Storing binary data / file within infisical

[vanhtuan0409]

Feature description

Should be able to store secret files within Infisical

Why would it be useful?

There are some secrets such as private key, certificate, etc

Additional context

I thinking about using base64 encoded to store binary file but need to know the size limit of secret payload

[maidul98]

Great idea, the current limit is 100kb but this can be modifed at the endpoint level

[ragnarbull]

This would definitely be cool! But wouldn't this be a very expensive way to store files (ie. in MongoDB)? Better to store binary data files in AWS S3 surely? I made an app for this last week (drag n drop/upload text file/image >>> base64 encode >>> encrypt >>> convert to binary >>> upload to S3 (in KMS SSE bucket). Not sure how that would work with billing haha but could be used in enterprise offering or if the user integrates their AWS account (haven't looked but has that been done yet?).

[dangtony98]

Hey @ragnarbull,

This is something we're still thinking about at the moment in terms of the exact implementation; I'm discussing the requirements and use-case with @vanhtuan0409 tomorrow 😄

Will keep everyone posted here!

[ragnarbull]

Nice nice looking forward to seeing your feature @vanhtuan0409 !!

[vanhtuan0409]

Normal file encryption is a different story. Infisical secrets are to be injected as environment variables which also have a limit for itself.

My use case does have some binary secret file but usually it is around 10-50kb. So base64 encoded with the 100kb limit might be enough for now. Overall I don't think we need s3 tho, most KV database does support payload up to 1-2MB. If you have a secret file that is bigger than that, probably you won't inject it as an environment variable anw

If Infisical wants to support bigger blob/binary data secret, it should have a way to express how to pull the data out as a file instead of an environment variable. But it depends on the team to decide