infisical / sdk Goto Github PK

Trying to migrate from the old SDK to the new SDK (poor communication on Infisical's behalf by the way, customers weren't given a warning ahead of time and half of my website practically went offline).

Unfortunately, the new SDK is giving an error:

    dsn = infisical_client.getSecret(options=GetSecretOptions(environment="prod", project_id="<project>", secret_name="<name>")).secret_value
  File "/usr/local/lib/python3.10/dist-packages/infisical_client/infisical_client.py", line 42, in getSecret
    result = self._run_command(Command(get_secret=options))
  File "/usr/local/lib/python3.10/dist-packages/infisical_client/infisical_client.py", line 36, in _run_command
    raise Exception(response["errorMessage"])
Exception: error sending request for url (https://app.infisical.com/api/v1/auth/universal-auth/login): error trying to connect: invalid peer certificate: BadSignature

I did look this up and apparently this has happened before in a TypeScript integration problem. Doesn't appear to be something I can solve client-side at face value. I have checked the project ID is correct, the client secret and ID are correct too.

My code:

infisical_client = InfisicalClient(ClientSettings(
    client_id="<id>,
    client_secret="<secret>",
))
dsn = infisical_client.getSecret(options=GetSecretOptions(environment="prod", project_id="<something>", secret_name="<value>")).secret_value

Exactly what it says on the documentation. Am I just being silly?

We tried to use your most recent SDK v2.0.6-SNAPSHOT for Java to get secrets from our selfhosted Infisical Instance.
After adding the maven package to our pom and finishing development, building on both, windows and linux, failed.

On Windows it seems like infisical_c was expected in directory win32-x86-64, but the sdk-jar only contains the folder windows-x64
On Linux the files are expected in linux-x86-64, but no folder has a matching name.

After renaming windows-x64 to win32-x86-64 for windows and ubuntu-x64 to linux-x86-64 for linux the build was successful in both systems.

Getting Started for JNA seems to be relevant here.

Logs
Windows:

Suppressed: java.lang.UnsatisfiedLinkError: The specified module could not be found.

        at com.sun.jna.Native.open(Native Method) ~[jna-5.12.1.jar:5.12.1 (b0)]
        at com.sun.jna.NativeLibrary.loadLibrary(NativeLibrary.java:270) ~[jna-5.12.1.jar:5.12.1 (b0)]
        ... 143 common frames omitted
    Suppressed: java.io.IOException: Native library (win32-x86-64/infisical_c.dll) not found in resource path (...;workspace\.m2\repository\com\infisical\sdk\2.0.6-SNAPSHOT\sdk-2.0.6-SNAPSHOT.jar;...)

Linux:

org.springframework.beans.BeanInstantiationException: Failed to instantiate [de.siedle.digitalplatform.sps.util.SecretResolver]: Constructor threw exception; nested exception is java.lang.UnsatisfiedLinkError: Unable to load library 'infisical_c':
libinfisical_c.so: cannot open shared object file: No such file or directory
Native library (linux-x86-64/libinfisical_c.so) not found in resource path (.../var/workspace/?/.m2/repository/com/infisical/sdk/2.0.6-SNAPSHOT/sdk-2.0.6-SNAPSHOT.jar...)

I have notice that when a server is running for +1 day using the infisical sdk errors will start showing up from pyo3 complaining about "No file handlers available". The only way to fix this is to restart the container running the python server.

This issue didn't happen with https://github.com/Infisical/infisical-python

Example Code (Throws error):

import time
from infisical_client import InfisicalClient, EncryptSymmetricOptions, DecryptSymmetricOptions

while True:
    #client = InfisicalClient()
    key = InfisicalClient().createSymmetricKey()
    encryptOptions = EncryptSymmetricOptions(
        key=key,
        plaintext="Infisical is awesome!"
    )

    encryptedData = InfisicalClient().encryptSymmetric(encryptOptions)

    decryptOptions = DecryptSymmetricOptions(
        ciphertext=encryptedData.ciphertext,
        iv=encryptedData.iv,
        tag=encryptedData.tag,
        key=key
    )

    decryptedString = InfisicalClient().decryptSymmetric(decryptOptions)
    print(f"Key={key}, cipher={decryptedString}")

Example Code (Works as intended):

import time
from infisical_client import InfisicalClient, EncryptSymmetricOptions, DecryptSymmetricOptions

while True:
    client = InfisicalClient()
    key = client.createSymmetricKey()
    encryptOptions = EncryptSymmetricOptions(
        key=key,
        plaintext="Infisical is awesome!"
    )

    encryptedData = client.encryptSymmetric(encryptOptions)

    decryptOptions = DecryptSymmetricOptions(
        ciphertext=encryptedData.ciphertext,
        iv=encryptedData.iv,
        tag=encryptedData.tag,
        key=key
    )

    decryptedString = client.decryptSymmetric(decryptOptions)
    print(f"Key={key}, cipher={decryptedString}")

@DanielHougaard Any ideas?

GoLang developers would want to make use of this feature. Many backend and microservices are being built by companies and organizations so it is worthwhile building a GoLang SDK.

My code:

import { InfisicalClient, LogLevel } from "@infisical/sdk";

// Secret
const client = new InfisicalClient({
  clientId: "YOUR_CLIENT_ID",
  clientSecret: "YOUR_CLIENT_SECRET",
  logLevel: LogLevel.Error,
});

When I start this app with nodemon and ts-node. I get following error:

[nodemon] 3.1.0
[nodemon] to restart at any time, enter `rs`
[nodemon] watching path(s): *.*
[nodemon] watching extensions: ts,json
[nodemon] starting `ts-node -T src/index.ts`
  logLevel: LogLevel.Error,

I just noticed the deprecation noticed in the Python SDK. While I look forward to migrating to this package, one major downside is the removal of the Crytography functions.

These functions made using infisical more practical since we could encrypt data before storing it in infisical.

Could these funtion be added to this repo?

https://github.com/Infisical/infisical-python?tab=readme-ov-file#cryptography

Our developers are facing connection issues using the latest infisical SDK 2.1.3-SNAPSHOT with java 11 on windows.

Our selfhosted infisical instance uses a ssl cert from our internal CA. We've added its certificate to java and system trust store and we are sure this is functional because of other services with our own certs that can be be accessed within java.

The windows setup is working well using a cert from a public CA - but due to corporate restricitions we should stick to our own certs.

It is also worth mentioning, that this only occurs on a windows setup.
Our services deployed and used on linux are working fine.

Logs:

.   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::       (v2.3.12.RELEASE)

2024-01-30 08:44:30.456  INFO 29296 --- [           main] x.x.Application                          : Starting Application on araLap129 with PID 29296 
2024-01-30 08:44:30.458  INFO 29296 --- [           main] x.x.Application                          : The following profiles are active: local
2024-01-30 08:44:31.610  INFO 29296 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data Solr repositories in DEFAULT mode.
2024-01-30 08:44:31.692  INFO 29296 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 73ms. Found 4 Solr repository interfaces.
2024-01-30 08:44:32.272  INFO 29296 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8082 (http)
2024-01-30 08:44:32.279  INFO 29296 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
2024-01-30 08:44:32.279  INFO 29296 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.46]
2024-01-30 08:44:32.421  INFO 29296 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
2024-01-30 08:44:32.422  INFO 29296 --- [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1920 ms
2024-01-30 08:44:33.674  INFO 29296 --- [           main] o.s.b.a.e.web.EndpointLinksResolver      : Exposing 2 endpoint(s) beneath base path '/actuator'
2024-01-30 08:44:33.772  INFO 29296 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2024-01-30 08:44:33.895  INFO 29296 --- [           main] o.s.s.c.ThreadPoolTaskScheduler          : Initializing ExecutorService 'taskScheduler'
2024-01-30 08:44:33.949  INFO 29296 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8082 (http) with context path ''
2024-01-30 08:44:34.510  INFO 29296 --- [           main] x.x.Application                          : Started Application in 4.369 seconds (JVM running for 5.905)
2024-01-30 08:44:34.514  INFO 29296 --- [           main] x.x..SolrReindexingCronJob               : starting solr reindexing
2024-01-30 08:44:34.606 ERROR 29296 --- [           main] o.s.boot.SpringApplication               : Application run failed

java.lang.RuntimeException: error sending request for url (https://secrets.db.siedle.de/api/v1/auth/universal-auth/login): error trying to connect: invalid peer certificate: UnknownIssuer
    at com.infisical.sdk.InfisicalClient.errorCheck(InfisicalClient.java:132) ~[sdk-2.1.3-20240126.225859-1.jar:na]
    at com.infisical.sdk.InfisicalClient.getSecret(InfisicalClient.java:40) ~[sdk-2.1.3-20240126.225859-1.jar:na]
    at x.x.SecretResolver.getSecret(SecretResolver.java:38) ~[classes/:na]
    [...]

2024-01-30 08:44:35.324  INFO 29296 --- [           main] o.s.s.c.ThreadPoolTaskScheduler          : Shutting down ExecutorService 'taskScheduler'
2024-01-30 08:44:35.325  INFO 29296 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Shutting down ExecutorService 'applicationTaskExecutor'

Process finished with exit code 1

Hi, I'm unable to use the python sdk because I can't import the necessary classes. Here's the basic code I'm using to test this:

import os
# from infisical import ClientSettings
from infisical_client import InfisicalClient, ClientSettings

client = InfisicalClient(ClientSettings(
    client_id=os.environ.get("INFISICAL_CLIENT_ID"),
    client_secret=os.environ.get("INFISICAL_CLIENT_SECRET"),
))

test_api_key = client.createSecret(
    secret_name="TEST_API_KEY",
    secret_value="test api key",
    project_id="local-test",
    environment="dev",
)

print(f"test api key is: {test_api_key}")

Running this code generates this error:

Traceback (most recent call last):
  File "/path/to/my/project/infisical.py", line 3, in <module>
    from infisical_client import InfisicalClient, ClientSettings
  File "/path/to/my/project/.venv/lib/python3.9/site-packages/infisical_client/__init__.py", line 3, in <module>
    from .infisical_client import InfisicalClient as InfisicalClient
  File "/path/to/my/project/.venv/lib/python3.9/site-packages/infisical_client/infisical_client.py", line 3, in <module>
    from .schemas import ClientSettings, Command, SecretElement
ModuleNotFoundError: No module named 'infisical_client.schemas'

Note that the import statements I used are from your current documentation. So I changed the import statements to the following:

from infisical import ClientSettings
from infisical_client import InfisicalClient

Using those imports, the error became the following:

Traceback (most recent call last):
  File "/path/to/my/project/infisical.py", line 2, in <module>
    from infisical import ClientSettings
  File "/path/to/my/project/infisical.py", line 2, in <module>
    from infisical import ClientSettings
ImportError: cannot import name 'ClientSettings' from partially initialized module 'infisical' (most likely due to a circular import) (/path/to/my/project/infisical.py)

Lastly, I changed the import statements again to the following:

from infisical import ClientSettings, InfisicalClient

And the error message remained the same:

Traceback (most recent call last):
  File "/path/to/my/project/infisical.py", line 2, in <module>
    from infisical import ClientSettings, InfisicalClient
  File "/path/to/my/project/infisical.py", line 2, in <module>
    from infisical import ClientSettings, InfisicalClient
ImportError: cannot import name 'ClientSettings' from partially initialized module 'infisical' (most likely due to a circular import) (/path/to/my/project/infisical.py)

I got these errors using both v2.0.6 and v2.0.7 of the SDK.

• What Python version are you using? 3.9.13
• What operating system are you getting the error on? MacOS arm64 (M1)

While installing the Node SDK package on Windows OS 11 and Node version 20.12.1, we are getting an issue as follows:

yarn install v1.22.22
info No lockfile found.
[1/5] Validating package.json...
[2/5] Resolving packages...
I couldn't find any versions for "@infisical/sdk-darwin-x64" that match "2.2.0."
? Please choose a version of "@infisical/sdk-darwin-x64" from this list: (Use arrow keys.)
> 2.1.9
  2.1.8
  2.1.3
  2.1.2
  2.1.0
  2.0.7
  2.0.6
  2.0.5
  2.0.4

Steps to reproduce:

• create a project with two folders /path_1 and /path_2
• add MY_SECRET to both folders, but give them different values value_1 and value_2
• run getSecret while specifying /path_1 in the first call and /path_2 in the second call

getSecret yields the same value for both calls, sometimes value_1, sometimes value_2.

listSecrets lists correct values when specifying path.

My assumption is that keys with similar names but different values should be able to exist in different folders (paths)?

It looks like Infisical's internal cache is not taking path into account?

Please let me know if you need any additional info.

Running copy / past code from quick start:

if_client = InfisicalClient(ClientSettings(
    client_id = os.environ.get('INFISICAL_MACHINE_ID'),
    client_secret = os.environ.get('INFISICAL_TOKEN')
))
neo_host = if_client.getSecret(options = GetSecretOptions(
    project_id = 'Hunome',
    environment = 'dev',
    secret_name = 'HNM_NEO4J_HOST'
))

I run into the following error:

Exception                                 Traceback (most recent call last)
Cell In[29], line 6
      1 from infisical_client import InfisicalClient, ClientSettings, GetSecretOptions
      2 if_client = InfisicalClient(ClientSettings(
      3     client_id = os.environ.get('INFISICAL_MACHINE_ID'),
      4     client_secret = os.environ.get('INFISICAL_TOKEN')
      5 ))
----> 6 neo_host = if_client.getSecret(options = GetSecretOptions(
      7     project_id = 'Hunome',
      8     environment = 'dev',
      9     secret_name = 'HNM_NEO4J_HOST'
     10 ))

File ~/project_path/.venv/lib/python3.11/site-packages/infisical_client/infisical_client.py:42, in InfisicalClient.getSecret(self, options)
     41 def getSecret(self, options: GetSecretOptions) -> SecretElement:
---> 42     result = self._run_command(Command(get_secret=options))
     44     return ResponseForGetSecretResponse.from_dict(result).data.secret

File ~/project_path/.venv/lib/python3.11/site-packages/infisical_client/infisical_client.py:36, in InfisicalClient._run_command(self, command)
     33 response = json.loads(response_json)
     35 if response["success"] == False:
---> 36     raise Exception(response["errorMessage"])
     38 return response

Exception: [Bad request]: failed to find bot key

The auth (client id / secret) is fine, if I mess with that, HTTP 403 is reported. Project with the name provided as project_id (do not see any other ID for the project in web ui), environment and secret with the name exist. Was working like charm with the old SDK infisical==1.4.1.

SDK: infisical-python==2.1.6 @ Python-3.11.6 on Linux

I have set up infisical in a local docker environment.

Created a project with a three folder setup, the folders are called:

• DEFAULT
• CURRENT
• SERVICE

I set these folders up in such a way, that each folder is importing the secrets from the folder above, so:

• DEFAULT folder contains certain secrets
• CURRENT folder then imports everything from the DEFAULT folder
• SERVICE folder in turn imports everything from the CURRENT folder

If my understanding of the Secret Imports feature is correct, then CURRENT and SERVICE folders should have access to secrets that were defined in the DEFAULT folder.

For example if I have a secret called MAX_ALLOWED_ERRORS in the DEFAULT folder, I should be able to access this secret when using the SDK by calling getSecret method with the path parameter for GetSecretOptions being either "/CURRENT" or "/SERVICE" (Please correct me if my understanding is wrong).

From what I understand though, for this to work there is an additional include_imports parameter for GetSecretOptions that needs to be set to True.

With all this in mind I have sample code that tries to get the MAX_ALLOWED_ERRORS secret from the CURRENT folder (keeping in mind that it is defined in the DEFAULT folder and imported in CURRENT).

from infisical_client import (
    ClientSettings, 
    InfisicalClient,
    GetSecretOptions,
    AuthenticationOptions,
    UniversalAuthMethod
)

ENVIRONMENT = "dev"
PROJECT_ID = "c76cb737-cf9d-4e02-bab6-0eba77c83f34"
SITE_URL = "http://localhost:80"
CLIENT_ID = "REDACTED_BY_MAINTAINER"
CLIENT_SECRET = "REDACTED_BY_MAINTAINER"

client = InfisicalClient(ClientSettings(
    site_url=SITE_URL,
    auth=AuthenticationOptions(
      universal_auth=UniversalAuthMethod(
        client_id=CLIENT_ID,
        client_secret=CLIENT_SECRET,
      )
    )
))

result = client.getSecret(options=GetSecretOptions(
    environment=ENVIRONMENT,
    project_id=PROJECT_ID,
    include_imports=True,
    secret_name="MAX_ALLOWED_ERRORS",
    path="/CURRENT"
))

print(result)

But running this piece of code results in the following:

Traceback (most recent call last):
  File ".../infisical-test/main.py", line 25, in <module>
    result = client.getSecret(options=GetSecretOptions(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File ".../infisical-test/venv/lib/python3.12/site-packages/infisical_client/infisical_client.py", line 42, in getSecret
    result = self._run_command(Command(get_secret=options))
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File ".../infisical-test/venv/lib/python3.12/site-packages/infisical_client/infisical_client.py", line 36, in _run_command
    raise Exception(response["errorMessage"])
Exception: [Bad request]: Secret not found

It could be that I have misunderstood something about the secret imports feature or the SDK or that the include_imports option is not working as intended. In either case any type of help would be appreciated.

Thank you in advance!

When trying to use this new SDK, as per the official documentation, I'm getting this error.
Upon inspecting the installed package I see that there seems to be missing files inside the root directory.
Is this a known issue? Should I migrate back to the old package?

Could you provide a .whl file for the infisical_python package?
I have so installation issues with the tar.gz that you provide....
I takes forever and at the end i get an error.

I tried different versions (2.0.5, 2.0.3) and different Python versions (3.9/3.11)

I really would try out your stuff....

Using cached infisical_python-2.0.6.tar.gz (39 kB)
Installing build dependencies: started
Installing build dependencies: still running...
Installing build dependencies: still running...
Installing build dependencies: still running...
Installing build dependencies: still running...
Installing build dependencies: still running...
Installing build dependencies: still running...
Installing build dependencies: finished with status 'error'
error: subprocess-exited-with-error

× pip subprocess to install build dependencies did not run successfully.
│ exit code: 1
╰─> [7 lines of output]
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x000001B88A26D150>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/maturin/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x000001B88A2C7090>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/maturin/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x000001B88DA8CFD0>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/maturin/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x000001B88DA8DE90>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/maturin/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x000001B88DA8E550>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/maturin/
ERROR: Could not find a version that satisfies the requirement maturin<0.15,>=0.14 (from versions: none)
ERROR: No matching distribution found for maturin<0.15,>=0.14
[end of output]

note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error

× pip subprocess to install build dependencies did not run successfully.
│ exit code: 1
╰─> See above for output.

When trying to deploy a AWS lambda function with NodeJs (Typescript) using Infisical SDK I get the following:

✘ [ERROR] No loader is configured for ".node" files: asset-input/node_modules/@infisical/sdk-darwin-arm64/infisical.darwin-arm64.node

asset-input/node_modules/@infisical/sdk/binding.js:141:36:
  141 │             nativeBinding = require('@infisical/sdk-darwin-arm64')
      ╵    

Command ran: npx ts-node --prefer-ts-exts bin/sqs-lambda.ts

Context

"@infisical/sdk": "^2.1.8",
Apple M2
MacOs Sonoma (14.3.1)

I'm working to integrate Infisical with my Supabase Edge Functions, which all run on Deno. However when I try to import the sdk (via import { InfisicalClient } from 'npm:@infisical/sdk';, I get an error that npm package '@infisical/sdk-darwin-arm64' does not exist

This is my first time working with Deno, so I'm not positive if this is a package problem or an engine problem, apologies if I should be posting this elsewhere.

Thanks!

I updated through Poetry to the latest stable available version of infisical-python package (2.1.9) and during the installation of the update, the following poetry warning showed up:

Warning: Validation of the RECORD file of infisical_python-2.1.9-cp311-none-win_amd64.whl failed. Please report to the maintainers of that package so they can fix their build process. Details:
In C:\Users\linux\AppData\Local\pypoetry\Cache\artifacts\55\01\a8\4ab0295bc2593e0bbaf0f6f6383adb19acb48e945ecf0d973b39975513\infisical_python-2.1.9-cp311-none-win_amd64.whl, infisical_client/schemas.py is not mentioned in RECORD