Skip to content

feat: switched secrets v3 endpoints to v4 #283

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
varonix0 merged 3 commits into from
Jun 26, 2026
Merged

feat: switched secrets v3 endpoints to v4 #283

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
327d336
feat: updated secrets endpoint to v4
akhilmhdh Jun 26, 2026
8a42b83
feat: fixed a bug in secret secrets
akhilmhdh Jun 26, 2026
04ead77
feat: addressed llm review and test failing for snapshot
akhilmhdh Jun 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 28 additions & 32 deletions packages/api/api.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"fmt"
"net/http"
"net/url"
"strconv"
"strings"

"github.com/Infisical/infisical-merge/packages/config"
Expand Down Expand Up @@ -598,81 +599,76 @@ func CallMachineIdentityRefreshAccessToken(httpClient *resty.Client, request Uni
return universalAuthRefreshResponse, nil
}

func CallGetRawSecretsV3(httpClient *resty.Client, request GetRawSecretsV3Request) (GetRawSecretsV3Response, error) {
var getRawSecretsV3Response GetRawSecretsV3Response
func CallGetSecretsV4(httpClient *resty.Client, request GetSecretsV4Request) (GetSecretsV4Response, error) {
Comment thread
akhilmhdh marked this conversation as resolved.
var getRawSecretsV4Response GetSecretsV4Response
req := httpClient.
R().
SetResult(&getRawSecretsV3Response).
SetResult(&getRawSecretsV4Response).
SetHeader("User-Agent", USER_AGENT).
SetBody(request).
SetQueryParam("workspaceId", request.WorkspaceId).
SetQueryParam("projectId", request.WorkspaceId).
SetQueryParam("environment", request.Environment).
SetQueryParam("secretPath", request.SecretPath)
SetQueryParam("secretPath", request.SecretPath).
// v4 defaults these to true, so they must always be sent explicitly to honor a false flag
SetQueryParam("includeImports", strconv.FormatBool(request.IncludeImport)).
SetQueryParam("recursive", strconv.FormatBool(request.Recursive)).
SetQueryParam("expandSecretReferences", strconv.FormatBool(request.ExpandSecretReferences)).
// v4 resolves personal overrides server-side (Priority when true, NeverInclude when false)
SetQueryParam("includePersonalOverrides", strconv.FormatBool(request.IncludePersonalOverrides))

if request.TagSlugs != "" {
req.SetQueryParam("tagSlugs", request.TagSlugs)
}

if request.IncludeImport {
req.SetQueryParam("include_imports", "true")
}
if request.Recursive {
req.SetQueryParam("recursive", "true")
}

if request.ExpandSecretReferences {
req.SetQueryParam("expandSecretReferences", "true")
}

response, err := req.Get(fmt.Sprintf("%v/v3/secrets/raw", config.INFISICAL_URL))
response, err := req.Get(fmt.Sprintf("%v/v4/secrets", config.INFISICAL_URL))

if err != nil {
return GetRawSecretsV3Response{}, NewGenericRequestError(operationCallGetRawSecretsV3, err)
return GetSecretsV4Response{}, NewGenericRequestError(operationCallGetRawSecretsV3, err)
}

if response.IsError() &&
(strings.Contains(response.String(), "bot_not_found_error") ||
strings.Contains(strings.ToLower(response.String()), "failed to find bot key") ||
strings.Contains(strings.ToLower(response.String()), "bot is not active")) {
additionalContext := fmt.Sprintf(`Project with id %s is incompatible with your current CLI version. Upgrade your project by visiting the project settings page. If you're self-hosting and project upgrade option isn't yet available, contact your administrator to upgrade your Infisical instance to the latest release.`, request.WorkspaceId)
return GetRawSecretsV3Response{}, NewAPIErrorWithResponse(operationCallGetRawSecretsV3, response, &additionalContext)
return GetSecretsV4Response{}, NewAPIErrorWithResponse(operationCallGetRawSecretsV3, response, &additionalContext)
}

if response.IsError() {
return GetRawSecretsV3Response{}, NewAPIErrorWithResponse(operationCallGetRawSecretsV3, response, nil)
return GetSecretsV4Response{}, NewAPIErrorWithResponse(operationCallGetRawSecretsV3, response, nil)
}

getRawSecretsV3Response.ETag = response.Header().Get(("etag"))
getRawSecretsV4Response.ETag = response.Header().Get(("etag"))

return getRawSecretsV3Response, nil
return getRawSecretsV4Response, nil
}

func CallFetchSingleSecretByName(httpClient *resty.Client, request GetRawSecretV3ByNameRequest) (GetRawSecretV3ByNameResponse, error) {
var getRawSecretV3ByNameResponse GetRawSecretV3ByNameResponse
func CallFetchSingleSecretByName(httpClient *resty.Client, request GetSecretV4ByNameRequest) (GetSecretV4ByNameResponse, error) {
var getSecretV4ByNameResponse GetSecretV4ByNameResponse
response, err := httpClient.
R().
SetHeader("User-Agent", USER_AGENT).
SetResult(&getRawSecretV3ByNameResponse).
SetResult(&getSecretV4ByNameResponse).
SetBody(request).
SetQueryParam("expandSecretReferences", "true").
SetQueryParam("include_imports", "true").
SetQueryParam("includeImports", "true").
SetQueryParam("environment", request.Environment).
SetQueryParam("secretPath", request.SecretPath).
SetQueryParam("workspaceId", request.WorkspaceID).
SetQueryParam("projectId", request.WorkspaceID).
SetQueryParam("type", "shared").
Get(fmt.Sprintf("%v/v3/secrets/raw/%s", config.INFISICAL_URL, request.SecretName))
Get(fmt.Sprintf("%v/v4/secrets/%s", config.INFISICAL_URL, request.SecretName))

if err != nil {
return GetRawSecretV3ByNameResponse{}, NewGenericRequestError(operationCallFetchSingleSecretByName, err)
return GetSecretV4ByNameResponse{}, NewGenericRequestError(operationCallFetchSingleSecretByName, err)
}

if response.IsError() {
return GetRawSecretV3ByNameResponse{}, NewAPIErrorWithResponse(operationCallFetchSingleSecretByName, response, nil)
return GetSecretV4ByNameResponse{}, NewAPIErrorWithResponse(operationCallFetchSingleSecretByName, response, nil)
}

getRawSecretV3ByNameResponse.ETag = response.Header().Get(("etag"))
getSecretV4ByNameResponse.ETag = response.Header().Get(("etag"))

return getRawSecretV3ByNameResponse, nil
return getSecretV4ByNameResponse, nil
}

func CallCreateDynamicSecretLeaseV1(httpClient *resty.Client, request CreateDynamicSecretLeaseV1Request) (CreateDynamicSecretLeaseV1Response, error) {
Expand Down
27 changes: 14 additions & 13 deletions packages/api/model.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -663,17 +663,18 @@ type GetLoginV3Response struct {
AccessToken string `json:"accessToken"`
}

type GetRawSecretsV3Request struct {
Environment string `json:"environment"`
WorkspaceId string `json:"workspaceId"`
SecretPath string `json:"secretPath"`
IncludeImport bool `json:"include_imports"`
Recursive bool `json:"recursive"`
TagSlugs string `json:"tagSlugs,omitempty"`
ExpandSecretReferences bool `json:"expandSecretReferences,omitempty"`
}

type GetRawSecretsV3Response struct {
type GetSecretsV4Request struct {
Environment string `json:"environment"`
WorkspaceId string `json:"projectId"`
SecretPath string `json:"secretPath"`
IncludeImport bool `json:"includeImports"`
Recursive bool `json:"recursive"`
TagSlugs string `json:"tagSlugs,omitempty"`
ExpandSecretReferences bool `json:"expandSecretReferences"`
IncludePersonalOverrides bool `json:"includePersonalOverrides"`
}

type GetSecretsV4Response struct {
Secrets []struct {
ID string `json:"_id"`
Version int `json:"version"`
Expand All @@ -691,15 +692,15 @@ type GetRawSecretsV3Response struct {
ETag string
}

type GetRawSecretV3ByNameRequest struct {
type GetSecretV4ByNameRequest struct {
SecretName string `json:"secretName"`
WorkspaceID string `json:"workspaceId"`
Type string `json:"type,omitempty"`
Environment string `json:"environment"`
SecretPath string `json:"secretPath,omitempty"`
}

type GetRawSecretV3ByNameResponse struct {
type GetSecretV4ByNameResponse struct {
Secret struct {
ID string `json:"_id"`
Version int `json:"version"`
Expand Down
2 changes: 1 addition & 1 deletion packages/cmd/agent.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -908,7 +908,7 @@ func secretTemplateFunction(accessToken string, currentEtag *string) func(string

parsedArguments.SetDefaults()

res, err := util.GetPlainTextSecretsV3(accessToken, projectID, envSlug, secretPath, true, parsedArguments.IsRecursive, "", *parsedArguments.ShouldExpandSecretReferences)
res, err := util.GetPlainTextSecretsV4(accessToken, projectID, envSlug, secretPath, true, parsedArguments.IsRecursive, "", *parsedArguments.ShouldExpandSecretReferences, false)
if err != nil {
return nil, err
}
Expand Down
19 changes: 7 additions & 12 deletions packages/cmd/export.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,12 +94,13 @@ var exportCmd = &cobra.Command{
}

request := models.GetAllSecretsParameters{
Environment: environmentName,
TagSlugs: tagSlugs,
WorkspaceId: projectId,
SecretsPath: secretsPath,
IncludeImport: includeImports,
ExpandSecretReferences: shouldExpandSecrets,
Environment: environmentName,
TagSlugs: tagSlugs,
WorkspaceId: projectId,
SecretsPath: secretsPath,
IncludeImport: includeImports,
ExpandSecretReferences: shouldExpandSecrets,
IncludePersonalOverrides: secretOverriding,
}

if token != nil && token.Type == util.SERVICE_TOKEN_IDENTIFIER {
Expand Down Expand Up @@ -137,12 +138,6 @@ var exportCmd = &cobra.Command{
util.HandleError(err, "Unable to fetch secrets")
}

if secretOverriding {
secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_PERSONAL)
} else {
secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_SHARED)
}

var output string
secrets = util.FilterSecretsByTag(secrets, tagSlugs)
secrets = util.SortSecretsByKeys(secrets)
Expand Down
21 changes: 8 additions & 13 deletions packages/cmd/run.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -444,13 +444,14 @@ func fetchSecrets(request models.GetMultiPathSecretsParameters, projectConfigDir

for _, path := range request.SecretsPaths {
params := models.GetAllSecretsParameters{
Environment: request.Environment,
WorkspaceId: request.WorkspaceId,
TagSlugs: request.TagSlugs,
SecretsPath: path,
IncludeImport: request.IncludeImport,
Recursive: request.Recursive,
ExpandSecretReferences: request.ExpandSecretReferences,
Environment: request.Environment,
WorkspaceId: request.WorkspaceId,
TagSlugs: request.TagSlugs,
SecretsPath: path,
IncludeImport: request.IncludeImport,
Recursive: request.Recursive,
ExpandSecretReferences: request.ExpandSecretReferences,
IncludePersonalOverrides: secretOverriding,
}

if token != nil && token.Type == util.SERVICE_TOKEN_IDENTIFIER {
Expand All @@ -467,12 +468,6 @@ func fetchSecrets(request models.GetMultiPathSecretsParameters, projectConfigDir
allSecrets = append(allSecrets, secrets...)
}

if secretOverriding {
allSecrets = util.OverrideSecrets(allSecrets, util.SECRET_TYPE_PERSONAL)
} else {
allSecrets = util.OverrideSecrets(allSecrets, util.SECRET_TYPE_SHARED)
}

return allSecrets, nil
}

Expand Down
42 changes: 16 additions & 26 deletions packages/cmd/secrets.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,13 +84,14 @@ var secretsCmd = &cobra.Command{
}

request := models.GetAllSecretsParameters{
Environment: environmentName,
WorkspaceId: projectId,
TagSlugs: tagSlugs,
SecretsPath: secretsPath,
IncludeImport: includeImports,
Recursive: recursive,
ExpandSecretReferences: shouldExpandSecrets,
Environment: environmentName,
WorkspaceId: projectId,
TagSlugs: tagSlugs,
SecretsPath: secretsPath,
IncludeImport: includeImports,
Recursive: recursive,
ExpandSecretReferences: shouldExpandSecrets,
IncludePersonalOverrides: secretOverriding,
}

if token != nil && token.Type == util.SERVICE_TOKEN_IDENTIFIER {
Expand All @@ -104,12 +105,6 @@ var secretsCmd = &cobra.Command{
util.HandleError(err)
}

if secretOverriding {
secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_PERSONAL)
} else {
secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_SHARED)
}

// Sort the secrets by key so we can create a consistent output
secrets = util.SortSecretsByKeys(secrets)

Expand Down Expand Up @@ -505,13 +500,14 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
}

request := models.GetAllSecretsParameters{
Environment: environmentName,
WorkspaceId: projectId,
TagSlugs: tagSlugs,
SecretsPath: secretsPath,
IncludeImport: includeImports,
Recursive: recursive,
ExpandSecretReferences: shouldExpand,
Environment: environmentName,
WorkspaceId: projectId,
TagSlugs: tagSlugs,
SecretsPath: secretsPath,
IncludeImport: includeImports,
Recursive: recursive,
ExpandSecretReferences: shouldExpand,
IncludePersonalOverrides: secretOverriding,
}

if token != nil && token.Type == util.SERVICE_TOKEN_IDENTIFIER {
Expand All @@ -525,12 +521,6 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
util.HandleError(err, "To fetch all secrets")
}

if secretOverriding {
secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_PERSONAL)
} else {
secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_SHARED)
}

requestedSecrets := []models.SingleEnvironmentVariable{}

secretsMap := getSecretsByKeys(secrets)
Expand Down
1 change: 1 addition & 0 deletions packages/models/cli.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ type GetAllSecretsParameters struct {
IncludeImport bool
Recursive bool
ExpandSecretReferences bool
IncludePersonalOverrides bool
}

type InjectableEnvironmentResult struct {
Expand Down
Loading
Loading