Pulumi Any Terraform

Infisical Provider

Manage secrets with Infisical using Pulumi

The Infisical provider enables you to manage secrets, projects, and access controls in Infisical using Pulumi. This provider is dynamically bridged from the Terraform Infisical Provider.

Installation

Install the Infisical provider package using your preferred package manager:

bun add pulumi-infisical
pnpm add pulumi-infisical
yarn add pulumi-infisical
npm install pulumi-infisical

Configuration

Getting Service Token

  1. Log in to Infisical at app.infisical.com
  2. Navigate to your project → Settings → Service Tokens
  3. Create a new service token
  4. Copy the token value

Provider Setup

pulumi config set infisical:token YOUR_SERVICE_TOKEN --secret

Or using environment variables:

export INFISICAL_TOKEN="your-service-token"

Self-Hosted Infisical

If you're using a self-hosted Infisical instance, configure the custom host URL:

pulumi config set infisical:hostUrl https://infisical.your-domain.com

Or using environment variables:

export INFISICAL_HOST_URL="https://infisical.your-domain.com"
import * as pulumi from "@pulumi/pulumi";
import * as infisical from "pulumi-infisical";

// Configure provider for self-hosted instance
const provider = new infisical.Provider("self-hosted", {
    hostUrl: "https://infisical.your-domain.com",
    token: config.requireSecret("token"),
});

// Use the provider
const project = new infisical.Project("project", {
    name: "Backend Service",
    slug: "backend-service",
}, { provider });

Quick Start

import * as pulumi from "@pulumi/pulumi";
import * as infisical from "pulumi-infisical";

// Create a project
const project = new infisical.Project("api-project", {
    name: "API Service",
    slug: "api-service",
});

// Create a secret
const secret = new infisical.Secret("api-key", {
    projectId: project.id,
    environment: "production",
    key: "API_KEY",
    value: "super-secret-value",
});

export const projectId = project.id;

Key Features

Project Management

const project = new infisical.Project("backend-project", {
    name: "Backend Service",
    slug: "backend-service",
});

Secret Management

const secret = new infisical.Secret("database-password", {
    projectId: project.id,
    environment: "production",
    key: "DATABASE_PASSWORD",
    value: dbPassword,
    type: "shared",
});

Identity Management

const identity = new infisical.Identity("api-identity", {
    name: "API Service",
    roleSlug: "developer",
    projectId: project.id,
});

On this page

InstallationConfigurationGetting Service TokenProvider SetupSelf-Hosted InfisicalQuick StartKey FeaturesProject ManagementSecret ManagementIdentity Management