Learn how to use Machine Identities to programmatically interact with Infisical.
An Infisical machine identity is an entity that represents a workload or application that require access to various resources in Infisical. This is conceptually similar to an IAM user in AWS or service account in Google Cloud Platform (GCP).
Each identity must authenticate with the API using a supported authentication method like Universal Auth to get back a short-lived access token to be used in subsequent requests.
Key Features:
A typical workflow for using identities consists of four steps:
Currently, identities can only be used to make authenticated requests to the Infisical API, SDKs, Terraform, Kubernetes Operator, and Infisical Agent. They do not work with clients such as CLI, Ansible look up plugin, etc.
Machine Identity support for the rest of the clients is planned to be released in the current quarter.
To interact with various resources in Infisical, Machine Identities are able to authenticate using:
What is the difference between an identity and service token?
A service token is a project-level authentication method that is being phased out in favor of identities.
Amongst many differences, identities provide broader access over the Infisical API, utilizes the same permission system as user identities, and come with a significantly larger number of configurable authentication and security features.
Why can I not create, read, update, or delete an identity?
There are a few reasons for why this might happen:
Learn how to use Machine Identities to programmatically interact with Infisical.
An Infisical machine identity is an entity that represents a workload or application that require access to various resources in Infisical. This is conceptually similar to an IAM user in AWS or service account in Google Cloud Platform (GCP).
Each identity must authenticate with the API using a supported authentication method like Universal Auth to get back a short-lived access token to be used in subsequent requests.
Key Features:
A typical workflow for using identities consists of four steps:
Currently, identities can only be used to make authenticated requests to the Infisical API, SDKs, Terraform, Kubernetes Operator, and Infisical Agent. They do not work with clients such as CLI, Ansible look up plugin, etc.
Machine Identity support for the rest of the clients is planned to be released in the current quarter.
To interact with various resources in Infisical, Machine Identities are able to authenticate using:
What is the difference between an identity and service token?
A service token is a project-level authentication method that is being phased out in favor of identities.
Amongst many differences, identities provide broader access over the Infisical API, utilizes the same permission system as user identities, and come with a significantly larger number of configurable authentication and security features.
Why can I not create, read, update, or delete an identity?
There are a few reasons for why this might happen: