If you’re working with Ruby , the official Infisical Ruby SDK package is the easiest way to fetch and work with secrets for your application.

• Ruby Package
• Github Repository

​

Basic Usage

require 'infisical-sdk'

# 1. Create the Infisical client
infisical = InfisicalSDK::InfisicalClient.new('https://app.infisical.com')

infisical.auth.universal_auth(client_id: 'YOUR_CLIENT_ID', client_secret: 'YOUR_CLIENT_SECRET')

test_secret = infisical.secrets.get(
  secret_name: 'API_KEY',
  project_id: 'project-id',
  environment: 'dev'
)
puts "Secret: #{single_test_secret}"

This example demonstrates how to use the Infisical Ruby SDK in a simple Ruby application. The application retrieves a secret named API_KEY from the dev environment of the YOUR_PROJECT_ID project.

​

Installation

$ gem install infisical-sdk

​

Configuration

Import the SDK and create a client instance.

infisical = InfisicalSDK::InfisicalClient.new('https://app.infisical.com') # Optional parameter, default is https://api.infisical.com

​

Client parameters

​

Authentication

The SDK supports a variety of authentication methods. The most common authentication method is Universal Auth, which uses a client ID and client secret to authenticate.

​

Universal Auth

Using environment variables

Call auth.universal_auth() with empty arguments to use the following environment variables:

• INFISICAL_UNIVERSAL_AUTH_CLIENT_ID - Your machine identity client ID.
• INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET - Your machine identity client secret.

Using the SDK directly

infisical.auth.universal_auth(client_id: 'your-client-id', client_secret: 'your-client-secret')

​

GCP ID Token Auth

Using environment variables

Call .auth.gcp_id_token_auth() with empty arguments to use the following environment variables:

• INFISICAL_GCP_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.

Using the SDK directly

infisical.auth.gcp_id_token_auth(identity_id: 'MACHINE_IDENTITY_ID')

​

GCP IAM Auth

Using environment variables

Call .auth.gcp_iam_auth() with empty arguments to use the following environment variables:

• INFISICAL_GCP_IAM_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.
• INFISICAL_GCP_IAM_SERVICE_ACCOUNT_KEY_FILE_PATH - The path to your GCP service account key file.

Using the SDK directly

infisical.auth.gcp_iam_auth(identity_id: 'MACHINE_IDENTITY_ID', service_account_key_file_path: 'SERVICE_ACCOUNT_KEY_FILE_PATH')

​

AWS IAM Auth

Using environment variables

Call .auth.aws_iam_auth() with empty arguments to use the following environment variables:

• INFISICAL_AWS_IAM_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.

Using the SDK directly

infisical.auth.aws_iam_auth(identity_id: 'MACHINE_IDENTITY_ID')

​

Azure Auth

Using environment variables

Call .auth.azure_auth() with empty arguments to use the following environment variables:

• INFISICAL_AZURE_AUTH_IDENTITY_ID - Your Infisical Machine Identity ID.

Using the SDK directly

infisical.auth.azure_auth(identity_id: 'MACHINE_IDENTITY_ID')

​

Kubernetes Auth

Using environment variables

Call .auth.kubernetes_auth() with empty arguments to use the following environment variables:

• INFISICAL_KUBERNETES_IDENTITY_ID - Your Infisical Machine Identity ID.
• INFISICAL_KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH_ENV_NAME - The environment variable name that contains the path to the service account token. This is optional and will default to /var/run/secrets/kubernetes.io/serviceaccount/token.

Using the SDK directly

# Service account token path will default to /var/run/secrets/kubernetes.io/serviceaccount/token if empty value is passed
infisical.auth.kubernetes_auth(identity_id: 'MACHINE_IDENTITY_ID', service_account_token_path: nil)

​

Working with Secrets

​

client.secrets.list(options)

secrets = infisical.secrets.list(
  project_id: 'PROJECT_ID',
  environment: 'dev',
  path: '/foo/bar',
)

Retrieve all secrets within the Infisical project and environment that client is connected to

​

Parameters

​

client.secrets.get(options)

secret = infisical.secrets.get(
  secret_name: 'API_KEY',
  project_id: project_id,
  environment: env_slug
)

Retrieve a secret from Infisical.

By default, Secrets().Retrieve() fetches and returns a shared secret.

​

Parameters

​

client.secrets.create(options)

new_secret = infisical.secrets.create(
  secret_name: 'NEW_SECRET',
  secret_value: 'SECRET_VALUE',
  project_id: 'PROJECT_ID',
  environment: 'dev',
)

Create a new secret in Infisical.

​

Parameters

​

client.secrets.update(options)

updated_secret = infisical.secrets.update(
  secret_name: 'SECRET_KEY_TO_UPDATE',
  secret_value: 'NEW_SECRET_VALUE',
  project_id: 'PROJECT_ID',
  environment: 'dev',
)

Update an existing secret in Infisical.

​

Parameters

​

client.secrets.delete(options)

deleted_secret = infisical.secrets.delete(
  secret_name: 'SECRET_TO_DELETE',
  project_id: 'PROJECT_ID',
  environment: 'dev',
)

Delete a secret in Infisical.

​

Parameters

​

Cryptography

​

Create a symmetric key

Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.

key = infisical.cryptography.create_symmetric_key

​

Returns (string)

key (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.

​

Encrypt symmetric

encrypted_data = infisical.cryptography.encrypt_symmetric(data: "Hello World!", key: key)

​

Parameters

​

Returns (object)

tag (string): A base64-encoded, 128-bit authentication tag. iv (string): A base64-encoded, 96-bit initialization vector. ciphertext (string): A base64-encoded, encrypted ciphertext.

​

Decrypt symmetric

decrypted_data = infisical.cryptography.decrypt_symmetric(
  ciphertext: encrypted_data['ciphertext'],
  iv: encrypted_data['iv'],
  tag: encrypted_data['tag'],
  key: key
)

​

Parameters

​

Returns (string)

Plaintext (string): The decrypted plaintext.