Open zifeo opened 9 months ago
Hey @zifeo !
Might be related : https://infisical.com/docs/documentation/platform/secret-reference#referencing-syntax And discussed here : https://github.com/Infisical/infisical/issues/32
Would that fit to your current use case?
Cheers
@Grraahaam does that support referring a secret into another project?
@Grraahaam does that support referring a secret into another project?
TL;DR I don't think it can refers secret from another "project", but it can from an other "folder" 🤷🏽♂️
Then it'll depend on how you've structured you're secrets. Take a look at the syntax its pretty straightforward :
So if you want sub-services to be able to use referenced secrets you'll have to structure it like (in a single project tho) :
/
(global secrets)/micro-service-a
(sub-service, can get referenced secrets from /
)/micro-service-x
(sub-service, can get referenced secrets from /
)/micro-service-x/frontend
(sub-service, can get referenced secrets from /
and /micro-service-x
)Your PR is about "project" secrets referencing, so it is different (while providing the same kind of feature at the "folder" level)
I just wanted to highlight the fact that a similar case have already been discussed earlier, if ever it could help people bumping into this issue :v:
Cheers 🤙🏽
@Grraahaam thanks, however we sadly need different projects as team members might not all have the same permissions (yet still all the access to the shared secrets). Happy to close in favour of the previous request if the use case is equivalent.
Same here, I used another approach for this problem and it works.
@ohmydevops What approach did you use?
In our environment this would be a pretty critical feature. Having the option to reference things like smtp credentials in multiple projects would make managing them all a lot easier, since you wouldn't have to update them for every project. This would stop the need for changing the credentials in 10 different projects, since you can just update them once.
Which also gives you better overview, since you no longer have to figure out which one is the newest version.
Feature description
Ability to sync or inherit secrets between projects.
Why would it be useful?
Sometimes "global" secrets (think of a certificate signing some apps) must be shared between projects (think app A and app B signed by the same certificate). Currently the CI cannot use a service account to access 2 projects, thus a way to embedded those global secrets and keep them in sync is important.
Additional context
An alternativement implement could be to have service account like a user and use a secret aggregators like lade.
From SyncLinear.com | ENG-152