If you’re working with C#, the official Infisical C# SDK package is the easiest way to fetch and work with secrets for your application.

Basic Usage

using Infisical.Sdk;

namespace Example
{
    class Program
    {
        static void Main(string[] args)
        {

            var settings = new ClientSettings
            {
                ClientId = "CLIENT_ID",
                ClientSecret = "CLIENT_SECRET",
                // SiteUrl = "http://localhost:8080", <-- This line can be omitted if you're using Infisical Cloud.
            };
            var infisical = new InfisicalClient(settings);

            var options = new GetSecretOptions
            {
                SecretName = "TEST",
                ProjectId = "PROJECT_ID",
                Environment = "dev",
            };
            var secret = infisical.GetSecret(options);


            Console.WriteLine($"The value of secret '{secret.SecretKey}', is: {secret.SecretValue}");
        }
    }
}

This example demonstrates how to use the Infisical C# SDK in a C# application. The application retrieves a secret named TEST from the dev environment of the PROJECT_ID project.

We do not recommend hardcoding your Machine Identity Tokens. Setting it as an environment variable would be best.

Installation

Run npm to add @infisical/sdk to your project.

$ dotnet add package Infisical.Sdk

Configuration

Import the SDK and create a client instance with your Machine Identity.

using Infisical.Sdk;

namespace Example
{
    class Program
    {
        static void Main(string[] args)
        {

            var settings = new ClientSettings
            {
                ClientId = "CLIENT_ID",
                ClientSecret = "CLIENT_SECRET",
            };

            var infisical = new InfisicalClient(settings); // <-- Your SDK instance!
        }
    }
}

ClientSettings methods

options
object

Caching

To reduce the number of API requests, the SDK temporarily stores secrets it retrieves. By default, a secret remains cached for 5 minutes after it’s first fetched. Each time it’s fetched again, this 5-minute timer resets. You can adjust this caching duration by setting the “cacheTTL” option when creating the client.

Working with Secrets

client.ListSecrets(options)

var options = new ListSecretsOptions
{
    ProjectId = "PROJECT_ID",
    Environment = "dev",
    Path = "/foo/bar",
    AttachToProcessEnv = false,
};

var secrets = infisical.ListSecrets(options);

Retrieve all secrets within the Infisical project and environment that client is connected to

Parameters

Parameters
object

client.GetSecret(options)

var options = new GetSecretOptions
    {
        SecretName = "AAAA",
        ProjectId = "659c781eb2d4fe3e307b77bd",
        Environment = "dev",
    };
var secret = infisical.GetSecret(options);

Retrieve a secret from Infisical.

By default, GetSecret() fetches and returns a shared secret.

Parameters

Parameters
object

client.CreateSecret(options)

var options = new CreateSecretOptions {
    Environment = "dev",
    ProjectId = "PROJECT_ID",

    SecretName = "NEW_SECRET",
    SecretValue = "NEW_SECRET_VALUE",
    SecretComment = "This is a new secret",
};

var newSecret = infisical.CreateSecret(options);

Create a new secret in Infisical.

Parameters

Parameters
object

client.UpdateSecret(options)

var options = new UpdateSecretOptions {
    Environment = "dev",
    ProjectId = "PROJECT_ID",

    SecretName = "SECRET_TO_UPDATE",
    SecretValue = "NEW VALUE"
};

var updatedSecret = infisical.UpdateSecret(options);

Update an existing secret in Infisical.

Parameters

Parameters
object

client.DeleteSecret(options)

var options = new DeleteSecretOptions
{
    Environment = "dev",
    ProjectId = "PROJECT_ID",
    SecretName = "NEW_SECRET",
};

var deletedSecret = infisical.DeleteSecret(options);

Delete a secret in Infisical.

Parameters

Parameters
object

Cryptography

Create a symmetric key

Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.

var key = infisical.CreateSymmetricKey();

Returns (string)

key (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.

Encrypt symmetric

var options = new EncryptSymmetricOptions
{
    Plaintext = "Infisical is awesome!",
    Key = key,
};

var encryptedData = infisical.EncryptSymmetric(options);

Parameters

Parameters
object
required

Returns (object)

Tag (string): A base64-encoded, 128-bit authentication tag. Iv (string): A base64-encoded, 96-bit initialization vector. CipherText (string): A base64-encoded, encrypted ciphertext.

Decrypt symmetric

var decryptOptions = new DecryptSymmetricOptions
{
    Key = key,
    Ciphertext = encryptedData.Ciphertext,
    Iv = encryptedData.Iv,
    Tag = encryptedData.Tag,
};

var decryptedPlaintext = infisical.DecryptSymmetric(decryptOptions);

Parameters

Parameters
object
required

Returns (string)

Plaintext (string): The decrypted plaintext.