Compare commits

...

9 Commits

Author SHA1 Message Date
Maidul Islam
eafa50747b increase rate limits 2024-06-03 13:55:59 -04:00
Maidul Islam
77f794e1d0 Merge pull request #1891 from Infisical/snyk-fix-d845d74692da524b59866cf430937d1d
[Snyk] Security upgrade mysql2 from 3.9.7 to 3.9.8
2024-06-03 00:23:25 -04:00
Maidul Islam
3b9afb8b5b Merge pull request #1914 from Infisical/shubham/optimise-loading-gif
chore: compress loader gifs
2024-06-03 00:10:03 -04:00
Sheen Capadngan
8bf763dd5a Merge pull request #1903 from Infisical/feat/add-tags-to-existing-aws-params
feat: added support for tagging existing aws params
2024-06-03 01:39:17 +08:00
ShubhamPalriwala
e93b465004 chore: compress loader gifs 2024-06-01 21:46:03 +05:30
Maidul Islam
000d87075b Merge pull request #1913 from srevinsaju/patch-1 2024-06-01 09:45:21 -04:00
Srevin Saju
2291bdc036 docs: fix typo 2024-06-01 16:22:59 +03:00
Sheen Capadngan
d79d7ca5e8 feat: added support for tagging existing aws params 2024-05-30 21:40:09 +08:00
snyk-bot
f11c2d6b3e fix: backend/package.json & backend/package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MYSQL2-6861580
2024-05-29 00:10:15 +00:00
8 changed files with 45 additions and 18 deletions

View File

@@ -51,7 +51,7 @@
"libsodium-wrappers": "^0.7.13",
"lodash.isequal": "^4.5.0",
"ms": "^2.1.3",
"mysql2": "^3.9.7",
"mysql2": "^3.9.8",
"nanoid": "^5.0.4",
"nodemailer": "^6.9.9",
"ora": "^7.0.1",
@@ -10290,9 +10290,10 @@
}
},
"node_modules/mysql2": {
"version": "3.9.7",
"resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.9.7.tgz",
"integrity": "sha512-KnJT8vYRcNAZv73uf9zpXqNbvBG7DJrs+1nACsjZP1HMJ1TgXEy8wnNilXAn/5i57JizXKtrUtwDB7HxT9DDpw==",
"version": "3.9.8",
"resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.9.8.tgz",
"integrity": "sha512-+5JKNjPuks1FNMoy9TYpl77f+5frbTklz7eb3XDwbpsERRLEeXiW2PDEkakYF50UuKU2qwfGnyXpKYvukv8mGA==",
"license": "MIT",
"dependencies": {
"denque": "^2.1.0",
"generate-function": "^2.3.1",

View File

@@ -112,7 +112,7 @@
"libsodium-wrappers": "^0.7.13",
"lodash.isequal": "^4.5.0",
"ms": "^2.1.3",
"mysql2": "^3.9.7",
"mysql2": "^3.9.8",
"nanoid": "^5.0.4",
"nodemailer": "^6.9.9",
"ora": "^7.0.1",

View File

@@ -28,7 +28,7 @@ export const readLimit: RateLimitOptions = {
// POST, PATCH, PUT, DELETE endpoints
export const writeLimit: RateLimitOptions = {
timeWindow: 60 * 1000,
max: 50,
max: 200, // (too low, FA having issues so increasing it - maidul)
keyGenerator: (req) => req.realIp
};

View File

@@ -27,6 +27,7 @@ import { z } from "zod";
import { SecretType, TIntegrationAuths, TIntegrations, TSecrets } from "@app/db/schemas";
import { request } from "@app/lib/config/request";
import { BadRequestError } from "@app/lib/errors";
import { logger } from "@app/lib/logger";
import { TCreateManySecretsRawFn, TUpdateManySecretsRawFn } from "@app/services/secret/secret-types";
import { TIntegrationDALFactory } from "../integration/integration-dal";
@@ -521,18 +522,42 @@ const syncSecretsAWSParameterStore = async ({
.promise();
}
// case: secret exists in AWS parameter store
} else if (awsParameterStoreSecretsObj[key].Value !== secrets[key].value) {
// case: secret value doesn't match one in AWS parameter store
} else {
// -> update secret
await ssm
.putParameter({
Name: `${integration.path}${key}`,
Type: "SecureString",
Value: secrets[key].value,
Overwrite: true
// Tags: metadata.secretAWSTag ? [{ Key: metadata.secretAWSTag.key, Value: metadata.secretAWSTag.value }] : []
})
.promise();
if (awsParameterStoreSecretsObj[key].Value !== secrets[key].value) {
await ssm
.putParameter({
Name: `${integration.path}${key}`,
Type: "SecureString",
Value: secrets[key].value,
Overwrite: true
})
.promise();
}
if (awsParameterStoreSecretsObj[key].Name) {
try {
await ssm
.addTagsToResource({
ResourceType: "Parameter",
ResourceId: awsParameterStoreSecretsObj[key].Name as string,
Tags: metadata.secretAWSTag
? metadata.secretAWSTag.map((tag: { key: string; value: string }) => ({
Key: tag.key,
Value: tag.value
}))
: []
})
.promise();
} catch (err) {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
if ((err as any).code === "AccessDeniedException") {
logger.error(
`AWS Parameter Store Error [integration=${integration.id}]: double check AWS account permissions (refer to the Infisical docs)`
);
}
}
}
}
await new Promise((resolve) => {

View File

@@ -28,6 +28,7 @@ Prerequisites:
"Action": [
"ssm:PutParameter",
"ssm:DeleteParameter",
"ssm:GetParameters",
"ssm:GetParametersByPath",
"ssm:DeleteParameters",
"ssm:AddTagsToResource", // if you need to add tags to secrets

View File

@@ -33,7 +33,7 @@ description: "Learn how to use Helm chart to install Infisical on your Kubernete
pullPolicy: IfNotPresent
```
<Warning>
Do you not use the latest docker image tag in production deployments as they can introduce unexpected changes
Do not use the latest docker image tag in production deployments as they can introduce unexpected changes
</Warning>
</Step>

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.3 MiB

After

Width:  |  Height:  |  Size: 368 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 510 KiB

After

Width:  |  Height:  |  Size: 212 KiB