Aller au contenu principal

Manage secrets with infisical

Infisical is the configuration and secret manager chosen by Webcapsule. It's fully integrated into the platform's CI and allows you to manage your configurations and secrets through a nice, secure, and comprehensible UI.

What is Infisical ?

Infisical serves as an open-source secret management platform, facilitating the consolidation of confidential data like API keys, database credentials, and configurations for teams. Its objective is to democratize secret management, extending accessibility beyond security teams.

Here is the full doccutation for your infiscal instance.

How to access the Infisical instance ?

Accessing the Infisical instance is as simple as clicking the corresponding button within the left panel of your project administration interface on the Webcapsule platform.

Where can I find my password ?

Access to Infisical isn't casually shared. Instead, request an account from your administrator to gain access to your Infisical instance.

The infisical structure in the webcapsule

FIRST_PAGE

Each of you webcapsule project has an associated infisical project.

In each project, you'll discover secrets and configurations stored within designated folders. At the project's root level, there exists an "infra" folder housing generic secrets and configuration values utilized and produced for the foundational infrastructure of the project. Additionally, there exists one folder per tool or repository employed within the project. In the provided scenario, the project is configured with a frontend tool identified as "weweb" (under the alias 'front') and a backend tool referred to as "directus" (labeled as 'api'). Consequently, the root structure of the project encompasses three folders.

FIRST_PAGE

Then in each folder, there are two main sections:

  • Inputs: Secrets and configurations consumed by the targeted application.
  • Outputs: Secrets and configurations produced by the application. For instance, you'll find here the URL of your instance.

Those folders are also subsivised in two subfolders secrets holding the secrets of the app, and values holding config values.

Admin Note

The organization of folders isn't random. As an administrator, it allows you to create roles that grant access only to values and/or secrets using Infisical's wildcard system.

Environments

Each secret/config holds different values across the various available environments. Currently, only "staging" and "production" are recognized as valid environments.

When a secret is changed, when is it's value taken into account ?

Infisical secrets are automatically synchronized with your application and become active upon redeployment. After modifying a secret, simply redeploy your app, or deploy an old or new version, to apply the changes.

Step by Step Guide: Setting up your staging WeWeb Secret Key

1 - Go to your infisical instance

2 - Access the secret location in the right project, it should be somewhere like Project > Secrets > Staging > Front Name > input > secrets

SECRET

3 - Retrieve your WeWeb Private Key from your instance and paste it into the designated PRIVATE_KEY field.

4 - Click on the green checkmark on the right of the value (SAVE) to save your changes. The number of commits should increase.

SAVE

Congratulations! You've completed the process. Simply redeploy your project in the staging environment to see your changes take effect.