add docs for label and refereces

handle empty label
Merge pull request #2907 from Infisical/temp-hide-app-connection-docs
2025-07-11 12:11:38 +00:00 · 2024-12-26 16:36:27 -05:00 · 2024-12-26 01:17:47 -05:00 · 2024-12-20 18:53:20 -05:00 · 2024-12-20 15:07:23 -08:00 · 2024-12-20 08:49:38 -08:00
6 changed files with 144 additions and 40 deletions
--- a/backend/src/services/integration-auth/integration-sync-secret.ts
+++ b/backend/src/services/integration-auth/integration-sync-secret.ts
@ -328,7 +328,7 @@ const syncSecretsAzureAppConfig = async ({
  const metadata = IntegrationMetadataSchema.parse(integration.metadata);

  const azureAppConfigValuesUrl = `${integration.app}/kv?api-version=2023-11-01&key=${metadata.secretPrefix}*${
-    metadata.azureLabel ? `&label=${metadata.azureLabel}` : ""
+    metadata.azureLabel ? `&label=${metadata.azureLabel}` : "&label=%00"
  }`;

  const azureAppConfigSecrets = (await getCompleteAzureAppConfigValues(azureAppConfigValuesUrl)).reduce(
--- a/docs/cli/commands/ssh.mdx
+++ b/docs/cli/commands/ssh.mdx
@ -0,0 +1,116 @@
+---
+title: "infisical ssh"
+description: "Generate SSH credentials with the CLI"
+---
+
+## Description
+
+[Infisical SSH](/documentation/platform/ssh) lets you issue SSH credentials to clients to provide short-lived, secure SSH access to infrastructure.
+
+This command enables you to obtain SSH credentials used to access a remote host; we recommend using the `issue-credentials` sub-command to generate dynamic SSH credentials for each SSH session.
+
+### Sub-commands
+
+<Accordion title="infisical ssh issue-credentials">
+    This command is used to issue SSH credentials (SSH certificate, public key, and private key) against a certificate template.
+    
+    We recommend using the `--addToAgent` flag to automatically load issued SSH credentials to the SSH agent.
+    
+    ```bash
+    $ infisical ssh issue-credentials --certificateTemplateId=<certificate-template-id> --principals=<principals> --addToAgent
+    ```
+
+    ### Flags
+    <Accordion title="--certificateTemplateId">
+        The ID of the SSH certificate template to issue SSH credentials for.
+    </Accordion>
+    <Accordion title="--principals">
+        A comma-separated list of principals (i.e. usernames like `ec2-user` or hostnames) to issue SSH credentials for.
+    </Accordion>
+    <Accordion title="--addToAgent">
+        Whether to add issued SSH credentials to the SSH agent.
+        
+        Default value: `false`
+        
+        Note that either the `--outFilePath` or `--addToAgent` flag must be set for the sub-command to execute successfully.
+    </Accordion>
+    <Accordion title="--outFilePath">
+        The path to write the SSH credentials to such as `~/.ssh`, `./some_folder`, `./some_folder/id_rsa-cert.pub`. If not provided, the credentials will be saved to the current working directory where the command is run.
+        
+        Note that either the `--outFilePath` or `--addToAgent` flag must be set for the sub-command to execute successfully.
+    </Accordion>
+    <Accordion title="--keyAlgorithm">
+        The key algorithm to issue SSH credentials for.
+        
+        Default value: `RSA_2048`
+        
+        Available options: `RSA_2048`, `RSA_4096`, `EC_prime256v1`, `EC_secp384r1`.
+    </Accordion>
+    <Accordion title="--certType">
+        The certificate type to issue SSH credentials for.
+        
+        Default value: `user`
+        
+        Available options: `user` or `host`
+    </Accordion>
+    <Accordion title="--ttl">
+        The time-to-live (TTL) for the issued SSH certificate (e.g. `2 days`, `1d`, `2h`, `1y`).
+        
+        Defaults to the Default TTL value set in the certificate template.
+    </Accordion>
+    <Accordion title="--keyId">
+        A custom Key ID to issue SSH credentials for.
+        
+        Defaults to the autogenerated Key ID by Infisical.
+    </Accordion>
+    <Accordion title="--token">
+        An authenticated token to use to issue SSH credentials.
+    </Accordion>
+</Accordion>
+
+<Accordion title="infisical ssh sign-key">
+    This command is used to sign an existing SSH public key against a certificate template; the command outputs the corresponding signed SSH certificate.
+    
+    ```bash
+    $ infisical ssh sign-key --certificateTemplateId=<certificate-template-id> --publicKey=<public-key> --principals=<principals> --outFilePath=<out-file-path>
+    ```
+    <Accordion title="--certificateTemplateId">
+        The ID of the SSH certificate template to issue the SSH certificate for.
+    </Accordion>
+    <Accordion title="--publicKey">
+        The public key to sign.
+
+        Note that either the `--publicKey` or `--publicKeyFilePath` flag must be set for the sub-command to execute successfully.
+    </Accordion>
+    <Accordion title="--publicKeyFilePath">
+        The path to the public key file to sign.
+
+        Note that either the `--publicKey` or `--publicKeyFilePath` flag must be set for the sub-command to execute successfully.
+    </Accordion>
+    <Accordion title="--principals">
+        A comma-separated list of principals (i.e. usernames like `ec2-user` or hostnames) to issue SSH credentials for.
+    </Accordion>
+    <Accordion title="--outFilePath">
+        The path to write the SSH certificate to such as `~/.ssh/id_rsa-cert.pub`; the specified file must have the `.pub` extension. If not provided, the credentials will be saved to the directory of the specified `--publicKeyFilePath` or the current working directory where the command is run.
+    </Accordion>
+    <Accordion title="--certType">
+        The certificate type to issue SSH credentials for.
+        
+        Default value: `user`
+        
+        Available options: `user` or `host`
+    </Accordion>
+    <Accordion title="--ttl">
+        The time-to-live (TTL) for the issued SSH certificate (e.g. `2 days`, `1d`, `2h`, `1y`).
+        
+        Defaults to the Default TTL value set in the certificate template.
+    </Accordion>
+    <Accordion title="--keyId">
+        A custom Key ID to issue SSH credentials for.
+        
+        Defaults to the autogenerated Key ID by Infisical.
+    </Accordion>
+    <Accordion title="--token">
+        An authenticated token to use to issue SSH credentials.
+    </Accordion>
+</Accordion>
--- a/docs/documentation/platform/ssh.mdx
+++ b/docs/documentation/platform/ssh.mdx
@ -6,7 +6,7 @@ description: "Learn how to generate SSH credentials to provide secure and centra

 ## Concept

-Infisical can be used to issue SSH certificates to clients to provide short-lived, secure SSH access to infrastructure;
+Infisical can be used to issue SSH credentials to clients to provide short-lived, secure SSH access to infrastructure;
 this improves on many limitations of traditional SSH key-based authentication via mitigation of private key compromise, static key management,
 unauthorized access, and SSH key sprawl.

@ -191,7 +191,9 @@ infisical login

    - `certificateTemplateId`: The ID of the certificate template to use for issuing the SSH certificate.
    - `principals`: The comma-delimited username(s) or hostname(s) to include in the SSH certificate.
-
+    
+    For fuller documentation on commands and flags supported by the Infisical CLI for SSH, refer to the docs [here](/cli/commands/ssh).
+ 
  </Step>
  <Step title="SSH into the host">
    Finally, SSH into the desired host; the SSH operation will be performed using the SSH certificate loaded into the SSH agent.
@ -199,11 +201,10 @@ infisical login
    ```bash
    ssh username@hostname
    ```
-
  </Step>
 </Steps>

 <Note>
  Note that the above workflow can be executed via API or other client methods
  such as SDK.
-</Note>
+</Note>
--- a/docs/images/integrations/azure-app-configuration/create-integration-form.png
+++ b/docs/images/integrations/azure-app-configuration/create-integration-form.png
--- a/docs/integrations/cloud/azure-app-configuration.mdx
+++ b/docs/integrations/cloud/azure-app-configuration.mdx
@ -30,6 +30,27 @@ description: "How to sync secrets from Infisical to Azure App Configuration"

        Press create integration to start syncing secrets to Azure App Configuration.
      </Step>
+      <Step title="Additional Configuration">
+
+        #### Azure references
+          When adding secrets in Infisical that reference Azure Key Vault secrets, Infisical will automatically sets the content type to `application/vnd.microsoft.appconfig.keyvaultref+json;charset=utf-8` in Azure App Configuration. 
+          The following reference formats are automatically detected when added on Infisical's side:
+          - `{ "uri": "https://my-key-vault.vault.azure.net/secrets/my-secret" }`
+          - `https://my-key-vault.vault.azure.net/secrets/my-secret`
+
+        ### Azure Labels 
+          You can sync secrets from Infisical to Azure with custom labels by enabling the `Use Labels` option during setup:
+
+          **When enabled**: Secrets will be pushed to Azure with your specified label
+
+          **When disabled**: Secrets will be pushed with an empty (null) label
+
+        <Info>
+          If you have set the initial sync to `import` have behavior, the label selection affects which secrets are imported from Azure:
+          - With `Use Labels` disabled: Only secrets with empty labels are imported on initial sync
+          - With `Use Labels` enabled: Only secrets matching your specified label are imported on initial sync
+        </Info>
+      </Step>
    </Steps>

  </Tab>
--- a/docs/mint.json
+++ b/docs/mint.json
@ -320,6 +320,7 @@
            "cli/commands/run",
            "cli/commands/secrets",
            "cli/commands/dynamic-secrets",
+            "cli/commands/ssh",
            "cli/commands/export",
            "cli/commands/token",
            "cli/commands/service-token",
@ -341,14 +342,6 @@
        "cli/faq"
      ]
    },
-    {
-      "group": "App Connections",
-      "pages": [
-        "integrations/app-connections/overview",
-        "integrations/app-connections/aws",
-        "integrations/app-connections/github"
-      ]
-    },
    {
      "group": "Infrastructure Integrations",
      "pages": [
@ -765,33 +758,6 @@
            "api-reference/endpoints/identity-specific-privilege/list"
          ]
        },
-        {
-          "group": "App Connections",
-          "pages": [
-            "api-reference/endpoints/app-connections/list",
-            "api-reference/endpoints/app-connections/options",
-            { "group":  "AWS",
-              "pages": [
-                "api-reference/endpoints/app-connections/aws/list",
-                "api-reference/endpoints/app-connections/aws/get-by-id",
-                "api-reference/endpoints/app-connections/aws/get-by-name",
-                "api-reference/endpoints/app-connections/aws/create",
-                "api-reference/endpoints/app-connections/aws/update",
-                "api-reference/endpoints/app-connections/aws/delete"
-              ]
-            },
-            { "group":  "GitHub",
-              "pages": [
-                "api-reference/endpoints/app-connections/github/list",
-                "api-reference/endpoints/app-connections/github/get-by-id",
-                "api-reference/endpoints/app-connections/github/get-by-name",
-                "api-reference/endpoints/app-connections/github/create",
-                "api-reference/endpoints/app-connections/github/update",
-                "api-reference/endpoints/app-connections/github/delete"
-              ]
-            }
-          ]
-        },
        {
          "group": "Integrations",
          "pages": [
Author	SHA1	Message	Date
Maidul Islam	05139820a5	add docs for label and refereces	2024-12-26 16:36:27 -05:00
Maidul Islam	8fc03c06d9	handle empty label	2024-12-26 01:17:47 -05:00
Maidul Islam	634b500244	Merge pull request #2907 from Infisical/temp-hide-app-connection-docs	2024-12-20 18:53:20 -05:00
Scott Wilson	54b4d4ae55	docs: temp hide app connections	2024-12-20 15:07:23 -08:00
BlackMagiq	2f6dab3f63	Merge pull request #2901 from Infisical/ssh-cli-docs Documentation for SSH Command in CLI	2024-12-20 08:49:38 -08:00
Tuan Dang	e9564f5231	Fix ssh cli docs based on review	2024-12-19 22:12:32 -08:00
Tuan Dang	05cdca9202	Add docs for SSH CLI	2024-12-19 19:47:24 -08:00