rename bit bucket options

misc: modified step title
doc: added bitbucket integration with cli
2025-08-22 10:12:15 +00:00 · 2024-06-25 16:31:56 -04:00 · 2024-06-24 20:17:31 +08:00 · 2024-06-24 20:11:53 +08:00 · 2024-06-23 14:27:11 -07:00 · 2024-06-23 13:23:10 -07:00
11 changed files with 65 additions and 132 deletions
--- a/backend/src/services/secret-blind-index/secret-blind-index-dal.ts
+++ b/backend/src/services/secret-blind-index/secret-blind-index-dal.ts
@@ -30,6 +30,7 @@ export const secretBlindIndexDALFactory = (db: TDbClient) => {
        .leftJoin(TableName.SecretFolder, `${TableName.SecretFolder}.id`, `${TableName.Secret}.folderId`)
        .leftJoin(TableName.Environment, `${TableName.Environment}.id`, `${TableName.SecretFolder}.envId`)
        .where({ projectId })
+        .whereNull("secretBlindIndex")
        .select(selectAllTableCols(TableName.Secret))
        .select(
          db.ref("slug").withSchema(TableName.Environment).as("environment"),
@@ -48,6 +49,7 @@ export const secretBlindIndexDALFactory = (db: TDbClient) => {
        .leftJoin(TableName.Environment, `${TableName.Environment}.id`, `${TableName.SecretFolder}.envId`)
        .where({ projectId })
        .whereIn(`${TableName.Secret}.id`, secretIds)
+        .whereNull("secretBlindIndex")
        .select(selectAllTableCols(TableName.Secret))
        .select(
          db.ref("slug").withSchema(TableName.Environment).as("environment"),
--- a/docs/documentation/platform/identities/machine-identities.mdx
+++ b/docs/documentation/platform/identities/machine-identities.mdx
@@ -26,13 +26,6 @@ A typical workflow for using identities consists of four steps:
 3. Authenticating the identity with the Infisical API based on the configured authentication method on it and receiving a short-lived access token back.
 4. Authenticating subsequent requests with the Infisical API using the short-lived access token.

-<Note>
-  Currently, identities can only be used to make authenticated requests to the Infisical API, SDKs, Terraform, Kubernetes Operator, and Infisical Agent. They do not work with clients such as CLI, Ansible look up plugin, etc.
-
-Machine Identity support for the rest of the clients is planned to be released in the current quarter.
-
-</Note>
-
 ## Authentication Methods

 To interact with various resources in Infisical, Machine Identities are able to authenticate using:
--- a/docs/documentation/platform/ldap/overview.mdx
+++ b/docs/documentation/platform/ldap/overview.mdx
@@ -14,8 +14,6 @@ then you should contact sales@infisical.com to purchase an enterprise license to

 You can configure your organization in Infisical to have members authenticate with the platform via [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol).

-To note, configuring LDAP retains the end-to-end encrypted nature of authentication in Infisical because we decouple the authentication and decryption steps; the LDAP server cannot and will not have access to the decryption key needed to decrypt your secrets.
-
 LDAP providers:

 - Active Directory
--- a/docs/documentation/platform/sso/overview.mdx
+++ b/docs/documentation/platform/sso/overview.mdx
@@ -15,9 +15,6 @@ description: "Learn how to log in to Infisical via SSO protocols."

 You can configure your organization in Infisical to have members authenticate with the platform via protocols like [SAML 2.0](https://en.wikipedia.org/wiki/SAML_2.0).

-To note, Infisical's SSO implementation decouples the **authentication** and **decryption** steps – which implies that no
-Identity Provider can have access to the decryption key needed to decrypt your secrets (this also implies that Infisical requires entering the user's Master Password on top of authenticating with SSO).
-
 ## Identity providers

 Infisical supports these and many other identity providers:
--- a/docs/images/integrations/bitbucket/integrations-bitbucket-env.png
+++ b/docs/images/integrations/bitbucket/integrations-bitbucket-env.png
--- a/docs/integrations/cicd/bitbucket.mdx
+++ b/docs/integrations/cicd/bitbucket.mdx
@@ -7,26 +7,62 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-<Steps>
-  <Step title="Authorize Infisical for Bitbucket">
-    Navigate to your project's integrations tab in Infisical.
+<AccordionGroup>
+  <Accordion title="Push secrets to Bitbucket from Infisical">
+    <Steps>
+      <Step title="Authorize Infisical for Bitbucket">
+        Navigate to your project's integrations tab in Infisical.

-    ![integrations](../../images/integrations.png)
+        ![integrations](../../images/integrations.png)

-    Press on the Bitbucket tile and grant Infisical access to your Bitbucket account.
+        Press on the Bitbucket tile and grant Infisical access to your Bitbucket account.

-    ![integrations bitbucket authorization](../../images/integrations/bitbucket/integrations-bitbucket-auth.png)
+        ![integrations bitbucket authorization](../../images/integrations/bitbucket/integrations-bitbucket-auth.png)

-    <Info>
-      If this is your project's first cloud integration, then you'll have to grant
-      Infisical access to your project's environment variables. Although this step
-      breaks E2EE, it's necessary for Infisical to sync the environment variables to
-      the cloud platform.
-    </Info>
-  </Step>
-  <Step title="Start integration">
-    Select which Infisical environment secrets you want to sync to which Bitbucket repo and press start integration to start syncing secrets to the repo.
+      </Step>
+      <Step title="Start integration">
+        Select which Infisical environment secrets you want to sync to which Bitbucket repo and press start integration to start syncing secrets to the repo.

-    ![integrations bitbucket](../../images/integrations/bitbucket/integrations-bitbucket.png)
-  </Step>
-</Steps>
+        ![integrations bitbucket](../../images/integrations/bitbucket/integrations-bitbucket.png)
+      </Step>
+    </Steps>
+
+  </Accordion>
+  <Accordion title="Pull secrets in Bitbucket pipelines from Infisical">
+    <Steps>
+      <Step title="Configure Infisical Access">
+        Configure a [Machine Identity](https://infisical.com/docs/documentation/platform/identities/universal-auth) for your project and give it permissions to read secrets from your desired Infisical projects and environments.
+      </Step>
+      <Step title="Initialize Bitbucket variables">
+      Create Bitbucket variables (can be either workspace, repository, or deployment-level) to store Machine Identity Client ID and Client Secret.
+      
+      ![integrations bitbucket](../../images/integrations/bitbucket/integrations-bitbucket-env.png)
+      </Step>
+      <Step title="Integrate Infisical secrets into the pipeline">
+        Edit your Bitbucket pipeline YAML file to include the use of the Infisical CLI to fetch and inject secrets into any script or command within the pipeline.
+        
+        #### Example
+
+        ```yaml
+        image: atlassian/default-image:3
+
+        pipelines:
+          default:
+            - step:
+                name: Build application with secrets from Infisical
+                script:
+                  - apt update && apt install -y curl
+                  - curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash
+                  - apt-get update && apt-get install -y infisical
+                  - export INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id=$INFISICAL_CLIENT_ID --client-secret=$INFISICAL_CLIENT_SECRET --silent --plain)
+                  - infisical run --projectId=1d0443c1-cd43-4b3a-91a3-9d5f81254a89 --env=dev -- npm run build
+        ```
+
+      <Tip>
+        Set the values of `projectId` and `env` flags in the `infisical run` command to your intended source path. For more options, refer to the CLI command reference [here](https://infisical.com/docs/cli/commands/run).
+      </Tip>
+      </Step>
+    </Steps>
+
+  </Accordion>
+</AccordionGroup>
--- a/docs/integrations/cloud/terraform-cloud.mdx
+++ b/docs/integrations/cloud/terraform-cloud.mdx
@@ -27,12 +27,6 @@ Prerequisites:

    ![integrations terraform cloud authorization](../../images/integrations/terraform/integrations-terraformcloud-auth.png)

-    <Info>
-      If this is your project's first cloud integration, then you'll have to grant
-      Infisical access to your project's environment variables. Although this step
-      breaks E2EE, it's necessary for Infisical to sync the environment variables to
-      the cloud platform.
-    </Info>
  </Step>
  <Step title="Start integration">
    Select which Infisical environment secrets and Terraform Cloud variable type you want to sync to which Terraform Cloud workspace/project and press create integration to start syncing secrets to Terraform Cloud.
@@ -40,4 +34,4 @@ Prerequisites:
    ![integrations terraform cloud](../../images/integrations/terraform/integrations-terraformcloud-create.png)
    ![integrations terraform cloud](../../images/integrations/terraform/integrations-terraformcloud.png)
  </Step>
-</Steps>
+</Steps>
--- a/docs/mint.json
+++ b/docs/mint.json
@@ -638,5 +638,10 @@
  ],
  "integrations": {
    "intercom": "hsg644ru"
+  },
+  "analytics": {
+    "koala": {
+      "publicApiKey": "pk_b50d7184e0e39ddd5cdb43cf6abeadd9b97d"
+    }
  }
 }
--- a/docs/sdks/overview.mdx
+++ b/docs/sdks/overview.mdx
@@ -19,6 +19,9 @@ From local development to production, Infisical SDKs provide the easiest way for
    <Card href="/sdks/languages/java" title="Java" icon="java" color="#e41f23">
        Manage secrets for your Java application on demand
    </Card>
+    <Card href="/sdks/languages/go" title="Go icon="golang" color="#367B99">
+        Manage secrets for your Go application on demand
+    </Card>
    <Card href="/sdks/languages/csharp" title="C#" icon="bars" color="#368833">
        Manage secrets for your C#/.NET application on demand
    </Card>
--- a/frontend/src/views/Settings/ProjectSettingsPage/components/ProjectGeneralTab/ProjectGeneralTab.tsx
+++ b/frontend/src/views/Settings/ProjectSettingsPage/components/ProjectGeneralTab/ProjectGeneralTab.tsx
@@ -5,7 +5,6 @@ import { E2EESection } from "../E2EESection";
 import { EnvironmentSection } from "../EnvironmentSection";
 import { PointInTimeVersionLimitSection } from "../PointInTimeVersionLimitSection";
 import { ProjectNameChangeSection } from "../ProjectNameChangeSection";
-import { RebuildSecretIndicesSection } from "../RebuildSecretIndicesSection/RebuildSecretIndicesSection";
 import { SecretTagsSection } from "../SecretTagsSection";

 export const ProjectGeneralTab = () => {
@@ -18,7 +17,6 @@ export const ProjectGeneralTab = () => {
      <E2EESection />
      <PointInTimeVersionLimitSection />
      <BackfillSecretReferenceSecretion />
-      <RebuildSecretIndicesSection />
      <DeleteProjectSection />
    </div>
  );
--- a/frontend/src/views/Settings/ProjectSettingsPage/components/RebuildSecretIndicesSection/RebuildSecretIndicesSection.tsx
+++ b/frontend/src/views/Settings/ProjectSettingsPage/components/RebuildSecretIndicesSection/RebuildSecretIndicesSection.tsx
@@ -1,93 +0,0 @@
-import { createNotification } from "@app/components/notifications";
-import {
-  decryptAssymmetric,
-  decryptSymmetric
-} from "@app/components/utilities/cryptography/crypto";
-import { Button } from "@app/components/v2";
-import { useProjectPermission, useWorkspace } from "@app/context";
-import { useToggle } from "@app/hooks";
-import { useGetUserWsKey, useNameWorkspaceSecrets } from "@app/hooks/api";
-import { ProjectMembershipRole } from "@app/hooks/api/roles/types";
-import { fetchWorkspaceSecrets } from "@app/hooks/api/workspace/queries";
-
-export const RebuildSecretIndicesSection = () => {
-  const { currentWorkspace } = useWorkspace();
-  const { membership } = useProjectPermission();
-  const nameWorkspaceSecrets = useNameWorkspaceSecrets();
-
-  const [isIndexing, setIsIndexing] = useToggle();
-  const { data: decryptFileKey } = useGetUserWsKey(currentWorkspace?.id!);
-
-  if (!currentWorkspace) return null;
-
-  const onRebuildIndices = async () => {
-    if (!currentWorkspace?.id) return;
-    setIsIndexing.on();
-    try {
-      const encryptedSecrets = await fetchWorkspaceSecrets(currentWorkspace.id);
-
-      if (!currentWorkspace || !decryptFileKey) {
-        return;
-      }
-
-      const key = decryptAssymmetric({
-        ciphertext: decryptFileKey.encryptedKey,
-        nonce: decryptFileKey.nonce,
-        publicKey: decryptFileKey.sender.publicKey,
-        privateKey: localStorage.getItem("PRIVATE_KEY") as string
-      });
-
-      const secretsToUpdate = encryptedSecrets.map((encryptedSecret) => {
-        const secretName = decryptSymmetric({
-          ciphertext: encryptedSecret.secretKeyCiphertext,
-          iv: encryptedSecret.secretKeyIV,
-          tag: encryptedSecret.secretKeyTag,
-          key
-        });
-
-        return {
-          secretName,
-          secretId: encryptedSecret.id
-        };
-      });
-      await nameWorkspaceSecrets.mutateAsync({
-        workspaceId: currentWorkspace.id,
-        secretsToUpdate
-      });
-
-      createNotification({
-        text: "Successfully rebuilt secret indices",
-        type: "success"
-      });
-    } catch (err) {
-      console.log(err);
-    } finally {
-      setIsIndexing.off();
-    }
-  };
-
-  const isAdmin = membership.roles.includes(ProjectMembershipRole.Admin);
-
-  if (!isAdmin) {
-    return null;
-  }
-
-  return (
-    <div className="mb-6 rounded-lg border border-mineshaft-600 bg-mineshaft-900 p-4">
-      <div className="flex w-full items-center justify-between">
-        <p className="text-xl font-semibold">Rebuild Secret Indices</p>
-      </div>
-      <p className="mb-4 mt-2 max-w-2xl text-sm text-gray-400">
-        This will rebuild indices of all secrets in the project.
-      </p>
-      <Button
-        variant="outline_bg"
-        isLoading={isIndexing}
-        onClick={onRebuildIndices}
-        isDisabled={!isAdmin}
-      >
-        Rebuild Secret Indices
-      </Button>
-    </div>
-  );
-};
Author	SHA1	Message	Date
Maidul Islam	f7e658e62b	rename bit bucket options	2024-06-25 16:31:56 -04:00
Sheen Capadngan	6029eaa9df	misc: modified step title	2024-06-24 20:17:31 +08:00
Sheen Capadngan	8703314c0c	doc: added bitbucket integration with cli	2024-06-24 20:11:53 +08:00
Vlad Matsiiako	6d9330e870	Update machine-identities.mdx	2024-06-23 14:27:11 -07:00
Vlad Matsiiako	d026a9b988	Update mint.json	2024-06-23 13:23:10 -07:00
Vlad Matsiiako	c2c693d295	Update mint.json	2024-06-23 13:22:30 -07:00
Vlad Matsiiako	c9c77f6c58	Update saml docs	2024-06-22 19:02:43 -07:00
Vlad Matsiiako	36a34b0f58	Update sdk docs	2024-06-22 18:38:37 -07:00
Vlad Matsiiako	45c153e592	Update terraform-cloud.mdx	2024-06-22 18:31:12 -07:00
Vlad Matsiiako	eeaabe44ec	Update LDAP docs	2024-06-22 16:44:42 -07:00