Skip to main content
  1. Docs
  2. Secrets & Configuration
  3. Providers
  4. Secrets & config
  5. infisical-secrets

infisical-secrets

    The infisical-secrets provider enables you to dynamically import Secrets from Infisical Secrets into your Environment. The provider will return a map of names to Secrets.

    Example

    values:
      infisical:
        login:
          fn::open::infisical-login:
            oidc:
              identityId: aaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
        secrets:
          fn::open::infisical-secrets:
            login: ${infisical.login}
            get:
              api-key:
                projectId: xxxxxxx-bbbb-cccc-dddd-eeeeeeeeeeee
                environment: prod
                secretKey: api-key
              app-secret:
                projectId: xxxxxxx-bbbb-cccc-dddd-eeeeeeeeeeee
                environment: dev
                secretKey: app-secret
      pulumiConfig:
        apiKey: ${infisical.secrets.api-key}
        appSecret: ${infisical.secrets.app-secret}
    

    Schema reference

    Reference schemas last updated on 2026-07-11, synced automatically from the Pulumi Cloud ESC API.

    Inputs

    • get map[string]InfisicalSecretsGet required
      A map from names to secrets to read from Infisical. The outputs will map each name to the secret’s sensitive data.
    • environment string required
      The environment.
    • projectId string required
      The projectId.
    • secretKey string required
      The secretKey.
    • secretPath string optional
      The secretPath.
    • type string optional
      The type, either ‘shared’ or ‘personal’. May be omitted.
    • login InfisicalSecretsLogin required
      Credentials used to log in to Infisical.
    • accessToken string required
      The access token to use for authentication.
    • siteUrl string optional
      The site url to use.

    Outputs

    A map from names to secret values.

    Type: map[string]string

    Configuring OIDC

    To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and Infisical, see the OpenID Connect integration documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:

    • pulumi env open <org>/<project>/<environment> command of the Pulumi CLI
    • pulumi env open <org>/<project>/<environment> command of the Pulumi CLI

    Make sure to replace <org>, <project>, and <environment> with the values of your Pulumi organization and environment identifier respectively. You should see output similar to the following:

    {
      "infisical": {
        "login": {
          "accessToken": "eyJh...."
        },
        "secrets": {
          "api-key": "my-api-key",
          "app-secret": "my-app-secret"
        }
      }
    }