en-US/about_PSInfisicalAPI.help.txt
|
TOPIC about_PSInfisicalAPI SHORT DESCRIPTION PSInfisicalAPI is a C# binary PowerShell module that exposes cmdlets for authenticating against and retrieving secrets from the Infisical REST API, with automatic environment-variable discovery for connection parameters. LONG DESCRIPTION The module provides the following cmdlets: Connect-Infisical Establish a session. Disconnect-Infisical Clear the current session. Get-InfisicalSecrets List secrets at a path. Get-InfisicalSecret Retrieve a single secret by name. ConvertTo-InfisicalSecretDictionary Convert secret objects to a hashtable. Export-InfisicalSecrets Export secrets to JSON, YAML, XML, or .env. Use Get-Help <cmdlet> -Full for parameter details. AUTHENTICATION Connect-Infisical supports two parameter sets: UniversalAuth -ClientId / -ClientSecret (SecureString) Token -AccessToken (SecureString) Common parameters apply to both sets: -BaseUri, -OrganizationId, -ProjectId, -Environment, -SecretPath (default '/'), -ApiVersion (default 'v4'), -PassThru. ENVIRONMENT VARIABLE DISCOVERY When any of the Connect-Infisical parameters are omitted, null, or contain only whitespace, the cmdlet scans environment variables in three scopes, in order: 1. Process 2. User 3. Machine The first matching variable with a non-blank value is used. Explicitly supplied parameter values always win. Patterns are case-insensitive and match Infisical's CLI defaults plus common variants such as CLOUDINIT_INFISICAL_* and custom-prefixed names (for example "myapp_infisical_client_id"). Parameter Example variable names ---------------- ---------------------------------------------------------- BaseUri INFISICAL_API_URL, INFISICAL_BASE_URL, INFISICAL_HOST OrganizationId INFISICAL_ORG_ID, INFISICAL_ORGANIZATION_ID ProjectId INFISICAL_PROJECT_ID, INFISICAL_WORKSPACE_ID Environment INFISICAL_ENVIRONMENT, INFISICAL_ENV, INFISICAL_ENV_SLUG ClientId INFISICAL_CLIENT_ID, INFISICAL_UNIVERSAL_AUTH_CLIENT_ID ClientSecret INFISICAL_CLIENT_SECRET, INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET AccessToken INFISICAL_TOKEN, INFISICAL_ACCESS_TOKEN, INFISICAL_AUTH_TOKEN SecretPath INFISICAL_SECRET_PATH, INFISICAL_DEFAULT_SECRET_PATH ApiVersion INFISICAL_API_VERSION Sensitive values (ClientSecret, AccessToken) are read directly into a read-only SecureString. Discovered values are never written to logs; only the variable name and the scope it was found in are recorded. Use -Verbose to see the scan announcement and any discovered variable names. EXAMPLES Example 1: Zero-configuration connect (all values from environment). Connect-Infisical Get-InfisicalSecrets Example 2: Explicit parameters override discovery. $secret = Read-Host -AsSecureString 'Client Secret' Connect-Infisical -Environment prod -ClientSecret $secret Example 3: Token-based authentication. $token = Read-Host -AsSecureString 'Access Token' Connect-Infisical -AccessToken $token Example 4: Export to a .env file. Get-InfisicalSecrets | Export-InfisicalSecrets -Path .\secrets.env -Format Env SECURITY NOTES - SecureString is used for ClientSecret, AccessToken, and any secret payloads returned by the API. - Sanitization is applied before any value reaches the logging pipeline. - Sessions are stored in process-local state only and never persisted. SEE ALSO Get-Help Connect-Infisical -Full Get-Help Get-InfisicalSecrets -Full Get-Help Export-InfisicalSecrets -Full https://infisical.com/docs/api-reference/overview/introduction |