infisical / sdk Goto Github PK
View Code? Open in Web Editor NEWInfisical cross-language SDK
Home Page: https://infisical.com
License: Other
Infisical cross-language SDK
Home Page: https://infisical.com
License: Other
Trying to migrate from the old SDK to the new SDK (poor communication on Infisical's behalf by the way, customers weren't given a warning ahead of time and half of my website practically went offline).
Unfortunately, the new SDK is giving an error:
dsn = infisical_client.getSecret(options=GetSecretOptions(environment="prod", project_id="<project>", secret_name="<name>")).secret_value
File "/usr/local/lib/python3.10/dist-packages/infisical_client/infisical_client.py", line 42, in getSecret
result = self._run_command(Command(get_secret=options))
File "/usr/local/lib/python3.10/dist-packages/infisical_client/infisical_client.py", line 36, in _run_command
raise Exception(response["errorMessage"])
Exception: error sending request for url (https://app.infisical.com/api/v1/auth/universal-auth/login): error trying to connect: invalid peer certificate: BadSignature
I did look this up and apparently this has happened before in a TypeScript integration problem. Doesn't appear to be something I can solve client-side at face value. I have checked the project ID is correct, the client secret and ID are correct too.
My code:
infisical_client = InfisicalClient(ClientSettings(
client_id="<id>,
client_secret="<secret>",
))
dsn = infisical_client.getSecret(options=GetSecretOptions(environment="prod", project_id="<something>", secret_name="<value>")).secret_value
Exactly what it says on the documentation. Am I just being silly?
We tried to use your most recent SDK v2.0.6-SNAPSHOT for Java to get secrets from our selfhosted Infisical Instance.
After adding the maven package to our pom and finishing development, building on both, windows and linux, failed.
On Windows it seems like infisical_c
was expected in directory win32-x86-64
, but the sdk-jar only contains the folder windows-x64
On Linux the files are expected in linux-x86-64
, but no folder has a matching name.
After renaming windows-x64
to win32-x86-64
for windows and ubuntu-x64
to linux-x86-64
for linux the build was successful in both systems.
Getting Started for JNA seems to be relevant here.
Logs
Windows:
Suppressed: java.lang.UnsatisfiedLinkError: The specified module could not be found.
at com.sun.jna.Native.open(Native Method) ~[jna-5.12.1.jar:5.12.1 (b0)]
at com.sun.jna.NativeLibrary.loadLibrary(NativeLibrary.java:270) ~[jna-5.12.1.jar:5.12.1 (b0)]
... 143 common frames omitted
Suppressed: java.io.IOException: Native library (win32-x86-64/infisical_c.dll) not found in resource path (...;workspace\.m2\repository\com\infisical\sdk\2.0.6-SNAPSHOT\sdk-2.0.6-SNAPSHOT.jar;...)
Linux:
org.springframework.beans.BeanInstantiationException: Failed to instantiate [de.siedle.digitalplatform.sps.util.SecretResolver]: Constructor threw exception; nested exception is java.lang.UnsatisfiedLinkError: Unable to load library 'infisical_c':
libinfisical_c.so: cannot open shared object file: No such file or directory
Native library (linux-x86-64/libinfisical_c.so) not found in resource path (.../var/workspace/?/.m2/repository/com/infisical/sdk/2.0.6-SNAPSHOT/sdk-2.0.6-SNAPSHOT.jar...)
I have notice that when a server is running for +1 day using the infisical sdk errors will start showing up from pyo3 complaining about "No file handlers available". The only way to fix this is to restart the container running the python server.
This issue didn't happen with https://github.com/Infisical/infisical-python
Example Code (Throws error):
import time
from infisical_client import InfisicalClient, EncryptSymmetricOptions, DecryptSymmetricOptions
while True:
#client = InfisicalClient()
key = InfisicalClient().createSymmetricKey()
encryptOptions = EncryptSymmetricOptions(
key=key,
plaintext="Infisical is awesome!"
)
encryptedData = InfisicalClient().encryptSymmetric(encryptOptions)
decryptOptions = DecryptSymmetricOptions(
ciphertext=encryptedData.ciphertext,
iv=encryptedData.iv,
tag=encryptedData.tag,
key=key
)
decryptedString = InfisicalClient().decryptSymmetric(decryptOptions)
print(f"Key={key}, cipher={decryptedString}")
Example Code (Works as intended):
import time
from infisical_client import InfisicalClient, EncryptSymmetricOptions, DecryptSymmetricOptions
while True:
client = InfisicalClient()
key = client.createSymmetricKey()
encryptOptions = EncryptSymmetricOptions(
key=key,
plaintext="Infisical is awesome!"
)
encryptedData = client.encryptSymmetric(encryptOptions)
decryptOptions = DecryptSymmetricOptions(
ciphertext=encryptedData.ciphertext,
iv=encryptedData.iv,
tag=encryptedData.tag,
key=key
)
decryptedString = client.decryptSymmetric(decryptOptions)
print(f"Key={key}, cipher={decryptedString}")
@DanielHougaard Any ideas?
GoLang developers would want to make use of this feature. Many backend and microservices are being built by companies and organizations so it is worthwhile building a GoLang SDK.
My code:
import { InfisicalClient, LogLevel } from "@infisical/sdk";
// Secret
const client = new InfisicalClient({
clientId: "YOUR_CLIENT_ID",
clientSecret: "YOUR_CLIENT_SECRET",
logLevel: LogLevel.Error,
});
When I start this app with nodemon
and ts-node
. I get following error:
[nodemon] 3.1.0
[nodemon] to restart at any time, enter `rs`
[nodemon] watching path(s): *.*
[nodemon] watching extensions: ts,json
[nodemon] starting `ts-node -T src/index.ts`
logLevel: LogLevel.Error,
I just noticed the deprecation noticed in the Python SDK. While I look forward to migrating to this package, one major downside is the removal of the Crytography functions.
These functions made using infisical more practical since we could encrypt data before storing it in infisical.
Could these funtion be added to this repo?
https://github.com/Infisical/infisical-python?tab=readme-ov-file#cryptography
Our developers are facing connection issues using the latest infisical SDK 2.1.3-SNAPSHOT
with java 11 on windows.
Our selfhosted infisical instance uses a ssl cert from our internal CA. We've added its certificate to java and system trust store and we are sure this is functional because of other services with our own certs that can be be accessed within java.
The windows setup is working well using a cert from a public CA - but due to corporate restricitions we should stick to our own certs.
It is also worth mentioning, that this only occurs on a windows setup.
Our services deployed and used on linux are working fine.
Logs:
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.3.12.RELEASE)
2024-01-30 08:44:30.456 INFO 29296 --- [ main] x.x.Application : Starting Application on araLap129 with PID 29296
2024-01-30 08:44:30.458 INFO 29296 --- [ main] x.x.Application : The following profiles are active: local
2024-01-30 08:44:31.610 INFO 29296 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data Solr repositories in DEFAULT mode.
2024-01-30 08:44:31.692 INFO 29296 --- [ main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 73ms. Found 4 Solr repository interfaces.
2024-01-30 08:44:32.272 INFO 29296 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8082 (http)
2024-01-30 08:44:32.279 INFO 29296 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2024-01-30 08:44:32.279 INFO 29296 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.46]
2024-01-30 08:44:32.421 INFO 29296 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2024-01-30 08:44:32.422 INFO 29296 --- [ main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1920 ms
2024-01-30 08:44:33.674 INFO 29296 --- [ main] o.s.b.a.e.web.EndpointLinksResolver : Exposing 2 endpoint(s) beneath base path '/actuator'
2024-01-30 08:44:33.772 INFO 29296 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2024-01-30 08:44:33.895 INFO 29296 --- [ main] o.s.s.c.ThreadPoolTaskScheduler : Initializing ExecutorService 'taskScheduler'
2024-01-30 08:44:33.949 INFO 29296 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8082 (http) with context path ''
2024-01-30 08:44:34.510 INFO 29296 --- [ main] x.x.Application : Started Application in 4.369 seconds (JVM running for 5.905)
2024-01-30 08:44:34.514 INFO 29296 --- [ main] x.x..SolrReindexingCronJob : starting solr reindexing
2024-01-30 08:44:34.606 ERROR 29296 --- [ main] o.s.boot.SpringApplication : Application run failed
java.lang.RuntimeException: error sending request for url (https://secrets.db.siedle.de/api/v1/auth/universal-auth/login): error trying to connect: invalid peer certificate: UnknownIssuer
at com.infisical.sdk.InfisicalClient.errorCheck(InfisicalClient.java:132) ~[sdk-2.1.3-20240126.225859-1.jar:na]
at com.infisical.sdk.InfisicalClient.getSecret(InfisicalClient.java:40) ~[sdk-2.1.3-20240126.225859-1.jar:na]
at x.x.SecretResolver.getSecret(SecretResolver.java:38) ~[classes/:na]
[...]
2024-01-30 08:44:35.324 INFO 29296 --- [ main] o.s.s.c.ThreadPoolTaskScheduler : Shutting down ExecutorService 'taskScheduler'
2024-01-30 08:44:35.325 INFO 29296 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Shutting down ExecutorService 'applicationTaskExecutor'
Process finished with exit code 1
Hi, I'm unable to use the python sdk because I can't import the necessary classes. Here's the basic code I'm using to test this:
import os
# from infisical import ClientSettings
from infisical_client import InfisicalClient, ClientSettings
client = InfisicalClient(ClientSettings(
client_id=os.environ.get("INFISICAL_CLIENT_ID"),
client_secret=os.environ.get("INFISICAL_CLIENT_SECRET"),
))
test_api_key = client.createSecret(
secret_name="TEST_API_KEY",
secret_value="test api key",
project_id="local-test",
environment="dev",
)
print(f"test api key is: {test_api_key}")
Running this code generates this error:
Traceback (most recent call last):
File "/path/to/my/project/infisical.py", line 3, in <module>
from infisical_client import InfisicalClient, ClientSettings
File "/path/to/my/project/.venv/lib/python3.9/site-packages/infisical_client/__init__.py", line 3, in <module>
from .infisical_client import InfisicalClient as InfisicalClient
File "/path/to/my/project/.venv/lib/python3.9/site-packages/infisical_client/infisical_client.py", line 3, in <module>
from .schemas import ClientSettings, Command, SecretElement
ModuleNotFoundError: No module named 'infisical_client.schemas'
Note that the import statements I used are from your current documentation. So I changed the import statements to the following:
from infisical import ClientSettings
from infisical_client import InfisicalClient
Using those imports, the error became the following:
Traceback (most recent call last):
File "/path/to/my/project/infisical.py", line 2, in <module>
from infisical import ClientSettings
File "/path/to/my/project/infisical.py", line 2, in <module>
from infisical import ClientSettings
ImportError: cannot import name 'ClientSettings' from partially initialized module 'infisical' (most likely due to a circular import) (/path/to/my/project/infisical.py)
Lastly, I changed the import statements again to the following:
from infisical import ClientSettings, InfisicalClient
And the error message remained the same:
Traceback (most recent call last):
File "/path/to/my/project/infisical.py", line 2, in <module>
from infisical import ClientSettings, InfisicalClient
File "/path/to/my/project/infisical.py", line 2, in <module>
from infisical import ClientSettings, InfisicalClient
ImportError: cannot import name 'ClientSettings' from partially initialized module 'infisical' (most likely due to a circular import) (/path/to/my/project/infisical.py)
I got these errors using both v2.0.6
and v2.0.7
of the SDK.
3.9.13
While installing the Node SDK package on Windows OS 11 and Node version 20.12.1, we are getting an issue as follows:
yarn install v1.22.22
info No lockfile found.
[1/5] Validating package.json...
[2/5] Resolving packages...
I couldn't find any versions for "@infisical/sdk-darwin-x64" that match "2.2.0."
? Please choose a version of "@infisical/sdk-darwin-x64" from this list: (Use arrow keys.)
> 2.1.9
2.1.8
2.1.3
2.1.2
2.1.0
2.0.7
2.0.6
2.0.5
2.0.4
Steps to reproduce:
/path_1
and /path_2
MY_SECRET
to both folders, but give them different values value_1
and value_2
getSecret
while specifying /path_1
in the first call and /path_2
in the second callgetSecret
yields the same value for both calls, sometimes value_1
, sometimes value_2
.
listSecrets
lists correct values when specifying path
.
My assumption is that keys with similar names but different values should be able to exist in different folders (paths)?
It looks like Infisical's internal cache is not taking path
into account?
Please let me know if you need any additional info.
Running copy / past code from quick start:
if_client = InfisicalClient(ClientSettings(
client_id = os.environ.get('INFISICAL_MACHINE_ID'),
client_secret = os.environ.get('INFISICAL_TOKEN')
))
neo_host = if_client.getSecret(options = GetSecretOptions(
project_id = 'Hunome',
environment = 'dev',
secret_name = 'HNM_NEO4J_HOST'
))
I run into the following error:
Exception Traceback (most recent call last)
Cell In[29], line 6
1 from infisical_client import InfisicalClient, ClientSettings, GetSecretOptions
2 if_client = InfisicalClient(ClientSettings(
3 client_id = os.environ.get('INFISICAL_MACHINE_ID'),
4 client_secret = os.environ.get('INFISICAL_TOKEN')
5 ))
----> 6 neo_host = if_client.getSecret(options = GetSecretOptions(
7 project_id = 'Hunome',
8 environment = 'dev',
9 secret_name = 'HNM_NEO4J_HOST'
10 ))
File ~/project_path/.venv/lib/python3.11/site-packages/infisical_client/infisical_client.py:42, in InfisicalClient.getSecret(self, options)
41 def getSecret(self, options: GetSecretOptions) -> SecretElement:
---> 42 result = self._run_command(Command(get_secret=options))
44 return ResponseForGetSecretResponse.from_dict(result).data.secret
File ~/project_path/.venv/lib/python3.11/site-packages/infisical_client/infisical_client.py:36, in InfisicalClient._run_command(self, command)
33 response = json.loads(response_json)
35 if response["success"] == False:
---> 36 raise Exception(response["errorMessage"])
38 return response
Exception: [Bad request]: failed to find bot key
The auth (client id / secret) is fine, if I mess with that, HTTP 403 is reported. Project with the name provided as project_id (do not see any other ID for the project in web ui), environment and secret with the name exist. Was working like charm with the old SDK infisical==1.4.1
.
SDK: infisical-python==2.1.6 @ Python-3.11.6 on Linux
I have set up infisical in a local docker environment.
Created a project with a three folder setup, the folders are called:
I set these folders up in such a way, that each folder is importing the secrets from the folder above, so:
If my understanding of the Secret Imports feature is correct, then CURRENT and SERVICE folders should have access to secrets that were defined in the DEFAULT folder.
For example if I have a secret called MAX_ALLOWED_ERRORS
in the DEFAULT folder, I should be able to access this secret when using the SDK by calling getSecret
method with the path parameter for GetSecretOptions
being either "/CURRENT"
or "/SERVICE"
(Please correct me if my understanding is wrong).
From what I understand though, for this to work there is an additional include_imports
parameter for GetSecretOptions
that needs to be set to True.
With all this in mind I have sample code that tries to get the MAX_ALLOWED_ERRORS
secret from the CURRENT folder (keeping in mind that it is defined in the DEFAULT folder and imported in CURRENT).
from infisical_client import (
ClientSettings,
InfisicalClient,
GetSecretOptions,
AuthenticationOptions,
UniversalAuthMethod
)
ENVIRONMENT = "dev"
PROJECT_ID = "c76cb737-cf9d-4e02-bab6-0eba77c83f34"
SITE_URL = "http://localhost:80"
CLIENT_ID = "REDACTED_BY_MAINTAINER"
CLIENT_SECRET = "REDACTED_BY_MAINTAINER"
client = InfisicalClient(ClientSettings(
site_url=SITE_URL,
auth=AuthenticationOptions(
universal_auth=UniversalAuthMethod(
client_id=CLIENT_ID,
client_secret=CLIENT_SECRET,
)
)
))
result = client.getSecret(options=GetSecretOptions(
environment=ENVIRONMENT,
project_id=PROJECT_ID,
include_imports=True,
secret_name="MAX_ALLOWED_ERRORS",
path="/CURRENT"
))
print(result)
But running this piece of code results in the following:
Traceback (most recent call last):
File ".../infisical-test/main.py", line 25, in <module>
result = client.getSecret(options=GetSecretOptions(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File ".../infisical-test/venv/lib/python3.12/site-packages/infisical_client/infisical_client.py", line 42, in getSecret
result = self._run_command(Command(get_secret=options))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File ".../infisical-test/venv/lib/python3.12/site-packages/infisical_client/infisical_client.py", line 36, in _run_command
raise Exception(response["errorMessage"])
Exception: [Bad request]: Secret not found
It could be that I have misunderstood something about the secret imports feature or the SDK or that the include_imports option is not working as intended. In either case any type of help would be appreciated.
Thank you in advance!
When trying to use this new SDK, as per the official documentation, I'm getting this error.
Upon inspecting the installed package I see that there seems to be missing files inside the root directory.
Is this a known issue? Should I migrate back to the old package?
Could you provide a .whl file for the infisical_python package?
I have so installation issues with the tar.gz that you provide....
I takes forever and at the end i get an error.
I tried different versions (2.0.5, 2.0.3) and different Python versions (3.9/3.11)
I really would try out your stuff....
Using cached infisical_python-2.0.6.tar.gz (39 kB)
Installing build dependencies: started
Installing build dependencies: still running...
Installing build dependencies: still running...
Installing build dependencies: still running...
Installing build dependencies: still running...
Installing build dependencies: still running...
Installing build dependencies: still running...
Installing build dependencies: finished with status 'error'
error: subprocess-exited-with-error
× pip subprocess to install build dependencies did not run successfully.
│ exit code: 1
╰─> [7 lines of output]
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x000001B88A26D150>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/maturin/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x000001B88A2C7090>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/maturin/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x000001B88DA8CFD0>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/maturin/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x000001B88DA8DE90>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/maturin/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.HTTPSConnection object at 0x000001B88DA8E550>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/maturin/
ERROR: Could not find a version that satisfies the requirement maturin<0.15,>=0.14 (from versions: none)
ERROR: No matching distribution found for maturin<0.15,>=0.14
[end of output]
note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error
× pip subprocess to install build dependencies did not run successfully.
│ exit code: 1
╰─> See above for output.
When trying to deploy a AWS lambda function with NodeJs (Typescript) using Infisical SDK I get the following:
✘ [ERROR] No loader is configured for ".node" files: asset-input/node_modules/@infisical/sdk-darwin-arm64/infisical.darwin-arm64.node
asset-input/node_modules/@infisical/sdk/binding.js:141:36: 141 │ nativeBinding = require('@infisical/sdk-darwin-arm64') ╵
Command ran: npx ts-node --prefer-ts-exts bin/sqs-lambda.ts
"@infisical/sdk": "^2.1.8",
Apple M2
MacOs Sonoma (14.3.1)
I'm working to integrate Infisical with my Supabase Edge Functions, which all run on Deno. However when I try to import the sdk (via import { InfisicalClient } from 'npm:@infisical/sdk';
, I get an error that npm package '@infisical/sdk-darwin-arm64' does not exist
This is my first time working with Deno, so I'm not positive if this is a package problem or an engine problem, apologies if I should be posting this elsewhere.
Thanks!
I updated through Poetry to the latest stable available version of infisical-python package (2.1.9) and during the installation of the update, the following poetry warning showed up:
Warning: Validation of the RECORD file of infisical_python-2.1.9-cp311-none-win_amd64.whl failed. Please report to the maintainers of that package so they can fix their build process. Details:
In C:\Users\linux\AppData\Local\pypoetry\Cache\artifacts\55\01\a8\4ab0295bc2593e0bbaf0f6f6383adb19acb48e945ecf0d973b39975513\infisical_python-2.1.9-cp311-none-win_amd64.whl, infisical_client/schemas.py is not mentioned in RECORD
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.