Fix: Add detailed decryption error logging

Merge pull request #1473 from Infisical/ldap-docs
Add docs for LDAP
2025-07-02 16:55:02 +00:00 · 2024-02-26 22:19:54 +01:00 · 2024-02-26 10:51:48 -08:00 · 2024-02-26 10:49:30 -08:00 · 2024-02-26 13:01:57 -05:00 · 2024-02-26 19:56:51 +05:30
13 changed files with 115 additions and 11 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -2,6 +2,6 @@

 Thanks for taking the time to contribute! 😃 🚀

-Please refer to our [Contributing Guide](https://infisical.com/docs/contributing/overview) for instructions on how to contribute.
+Please refer to our [Contributing Guide](https://infisical.com/docs/contributing/getting-started/overview) for instructions on how to contribute.

 We also have some 🔥amazing🔥 merch for our contributors. Please reach out to tony@infisical.com for more info 👀
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@ -4,10 +4,12 @@ services:
  db-migration:
    container_name: infisical-db-migration
    depends_on:
-      - db
+      db:
+        condition: service_healthy
    image: infisical/infisical:latest-postgres
    env_file: .env
    command: npm run migration:latest
+    pull_policy: always
    networks:
      - infisical

@ -16,12 +18,13 @@ services:
    restart: unless-stopped
    depends_on:
      db:
-        condition: service_started
+        condition: service_healthy
      redis:
        condition: service_started
      db-migration:
        condition: service_completed_successfully
    image: infisical/infisical:latest-postgres
+    pull_policy: always
    env_file: .env
    ports:
      - 80:8080
@ -52,6 +55,11 @@ services:
      - pg_data:/data/db
    networks:
      - infisical
+    healthcheck:
+      test: "pg_isready --username=${POSTGRES_USER} && psql --username=${POSTGRES_USER} --list"
+      interval: 5s
+      timeout: 10s
+      retries: 10

 volumes:
  pg_data:
--- a/docs/documentation/platform/ldap.mdx
+++ b/docs/documentation/platform/ldap.mdx
@ -0,0 +1,36 @@
+---
+title: "LDAP"
+description: "Log in to Infisical with LDAP"
+---
+
+<Info>
+    LDAP is a paid feature.
+   
+   If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
+   then you should contact team@infisical.com to purchase an enterprise license to use it.
+</Info>
+
+You can configure your organization in Infisical to have members authenticate with the platform via [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol); this includes support for Active Directory.
+
+<Steps>
+   <Step title="Prepare the LDAP configuration in Infisical">
+        In Infisical, head to your Organization Settings > Authentication > LDAP Configuration and select **Set up LDAP**.
+        
+        Next, input your LDAP server settings.
+        
+        ![LDAP configuration](/images/platform/ldap/ldap-config.png)
+        
+        Here's some guidance for each field:
+
+        - URL: The LDAP server to connect to such as `ldap://ldap.your-org.com`, `ldaps://ldap.myorg.com:636` (for connection over SSL/TLS), etc.
+        - Bind DN: The distinguished name of object to bind when performing the user search such as `cn=infisical,ou=Users,dc=acme,dc=com`.
+        - Bind Pass: The password to use along with `Bind DN` when performing the user search.
+        - Search Base / User DN: Base DN under which to perform user search such as `ou=Users,dc=example,dc=com`
+        - CA Certificate: The CA certificate to use when verifying the LDAP server certificate.
+   </Step>
+   <Step title="Enable LDAP in Infisical">
+        Enabling LDAP allows members in your organization to log into Infisical via LDAP.
+        
+        ![LDAP toggle](/images/platform/ldap/ldap-toggle.png)
+   </Step>
+</Steps>
--- a/docs/images/platform/ldap/ldap-config.png
+++ b/docs/images/platform/ldap/ldap-config.png
--- a/docs/images/platform/ldap/ldap-toggle.png
+++ b/docs/images/platform/ldap/ldap-toggle.png
--- a/docs/mint.json
+++ b/docs/mint.json
@ -149,6 +149,7 @@
            "documentation/platform/sso/jumpcloud"
          ]
        },
+        "documentation/platform/ldap",
        {
          "group": "SCIM",
          "pages": [
--- a/docs/self-hosting/configuration/envars.mdx
+++ b/docs/self-hosting/configuration/envars.mdx
@ -4,7 +4,7 @@ description: "Configure environment variables for self-hosted Infisical"
 ---


-Infisical accepts all configurations via environment variables. For a basic self-hosted instance, at least `ENCRYPTION_KEY`, `AUTH_SECRET`, `DB_CONNECTION_URI` and `REDIS_URL` must be defined. 
+Infisical accepts all configurations via environment variables. For a minimal self-hosted instance, at least `ENCRYPTION_KEY`, `AUTH_SECRET`, `DB_CONNECTION_URI` and `REDIS_URL` must be defined. 
 However, you can configure additional settings to activate more features as needed.

 ## General platform    
--- a/docs/self-hosting/deployment-options/kubernetes-helm.mdx
+++ b/docs/self-hosting/deployment-options/kubernetes-helm.mdx
@ -166,7 +166,7 @@ description: "Use Helm chart to install Infisical on your Kubernetes cluster"
  <Step title="Access Infisical">
    After deployment, please wait for 2-5 minutes for all pods to reach a running state. Once a significant number of pods are operational, access the IP address revealed through Ingress by your load balancer. 
    You can find the IP address/hostname by executing the command `kubectl get ingress`.
-    ![self host sign up](images/self-hosting/applicable-to-all/selfhost-signup.png)
+    ![infisical-selfhost](images/self-hosting/applicable-to-all/selfhost-signup.png)
  </Step>
  <Step title="Upgrade your instance">
    To upgrade your instance of Infisical simply update the docker image tag in your Halm values and rerun the command below.
@ -176,8 +176,8 @@ description: "Use Helm chart to install Infisical on your Kubernetes cluster"
    ```

    <Tip>
-      Always back up your database before each upgrade, especially in a production environment
+      Always back up your database before each upgrade, especially in a production environment.
    </Tip>

  </Step>
-</Steps>
+</Steps>
--- a/frontend/src/components/signup/EnterEmailStep.tsx
+++ b/frontend/src/components/signup/EnterEmailStep.tsx
@ -28,7 +28,7 @@ export default function EnterEmailStep({
  incrementStep
 }: DownloadBackupPDFStepProps): JSX.Element {
  const { createNotification } = useNotificationContext();
-  const { mutateAsync } = useSendVerificationEmail();
+  const { mutateAsync, isLoading } = useSendVerificationEmail();
  const [emailError, setEmailError] = useState(false);
  const { t } = useTranslation();

@ -91,6 +91,8 @@ export default function EnterEmailStep({
              className='h-14'
              colorSchema="primary"
              variant="outline_bg"
+              isLoading={isLoading}
+              isDisabled={isLoading}
            > {String(t("signup.step1-submit"))} </Button>
          </div>
        </div>
--- a/frontend/src/components/utilities/cryptography/crypto.ts
+++ b/frontend/src/components/utilities/cryptography/crypto.ts
@ -210,7 +210,14 @@ const decryptSymmetric = ({ ciphertext, iv, tag, key }: DecryptSymmetricProps):
  try {
    plaintext = aes.decrypt({ ciphertext, iv, tag, secret: key });
  } catch (err) {
-    console.log("Failed to perform decryption");
+    console.log("Failed to decrypt with the following parameters", {
+      ciphertext,
+      iv,
+      tag,
+      key
+    });
+    console.log("Failed to perform decryption", err);
+
    process.exit(1);
  }

--- a/frontend/src/views/SecretRotationPage/components/CreateRotationForm/CreateRotationForm.tsx
+++ b/frontend/src/views/SecretRotationPage/components/CreateRotationForm/CreateRotationForm.tsx
@ -90,7 +90,7 @@ export const CreateRotationForm = ({
      <ModalContent
        title={`Secret rotation for ${provider.name}`}
        subTitle="Provide the required inputs needed for the rotation"
-        className="max-w-2xl"
+        className="max-w-2xl max-h-screen overflow-scroll my-4"
      >
        <Stepper activeStep={wizardStep} direction="horizontal" className="mb-4">
          {WIZARD_STEPS.map(({ title, description }, index) => (
--- a/helm-charts/infisical-standalone-postgres/Chart.yaml
+++ b/helm-charts/infisical-standalone-postgres/Chart.yaml
@ -7,7 +7,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.0
+version: 1.0.1

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
--- a/helm-charts/infisical-standalone-postgres/templates/ingress.yaml
+++ b/helm-charts/infisical-standalone-postgres/templates/ingress.yaml
@ -0,0 +1,50 @@
+{{ if .Values.ingress.enabled }}
+{{- $ingress := .Values.ingress }}
+{{- if and $ingress.ingressClassName (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey $ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set $ingress.annotations "kubernetes.io/ingress.class" $ingress.ingressClassName}}
+  {{- end }}
+{{- end }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: infisical-ingress
+  {{- with $ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and $ingress.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ $ingress.ingressClassName | default "nginx" }}
+  {{- end }}
+{{- if $ingress.tls }}
+  tls:
+  {{- range $ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+    - http:
+        paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: {{ include "infisical.fullname" . }}
+              port:
+                number: 8080
+        - path: /ss-webhook
+          pathType: Exact
+          backend:
+            service:
+              name: {{ include "infisical.fullname" . }}
+              port:
+                number: 8080
+      {{- if $ingress.hostName }}
+      host: {{ $ingress.hostName }}
+      {{- end }}
+{{ end }}
Author	SHA1	Message	Date
Daniel Hougaard	514304eed0	Fix: Add detailed decryption error logging	2024-02-26 22:19:54 +01:00
BlackMagiq	98cd71d421	Merge pull request #1473 from Infisical/ldap-docs Add docs for LDAP	2024-02-26 10:51:48 -08:00
Tuan Dang	ae6157dd78	Add docs for LDAP	2024-02-26 10:49:30 -08:00
Maidul Islam	4bf7e8bbd1	add ingress back to helm	2024-02-26 13:01:57 -05:00
Akhil Mohan	6891d309da	Merge pull request #1467 from Trugamr/fix/1422-verify-email-loading fix(signup): set send verification email button loading state	2024-02-26 19:56:51 +05:30
Maidul Islam	1cccbca0c5	Merge pull request #1466 from Trugamr/fix/contributing-guide-link Fix broken contributing guide link	2024-02-26 08:54:53 -05:00
Akhil Mohan	2c2e1f5d2e	Merge pull request #1470 from Infisical/scroll-rotation-fix fix scrolling issue in rotation modal	2024-02-26 13:43:48 +05:30
Vladyslav Matsiiako	6946f3901c	fix scrolling issue in rotation modal	2024-02-26 00:03:41 -08:00
Maidul Islam	82a7010e29	Update envars.mdx	2024-02-25 14:47:04 -05:00
Maidul Islam	a1e763fa28	Update kubernetes-helm.mdx	2024-02-25 14:42:10 -05:00
Maidul Islam	0992117173	add pull policy to docker compose	2024-02-25 14:12:19 -05:00
Maidul Islam	9419884a26	Merge pull request #1468 from radhakrisri/main Wait for db service to be healthy before kicking off db-migration and backend services	2024-02-25 14:10:44 -05:00
Radha Krishna. S	850f3a347c	Wait for db service to be healthy before kicking off db-migration and backend services	2024-02-25 12:33:42 -06:00
Trugamr	4c9101d18d	fix(signup): set send verification email button loading state Set loading state for button based on send verification email mutation state fix #1422	2024-02-25 14:58:08 +05:30
Shivam Dua	06e8e90ad5	Fix broken contributing guide link	2024-02-25 13:52:40 +05:30
Maidul Islam	fdd79c0568	Update kubernetes-helm.mdx	2024-02-23 21:41:48 -05:00
Maidul Islam	4ef8abdb00	Merge pull request #1460 from Infisical/postgres-helm Add helm chart with postgres + many other docs changes	2024-02-23 21:25:12 -05:00