nix/infisical-node-sdk
1
0
Fork 0
Code Issues Pull Requests Activity

Merge pull request #19 from Infisical/feat/moveSdkToAxios

Browse Source 
Refactor: openapi-generator-cli to Axios
This commit is contained in:
carlosmonastyrski
2025-05-07 20:34:40 -03:00
committed by GitHub
parent 1b8aa6d20e 367cc6ca3c
commit 02c21ca429
29 changed files with 2156 additions and 2880 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/release.yml vendored
View File

@@ -28,9 +28,6 @@ jobs:
- name: Set NPM version
run: npm version ${{ github.ref_name }} --allow-same-version --no-git-tag-version
- name: Build API client
run: npm run generate-api:infisical
- name: Build SDK
run: npm run build

55
README.md
View File

@@ -42,6 +42,10 @@ The SDK methods are organized into the following high-level categories:
1. `auth`: Handles authentication methods.
2. `secrets`: Manages CRUD operations for secrets.
3. `dynamicSecrets`: Manages dynamic secrets and leases.
4. `projects`: Creates and manages projects.
5. `environments`: Creates and manages environments.
6. `folders`: Creates and manages folders.
### `auth`
@@ -102,7 +106,6 @@ await client.auth().awsIamAuth.renew();
```
### `secrets`
This sub-class handles operations related to secrets:
@@ -132,7 +135,7 @@ const allSecrets = await client.secrets().listSecrets({
- `tagFilters` (string[], optional): Tags to filter secrets.
**Returns:**
- `ApiV3SecretsRawGet200Response`: The response containing the list of secrets.
- `ListSecretsResponse`: The response containing the list of secrets.
#### List secrets with imports
@@ -159,7 +162,7 @@ const allSecrets = await client.secrets().listSecretsWithImports({
- `tagFilters` (string[], optional): Tags to filter secrets.
**Returns:**
- `ApiV1DashboardSecretsOverviewGet200ResponseSecretsInner`: The response containing the list of secrets, with imports.
- `Secret[]`: Returns the list of secrets objects, with imports.
@@ -195,7 +198,7 @@ const allSecrets = await client.secrets().listSecretsWithImports({
- `type` (personal | shared, optional): Which type of secret to create.
**Returns:**
- `ApiV3SecretsRawSecretNamePost200Response`: The response after creating the secret.
- `CreateSecretResponse`: The response after creating the secret.
#### Update Secret
@@ -235,7 +238,7 @@ const updatedSecret = await client.secrets().updateSecret("SECRET_TO_UPDATE", {
- `metadata` (object, optional): Assign additional details to the secret, accessible through the API.
**Returns:**
- `ApiV3SecretsRawSecretNamePost200Response`: The response after updating the secret.
- `UpdateSecretResponse`: The response after updating the secret.
#### Get Secret by Name
@@ -266,7 +269,7 @@ const updatedSecret = await client.secrets().updateSecret("SECRET_TO_UPDATE", {
**Returns:**
- `ApiV3SecretsRawSecretNameGet200Response`: The response containing the secret.
- `Secret`: Returns the secret object.
#### Delete Secret by Name
@@ -288,7 +291,7 @@ const deletedSecret = await client.secrets().deleteSecret("SECRET_TO_DELETE", {
- `type` (personal | shared, optional): The type of secret to delete.
**Returns:**
- `ApiV3SecretsRawSecretNamePost200Response`: The response after deleting the secret.
- `DeleteSecretResponse`: The response after deleting the secret.
@@ -338,7 +341,7 @@ console.log(dynamicSecret);
```
**Returns:**
- `ApiV1DynamicSecretsPost200Response['dynamicSecret']`: The response after creating the dynamic secret
- `DynamicSecret`: The created dynamic secret.
#### Delete a dynamic secret
@@ -359,7 +362,7 @@ const deletedDynamicSecret = await client.dynamicSecrets().delete("dynamic-secre
- `environment` (str): The environment in which to delete the secret.
**Returns:**
- `ApiV1DynamicSecretsDelete200Response['dynamicSecret']`: The response after deleting the dynamic secret
- `DynamicSecret`: The deleted dynamic secret.
### `dynamicSecrets.leases`
In this section you'll learn how to work with dynamic secret leases
@@ -389,7 +392,7 @@ console.log(lease);
- `ttl` (string, optional): A [vercel/ms](https://github.com/vercel/ms) encoded string representation of how long the lease credentials should be valid for. This will default to the dynamic secret's default TTL if not specified.
**Returns:**
- `ApiV1DynamicSecretsLeasesPost200Response`: The dynamic secret lease result.
- `CreateLeaseResponse`: The dynamic secret lease result.
#### Delete a lease
@@ -411,7 +414,7 @@ const deletedLease = await client.dynamicSecrets().leases.delete(newLease.lease.
- `isForced` (bool, optional): Wether or not to forcefully delete the lease. This can't guarantee that the lease will be deleted from the external provider, and is potentially unsafe for sensitive dynamic secrets.
**Returns:**
- `ApiV1DynamicSecretsLeasesLeaseIdDelete200Response`: The deleted lease result.
- `DeleteLeaseResponse`: The deleted lease result.
#### Renew a lease
@@ -435,7 +438,7 @@ const renewedLease = await client.dynamicSecrets().leases.renew(newLease.lease.i
- `ttl` (string, optional): A [vercel/ms](https://github.com/vercel/ms) encoded string representation of how long the lease credentials should be valid for. This will default to the dynamic secret's default TTL if not specified.
**Returns:**
- `ApiV1DynamicSecretsLeasesLeaseIdDelete200Response`: The renewed lease response _(doesn't contain new credentials)_.
- `RenewLeaseResponse`: The renewed lease response _(doesn't contain new credentials)_.
### `projects`
@@ -461,7 +464,7 @@ const project = await client.projects().create({
- `kmsKeyId` (string): The ID of the KMS key to use for the project. Will use the Infisical KMS by default.
**Returns:**
- `ApiV1WorkspaceWorkspaceIdGet200ResponseWorkspace`: The project that was created.
- `Project`: The project that was created.
#### Invite members to a project
@@ -484,7 +487,7 @@ const memberships = await client.projects().inviteMembers({
- `roleSlugs`: (string[]): An array of role slugs to assign to the members. If not specified, this will default to `member`.
**Returns:**
- `ApiV1OrganizationAdminProjectsProjectIdGrantAdminAccessPost200ResponseMembership`: An array of the created project memberships.
- `Membership[]`: An array of the created project memberships.
### `environments`
@@ -506,7 +509,7 @@ const environment = await client.environments().create({
- `position` (number): An optional position of the environment to be created. The position is used in the Infisical UI to display environments in order. Environments with the lowest position come first.
**Returns:**
- `ApiV1WorkspaceWorkspaceIdEnvironmentsEnvIdGet200ResponseEnvironment`: The environment that was created.
- `Environment`: The environment that was created.
#### Create a new folder
@@ -528,4 +531,24 @@ const folder = await client.folders().create({
- `description` (string): An optional folder description.
**Returns:**
- `ApiV1FoldersPost200ResponseFolder`: The folder that was created.
- `Folder`: The folder that was created.
#### List folders
```typescript
const folders = await client.folders().listFolders({
environment: "dev",
projectId: "<your-project-id>",
path: "/foo/bar", // Optional
recursive: false // Optional
});
```
**Parameters:**
- `environment` (string): The slug of the environment to list folders within.
- `projectId` (string): The ID of the project to list folders within.
- `path` (string): The path to list folders within. Defaults to `/`, which is the root folder.
- `recursive` (boolean): An optional flag to list folders recursively. Defaults to `false`.
**Returns:**
- `Folder[]`: An array of folders.

7
openapitools.json
View File

@@ -1,7 +0,0 @@
{
"$schema": "./node_modules/@openapitools/openapi-generator-cli/config.schema.json",
"spaces": 2,
"generator-cli": {
"version": "7.8.0"
}
}

2503
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

19
package.json
View File

@@ -7,9 +7,6 @@
"lib"
],
"scripts": {
"generate-api:infisical": "openapi-generator-cli generate -i https://app.infisical.com/api/docs/json -g typescript-axios -o ./src/infisicalapi_client --skip-validate-spec --additional-properties=useSingleRequestParameter=true,withSeparateModelsAndApi=true,apiPackage=server,modelPackage=model --openapi-normalizer REFACTOR_ALLOF_WITH_PROPERTIES_ONLY=true && npm run post-generate-api",
"generate-api:infisical-dev": "openapi-generator-cli generate -i http://localhost:8080/api/docs/json -g typescript-axios -o ./src/infisicalapi_client --skip-validate-spec --additional-properties=useSingleRequestParameter=true,withSeparateModelsAndApi=true,apiPackage=server,modelPackage=model --openapi-normalizer REFACTOR_ALLOF_WITH_PROPERTIES_ONLY=true && npm run post-generate-api",
"post-generate-api": "rm ./src/infisicalapi_client/git_push.sh",
"build": "tsup src/index.ts --out-dir lib --dts --format cjs,esm --tsconfig tsconfig.json --no-splitting"
},
"keywords": [
@@ -20,13 +17,12 @@
],
"repository": {
"type": "git",
"url": "https://github.com/infisical/infisical-node-sdk"
"url": "git+https://github.com/infisical/infisical-node-sdk.git"
},
"author": "Infisical Inc, <daniel@infisical.com>",
"license": "ISC",
"description": "",
"description": "The Infisical SDK provides a convenient way to programmatically interact with the Infisical API.",
"devDependencies": {
"@openapitools/openapi-generator-cli": "^2.13.5",
"@types/node": "^22.5.1",
"tsc": "^2.0.4",
"tsup": "^8.2.4"
@@ -36,5 +32,14 @@
"axios": "^1.7.5",
"typescript": "^5.5.4",
"zod": "^3.23.8"
}
},
"directories": {
"lib": "lib",
"test": "test"
},
"types": "./lib/index.d.ts",
"bugs": {
"url": "https://github.com/infisical/infisical-node-sdk/issues"
},
"homepage": "https://github.com/infisical/infisical-node-sdk#readme"
}

93
src/api/base.ts Normal file
View File

@@ -0,0 +1,93 @@
import axios, { AxiosInstance, AxiosRequestConfig, AxiosResponse } from "axios";
export interface ApiClientConfig {
baseURL: string;
headers?: Record<string, string>;
timeout?: number;
}
export class ApiClient {
private client: AxiosInstance;
constructor(config: ApiClientConfig) {
this.client = axios.create({
baseURL: config.baseURL,
headers: config.headers || {},
timeout: config.timeout || 10000,
});
this.setupRetryInterceptor();
}
private setupRetryInterceptor() {
const maxRetries = 4;
const initialRetryDelay = 1000;
const backoffFactor = 2;
this.client.interceptors.response.use(null, (error) => {
const config = error?.config;
if (!config) return Promise.reject(error);
if (!config._retryCount) config._retryCount = 0;
// handle rate limits and network errors
if (
(error.response?.status === 429 ||
error.response?.status === undefined) &&
config._retryCount < maxRetries
) {
config._retryCount++;
const baseDelay =
initialRetryDelay * Math.pow(backoffFactor, config._retryCount - 1);
const jitter = baseDelay * 0.2;
const exponentialDelay = baseDelay + (Math.random() * 2 - 1) * jitter;
return new Promise((resolve) => {
setTimeout(() => resolve(this.client(config)), exponentialDelay);
});
}
return Promise.reject(error);
});
}
public setAccessToken(token: string) {
this.client.defaults.headers.common["Authorization"] = `Bearer ${token}`;
}
public async get<T>(url: string, config?: AxiosRequestConfig): Promise<T> {
const response: AxiosResponse<T> = await this.client.get(url, config);
return response.data;
}
public async post<T>(
url: string,
data?: any,
config?: AxiosRequestConfig
): Promise<T> {
const response: AxiosResponse<T> = await this.client.post(
url,
data,
config
);
return response.data;
}
public async patch<T>(
url: string,
data?: any,
config?: AxiosRequestConfig
): Promise<T> {
const response: AxiosResponse<T> = await this.client.patch(
url,
data,
config
);
return response.data;
}
public async delete<T>(url: string, config?: AxiosRequestConfig): Promise<T> {
const response: AxiosResponse<T> = await this.client.delete(url, config);
return response.data;
}
}

38
src/api/endpoints/auth.ts Normal file
View File

@@ -0,0 +1,38 @@
import { ApiClient } from "../base";
import {
UniversalAuthLoginRequest,
UniversalAuthLoginResponse,
AwsIamAuthLoginRequest,
AwsIamAuthLoginResponse,
TokenRenewRequest,
TokenRenewResponse,
} from "../types";
export class AuthApi {
constructor(private apiClient: ApiClient) {}
async universalAuthLogin(
data: UniversalAuthLoginRequest
): Promise<UniversalAuthLoginResponse> {
return this.apiClient.post<UniversalAuthLoginResponse>(
"/api/v1/auth/universal-auth/login",
data
);
}
async awsIamAuthLogin(
data: AwsIamAuthLoginRequest
): Promise<AwsIamAuthLoginResponse> {
return this.apiClient.post<AwsIamAuthLoginResponse>(
"/api/v1/auth/aws-auth/login",
data
);
}
async renewToken(data: TokenRenewRequest): Promise<TokenRenewResponse> {
return this.apiClient.post<TokenRenewResponse>(
"/api/v1/auth/token/renew",
data
);
}
}

65
src/api/endpoints/dynamic-secrets.ts Normal file
View File

@@ -0,0 +1,65 @@
import { ApiClient } from "../base";
import {
CreateDynamicSecretRequest,
CreateDynamicSecretResponse,
DeleteDynamicSecretRequest,
DeleteDynamicSecretResponse,
CreateLeaseRequest,
CreateLeaseResponse,
DeleteLeaseRequest,
DeleteLeaseResponse,
RenewLeaseRequest,
RenewLeaseResponse,
} from "../types";
export class DynamicSecretsApi {
constructor(private apiClient: ApiClient) {}
async create(
data: CreateDynamicSecretRequest
): Promise<CreateDynamicSecretResponse> {
return this.apiClient.post<CreateDynamicSecretResponse>(
"/api/v1/dynamic-secrets",
data
);
}
async delete(
secretName: string,
data: DeleteDynamicSecretRequest
): Promise<DeleteDynamicSecretResponse> {
return this.apiClient.delete<DeleteDynamicSecretResponse>(
`/api/v1/dynamic-secrets/${encodeURIComponent(secretName)}`,
{ data }
);
}
leases = {
create: async (data: CreateLeaseRequest): Promise<CreateLeaseResponse> => {
return this.apiClient.post<CreateLeaseResponse>(
"/api/v1/dynamic-secrets/leases",
data
);
},
delete: async (
leaseId: string,
data: DeleteLeaseRequest
): Promise<DeleteLeaseResponse> => {
return this.apiClient.delete<DeleteLeaseResponse>(
`/api/v1/dynamic-secrets/leases/${leaseId}`,
{ data }
);
},
renew: async (
leaseId: string,
data: RenewLeaseRequest
): Promise<RenewLeaseResponse> => {
return this.apiClient.post<RenewLeaseResponse>(
`/api/v1/dynamic-secrets/leases/${leaseId}/renew`,
data
);
},
};
}

15
src/api/endpoints/environments.ts Normal file
View File

@@ -0,0 +1,15 @@
import { ApiClient } from "../base";
import { CreateEnvironmentRequest, CreateEnvironmentResponse } from "../types";
export class EnvironmentsApi {
constructor(private apiClient: ApiClient) {}
async create(
data: CreateEnvironmentRequest
): Promise<CreateEnvironmentResponse> {
return this.apiClient.post<CreateEnvironmentResponse>(
`/api/v1/workspace/${data.projectId}/environments`,
data
);
}
}

16
src/api/endpoints/folders.ts Normal file
View File

@@ -0,0 +1,16 @@
import { ApiClient } from "../base";
import { CreateFolderRequest, CreateFolderResponse, ListFoldersRequest, ListFoldersResponse } from "../types";
export class FoldersApi {
constructor(private apiClient: ApiClient) {}
async create(data: CreateFolderRequest): Promise<CreateFolderResponse> {
return this.apiClient.post<CreateFolderResponse>("/api/v1/folders", data);
}
async listFolders(queryParams: ListFoldersRequest): Promise<ListFoldersResponse> {
return this.apiClient.get<ListFoldersResponse>("/api/v1/folders", {
params: queryParams
});
}
}

27
src/api/endpoints/projects.ts Normal file
View File

@@ -0,0 +1,27 @@
import { ApiClient } from "../base";
import {
CreateProjectRequest,
CreateProjectResponse,
InviteMembersRequest,
InviteMembersResponse,
} from "../types";
export class ProjectsApi {
constructor(private apiClient: ApiClient) {}
async create(data: CreateProjectRequest): Promise<CreateProjectResponse> {
return this.apiClient.post<CreateProjectResponse>(
"/api/v2/workspace",
data
);
}
async inviteMembers(
data: InviteMembersRequest
): Promise<InviteMembersResponse> {
return this.apiClient.post<InviteMembersResponse>(
`/api/v2/workspace/${data.projectId}/memberships`,
data
);
}
}

61
src/api/endpoints/secrets.ts Normal file
View File

@@ -0,0 +1,61 @@
import { ApiClient } from "../base";
import {
ListSecretsRequest,
ListSecretsResponse,
GetSecretRequest,
GetSecretResponse,
CreateSecretRequest,
CreateSecretResponse,
UpdateSecretRequest,
UpdateSecretResponse,
DeleteSecretRequest,
DeleteSecretResponse,
} from "../types";
export class SecretsApi {
constructor(private apiClient: ApiClient) {}
async listSecrets(params: ListSecretsRequest): Promise<ListSecretsResponse> {
return this.apiClient.get<ListSecretsResponse>("/api/v3/secrets/raw", {
params,
});
}
async getSecret(params: GetSecretRequest): Promise<GetSecretResponse> {
const { secretName, ...queryParams } = params;
return this.apiClient.get<GetSecretResponse>(
`/api/v3/secrets/raw/${encodeURIComponent(secretName)}`,
{ params }
);
}
async createSecret(
secretName: string,
data: CreateSecretRequest
): Promise<CreateSecretResponse> {
return this.apiClient.post<CreateSecretResponse>(
`/api/v3/secrets/raw/${encodeURIComponent(secretName)}`,
data
);
}
async updateSecret(
secretName: string,
data: UpdateSecretRequest
): Promise<UpdateSecretResponse> {
return this.apiClient.patch<UpdateSecretResponse>(
`/api/v3/secrets/raw/${encodeURIComponent(secretName)}`,
data
);
}
async deleteSecret(
secretName: string,
data: DeleteSecretRequest
): Promise<DeleteSecretResponse> {
return this.apiClient.delete<DeleteSecretResponse>(
`/api/v3/secrets/raw/${encodeURIComponent(secretName)}`,
{ data }
);
}
}

30
src/api/types/auth.ts Normal file
View File

@@ -0,0 +1,30 @@
export interface UniversalAuthLoginRequest {
clientId: string;
clientSecret: string;
}
export interface UniversalAuthLoginResponse {
accessToken: string;
expiresIn: number;
}
export interface AwsIamAuthLoginRequest {
identityId: string;
iamHttpRequestMethod: string;
iamRequestBody: string;
iamRequestHeaders: string;
}
export interface AwsIamAuthLoginResponse {
accessToken: string;
expiresIn: number;
}
export interface TokenRenewRequest {
accessToken: string;
}
export interface TokenRenewResponse {
accessToken: string;
expiresIn: number;
}

129
src/api/types/dynamic-secrets.ts Normal file
View File

@@ -0,0 +1,129 @@
import { DynamicSecretProviders } from "../../custom/schemas";
import { TDynamicSecretProvider } from "../../custom/schemas";
export interface CreateDynamicSecretRequest {
provider: TDynamicSecretProvider;
defaultTTL: string;
maxTTL: string;
name: string;
projectSlug: string;
environmentSlug: string;
}
export interface DynamicSecret {
id: string;
name: string;
defaultTTL: string;
maxTTL: string;
provider: {
type: DynamicSecretProviders;
inputs: Record<string, any>;
};
createdAt: string;
updatedAt: string;
version: number;
type: string;
folderId: string;
status: string;
statusDetails: string;
projectGatewayId: string;
metadata: Record<string, any>;
}
export interface CreateDynamicSecretResponse {
dynamicSecret: DynamicSecret;
}
export interface DeleteDynamicSecretRequest {
environmentSlug: string;
projectSlug: string;
path?: string;
isForced?: boolean;
}
export interface DeleteDynamicSecretResponse {
dynamicSecret: DynamicSecret;
}
export interface CreateLeaseRequest {
dynamicSecretName: string;
environmentSlug: string;
projectSlug: string;
path?: string;
ttl?: string;
}
export interface Lease {
id: string;
dynamicSecretId: string;
data: Record<string, any>;
expiresAt: string;
createdAt: string;
updatedAt: string;
}
export interface CreateLeaseResponse {
lease: Lease;
}
export interface DeleteLeaseRequest {
environmentSlug: string;
projectSlug: string;
path?: string;
isForced?: boolean;
}
export interface DeleteLeaseResponse {
lease: Lease;
}
export interface RenewLeaseRequest {
environmentSlug: string;
projectSlug: string;
path?: string;
ttl?: string;
}
export interface RenewLeaseResponse {
lease: Lease;
}
export type CreateDynamicSecretOptions = {
provider: TDynamicSecretProvider;
defaultTTL: string;
maxTTL: string;
name: string;
projectSlug: string;
environmentSlug: string;
path?: string;
metadata?: Record<string, any>;
};
export type DeleteDynamicSecretOptions = {
environmentSlug: string;
projectSlug: string;
path?: string;
isForced?: boolean;
};
export type CreateDynamicSecretLeaseOptions = {
dynamicSecretName: string;
environmentSlug: string;
projectSlug: string;
path?: string;
ttl?: string;
};
export type DeleteDynamicSecretLeaseOptions = {
environmentSlug: string;
projectSlug: string;
path?: string;
isForced?: boolean;
};
export type RenewDynamicSecretLeaseOptions = {
environmentSlug: string;
projectSlug: string;
path?: string;
ttl?: string;
};

29
src/api/types/environments.ts Normal file
View File

@@ -0,0 +1,29 @@
export interface Environment {
id: string;
name: string;
slug: string;
position: number;
projectId: string;
createdAt: string;
updatedAt: string;
}
export interface CreateEnvironmentRequest {
name: string;
projectId: string;
slug: string;
position?: number;
}
export type CreateEnvironmentResponse = {
message: string;
workspace: string;
environment: Environment;
};
export type CreateEnvironmentOptions = {
name: string;
projectId: string;
slug: string;
position?: number;
};

52
src/api/types/folders.ts Normal file
View File

@@ -0,0 +1,52 @@
export interface Folder {
id: string;
name: string;
envId: string;
description?: string;
createdAt: string;
updatedAt: string;
parentId?: string;
isReserved?: boolean;
lastSecretModified?: string;
version?: number;
}
export interface CreateFolderRequest {
name: string;
path: string;
workspaceId: string;
environment: string;
description?: string;
}
export interface ListFoldersRequest {
environment: string;
workspaceId: string;
path?: string;
recursive?: boolean;
lastSecretModified?: string;
}
export interface CreateFolderResponse {
folder: Folder;
}
export interface ListFoldersResponse {
folders: Folder[];
}
export type CreateFolderOptions = {
name: string;
path: string;
projectId: string;
environment: string;
description?: string;
};
export type ListFoldersOptions = {
environment: string;
projectId: string;
path?: string;
recursive?: boolean;
lastSecretModified?: string;
};

26
src/api/types/index.ts Normal file
View File

@@ -0,0 +1,26 @@
import { Secret } from "./secrets";
export * from "./auth";
export * from "./secrets";
export * from "./dynamic-secrets";
export * from "./environments";
export * from "./projects";
export * from "./folders";
export interface ApiResponse<T> {
statusCode: number;
message: string;
data: T;
}
export interface CreateSecretResponse {
secret: Secret;
}
export interface UpdateSecretResponse {
secret: Secret;
}
export interface DeleteSecretResponse {
secret: Secret;
}

59
src/api/types/projects.ts Normal file
View File

@@ -0,0 +1,59 @@
export interface Project {
id: string;
name: string;
slug: string;
description?: string;
type: string;
createdAt: string;
updatedAt: string;
}
export interface CreateProjectRequest {
projectName: string;
type: string;
projectDescription?: string;
slug?: string;
template?: string;
kmsKeyId?: string;
}
export interface CreateProjectResponse {
project: Project;
}
export interface InviteMembersRequest {
projectId: string;
emails?: string[];
usernames?: string[];
roleSlugs?: string[];
}
export interface Membership {
id: string;
userId: string;
projectId: string;
role: string;
status: string;
createdAt: string;
updatedAt: string;
}
export interface InviteMembersResponse {
memberships: Membership[];
}
export type CreateProjectOptions = {
projectName: string;
type: string;
projectDescription?: string;
slug?: string;
template?: string;
kmsKeyId?: string;
};
export type InviteMemberToProjectOptions = {
projectId: string;
emails?: string[];
usernames?: string[];
roleSlugs?: string[];
};

158
src/api/types/secrets.ts Normal file
View File

@@ -0,0 +1,158 @@
export enum SecretType {
Shared = "shared",
Personal = "personal"
}
export interface Secret {
id: string;
workspaceId: string;
environment: string;
secretKey: string;
secretValue: string;
secretComment?: string;
secretPath?: string;
secretValueHidden: boolean;
secretReminderNote?: string;
secretReminderRepeatDays?: number;
skipMultilineEncoding?: boolean;
folderId?: string;
actor?: {
actorId?: string;
name?: string;
actorType?: string;
membershipId?: string;
}
isRotatedSecret: boolean;
rotationId?: string;
secretMetadata?: Record<string, any>;
type: SecretType;
createdAt: string;
updatedAt: string;
version: number;
tags: string[];
}
export interface ListSecretsRequest {
workspaceId: string;
environment: string;
expandSecretReferences?: string;
includeImports?: string;
recursive?: string;
secretPath?: string;
tagSlugs?: string;
viewSecretValue?: string;
}
export interface ListSecretsResponse {
secrets: Secret[];
imports?: Array<{
secretPath: string;
secrets: Secret[];
folderId?: string;
environment: string;
}>;
}
export interface GetSecretRequest {
secretName: string;
workspaceId: string;
environment: string;
expandSecretReferences?: string;
includeImports?: string;
secretPath?: string;
type?: SecretType;
version?: number;
viewSecretValue?: string;
}
export interface GetSecretResponse {
secret: Secret;
}
export interface CreateSecretRequest {
workspaceId: string;
environment: string;
secretValue: string;
secretComment?: string;
secretPath?: string;
secretReminderNote?: string;
secretReminderRepeatDays?: number;
skipMultilineEncoding?: boolean;
tagIds?: string[];
type?: SecretType;
}
export interface UpdateSecretRequest {
workspaceId: string;
environment: string;
secretValue?: string;
newSecretName?: string;
secretComment?: string;
secretPath?: string;
secretReminderNote?: string;
secretReminderRepeatDays?: number;
skipMultilineEncoding?: boolean;
tagIds?: string[];
type?: SecretType;
metadata?: Record<string, any>;
}
export interface DeleteSecretRequest {
workspaceId: string;
environment: string;
secretPath?: string;
type?: SecretType;
}
export type ListSecretsOptions = {
environment: string;
projectId: string;
expandSecretReferences?: boolean;
includeImports?: boolean;
recursive?: boolean;
secretPath?: string;
tagSlugs?: string[];
viewSecretValue?: boolean;
};
export type GetSecretOptions = {
environment: string;
secretName: string;
expandSecretReferences?: boolean;
includeImports?: boolean;
secretPath?: string;
type?: SecretType;
version?: number;
projectId: string;
viewSecretValue?: boolean;
};
export type BaseSecretOptions = {
environment: string;
projectId: string;
secretComment?: string;
secretPath?: string;
secretReminderNote?: string;
secretReminderRepeatDays?: number;
skipMultilineEncoding?: boolean;
tagIds?: string[];
type?: SecretType;
metadata?: Record<string, any>;
secretMetadata?: Record<string, any>[];
};
export type UpdateSecretOptions = {
secretValue?: string;
newSecretName?: string;
} & BaseSecretOptions;
export type CreateSecretOptions = {
secretValue: string;
} & BaseSecretOptions;
export type DeleteSecretOptions = {
environment: string;
projectId: string;
secretPath?: string;
type?: SecretType;
};

88
src/custom/auth.ts
View File

@@ -1,6 +1,6 @@
import { InfisicalSDK } from "..";
import { ApiV1AuthUniversalAuthLoginPostRequest } from "../infisicalapi_client";
import { DefaultApi as InfisicalApi } from "../infisicalapi_client";
import { AuthApi } from "../api/endpoints/auth";
import { UniversalAuthLoginRequest } from "../api/types";
import { MACHINE_IDENTITY_ID_ENV_NAME } from "./constants";
import { InfisicalSDKError, newInfisicalError } from "./errors";
import { getAwsRegion, performAwsIamLogin } from "./util";
@@ -11,94 +11,92 @@ type AwsAuthLoginOptions = {
identityId?: string;
};
export const renewToken = async (apiClient: InfisicalApi, token?: string) => {
export const renewToken = async (apiClient: AuthApi, token?: string) => {
try {
if (!token) {
throw new InfisicalSDKError("Unable to renew access token, no access token set. Are you sure you're authenticated?");
throw new InfisicalSDKError(
"Unable to renew access token, no access token set."
);
}
const res = await apiClient.apiV1AuthTokenRenewPost({
apiV1AuthTokenRenewPostRequest: {
accessToken: token
}
});
return res.data;
const res = await apiClient.renewToken({ accessToken: token });
return res;
} catch (err) {
throw newInfisicalError(err);
}
};
export default class AuthClient {
#sdkAuthenticator: AuthenticatorFunction;
#apiClient: InfisicalApi;
#accessToken?: string;
constructor(authenticator: AuthenticatorFunction, apiInstance: InfisicalApi, accessToken?: string) {
this.#sdkAuthenticator = authenticator;
this.#apiClient = apiInstance;
this.#accessToken = accessToken;
}
constructor(
private sdkAuthenticator: AuthenticatorFunction,
private apiClient: AuthApi,
private _accessToken?: string
) {}
awsIamAuth = {
login: async (options?: AwsAuthLoginOptions) => {
try {
const identityId = options?.identityId || process.env[MACHINE_IDENTITY_ID_ENV_NAME];
const identityId =
options?.identityId || process.env[MACHINE_IDENTITY_ID_ENV_NAME];
if (!identityId) {
throw new InfisicalSDKError("Identity ID is required for AWS IAM authentication");
throw new InfisicalSDKError(
"Identity ID is required for AWS IAM authentication"
);
}
const iamRequest = await performAwsIamLogin(await getAwsRegion());
const res = await this.#apiClient.apiV1AuthAwsAuthLoginPost({
apiV1AuthAwsAuthLoginPostRequest: {
const res = await this.apiClient.awsIamAuthLogin({
iamHttpRequestMethod: iamRequest.iamHttpRequestMethod,
iamRequestBody: Buffer.from(iamRequest.iamRequestBody).toString("base64"),
iamRequestHeaders: Buffer.from(JSON.stringify(iamRequest.iamRequestHeaders)).toString("base64"),
identityId
}
iamRequestBody: Buffer.from(iamRequest.iamRequestBody).toString(
"base64"
),
iamRequestHeaders: Buffer.from(
JSON.stringify(iamRequest.iamRequestHeaders)
).toString("base64"),
identityId,
});
return this.#sdkAuthenticator(res.data.accessToken);
return this.sdkAuthenticator(res.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
},
renew: async () => {
try {
const refreshedToken = await renewToken(this.#apiClient, this.#accessToken);
return this.#sdkAuthenticator(refreshedToken.accessToken);
const refreshedToken = await renewToken(
this.apiClient,
this._accessToken
);
return this.sdkAuthenticator(refreshedToken.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
}
},
};
universalAuth = {
login: async (options: ApiV1AuthUniversalAuthLoginPostRequest) => {
login: async (options: UniversalAuthLoginRequest) => {
try {
const res = await this.#apiClient.apiV1AuthUniversalAuthLoginPost({
apiV1AuthUniversalAuthLoginPostRequest: options
});
return this.#sdkAuthenticator(res.data.accessToken);
const res = await this.apiClient.universalAuthLogin(options);
return this.sdkAuthenticator(res.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
},
renew: async () => {
try {
const refreshedToken = await renewToken(this.#apiClient, this.#accessToken);
return this.#sdkAuthenticator(refreshedToken.accessToken);
const refreshedToken = await renewToken(
this.apiClient,
this._accessToken
);
return this.sdkAuthenticator(refreshedToken.accessToken);
} catch (err) {
throw newInfisicalError(err);
}
}
},
};
accessToken = (token: string) => {
return this.#sdkAuthenticator(token);
return this.sdkAuthenticator(token);
};
}

123
src/custom/dynamic-secrets.ts
View File

@@ -1,119 +1,64 @@
import { RawAxiosRequestConfig } from "axios";
import { Configuration, DefaultApi as InfisicalApi } from "../infisicalapi_client";
import type {
ApiV1DynamicSecretsGet200ResponseDynamicSecretsInner,
ApiV1DynamicSecretsLeasesLeaseIdDelete200Response,
ApiV1DynamicSecretsLeasesPost200Response,
DefaultApiApiV1DynamicSecretsLeasesLeaseIdDeleteRequest,
DefaultApiApiV1DynamicSecretsLeasesLeaseIdRenewPostRequest,
DefaultApiApiV1DynamicSecretsLeasesPostRequest,
DefaultApiApiV1DynamicSecretsNameDeleteRequest,
DefaultApiApiV1DynamicSecretsPostRequest
} from "../infisicalapi_client";
import type { TDynamicSecretProvider } from "./schemas/dynamic-secrets";
import { DynamicSecretsApi } from "../api/endpoints/dynamic-secrets";
import { TDynamicSecretProvider } from "./schemas/dynamic-secrets";
import { newInfisicalError } from "./errors";
export type CreateDynamicSecretOptions = Omit<DefaultApiApiV1DynamicSecretsPostRequest["apiV1DynamicSecretsPostRequest"], "provider"> & {
provider: TDynamicSecretProvider;
};
export type DeleteDynamicSecretOptions = DefaultApiApiV1DynamicSecretsNameDeleteRequest["apiV1DynamicSecretsNameDeleteRequest"];
export type CreateDynamicSecretLeaseOptions = DefaultApiApiV1DynamicSecretsLeasesPostRequest["apiV1DynamicSecretsLeasesPostRequest"];
export type DeleteDynamicSecretLeaseOptions =
DefaultApiApiV1DynamicSecretsLeasesLeaseIdDeleteRequest["apiV1DynamicSecretsLeasesLeaseIdDeleteRequest"];
export type RenewDynamicSecretLeaseOptions =
DefaultApiApiV1DynamicSecretsLeasesLeaseIdRenewPostRequest["apiV1DynamicSecretsLeasesLeaseIdRenewPostRequest"];
export type CreateDynamicSecretResult = ApiV1DynamicSecretsGet200ResponseDynamicSecretsInner;
export type DeleteDynamicSecretResult = ApiV1DynamicSecretsGet200ResponseDynamicSecretsInner;
export type CreateDynamicSecretLeaseResult = ApiV1DynamicSecretsLeasesPost200Response;
export type DeleteDynamicSecretLeaseResult = ApiV1DynamicSecretsLeasesLeaseIdDelete200Response;
export type RenewDynamicSecretLeaseResult = ApiV1DynamicSecretsLeasesLeaseIdDelete200Response;
import {
CreateDynamicSecretOptions,
DeleteDynamicSecretOptions,
CreateDynamicSecretLeaseOptions,
DeleteDynamicSecretLeaseOptions,
RenewDynamicSecretLeaseOptions,
} from "../api/types/dynamic-secrets";
export default class DynamicSecretsClient {
#apiInstance: InfisicalApi;
#requestOptions: RawAxiosRequestConfig | undefined;
constructor(apiInstance: InfisicalApi, requestOptions: RawAxiosRequestConfig | undefined) {
this.#apiInstance = apiInstance;
this.#requestOptions = requestOptions;
}
constructor(private apiClient: DynamicSecretsApi) {}
async create(options: CreateDynamicSecretOptions): Promise<CreateDynamicSecretResult> {
async create(options: CreateDynamicSecretOptions) {
try {
const res = await this.#apiInstance.apiV1DynamicSecretsPost(
{
apiV1DynamicSecretsPostRequest: options as DefaultApiApiV1DynamicSecretsPostRequest["apiV1DynamicSecretsPostRequest"]
},
this.#requestOptions
);
return res.data.dynamicSecret;
const res = await this.apiClient.create(options);
return res.dynamicSecret;
} catch (err) {
throw newInfisicalError(err);
}
}
async delete(dynamicSecretName: string, options: DeleteDynamicSecretOptions): Promise<DeleteDynamicSecretResult> {
async delete(dynamicSecretName: string, options: DeleteDynamicSecretOptions) {
try {
const res = await this.#apiInstance.apiV1DynamicSecretsNameDelete(
{
name: dynamicSecretName,
apiV1DynamicSecretsNameDeleteRequest: options
},
this.#requestOptions
);
return res.data.dynamicSecret;
const res = await this.apiClient.delete(dynamicSecretName, options);
return res.dynamicSecret;
} catch (err) {
throw newInfisicalError(err);
}
}
leases = {
create: async (options: CreateDynamicSecretLeaseOptions): Promise<CreateDynamicSecretLeaseResult> => {
create: async (options: CreateDynamicSecretLeaseOptions) => {
try {
const res = await this.#apiInstance.apiV1DynamicSecretsLeasesPost(
{
apiV1DynamicSecretsLeasesPostRequest: options
},
this.#requestOptions
);
return res.data;
} catch (err) {
throw newInfisicalError(err);
}
},
delete: async (leaseId: string, options: DeleteDynamicSecretLeaseOptions): Promise<DeleteDynamicSecretLeaseResult> => {
try {
const res = await this.#apiInstance.apiV1DynamicSecretsLeasesLeaseIdDelete(
{
leaseId: leaseId,
apiV1DynamicSecretsLeasesLeaseIdDeleteRequest: options
},
this.#requestOptions
);
return res.data;
const res = await this.apiClient.leases.create(options);
return res;
} catch (err) {
throw newInfisicalError(err);
}
},
renew: async (leaseId: string, options: RenewDynamicSecretLeaseOptions): Promise<RenewDynamicSecretLeaseResult> => {
delete: async (
leaseId: string,
options: DeleteDynamicSecretLeaseOptions
) => {
try {
const res = await this.#apiInstance.apiV1DynamicSecretsLeasesLeaseIdRenewPost(
{
leaseId: leaseId,
apiV1DynamicSecretsLeasesLeaseIdRenewPostRequest: options
},
this.#requestOptions
);
return res.data;
const res = await this.apiClient.leases.delete(leaseId, options);
return res;
} catch (err) {
throw newInfisicalError(err);
}
},
renew: async (leaseId: string, options: RenewDynamicSecretLeaseOptions) => {
try {
const res = await this.apiClient.leases.renew(leaseId, options);
return res;
} catch (err) {
throw newInfisicalError(err);
}
},
};
}

29
src/custom/environments.ts
View File

@@ -1,31 +1,14 @@
import { RawAxiosRequestConfig } from "axios";
import { DefaultApi as InfisicalApi } from "../infisicalapi_client";
import type { ApiV1WorkspaceWorkspaceIdEnvironmentsPostRequest, ApiV1WorkspaceWorkspaceIdEnvironmentsPost200Response } from "../infisicalapi_client";
import { EnvironmentsApi } from "../api/endpoints/environments";
import { newInfisicalError } from "./errors";
export type CreateEnvironmentOptions = {
projectId: string;
} & ApiV1WorkspaceWorkspaceIdEnvironmentsPostRequest;
export type CreateEnvironmentResult = ApiV1WorkspaceWorkspaceIdEnvironmentsPost200Response;
import { CreateEnvironmentOptions } from "../api/types/environments";
export default class EnvironmentsClient {
#apiInstance: InfisicalApi;
#requestOptions: RawAxiosRequestConfig | undefined;
constructor(apiInstance: InfisicalApi, requestOptions: RawAxiosRequestConfig | undefined) {
this.#apiInstance = apiInstance;
this.#requestOptions = requestOptions;
}
constructor(private apiClient: EnvironmentsApi) {}
create = async (options: CreateEnvironmentOptions): Promise<CreateEnvironmentResult["environment"]> => {
create = async (options: CreateEnvironmentOptions) => {
try {
const res = await this.#apiInstance.apiV1WorkspaceWorkspaceIdEnvironmentsPost(
{
workspaceId: options.projectId,
apiV1WorkspaceWorkspaceIdEnvironmentsPostRequest: options
},
this.#requestOptions
);
return res.data.environment;
const res = await this.apiClient.create(options);
return res.environment;
} catch (err) {
throw newInfisicalError(err);
}

15
src/custom/errors.ts
View File

@@ -1,10 +1,5 @@
import { AxiosError } from "axios";
import axios from "axios";
type TApiErrorResponse = {
statusCode: number;
message: string;
error: string;
};
export class InfisicalSDKError extends Error {
constructor(message: string) {
super(message);
@@ -29,19 +24,19 @@ export class InfisicalSDKRequestError extends Error {
}
export const newInfisicalError = (error: any) => {
if (error instanceof AxiosError) {
const data = error?.response?.data as TApiErrorResponse;
if (axios.isAxiosError(error)) {
const data = error?.response?.data;
if (data?.message) {
let message = data.message;
if (error.status === 422) {
if (error.response?.status === 422) {
message = JSON.stringify(data);
}
return new InfisicalSDKRequestError(message, {
url: error.response?.config.url || "",
method: error.response?.config.method || "",
statusCode: error.response?.status || 0
statusCode: error.response?.status || 0,
});
} else if (error.message) {
return new InfisicalSDKError(error.message);

50
src/custom/folders.ts
View File

@@ -1,33 +1,35 @@
import { RawAxiosRequestConfig } from "axios";
import { DefaultApi as InfisicalApi } from "../infisicalapi_client";
import type { ApiV1FoldersPostRequest, ApiV1FoldersPost200Response } from "../infisicalapi_client";
import { FoldersApi } from "../api/endpoints/folders";
import { newInfisicalError } from "./errors";
export type CreateFolderOptions = {
projectId: string;
} & Omit<ApiV1FoldersPostRequest, "workspaceId" | "directory">;
export type CreateFolderResult = ApiV1FoldersPost200Response;
import { CreateFolderOptions, ListFoldersOptions } from "../api/types/folders";
export default class FoldersClient {
#apiInstance: InfisicalApi;
#requestOptions: RawAxiosRequestConfig | undefined;
constructor(apiInstance: InfisicalApi, requestOptions: RawAxiosRequestConfig | undefined) {
this.#apiInstance = apiInstance;
this.#requestOptions = requestOptions;
}
constructor(private apiClient: FoldersApi) {}
create = async (options: CreateFolderOptions): Promise<CreateFolderResult["folder"]> => {
create = async (options: CreateFolderOptions) => {
try {
const res = await this.#apiInstance.apiV1FoldersPost(
{
apiV1FoldersPostRequest: {
...options,
workspaceId: options.projectId
const res = await this.apiClient.create({
name: options.name,
path: options.path,
workspaceId: options.projectId,
environment: options.environment,
description: options.description,
});
return res.folder;
} catch (err) {
throw newInfisicalError(err);
}
},
this.#requestOptions
);
return res.data.folder;
};
listFolders = async (options: ListFoldersOptions) => {
try {
const res = await this.apiClient.listFolders({
environment: options.environment,
workspaceId: options.projectId,
path: options.path,
recursive: options.recursive,
lastSecretModified: options.lastSecretModified,
});
return res.folders;
} catch (err) {
throw newInfisicalError(err);
}

45
src/custom/projects.ts
View File

@@ -1,54 +1,27 @@
import { RawAxiosRequestConfig } from "axios";
import { DefaultApi as InfisicalApi } from "../infisicalapi_client";
import type {
ApiV2WorkspacePost200Response,
ApiV2WorkspacePostRequest,
ApiV2WorkspaceProjectIdMembershipsPost200Response,
ApiV2WorkspaceProjectIdMembershipsPostRequest
} from "../infisicalapi_client";
import { ProjectsApi } from "../api/endpoints/projects";
import { newInfisicalError } from "./errors";
import { CreateProjectOptions, InviteMemberToProjectOptions } from "../api/types/projects";
export type CreateProjectOptions = ApiV2WorkspacePostRequest;
export type CreateProjectResult = ApiV2WorkspacePost200Response;
export type InviteMemberToProjectOptions = { projectId: string } & ApiV2WorkspaceProjectIdMembershipsPostRequest;
export type InviteMemberToProjectResult = ApiV2WorkspaceProjectIdMembershipsPost200Response;
export default class ProjectsClient {
#apiInstance: InfisicalApi;
#requestOptions: RawAxiosRequestConfig | undefined;
constructor(apiInstance: InfisicalApi, requestOptions: RawAxiosRequestConfig | undefined) {
this.#apiInstance = apiInstance;
this.#requestOptions = requestOptions;
}
constructor(private apiClient: ProjectsApi) {}
create = async (options: CreateProjectOptions): Promise<CreateProjectResult["project"]> => {
create = async (options: CreateProjectOptions) => {
try {
const res = await this.#apiInstance.apiV2WorkspacePost(
{
apiV2WorkspacePostRequest: options
},
this.#requestOptions
);
return res.data.project;
const res = await this.apiClient.create(options);
return res.project;
} catch (err) {
throw newInfisicalError(err);
}
};
inviteMembers = async (options: InviteMemberToProjectOptions): Promise<InviteMemberToProjectResult["memberships"]> => {
inviteMembers = async (options: InviteMemberToProjectOptions) => {
try {
if (!options.usernames?.length && !options.emails?.length) {
throw new Error("Either usernames or emails must be provided");
}
const res = await this.#apiInstance.apiV2WorkspaceProjectIdMembershipsPost(
{
projectId: options.projectId,
apiV2WorkspaceProjectIdMembershipsPostRequest: options
},
this.#requestOptions
);
return res.data.memberships;
const res = await this.apiClient.inviteMembers(options);
return res.memberships;
} catch (err) {
throw newInfisicalError(err);
}

207
src/custom/schemas/dynamic-secrets.ts
View File

@@ -5,30 +5,45 @@ export enum SqlProviders {
MySQL = "mysql2",
Oracle = "oracledb",
MsSQL = "mssql",
SapAse = "sap-ase"
SapAse = "sap-ase",
}
export enum ElasticSearchAuthTypes {
User = "user",
ApiKey = "api-key"
ApiKey = "api-key",
}
export enum LdapCredentialType {
Dynamic = "dynamic",
Static = "static"
Static = "static",
}
export enum TotpConfigType {
URL = "url",
MANUAL = "manual"
MANUAL = "manual",
}
export enum TotpAlgorithm {
SHA1 = "sha1",
SHA256 = "sha256",
SHA512 = "sha512"
SHA512 = "sha512",
}
const passwordRequirementsSchema = z.object({
length: z
.number()
.min(1, { message: "Password length must be at least 1" })
.max(250, { message: "Password length must be at most 250" }),
required: z.object({
minUppercase: z.number().min(0).optional(),
minLowercase: z.number().min(0).optional(),
minDigits: z.number().min(0).optional(),
minSymbols: z.number().min(0).optional(),
}),
allowedSymbols: z.string().optional(),
});
const DynamicSecretRedisDBSchema = z.object({
host: z.string().trim().toLowerCase(),
port: z.number(),
@@ -37,7 +52,7 @@ const DynamicSecretRedisDBSchema = z.object({
creationStatement: z.string().trim(),
revocationStatement: z.string().trim(),
renewStatement: z.string().trim().optional(),
ca: z.string().optional()
ca: z.string().optional(),
});
const DynamicSecretAwsElastiCacheSchema = z.object({
@@ -48,7 +63,7 @@ const DynamicSecretAwsElastiCacheSchema = z.object({
region: z.string().trim(),
creationStatement: z.string().trim(),
revocationStatement: z.string().trim(),
ca: z.string().optional()
ca: z.string().optional(),
});
const DynamicSecretElasticSearchSchema = z.object({
@@ -61,16 +76,16 @@ const DynamicSecretElasticSearchSchema = z.object({
z.object({
type: z.literal(ElasticSearchAuthTypes.User),
username: z.string().trim(),
password: z.string().trim()
password: z.string().trim(),
}),
z.object({
type: z.literal(ElasticSearchAuthTypes.ApiKey),
apiKey: z.string().trim(),
apiKeyId: z.string().trim()
})
apiKeyId: z.string().trim(),
}),
]),
ca: z.string().optional()
ca: z.string().optional(),
});
const DynamicSecretRabbitMqSchema = z.object({
@@ -88,9 +103,9 @@ const DynamicSecretRabbitMqSchema = z.object({
permissions: z.object({
read: z.string().trim().min(1),
write: z.string().trim().min(1),
configure: z.string().trim().min(1)
})
})
configure: z.string().trim().min(1),
}),
}),
});
const DynamicSecretSqlDBSchema = z.object({
@@ -103,7 +118,8 @@ const DynamicSecretSqlDBSchema = z.object({
creationStatement: z.string().trim(),
revocationStatement: z.string().trim(),
renewStatement: z.string().trim().optional(),
ca: z.string().optional()
ca: z.string().optional(),
passwordRequirements: passwordRequirementsSchema.optional(),
});
const DynamicSecretCassandraSchema = z.object({
@@ -116,7 +132,7 @@ const DynamicSecretCassandraSchema = z.object({
creationStatement: z.string().trim(),
revocationStatement: z.string().trim(),
renewStatement: z.string().trim().optional(),
ca: z.string().optional()
ca: z.string().optional(),
});
const DynamicSecretSapAseSchema = z.object({
@@ -126,7 +142,7 @@ const DynamicSecretSapAseSchema = z.object({
username: z.string().trim(),
password: z.string().trim(),
creationStatement: z.string().trim(),
revocationStatement: z.string().trim()
revocationStatement: z.string().trim(),
});
const DynamicSecretAwsIamSchema = z.object({
@@ -137,23 +153,43 @@ const DynamicSecretAwsIamSchema = z.object({
permissionBoundaryPolicyArn: z.string().trim().optional(),
policyDocument: z.string().trim().optional(),
userGroups: z.string().trim().optional(),
policyArns: z.string().trim().optional()
policyArns: z.string().trim().optional(),
});
const DynamicSecretMongoAtlasSchema = z.object({
adminPublicKey: z.string().trim().min(1).describe("Admin user public api key"),
adminPrivateKey: z.string().trim().min(1).describe("Admin user private api key"),
groupId: z.string().trim().min(1).describe("Unique 24-hexadecimal digit string that identifies your project. This is same as project id"),
adminPublicKey: z
.string()
.trim()
.min(1)
.describe("Admin user public api key"),
adminPrivateKey: z
.string()
.trim()
.min(1)
.describe("Admin user private api key"),
groupId: z
.string()
.trim()
.min(1)
.describe(
"Unique 24-hexadecimal digit string that identifies your project. This is same as project id"
),
roles: z
.object({
collectionName: z.string().optional().describe("Collection on which this role applies."),
databaseName: z.string().min(1).describe("Database to which the user is granted access privileges."),
collectionName: z
.string()
.optional()
.describe("Collection on which this role applies."),
databaseName: z
.string()
.min(1)
.describe("Database to which the user is granted access privileges."),
roleName: z
.string()
.min(1)
.describe(
' Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.'
)
),
})
.array()
.min(1),
@@ -162,10 +198,17 @@ const DynamicSecretMongoAtlasSchema = z.object({
name: z
.string()
.min(1)
.describe("Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access."),
type: z.string().min(1).describe("Category of resource that this database user can access. Enum: CLUSTER, DATA_LAKE, STREAM")
.describe(
"Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access."
),
type: z
.string()
.min(1)
.describe(
"Category of resource that this database user can access. Enum: CLUSTER, DATA_LAKE, STREAM"
),
})
.array()
.array(),
});
const DynamicSecretMongoDBSchema = z.object({
@@ -181,7 +224,7 @@ const DynamicSecretMongoDBSchema = z.object({
.min(1)
.describe(
'Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.'
)
),
});
const DynamicSecretSapHanaSchema = z.object({
@@ -192,7 +235,7 @@ const DynamicSecretSapHanaSchema = z.object({
creationStatement: z.string().trim(),
revocationStatement: z.string().trim(),
renewStatement: z.string().trim().optional(),
ca: z.string().optional()
ca: z.string().optional(),
});
const DynamicSecretSnowflakeSchema = z.object({
@@ -202,7 +245,7 @@ const DynamicSecretSnowflakeSchema = z.object({
password: z.string().trim().min(1),
creationStatement: z.string().trim().min(1),
revocationStatement: z.string().trim().min(1),
renewStatement: z.string().trim().optional()
renewStatement: z.string().trim().optional(),
});
const AzureEntraIDSchema = z.object({
@@ -210,7 +253,7 @@ const AzureEntraIDSchema = z.object({
userId: z.string().trim().min(1),
email: z.string().trim().min(1),
applicationId: z.string().trim().min(1),
clientSecret: z.string().trim().min(1)
clientSecret: z.string().trim().min(1),
});
const LdapSchema = z.union([
@@ -219,10 +262,13 @@ const LdapSchema = z.union([
binddn: z.string().trim().min(1),
bindpass: z.string().trim().min(1),
ca: z.string().optional(),
credentialType: z.literal(LdapCredentialType.Dynamic).optional().default(LdapCredentialType.Dynamic),
credentialType: z
.literal(LdapCredentialType.Dynamic)
.optional()
.default(LdapCredentialType.Dynamic),
creationLdif: z.string().min(1),
revocationLdif: z.string().min(1),
rollbackLdif: z.string().optional()
rollbackLdif: z.string().optional(),
}),
z.object({
url: z.string().trim().min(1),
@@ -230,8 +276,8 @@ const LdapSchema = z.union([
bindpass: z.string().trim().min(1),
ca: z.string().optional(),
credentialType: z.literal(LdapCredentialType.Static),
rotationLdif: z.string().min(1)
})
rotationLdif: z.string().min(1),
}),
]);
const DynamicSecretTotpSchema = z.discriminatedUnion("configType", [
@@ -242,12 +288,12 @@ const DynamicSecretTotpSchema = z.discriminatedUnion("configType", [
.url()
.trim()
.min(1)
.refine(val => {
.refine((val) => {
const urlObj = new URL(val);
const secret = urlObj.searchParams.get("secret");
return Boolean(secret);
}, "OTP URL must contain secret field")
}, "OTP URL must contain secret field"),
}),
z.object({
configType: z.literal(TotpConfigType.MANUAL),
@@ -255,11 +301,11 @@ const DynamicSecretTotpSchema = z.discriminatedUnion("configType", [
.string()
.trim()
.min(1)
.transform(val => val.replace(/\s+/g, "")),
.transform((val) => val.replace(/\s+/g, "")),
period: z.number().optional(),
algorithm: z.nativeEnum(TotpAlgorithm).optional(),
digits: z.number().optional()
})
digits: z.number().optional(),
}),
]);
export enum DynamicSecretProviders {
@@ -277,25 +323,72 @@ export enum DynamicSecretProviders {
SapHana = "sap-hana",
Snowflake = "snowflake",
Totp = "totp",
SapAse = "sap-ase"
SapAse = "sap-ase",
}
const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
z.object({ type: z.literal(DynamicSecretProviders.SqlDatabase), inputs: DynamicSecretSqlDBSchema }),
z.object({ type: z.literal(DynamicSecretProviders.Cassandra), inputs: DynamicSecretCassandraSchema }),
z.object({ type: z.literal(DynamicSecretProviders.SapAse), inputs: DynamicSecretSapAseSchema }),
z.object({ type: z.literal(DynamicSecretProviders.AwsIam), inputs: DynamicSecretAwsIamSchema }),
z.object({ type: z.literal(DynamicSecretProviders.Redis), inputs: DynamicSecretRedisDBSchema }),
z.object({ type: z.literal(DynamicSecretProviders.SapHana), inputs: DynamicSecretSapHanaSchema }),
z.object({ type: z.literal(DynamicSecretProviders.AwsElastiCache), inputs: DynamicSecretAwsElastiCacheSchema }),
z.object({ type: z.literal(DynamicSecretProviders.MongoAtlas), inputs: DynamicSecretMongoAtlasSchema }),
z.object({ type: z.literal(DynamicSecretProviders.ElasticSearch), inputs: DynamicSecretElasticSearchSchema }),
z.object({ type: z.literal(DynamicSecretProviders.MongoDB), inputs: DynamicSecretMongoDBSchema }),
z.object({ type: z.literal(DynamicSecretProviders.RabbitMq), inputs: DynamicSecretRabbitMqSchema }),
z.object({ type: z.literal(DynamicSecretProviders.AzureEntraID), inputs: AzureEntraIDSchema }),
z.object({ type: z.literal(DynamicSecretProviders.Ldap), inputs: LdapSchema }),
z.object({ type: z.literal(DynamicSecretProviders.Snowflake), inputs: DynamicSecretSnowflakeSchema }),
z.object({ type: z.literal(DynamicSecretProviders.Totp), inputs: DynamicSecretTotpSchema })
z.object({
type: z.literal(DynamicSecretProviders.SqlDatabase),
inputs: DynamicSecretSqlDBSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.Cassandra),
inputs: DynamicSecretCassandraSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.SapAse),
inputs: DynamicSecretSapAseSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.AwsIam),
inputs: DynamicSecretAwsIamSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.Redis),
inputs: DynamicSecretRedisDBSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.SapHana),
inputs: DynamicSecretSapHanaSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.AwsElastiCache),
inputs: DynamicSecretAwsElastiCacheSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.MongoAtlas),
inputs: DynamicSecretMongoAtlasSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.ElasticSearch),
inputs: DynamicSecretElasticSearchSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.MongoDB),
inputs: DynamicSecretMongoDBSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.RabbitMq),
inputs: DynamicSecretRabbitMqSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.AzureEntraID),
inputs: AzureEntraIDSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.Ldap),
inputs: LdapSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.Snowflake),
inputs: DynamicSecretSnowflakeSchema,
}),
z.object({
type: z.literal(DynamicSecretProviders.Totp),
inputs: DynamicSecretTotpSchema,
}),
]);
export type TDynamicSecretProvider = z.infer<typeof DynamicSecretProviderSchema>;
export type TDynamicSecretProvider = z.infer<
typeof DynamicSecretProviderSchema
>;

201
src/custom/secrets.ts
View File

@@ -1,58 +1,6 @@
import { RawAxiosRequestConfig } from "axios";
import { DefaultApi as InfisicalApi } from "../infisicalapi_client";
import type {
ApiV3SecretsRawGet200Response,
ApiV3SecretsRawSecretNameGet200Response,
ApiV3SecretsRawSecretNamePost200Response,
DefaultApiApiV3SecretsRawSecretNameDeleteRequest,
DefaultApiApiV3SecretsRawSecretNamePatchRequest,
DefaultApiApiV3SecretsRawSecretNamePostRequest
} from "../infisicalapi_client";
import { SecretsApi } from "../api/endpoints/secrets";
import { newInfisicalError } from "./errors";
import { getUniqueSecretsByKey } from "./util";
type SecretType = "shared" | "personal";
type ListSecretsOptions = {
environment: string;
projectId: string;
expandSecretReferences?: boolean;
includeImports?: boolean;
recursive?: boolean;
secretPath?: string;
tagSlugs?: string[];
viewSecretValue?: boolean;
};
type GetSecretOptions = {
environment: string;
secretName: string;
expandSecretReferences?: boolean;
includeImports?: boolean;
secretPath?: string;
type?: SecretType;
version?: number;
projectId: string;
viewSecretValue?: boolean;
};
export type UpdateSecretOptions = Omit<DefaultApiApiV3SecretsRawSecretNamePatchRequest["apiV3SecretsRawSecretNamePatchRequest"], "workspaceId"> & {
projectId: string;
};
export type CreateSecretOptions = Omit<DefaultApiApiV3SecretsRawSecretNamePostRequest["apiV3SecretsRawSecretNamePostRequest"], "workspaceId"> & {
projectId: string;
};
export type DeleteSecretOptions = Omit<DefaultApiApiV3SecretsRawSecretNameDeleteRequest["apiV3SecretsRawSecretNameDeleteRequest"], "workspaceId"> & {
projectId: string;
};
export type ListSecretsResult = ApiV3SecretsRawGet200Response;
export type GetSecretResult = ApiV3SecretsRawSecretNameGet200Response["secret"];
export type UpdateSecretResult = ApiV3SecretsRawSecretNamePost200Response;
export type CreateSecretResult = ApiV3SecretsRawSecretNamePost200Response;
export type DeleteSecretResult = ApiV3SecretsRawSecretNamePost200Response;
import { ListSecretsOptions, GetSecretOptions, UpdateSecretOptions, CreateSecretOptions, DeleteSecretOptions } from "../api/types/secrets";
const convertBool = (value?: boolean) => (value ? "true" : "false");
@@ -64,46 +12,37 @@ const defaultBoolean = (value?: boolean, defaultValue: boolean = false) => {
};
export default class SecretsClient {
#apiInstance: InfisicalApi;
#requestOptions: RawAxiosRequestConfig | undefined;
constructor(apiInstance: InfisicalApi, requestOptions: RawAxiosRequestConfig | undefined) {
this.#apiInstance = apiInstance;
this.#requestOptions = requestOptions;
}
constructor(private apiClient: SecretsApi) {}
listSecrets = async (options: ListSecretsOptions): Promise<ListSecretsResult> => {
listSecrets = async (options: ListSecretsOptions) => {
try {
const res = await this.#apiInstance.apiV3SecretsRawGet(
{
viewSecretValue: convertBool(options.viewSecretValue ?? true),
environment: options.environment,
return await this.apiClient.listSecrets({
workspaceId: options.projectId,
expandSecretReferences: convertBool(defaultBoolean(options.expandSecretReferences, true)),
environment: options.environment,
expandSecretReferences: convertBool(
defaultBoolean(options.expandSecretReferences, true)
),
includeImports: convertBool(options.includeImports),
recursive: convertBool(options.recursive),
secretPath: options.secretPath,
tagSlugs: options.tagSlugs ? options.tagSlugs.join(",") : undefined
},
this.#requestOptions
);
return res.data;
tagSlugs: options.tagSlugs ? options.tagSlugs.join(",") : undefined,
viewSecretValue: convertBool(options.viewSecretValue ?? true),
});
} catch (err) {
throw newInfisicalError(err);
}
};
listSecretsWithImports = async (options: Omit<ListSecretsOptions, "includeImports">): Promise<ListSecretsResult["secrets"]> => {
listSecretsWithImports = async (
options: Omit<ListSecretsOptions, "includeImports">
) => {
const res = await this.listSecrets({
...options,
includeImports: true
includeImports: true,
});
let { imports, secrets } = res;
if (imports) {
if (options.recursive) {
secrets = getUniqueSecretsByKey(secrets);
}
for (const imp of imports) {
for (const importedSecret of imp.secrets) {
// CASE: We need to ensure that the imported values don't override the "base" secrets.
@@ -111,14 +50,13 @@ export default class SecretsClient {
// Local/Preset variables -> Actual secrets -> Imported secrets (high->low)
// Check if the secret already exists in the secrets list
if (!secrets.find(s => s.secretKey === importedSecret.secretKey)) {
if (!secrets.find((s) => s.secretKey === importedSecret.secretKey)) {
secrets.push({
...importedSecret,
secretPath: imp.secretPath,
// These fields are not returned by the API
updatedAt: new Date().toISOString(),
createdAt: new Date().toISOString(),
tags: []
updatedAt: new Date().toISOString(),
tags: [],
});
}
}
@@ -128,86 +66,75 @@ export default class SecretsClient {
return secrets;
};
getSecret = async (options: GetSecretOptions): Promise<GetSecretResult> => {
getSecret = async (options: GetSecretOptions) => {
try {
const res = await this.#apiInstance.apiV3SecretsRawSecretNameGet(
{
viewSecretValue: convertBool(options.viewSecretValue ?? true),
environment: options.environment,
const res = await this.apiClient.getSecret({
secretName: options.secretName,
workspaceId: options.projectId,
expandSecretReferences: convertBool(defaultBoolean(options.expandSecretReferences, true)),
environment: options.environment,
expandSecretReferences: convertBool(
defaultBoolean(options.expandSecretReferences, true)
),
includeImports: convertBool(options.includeImports),
secretPath: options.secretPath,
type: options.type,
version: options.version
},
this.#requestOptions
);
return res.data.secret;
version: options.version,
viewSecretValue: convertBool(options.viewSecretValue ?? true),
});
return res.secret;
} catch (err) {
throw newInfisicalError(err);
}
};
updateSecret = async (
secretName: DefaultApiApiV3SecretsRawSecretNamePatchRequest["secretName"],
options: UpdateSecretOptions
): Promise<UpdateSecretResult> => {
updateSecret = async (secretName: string, options: UpdateSecretOptions) => {
try {
const res = await this.#apiInstance.apiV3SecretsRawSecretNamePatch(
{
secretName,
apiV3SecretsRawSecretNamePatchRequest: {
...options,
workspaceId: options.projectId
}
},
this.#requestOptions
);
return res.data;
return await this.apiClient.updateSecret(secretName, {
workspaceId: options.projectId,
environment: options.environment,
secretValue: options.secretValue,
newSecretName: options.newSecretName,
secretComment: options.secretComment,
secretPath: options.secretPath,
secretReminderNote: options.secretReminderNote,
secretReminderRepeatDays: options.secretReminderRepeatDays,
skipMultilineEncoding: options.skipMultilineEncoding,
tagIds: options.tagIds,
type: options.type,
metadata: options.metadata,
});
} catch (err) {
throw newInfisicalError(err);
}
};
createSecret = async (
secretName: DefaultApiApiV3SecretsRawSecretNamePostRequest["secretName"],
options: CreateSecretOptions
): Promise<CreateSecretResult> => {
createSecret = async (secretName: string, options: CreateSecretOptions) => {
try {
const res = await this.#apiInstance.apiV3SecretsRawSecretNamePost(
{
secretName,
apiV3SecretsRawSecretNamePostRequest: {
...options,
workspaceId: options.projectId
}
},
this.#requestOptions
);
return res.data;
return await this.apiClient.createSecret(secretName, {
workspaceId: options.projectId,
environment: options.environment,
secretValue: options.secretValue,
secretComment: options.secretComment,
secretPath: options.secretPath,
secretReminderNote: options.secretReminderNote,
secretReminderRepeatDays: options.secretReminderRepeatDays,
skipMultilineEncoding: options.skipMultilineEncoding,
tagIds: options.tagIds,
type: options.type,
});
} catch (err) {
throw newInfisicalError(err);
}
};
deleteSecret = async (
secretName: DefaultApiApiV3SecretsRawSecretNameDeleteRequest["secretName"],
options: DeleteSecretOptions
): Promise<DeleteSecretResult> => {
deleteSecret = async (secretName: string, options: DeleteSecretOptions) => {
try {
const res = await this.#apiInstance.apiV3SecretsRawSecretNameDelete(
{
secretName,
apiV3SecretsRawSecretNameDeleteRequest: {
...options,
workspaceId: options.projectId
}
},
this.#requestOptions
);
return res.data;
return await this.apiClient.deleteSecret(secretName, {
workspaceId: options.projectId,
environment: options.environment,
secretPath: options.secretPath,
type: options.type,
});
} catch (err) {
throw newInfisicalError(err);
}

4
src/custom/util.ts
View File

@@ -2,9 +2,7 @@ import axios from "axios";
import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants";
import AWS from "aws-sdk";
import { InfisicalSDKError } from "./errors";
import { ApiV3SecretsRawGet200Response } from "../infisicalapi_client";
type Secret = ApiV3SecretsRawGet200Response["secrets"][number];
import { Secret } from "../api/types";
export const getUniqueSecretsByKey = (secrets: Secret[]) => {
const secretMap = new Map<string, Secret>();

185
src/index.ts
View File

@@ -1,141 +1,100 @@
import { Configuration, DefaultApi as InfisicalApi } from "./infisicalapi_client";
import { DefaultApiApiV1DynamicSecretsLeasesPostRequest } from "./infisicalapi_client";
import { ApiClient } from "./api/base";
import { AuthApi } from "./api/endpoints/auth";
import { SecretsApi } from "./api/endpoints/secrets";
import { DynamicSecretsApi } from "./api/endpoints/dynamic-secrets";
import { EnvironmentsApi } from "./api/endpoints/environments";
import { ProjectsApi } from "./api/endpoints/projects";
import { FoldersApi } from "./api/endpoints/folders";
import SecretsClient from "./custom/secrets";
import AuthClient from "./custom/auth";
import axios, { AxiosError, AxiosInstance, RawAxiosRequestConfig } from "axios";
import DynamicSecretsClient from "./custom/dynamic-secrets";
import * as ApiClient from "./infisicalapi_client";
import EnvironmentsClient from "./custom/environments";
import ProjectsClient from "./custom/projects";
import FoldersClient from "./custom/folders";
declare module "axios" {
interface AxiosRequestConfig {
_retryCount?: number;
}
}
const buildRestClient = (apiClient: InfisicalApi, requestOptions?: RawAxiosRequestConfig) => {
return {
// Add more as we go
apiV1DynamicSecretsLeasesPost: (options: DefaultApiApiV1DynamicSecretsLeasesPostRequest) =>
apiClient.apiV1DynamicSecretsLeasesPost(options, requestOptions)
};
};
const setupAxiosRetry = () => {
const axiosInstance = axios.create();
const maxRetries = 4;
const initialRetryDelay = 1000;
const backoffFactor = 2;
axiosInstance.interceptors.response.use(null, (error: AxiosError) => {
const config = error?.config;
if (!config) {
return Promise.reject(error);
}
if (!config._retryCount) config._retryCount = 0;
// handle rate limits and network errors
if ((error.response?.status === 429 || error.response?.status === undefined) && config && config._retryCount! < maxRetries) {
config._retryCount!++;
const baseDelay = initialRetryDelay * Math.pow(backoffFactor, config._retryCount! - 1);
const jitter = baseDelay * 0.2; // 20% +/- jitter
const exponentialDelay = baseDelay + (Math.random() * 2 - 1) * jitter;
return new Promise(resolve => {
setTimeout(() => {
resolve(axiosInstance(config));
}, exponentialDelay);
});
}
return Promise.reject(error);
});
return axiosInstance;
};
// We need to do bind(this) because the authenticate method is a private method, and usually you can't call private methods from outside the class.
type InfisicalSDKOptions = {
siteUrl?: string;
};
class InfisicalSDK {
#apiInstance: InfisicalApi;
private apiClient: ApiClient;
#requestOptions: RawAxiosRequestConfig | undefined;
#secretsClient: SecretsClient;
#dynamicSecretsClient: DynamicSecretsClient;
#environmentsClient: EnvironmentsClient;
#projectsClient: ProjectsClient;
#foldersClient: FoldersClient;
#authClient: AuthClient;
#basePath: string;
axiosInstance: AxiosInstance;
// API instances
private authApi: AuthApi;
private secretsApi: SecretsApi;
private dynamicSecretsApi: DynamicSecretsApi;
private environmentsApi: EnvironmentsApi;
private projectsApi: ProjectsApi;
private foldersApi: FoldersApi;
// Domain clients
private authClient: AuthClient;
private secretsClient: SecretsClient;
private dynamicSecretsClient: DynamicSecretsClient;
private environmentsClient: EnvironmentsClient;
private projectsClient: ProjectsClient;
private foldersClient: FoldersClient;
constructor(options?: InfisicalSDKOptions) {
this.#basePath = options?.siteUrl || "https://app.infisical.com";
this.axiosInstance = setupAxiosRetry();
const baseURL = options?.siteUrl || "https://app.infisical.com";
this.#apiInstance = new InfisicalApi(
new Configuration({
basePath: this.#basePath
}),
undefined,
this.axiosInstance
// Initialize the base API client
this.apiClient = new ApiClient({ baseURL });
// Initialize API service instances
this.authApi = new AuthApi(this.apiClient);
this.secretsApi = new SecretsApi(this.apiClient);
this.dynamicSecretsApi = new DynamicSecretsApi(this.apiClient);
this.environmentsApi = new EnvironmentsApi(this.apiClient);
this.projectsApi = new ProjectsApi(this.apiClient);
this.foldersApi = new FoldersApi(this.apiClient);
// Initialize domain clients
this.authClient = new AuthClient(
this.authenticate.bind(this),
this.authApi
);
this.#authClient = new AuthClient(this.authenticate.bind(this), this.#apiInstance);
this.#dynamicSecretsClient = new DynamicSecretsClient(this.#apiInstance, this.#requestOptions);
this.#secretsClient = new SecretsClient(this.#apiInstance, this.#requestOptions);
this.#environmentsClient = new EnvironmentsClient(this.#apiInstance, this.#requestOptions);
this.#projectsClient = new ProjectsClient(this.#apiInstance, this.#requestOptions);
this.#foldersClient = new FoldersClient(this.#apiInstance, this.#requestOptions);
this.rest = () => buildRestClient(this.#apiInstance, this.#requestOptions);
this.secretsClient = new SecretsClient(this.secretsApi);
this.dynamicSecretsClient = new DynamicSecretsClient(
this.dynamicSecretsApi
);
this.environmentsClient = new EnvironmentsClient(this.environmentsApi);
this.projectsClient = new ProjectsClient(this.projectsApi);
this.foldersClient = new FoldersClient(this.foldersApi);
}
private authenticate(accessToken: string) {
this.#apiInstance = new InfisicalApi(
new Configuration({
basePath: this.#basePath,
// Set the token on the API client
this.apiClient.setAccessToken(accessToken);
// Reinitialize the auth client with the token
this.authClient = new AuthClient(
this.authenticate.bind(this),
this.authApi,
accessToken
}),
undefined,
this.axiosInstance
);
this.#requestOptions = {
headers: {
Authorization: `Bearer ${accessToken}`
}
};
this.rest = () => buildRestClient(this.#apiInstance, this.#requestOptions);
this.#secretsClient = new SecretsClient(this.#apiInstance, this.#requestOptions);
this.#dynamicSecretsClient = new DynamicSecretsClient(this.#apiInstance, this.#requestOptions);
this.#authClient = new AuthClient(this.authenticate.bind(this), this.#apiInstance, accessToken);
this.#environmentsClient = new EnvironmentsClient(this.#apiInstance, this.#requestOptions);
this.#projectsClient = new ProjectsClient(this.#apiInstance, this.#requestOptions);
this.#foldersClient = new FoldersClient(this.#apiInstance, this.#requestOptions);
return this;
}
secrets = () => this.#secretsClient;
environments = () => this.#environmentsClient;
projects = () => this.#projectsClient;
folders = () => this.#foldersClient;
dynamicSecrets = () => this.#dynamicSecretsClient;
auth = () => this.#authClient;
rest = () => buildRestClient(this.#apiInstance, this.#requestOptions);
// Public methods to access domain clients
secrets = () => this.secretsClient;
environments = () => this.environmentsClient;
projects = () => this.projectsClient;
folders = () => this.foldersClient;
dynamicSecrets = () => this.dynamicSecretsClient;
auth = () => this.authClient;
}
export { InfisicalSDK, ApiClient };
export { TDynamicSecretProvider, DynamicSecretProviders } from "./custom/schemas";
export type * from "./custom/secrets";
export type * from "./custom/dynamic-secrets";
// Export main SDK class
export { InfisicalSDK };
export * from './api/types'
// Export types and enums from schemas
export {
TDynamicSecretProvider,
DynamicSecretProviders,
SqlProviders,
} from "./custom/schemas";