Open marnixhoh opened 1 year ago
Hi @marnixhoh!
I think this is a great feature. Currently, however, since secrets are end-to-end encrypted, when they get used, everything is loaded in at once so we can't assign a lastTimeUsed
at the individual secret-level; we do know when a secret was last updated in the dashboard though.
Ultimately, this comes down to an update we're thinking about at the moment that involves the server knowing the plaintext values of the environment variable keys (values would remain end-to-end encrypted); this would be up to users to opt in/out.
We're still discussing this internally but I'll keep you posted!
Awesome! Thanks for your quick reply.
Yeah that's exactly what I figured too. Hence, I thought maybe an IDE integration would be a neat way to offer this feature. The IDE integration can scan the codebase for all secrets used and then flag any secrets that are not used.
Thanks for the awesome product :)
Hmm @marnixhoh I've talked to the team already and we're definitely going to make it possible to query secrets by the value of their keys which will enable lastTimeUsed
.
We'll add the ability for users to be able to opt in for exposing just the value of their keys (by default it will be E2EE). That said, this will likely be available in a few weeks since it's quite a big decision / structural change.
Feature description
I would love to be able to get rid of unused secrets, when they are no longer actually used. Given that we have multiple environments, to which secrets are added and removed at different times, it sometimes happens, that we forget to remove one.
One solution could be to show the
lastTimeUsed
of a secret. However, I do realize that this must be difficult to implement, as all the Infisical client does is inject secrets and nothing more.Perhaps it would be easier to implement as part of an IDE integration. The integration could scan the codebase for all used secrets and compare these to the ones in Infisical?
I hope this is helpful! And if you have any questions, feel free to reach out anytime :D
Why would it be useful?
On large codebases with multiple environments, it is easy for unused secrets to get left behind.