Keeping keys secure without slowing your iteration speed
2 min read
How I use Infisical
Context
At Doctor Droid, we are building a cutting-edge AI recommendation platform for on-call teams. Whenever an alert or ticket is raised, Doctor Droid:
Looks for all past investigations and see if it finds anything similar
Looks for SOPs for the issue at hand (these SOPs are also created by Doctor Droid by reading past Slack threads & existing docs)
Executes autonomous investigation for popular infrastructure & microservices symptoms.
Problem Statement
This requires a fair bit of experimentation with our early adopters and extensive usage of Jupyter Notebooks. Often as the Notebooks are not connected to a cloud environment, how does one go about managing secrets and ensure they are not lying around anywhere? I wanted a solution where I could have access to keys JUST-IN-TIME (get it just when I need to run it) and become unavailable right after.
Solution
With Infisical, I found a convenient solution for this issue. Here’s how it works:
Step 1: Configure keys
Step 2: Use APIs to retrieve keys securely on-the-go
```python url = "https://app.infisical.com/api/v1/auth/universal-auth/login"
payload = 'clientSecret=xxxx&clientId=yyyyy' headers = { 'Content-Type': 'application/x-www-form-urlencoded' }
response = requests.request("POST", url, headers=headers, data=payload)
access_token = json.loads(response.text)['accessToken']
url = "https://app.infisical.com/api/v3/secrets/raw/KEY_NAME?workspaceId=xxxx&environment=dev"
payload = {} headers = { 'Authorization': f'Bearer {access_token}' }
response = requests.request("GET", url, headers=headers, data=payload)
KEY_VALUE = json.loads(response.text)['secret']['secretValue']
```
Benefits of using Infisical:
Change environment and get updated key
Quarantine keys easily: If you’ve been close to any production incident, you’ll know that being able to flush keys in a jiffy is super important and at the same time, super difficult because of it’s underlying dependencies across the stack. Using Infisical gives me the buffer of instantly disabling access by disabling infisical key/secret
Free to get started: It’s an opensource project with a convenient cloud option
Too many features (although I have only used like 5% of the platform probably) so I feel like as my requirements expand, I’ll learn about new things easily
Helpful team / community: They have a community, a prompt support team and well-written documentation.