Integration with Cloudflare Workers

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

https://infisical.com

Other

15.01k stars 851 forks source link

Integration with Cloudflare Workers #763

Open alisson-acioli opened 1 year ago

alisson-acioli commented 1 year ago

Feature description

I would like to recommend this integration suggestion with Cloudflare Workers. Currently, you can put secret keys directly in the cloudflare panel or using wrangler in the worker publication, but it would be ideal to use infiscal to manage our keys in one place.

Why would it be useful?

Nowadays many applications are migrating to edge computing and cloudflare offers a good service for this, the problem in my view is when we have applications in virtual machines, serverless, among others and we always have to manage where our keys are. Using infisical on Cloudflare Workers would already facilitate management along with the other keys that are managed by infisical on AWS, PM2, Laravel, etc.

afrieirham commented 1 year ago

After some research, this integration is half possible. We can only sync encrypted secrets.

For some reason, all of these endpoints can only affect encrypted secrets.

List secrets – GET /accounts/{account_id}/workers/scripts/{script_name}/secrets
Create secrets – PUT /accounts/{account_id}/workers/scripts/{script_name}/secrets
- request body 👇 but not sure what are other possible type, source code
```
{
"name": "DB_NAME",
"text": "infisical",
"type": "secret_text"
}
```
Delete secrets – DELETE /accounts/{account_id}/workers/scripts/{script_name}/secrets/{secret_name}

I've tested all of it and it works perfectly as long as the secrets are encrypted. But nothing happens when it's not encrypted.

Also, I've open an issue in their repo here

Context

I find out about the endpoint from this forum here. The endpoint is not available in their API docs.

alisson-acioli commented 1 year ago

Actually, the endpoints to do this are not found in the official documentation, I saw that some people complained about it.

If you can actually integrate it, it will be very useful, especially here in our company =)

afrieirham commented 1 year ago

@alisson-acioli it can be done but is it okay if you can only sync encrypted secrets?

also need some opinion from @dangtony98

alisson-acioli commented 1 year ago

In the case of adding encrypted variables, they just weren't visible in the wrangler and in the cloudflare panel, would that be it?

Item 6 here https://developers.cloudflare.com/workers/configuration/environment-variables/#add-environment-variables-via-the-dashboard

Anyway, through the Infisical panel, would I be able to visualize it and change it? Because if the sacrifice is not to visualize it in the wrangler/cloudflare panel, it's ok, because with Infisical I can do it.