infisical-secrets
The infisical-secrets provider enables you to dynamically import Secrets from Infisical Secrets into
your Environment. The provider will return a map of names to Secrets.
Example
values:
infisical:
login:
fn::open::infisical-login:
oidc:
identityId: aaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
secrets:
fn::open::infisical-secrets:
login: ${infisical.login}
get:
api-key:
projectId: xxxxxxx-bbbb-cccc-dddd-eeeeeeeeeeee
environment: prod
secretKey: api-key
app-secret:
projectId: xxxxxxx-bbbb-cccc-dddd-eeeeeeeeeeee
environment: dev
secretKey: app-secret
pulumiConfig:
apiKey: ${infisical.secrets.api-key}
appSecret: ${infisical.secrets.app-secret}
Schema reference
Reference schemas last updated on 2026-07-11, synced automatically from the Pulumi Cloud ESC API.
Inputs
getmap[string]InfisicalSecretsGet requiredA map from names to secrets to read from Infisical. The outputs will map each name to the secret’s sensitive data.- ↳
environmentstring requiredThe environment. - ↳
projectIdstring requiredThe projectId. - ↳
secretKeystring requiredThe secretKey. - ↳
secretPathstring optionalThe secretPath. - ↳
typestring optionalThe type, either ‘shared’ or ‘personal’. May be omitted. loginInfisicalSecretsLogin requiredCredentials used to log in to Infisical.- ↳
accessTokenstring requiredThe access token to use for authentication. - ↳
siteUrlstring optionalThe site url to use.
Outputs
A map from names to secret values.
Type: map[string]string
Configuring OIDC
To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and Infisical, see the OpenID Connect integration documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:
pulumi env open <org>/<project>/<environment>command of the Pulumi CLIpulumi env open <org>/<project>/<environment>command of the Pulumi CLI
Make sure to replace <org>, <project>, and <environment> with the values of your Pulumi organization and
environment identifier respectively. You should see output similar to the following:
{
"infisical": {
"login": {
"accessToken": "eyJh...."
},
"secrets": {
"api-key": "my-api-key",
"app-secret": "my-app-secret"
}
}
}