{"id":20268524,"url":"https://github.com/infisical/infisical-python","last_synced_at":"2025-05-07T15:31:29.389Z","repository":{"id":155966778,"uuid":"608226318","full_name":"Infisical/infisical-python","owner":"Infisical","description":"♾ Official Infisical SDK for Python","archived":true,"fork":false,"pushed_at":"2024-01-28T10:00:19.000Z","size":95,"stargazers_count":32,"open_issues_count":10,"forks_count":10,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-05-01T19:57:36.446Z","etag":null,"topics":["end-to-end-encryption","environment-variables","open-source","python","python-types","python3","secret-management","secrets","security"],"latest_commit_sha":null,"homepage":"https://infisical.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Infisical.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2023-03-01T15:25:47.000Z","updated_at":"2024-07-01T11:39:25.000Z","dependencies_parsed_at":null,"dependency_job_id":"29cfbdc3-2e32-4177-8913-7bb6afdae9b9","html_url":"https://github.com/Infisical/infisical-python","commit_stats":{"total_commits":32,"total_committers":4,"mean_commits":8.0,"dds":0.59375,"last_synced_commit":"c6bf9f0de057d4c59408873e8e28f5b114b1a74d"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Infisical%2Finfisical-python","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Infisical%2Finfisical-python/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Infisical%2Finfisical-python/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Infisical%2Finfisical-python/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Infisical","download_url":"https://codeload.github.com/Infisical/infisical-python/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252905802,"owners_count":21822863,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["end-to-end-encryption","environment-variables","open-source","python","python-types","python3","secret-management","secrets","security"],"created_at":"2024-11-14T12:18:41.530Z","updated_at":"2025-05-07T15:31:28.919Z","avatar_url":"https://github.com/Infisical.png","language":"Python","readme":"\u003ch1 align=\"center\"\u003e\n    \u003ca href=\"https://github.com/Infisical/infisical\"\u003e\n        \u003cimg width=\"300\" src=\"https://raw.githubusercontent.com/Infisical/infisical-node/main/img/logoname-white.svg#gh-dark-mode-only\" alt=\"infisical\"\u003e\n    \u003c/a\u003e\n\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  \u003cp align=\"center\"\u003eOpen-source, end-to-end encrypted tool to manage secrets and configs across your team and infrastructure.\u003c/p\u003e\n\u003c/p\u003e\n\n# Deprecated!\n\nThis is now considered a legacy SDK, as we have released a new SDK that will be receiving all future updates. [You can find it here](https://pypi.org/project/infisical-python/).\n\n# Table of Contents\n\n-   [Links](#links)\n-   [Basic Usage](#basic-usage)\n-   [Secrets](#working-with-secrets)\n    -   [Get Secrets](#get-secrets)\n    -   [Get Secret](#get-secret)\n    -   [Create Secret](#create-secret)\n    -   [Update Secret](#update-secret)\n    -   [Delete Secret](#delete-secret)\n-   [Cryptography](#cryptography)\n    -   [Create Symmetric Key](#create-symmetric-key)\n    -   [Encrypt Symmetric](#encrypt-symmetric)\n    -   [Decrypt Symmetric](#decrypt-symmetric)\n\n# Links\n\n-   [Infisical](https://github.com/Infisical/infisical)\n\n# Basic Usage\n\n```py\nfrom flask import Flask\nfrom infisical import InfisicalClient\n\napp = Flask(__name__)\n\nclient = InfisicalClient(token=\"your_infisical_token\")\n\n@app.route(\"/\")\ndef hello_world():\n    # access value\n    name = client.get_secret(\"NAME\", environment=\"dev\", path=\"/\")\n    return f\"Hello! My name is: {name.secret_value}\"\n```\n\nThis example demonstrates how to use the Infisical Python SDK with a Flask application. The application retrieves a secret named \"NAME\" and responds to requests with a greeting that includes the secret value.\n\nIt is also possible to use the SDK to encrypt/decrypt text; the implementation uses `aes-256-gcm` with components of the encryption/decryption encoded in `base64`.\n\n```python\nfrom infisical import InfisicalClient\n\nclient = InfisicalClient()\n\n# some plaintext you want to encrypt\nplaintext = 'The quick brown fox jumps over the lazy dog'\n\n# create a base64-encoded, 256-bit symmetric key\nkey = client.create_symmetric_key()\n\n# encrypt\nciphertext, iv, tag = client.encrypt_symmetric(plaintext, key)\n\n# decrypt\ncleartext = client.decrypt_symmetric(ciphertext, key, iv, tag)\n```\n\n# Installation\n\nYou need Python 3.7+.\n\n```console\n$ pip install infisical\n```\n\n# Configuration\n\nImport the SDK and create a client instance with your [Infisical Token](https://infisical.com/docs/getting-started/dashboard/token).\n\n```py\nfrom infisical import InfisicalClient\n\nclient = InfisicalClient(token=\"your_infisical_token\")\n```\n\nUsing Infisical Token V3 (Beta):\n\nIn `v1.5.0`, we released a superior token authentication method; this credential is a JSON containing a `publicKey`, `privateKey`, and `serviceToken` and can be used to initialize the Node SDK client instead of the regular service token.\n\nYou can use this beta feature like so:\n\n```py\nfrom infisical import InfisicalClient\n\nclient = InfisicalClient(token_json=\"your_infisical_token_v3_json\")\n```\n\n### Options\n\n| Parameter   | Type      | Description                                                                 |\n| ----------- | --------- | --------------------------------------------------------------------------- |\n| `token`     | `string`  | An Infisical Token scoped to a project and environment(s).                  |\n| `tokenJson` | `string`  | An Infisical Token V3 JSON scoped to a project and environment(s) - in beta |\n| `site_url`  | `string`  | Your self-hosted Infisical site URL. Default: `https://app.infisical.com`.  |\n| `cache_ttl` | `number`  | Time-to-live (in seconds) for refreshing cached secrets. Default: `300`.    |\n| `debug`     | `boolean` | Turns debug mode on or off. Default: `false`.                               |\n\n### Caching\n\nThe SDK caches every secret and updates it periodically based on the provided `cache_ttl`. For example, if `cache_ttl` of `300` is provided, then a secret will be refetched 5 minutes after the first fetch; if the fetch fails, the cached secret is returned.\n\n# Secrets\n\n## Get Secrets\n\n```py\nsecrets = client.get_all_secrets(environment=\"dev\", path=\"/foo/bar/\")\n```\n\nRetrieve all secrets within a given environment and folder path. The service token used must have access to the given path and environment.\n\n### Parameters\n\n-   `environment` (string): The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.\n-   `path` (string): The path from where secrets should be fetched from.\n-   `include_imports` (boolean): Whether or not to include imported secrets from the current path. Read about [secret import](https://infisical.com/docs/documentation/platform/secret-reference#import-entire-folders). If not specified, the default value is `True`.\n-   `attach_to_os_environ` (boolean): Whether or not to attach fetched secrets to `os.environ`. If not specified, the default value is `False`.\n\n## Get Secret\n\n```py\nsecret = client.get_secret(\"API_KEY\", environment=\"dev\", path=\"/\")\nvalue = secret.secret_value # get its value\n```\n\nBy default, `get_secret()` fetches and returns a personal secret. If not found, it returns a shared secret, or tries to retrieve the value from `os.environ`. If a secret is fetched, `get_secret()` caches it to reduce excessive calls and re-fetches periodically based on the `cacheTTL` option (default is 300 seconds) when initializing the client — for more information, see the caching section.\n\nTo explicitly retrieve a shared secret:\n\n```py\nsecret = client.get_secret(secret_name=\"API_KEY\", type=\"shared\", environment=\"dev\", path=\"/\")\nvalue = secret.secret_value # get its value\n```\n\n### Parameters\n\n-   `secret_name` (string): The key of the secret to retrieve.\n-   `environment` (string): The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.\n-   `path` (string): The path from where secrets should be fetched from.\n-   `type` (string, optional): The type of the secret. Valid options are \"shared\" or \"personal\". If not specified, the default value is \"personal\".\n\n## Create Secret\n\nCreate a new secret in Infisical\n\n```py\nnew_api_key = client.create_secret(\"API_KEY\", \"FOO\", environment=\"dev\", path=\"/\", type=\"shared\")\n```\n\n### Parameters\n\n-   `secret_name` (string): The key of the secret to create.\n-   `secret_value` (string): The value of the secret.\n-   `environment` (string): The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.\n-   `path` (string): The path from where secrets should be created.\n-   `type` (string, optional): The type of the secret. Valid options are \"shared\" or \"personal\". If not specified, the default value is \"shared\". A personal secret can only be created if a shared secret with the same name exists.\n\n## Update Secret\n\nUpdate an existing secret in Infisical\n\n```py\nupdated_api_key = client.update_secret(\"API_KEY\", \"BAR\", environment=\"dev\", path=\"/\", type=\"shared\")\n```\n\n### Parameters\n\n-   `secret_name` (string): The key of the secret to update.\n-   `secret_value` (string): The new value of the secret.\n-   `environment` (string): The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.\n-   `path` (string): The path from where secrets should be updated.\n-   `type` (string, optional): The type of the secret. Valid options are \"shared\" or \"personal\". If not specified, the default value is \"shared\".\n\n## Delete Secret\n\nDelete a secret in Infisical\n\n```py\ndeleted_secret = client.delete_secret(\"API_KEY\", environment=\"dev\", path=\"/\", type=\"shared\")\n```\n\n### Parameters\n\n-   `secret_name` (string): The key of the secret to delete.\n-   `environment` (string): The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.\n-   `path` (string): The path from where secrets should be deleted.\n-   `type` (string, optional): The type of the secret. Valid options are \"shared\" or \"personal\". If not specified, the default value is \"shared\".\n\n# Cryptography\n\n## Create Symmetric Key\n\nCreate a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.\n\n```python\nkey = client.create_symmetric_key()\n```\n\n### Returns\n\n`key` (string): A base64-encoded, 256-bit symmetric key.\n\n## Encrypt Symmetric\n\nEncrypt plaintext -\u003e ciphertext.\n\n```python\nciphertext, iv, tag = client.encrypt_symmetric(plaintext, key)\n```\n\n### Parameters\n\n-   `plaintext` (string): The plaintext to encrypt.\n-   `key` (string): The base64-encoded, 256-bit symmetric key to use to encrypt the `plaintext`.\n\n### Returns\n\n-   `ciphertext` (string): The base64-encoded, encrypted `plaintext`.\n-   `iv` (string): The base64-encoded, 96-bit initialization vector generated for the encryption.\n-   `tag` (string): The base64-encoded authentication tag generated during the encryption.\n\n## Decrypt Symmetric\n\nDecrypt ciphertext -\u003e plaintext/cleartext.\n\n```python\ncleartext = client.decrypt_symmetric(ciphertext, key, iv, tag)\n```\n\n### Parameters\n\n-   `ciphertext` (string): The ciphertext to decrypt.\n-   `key` (string): The base64-encoded, 256-bit symmetric key to use to decrypt the `ciphertext`.\n-   `iv` (string): The base64-encoded, 96-bit initiatlization vector generated for the encryption.\n-   `tag` (string): The base64-encoded authentication tag generated during encryption.\n\n### Returns\n\n`cleartext` (string): The decrypted encryption that is the cleartext/plaintext.\n\n# Contributing\n\nBug fixes, docs, and library improvements are always welcome. Please refer to our [Contributing Guide](https://infisical.com/docs/contributing/overview) for detailed information on how you can contribute.\n\n[//]: contributor-faces\n\n\u003c!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section --\u003e\n\u003c!-- prettier-ignore-start --\u003e\n\u003c!-- markdownlint-disable --\u003e\n\n\u003ca href=\"https://github.com/Astropilot\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/11898378?v=4\" width=\"50\" height=\"50\" alt=\"\"/\u003e\u003c/a\u003e \u003ca href=\"https://github.com/dangtony98\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/25857006?v=4\" width=\"50\" height=\"50\" alt=\"\"/\u003e\u003c/a\u003e \u003ca href=\"https://github.com/Nnahoy\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/86289996?v=4\" width=\"50\" height=\"50\" alt=\"\"/\u003e\u003c/a\u003e\n\n## Getting Started\n\nIf you want to familiarize yourself with the SDK, you can start by [forking the repository](https://docs.github.com/en/get-started/quickstart/fork-a-repo) and [cloning it in your local development environment](https://docs.github.com/en/repositories/creating-and-managing-repositories/cloning-a-repository).\n\nAfter cloning the repository, we recommend that you create a virtual environment:\n\n```console\n$ python -m venv env\n```\n\nThen activate the environment with:\n\n```console\n# For linux\n$ source ./env/bin/activate\n\n# For Windows PowerShell\n$ .\\env\\Scripts\\Activate.ps1\n```\n\nMake sure that you have the latest version of `pip` to avoid errors on the next step:\n\n```console\n$ python -m pip install --upgrade pip\n```\n\nThen install the project in editable mode and the dependencies with:\n\n```console\n$ pip install -e '.[dev,test]'\n```\n\nTo run existing tests, you need to make a `.env` at the root of this project containing a `INFISICAL_TOKEN` and `SITE_URL`. This will execute the tests against a project and environment scoped to the `INFISICAL_TOKEN` on a running instance of Infisical at the `SITE_URL` (this could be [Infisical Cloud](https://app.infisical.com)).\n\nTo run all the tests you can use the following command:\n\n```console\n$ pytest tests\n```\n\n# License\n\n`infisical-python` is distributed under the terms of the [MIT](https://spdx.org/licenses/MIT.html) license.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfisical%2Finfisical-python","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finfisical%2Finfisical-python","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfisical%2Finfisical-python/lists"}