AWS_IAM_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.

Using the SDK directly

infisical.auth.aws_iam_auth(identity_id: 'MACHINE_IDENTITY_ID')

Azure Auth

Please note that this authentication method will only work if you’re running your application on Azure. Please read more about this authentication method.

Using environment variables Call .auth.azure_auth() with empty arguments to use the following environment variables:

INFISICAL_AZURE_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.

Using the SDK directly

infisical.auth.azure_auth(identity_id: 'MACHINE_IDENTITY_ID')

Kubernetes Auth

Please note that this authentication method will only work if you’re running your application on Kubernetes. Please read more about this authentication method.

Using environment variables Call .auth.kubernetes_auth() with empty arguments to use the following environment variables:

INFISICAL_KUBERNETES_IDENTITY_ID - Your Infisical Machine Identity ID.
INFISICAL_KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH_ENV_NAME - The environment variable name that contains the path to the service account token. This is optional and will default to /var/run/secrets/kubernetes.io/serviceaccount/token.

Using the SDK directly

# Service account token path will default to /var/run/secrets/kubernetes.io/serviceaccount/token if empty value is passed
infisical.auth.kubernetes_auth(identity_id: 'MACHINE_IDENTITY_ID', service_account_token_path: nil)

Working with Secrets

client.secrets.list(options)

secrets = infisical.secrets.list(
  project_id: 'PROJECT_ID',
  environment: 'dev',
  path: '/foo/bar',
)

Retrieve all secrets within the Infisical project and environment that client is connected to

Parameters

object

Show properties

environment

string

required

The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.

project_id

string

The project ID where the secret lives in.

path

string

The path from where secrets should be fetched from.

attach_to_process_env

boolean

default:"false"

Whether or not to set the fetched secrets to the process environment. If true, you can access the secrets like so System.getenv("SECRET_NAME").

include_imports

boolean

default:"false"

Whether or not to include imported secrets from the current path. Read about secret import

recursive

boolean

default:"false"

Whether or not to fetch secrets recursively from the specified path. Please note that there’s a 20-depth limit for recursive fetching.

expand_secret_references

boolean

default:"true"

Whether or not to expand secret references in the fetched secrets. Read about secret reference

client.secrets.get(options)

secret = infisical.secrets.get(
  secret_name: 'API_KEY',
  project_id: project_id,
  environment: env_slug
)

Retrieve a secret from Infisical. By default, Secrets().Retrieve() fetches and returns a shared secret.

Parameters

object

Show properties

secret_name

string

required

The key of the secret to retrieve.

project_id

string

required

The project ID where the secret lives in.

environment

string

required

The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.

path

string

The path from where secret should be fetched from.

type

string

The type of the secret. Valid options are “shared” or “personal”. If not specified, the default value is “shared”.

client.secrets.create(options)

new_secret = infisical.secrets.create(
  secret_name: 'NEW_SECRET',
  secret_value: 'SECRET_VALUE',
  project_id: 'PROJECT_ID',
  environment: 'dev',
)

Create a new secret in Infisical.

Parameters

object

Show properties

secret_name

string

required

The key of the secret to create.

secret_value

string

required

The value of the secret.

secret_comment

string

A comment for the secret.

project_id

string

required

The project ID where the secret lives in.

environment

string

required

The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.

path

string

The path from where secret should be created.

type

string

The type of the secret. Valid options are “shared” or “personal”. If not specified, the default value is “shared”.

client.secrets.update(options)

updated_secret = infisical.secrets.update(
  secret_name: 'SECRET_KEY_TO_UPDATE',
  secret_value: 'NEW_SECRET_VALUE',
  project_id: 'PROJECT_ID',
  environment: 'dev',
)

Update an existing secret in Infisical.

Parameters

object

Show properties

secret_name

string

required

The key of the secret to update.

secret_value

string

required

The new value of the secret.

skip_multiline_encoding

boolean

default:"false"

Whether or not to skip multiline encoding for the new secret value.

project_id

string

required

The project ID where the secret lives in.

environment

string

required

The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.

path

string

The path from where secret should be updated.

type

string

The type of the secret. Valid options are “shared” or “personal”. If not specified, the default value is “shared”.

client.secrets.delete(options)

deleted_secret = infisical.secrets.delete(
  secret_name: 'SECRET_TO_DELETE',
  project_id: 'PROJECT_ID',
  environment: 'dev',
)

Delete a secret in Infisical.

Parameters

object

Show properties

secret_name

string

The key of the secret to update.

project_id

string

required

The project ID where the secret lives in.

environment

string

required

The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.

path

string

The path from where secret should be deleted.

type

string

The type of the secret. Valid options are “shared” or “personal”. If not specified, the default value is “shared”.

Cryptography

Create a symmetric key

Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.

key = infisical.cryptography.create_symmetric_key

Returns (string)

key (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.

Encrypt symmetric

encrypted_data = infisical.cryptography.encrypt_symmetric(data: "Hello World!", key: key)

Parameters

object

required

Show properties

data

string

The plaintext you want to encrypt.

key

string

required

The symmetric key to use for encryption.

Returns (object)

tag (string): A base64-encoded, 128-bit authentication tag. iv (string): A base64-encoded, 96-bit initialization vector. ciphertext (string): A base64-encoded, encrypted ciphertext.

Decrypt symmetric

decrypted_data = infisical.cryptography.decrypt_symmetric(
  ciphertext: encrypted_data['ciphertext'],
  iv: encrypted_data['iv'],
  tag: encrypted_data['tag'],
  key: key
)

Parameters

object

required

Show properties

ciphertext

string

The ciphertext you want to decrypt.

key

string

required

The symmetric key to use for encryption.

string

required

The initialization vector to use for decryption.

tag

string

required

The authentication tag to use for decryption.

Returns (string)

Plaintext (string): The decrypted plaintext.

Overview

SDK's

Infisical Ruby SDK

Basic Usage

Installation

Configuration

Client parameters

Authentication

Universal Auth

GCP ID Token Auth

GCP IAM Auth

AWS IAM Auth

Azure Auth

Kubernetes Auth

Working with Secrets

client.secrets.list(options)

Parameters

client.secrets.get(options)

Parameters

client.secrets.create(options)

Parameters

client.secrets.update(options)

Parameters

client.secrets.delete(options)

Parameters

Cryptography

Create a symmetric key

Returns (string)

Encrypt symmetric

Parameters

Returns (object)

Decrypt symmetric

Parameters

Returns (string)

Overview

SDK's

​Basic Usage

​Installation

​Configuration

​Client parameters

​Authentication

​Universal Auth

​GCP ID Token Auth

​GCP IAM Auth

​AWS IAM Auth

​Azure Auth

​Kubernetes Auth

​Working with Secrets

​client.secrets.list(options)

​Parameters

​client.secrets.get(options)

​Parameters

​client.secrets.create(options)

​Parameters

​client.secrets.update(options)

​Parameters

​client.secrets.delete(options)

​Parameters

​Cryptography

​Create a symmetric key

​Returns (string)

​Encrypt symmetric

​Parameters

​Returns (object)

​Decrypt symmetric

​Parameters

​Returns (string)

Basic Usage

Installation

Configuration

Client parameters

Authentication

Universal Auth

GCP ID Token Auth

GCP IAM Auth

AWS IAM Auth

Azure Auth

Kubernetes Auth

Working with Secrets

client.secrets.list(options)

Parameters

client.secrets.get(options)

Parameters

client.secrets.create(options)

Parameters

client.secrets.update(options)

Parameters

client.secrets.delete(options)

Parameters

Cryptography

Create a symmetric key

Returns (string)

Encrypt symmetric

Parameters

Returns (object)

Decrypt symmetric

Parameters

Returns (string)