Merge pull request #4184 from Infisical/fix/cliExportFileFlag

Updated CLI export doc to document the new --output-file behavior
Merge pull request #4185 from Infisical/fix/pkiImportCertToCaIssueWithDn
2025-07-20 01:48:03 +00:00 · 2025-07-17 11:12:33 -03:00 · 2025-07-17 10:42:01 -03:00 · 2025-07-17 10:28:31 -03:00 · 2025-07-17 10:00:40 -03:00 · 2025-07-17 17:59:49 +05:30
4 changed files with 44 additions and 10 deletions
--- a/backend/src/services/app-connection/1password/1password-connection-fns.ts
+++ b/backend/src/services/app-connection/1password/1password-connection-fns.ts
@ -31,12 +31,16 @@ export const validateOnePassConnectionCredentials = async (config: TOnePassConne
  const { apiToken } = config.credentials;

  try {
-    await request.get(`${instanceUrl}/v1/vaults`, {
+    const res = await request.get(`${instanceUrl}/v1/vaults`, {
      headers: {
        Authorization: `Bearer ${apiToken}`,
        Accept: "application/json"
      }
    });
+
+    if (!Array.isArray(res.data)) {
+      throw new AxiosError("Invalid response from 1Password API");
+    }
  } catch (error: unknown) {
    if (error instanceof AxiosError) {
      throw new BadRequestError({
--- a/backend/src/services/certificate-authority/certificate-authority-dal.ts
+++ b/backend/src/services/certificate-authority/certificate-authority-dal.ts
@ -218,7 +218,7 @@ export const certificateAuthorityDALFactory = (db: TDbClient) => {
  };

  const findWithAssociatedCa = async (
-    filter: Parameters<(typeof caOrm)["find"]>[0] & { dn?: string; type?: string },
+    filter: Parameters<(typeof caOrm)["find"]>[0] & { dn?: string; type?: string; serialNumber?: string },
    { offset, limit, sort = [["createdAt", "desc"]] }: TFindOpt<TCertificateAuthorities> = {},
    tx?: Knex
  ) => {
--- a/backend/src/services/certificate-authority/internal/internal-certificate-authority-service.ts
+++ b/backend/src/services/certificate-authority/internal/internal-certificate-authority-service.ts
@ -1068,11 +1068,11 @@ export const internalCertificateAuthorityServiceFactory = ({
      throw new BadRequestError({ message: "Invalid certificate chain" });

    const parentCertObj = chainItems[1];
-    const parentCertSubject = parentCertObj.subject;
+    const parentSerialNumber = parentCertObj.serialNumber;

    const [parentCa] = await certificateAuthorityDAL.findWithAssociatedCa({
      [`${TableName.CertificateAuthority}.projectId` as "projectId"]: ca.projectId,
-      [`${TableName.InternalCertificateAuthority}.dn` as "dn"]: parentCertSubject
+      [`${TableName.InternalCertificateAuthority}.serialNumber` as "serialNumber"]: parentSerialNumber
    });

    const certificateManagerKmsId = await getProjectKmsCertificateKeyId({
--- a/docs/cli/commands/export.mdx
+++ b/docs/cli/commands/export.mdx
@ -9,7 +9,7 @@ infisical export [options]

 ## Description

-Export environment variables from the platform into a file format.
+Export environment variables from the platform into a file format. By default, output is sent to stdout (standard output), but you can use the `--output-file` flag to save directly to a file.

 ## Subcommands & flags

@ -21,18 +21,19 @@ $ infisical export

 # Export variables to a .env file
 infisical export > .env
+infisical export --output-file=./.env

 # Export variables to a .env file (with export keyword)
 infisical export --format=dotenv-export > .env
-
-# Export variables to a CSV file
-infisical export --format=csv > secrets.csv
+infisical export --format=dotenv-export --output-file=./.env

 # Export variables to a JSON file
 infisical export --format=json > secrets.json
+infisical export --format=json --output-file=./secrets.json

 # Export variables to a YAML file
 infisical export --format=yaml > secrets.yaml
+infisical export --format=yaml --output-file=./secrets.yaml

 # Render secrets using a custom template file
 infisical export --template=<path to template>
@ -73,6 +74,34 @@ infisical export --template=<path to template>

 ### flags

+  <Accordion title="--output-file">
+    The path to write the output file to. Can be a full file path, directory, or filename.
+
+    ```bash
+    # Export to specific file
+    infisical export --format=json --output-file=./secrets.json
+
+    # Export to directory (uses default filename based on format)
+    infisical export --format=yaml --output-file=./
+    ```
+
+    **When `--output-file` is specified:**
+    - Secrets are saved directly to the specified file
+    - A success message is displayed showing the file path
+    - For directories: adds default filename `secrets.{format}` (e.g., `secrets.json`, `secrets.yaml`)
+    - For dotenv formats in directories: uses `.env` as the filename
+
+    **When `--output-file` is NOT specified (default behavior):**
+    - Output is sent to stdout (standard output)
+    - You can use shell redirection like `infisical export > secrets.json`
+    - Maintains backwards compatibility with existing scripts
+
+    <Warning>
+      If you're using shell redirection and your token expires, re-authentication will fail because the prompt can't display properly due to the redirection.
+    </Warning>
+
+  </Accordion>
+
  <Accordion title="--template">
    The `--template` flag specifies the path to the template file used for rendering secrets. When using templates, you can omit the other format flags.

@ -94,6 +123,7 @@ infisical export --template=<path to template>
    ```

  </Accordion>
+  
  <Accordion title="--env">
    Used to set the environment that secrets are pulled from.

@ -162,7 +192,7 @@ infisical export --template=<path to template>

    ```bash
    # Example
-    infisical run --tags=tag1,tag2,tag3 -- npm run dev
+    infisical export --tags=tag1,tag2,tag3 --env=dev
    ```

    Note: you must reference the tag by its slug name not its fully qualified name. Go to project settings to view all tag slugs.
Author	SHA1	Message	Date
carlosmonastyrski	144143b43a	Merge pull request #4184 from Infisical/fix/cliExportFileFlag Updated CLI export doc to document the new --output-file behavior	2025-07-17 11:12:33 -03:00
carlosmonastyrski	b9a05688cd	Merge pull request #4185 from Infisical/fix/pkiImportCertToCaIssueWithDn On importCertToCa use serialNumber instead of dn to get the parentCa	2025-07-17 10:42:01 -03:00
Carlos Monastyrski	c06c6c6c61	On importCertToCa use serialNumber instead of dn to get the parentCa	2025-07-17 10:28:31 -03:00
Carlos Monastyrski	350afee45e	Updated cli export doc	2025-07-17 10:00:40 -03:00
Sid	5ae18a691d	fix: verify response type (#4182 ) Co-authored-by: sidwebworks <xodeveloper@gmail.com>	2025-07-17 17:59:49 +05:30
Carlos Monastyrski	8187b1da91	Updated CLI export doc to document the new --output-file behavior	2025-07-17 06:58:34 -03:00