This is a GoCD Secrets Plugin which allows users to use Infisical as a secrets manager fo GoCD.
- GoCD server version
v19.6.0or above - An Infisical Machine Identity with the correct permissions to your desired project and a valid Universal Auth Client ID and Client Secret.
The plugin needs to be configured with a Secret Config in order to connect with Infisical. Configure it after installing the plugin.
-
Download the latest release to your GoCd server's
${GO_SERVER_DIR}/plugins/externaldirectory.Alternatively: Build from source and then copy the file
build/libs/gocd-infisical-secrets-plugin-$VERSION.jarto the GoCD server's external plugins directory. -
Restart the server.
The
GO_SERVER_DIRis usually/var/lib/go-serveron Linux andC:\Program Files\Go Serveron Windows.
-
Login to your GoCD server.
-
Navigate to Admin > Secret Management.
-
Click on ADD button and select
GoCD secrets plugin for Infisical. -
Configure the mandatory fields.
Field Required Description InfisicalURL true The Infisical URL (i.e. https://infisical.example.com)ClientId true The Universal Auth Client ID of your Machine Identity. ClientSecret true The Universal Auth Client Secret of your Machine Identity. ProjectId true The Project ID in Infisical where you want to access secrets. EnvironmentSlug true The Slug of the Environment where you want to pull secrets from. SecretPath false The folder path to pull secrets from. Defaults to /.NOTE: The plugin is pre-configured to expand Secret References, include Secret Imports, and recursively search the project folder for secrets. To limit access within the project/environment pair, provide a specific
SecretPathin your config (i.e./myTeam/myFolder) -
Configure the
ruleswhere this secrets can be used.<rules>tag defines where this secretConfig is allowed/denied to be referred. For more details about rules and examples refer the GoCD Secret Management documentation -
Save.
To build the jar, run ./gradlew clean test assemble
Edit the file wrapper-properties.conf on your GoCD server and add the following options. The location of the wrapper-properties.conf can be found in the installation documentation of the GoCD server.
# We recommend that you begin with the index `100` and increment the index for each system property
wrapper.java.additional.100=-Dplugin-cd.go.plugin.secrets.infisical.log.level=debugset the environment variable GOCD_SERVER_JVM_OPTIONS:
docker run -e "GOCD_SERVER_JVM_OPTIONS=-Dplugin-cd.go.plugin.secrets.infisical.log.level=debug" ...The plugin logs are written to LOG_DIR/plugin-cd.go.plugin.secrets.infisical.log. The log dir
- on Linux is
/var/log/go-server - on Windows are written to
C:\Program Files\Go Server\logs - on docker images are written to
/godata/logs