search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
14.94k stars 840 forks source link

Token `/**` path does not wotk with CLI if it's referenced as `--path=api` #1370

Closed maielo closed 1 month ago

maielo commented 7 months ago

Describe the bug

We should be able to create a token that has access to the whole monorepo (folders) and not add each folder to the token access path. Right now we can not edit the token so we need to re-create ~n + 1 projects, which is really annoying as monorepo grows and token is required to be run on CI

To Reproduce

Steps to reproduce the behavior:

  1. Create a new token with /** path
  2. Use CLI to access some folder inside of that path (monorepo style) 
    infisical run --path=api --token=st.xxxxxxxxxxx --env=dev --domain="https://domain.com/api" -- nx serve api
  3. throws error: 
    error: CallGetSecretsV3: Request to access secrets with [environment=dev] [path=api] [workspaceId=xxxxxxxxxxx] is denied. Please check if your authentication method has access to the requested scope

Expected behavior

To be able to serve the /api folder to the nx command

Screenshots

image

Platform you are having the issue on:

akhilmhdh commented 7 months ago

Can try once again by changing the path in your command from path=api to path=/api. And yes the glob pattern should allow you to access all folders without an issue

maielo commented 7 months ago

Tried. Doesn't work:

also tried to escape slash - still doesnt work

error: CallGetSecretsV3: Request to access secrets with [environment=dev] [path=C:/Programs/Git/api] [workspaceId=xxxx] is denied. Please check if your authentication method has access to requested scope