From 4548ff398d112753b5c337e8c1f715cec0e40e86 Mon Sep 17 00:00:00 2001 From: reonokiy Date: Fri, 16 May 2025 16:08:54 +0800 Subject: [PATCH] update --- infisical/.env | 122 +++++++++++++++++++++++++++++++++++ infisical/docker-compose.yml | 66 +++++++++++++++++++ 2 files changed, 188 insertions(+) create mode 100644 infisical/.env create mode 100644 infisical/docker-compose.yml diff --git a/infisical/.env b/infisical/.env new file mode 100644 index 0000000..8ee3d20 --- /dev/null +++ b/infisical/.env @@ -0,0 +1,122 @@ +# Keys +# Required key for platform encryption/decryption ops +# THIS IS A SAMPLE ENCRYPTION KEY AND SHOULD NEVER BE USED FOR PRODUCTION +ENCRYPTION_KEY=6c1fe4e407b8911c104518103505b218 + +# JWT +# Required secrets to sign JWT tokens +# THIS IS A SAMPLE AUTH_SECRET KEY AND SHOULD NEVER BE USED FOR PRODUCTION +AUTH_SECRET=5lrMXKKWCVocS/uerPsl7V+TX/aaUaI7iDkgl3tSmLE= + +# Postgres creds +POSTGRES_PASSWORD=infisical +POSTGRES_USER=infisical +POSTGRES_DB=infisical + +# Required +DB_CONNECTION_URI=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB} + +# Redis +REDIS_URL=redis://redis:6379 + +# Website URL +# Required +SITE_URL=http://localhost:8080 + +# Mail/SMTP +SMTP_HOST= +SMTP_PORT= +SMTP_FROM_ADDRESS= +SMTP_FROM_NAME= +SMTP_USERNAME= +SMTP_PASSWORD= + +# Integration +# Optional only if integration is used +CLIENT_ID_HEROKU= +CLIENT_ID_VERCEL= +CLIENT_ID_NETLIFY= +CLIENT_ID_GITHUB= +CLIENT_ID_GITHUB_APP= +CLIENT_SLUG_GITHUB_APP= +CLIENT_ID_GITLAB= +CLIENT_ID_BITBUCKET= +CLIENT_SECRET_HEROKU= +CLIENT_SECRET_VERCEL= +CLIENT_SECRET_NETLIFY= +CLIENT_SECRET_GITHUB= +CLIENT_SECRET_GITHUB_APP= +CLIENT_SECRET_GITLAB= +CLIENT_SECRET_BITBUCKET= +CLIENT_SLUG_VERCEL= + +CLIENT_PRIVATE_KEY_GITHUB_APP= +CLIENT_APP_ID_GITHUB_APP= + +# Sentry (optional) for monitoring errors +SENTRY_DSN= + +# Infisical Cloud-specific configs +# Ignore - Not applicable for self-hosted version +POSTHOG_HOST= +POSTHOG_PROJECT_API_KEY= + +# SSO-specific variables +CLIENT_ID_GOOGLE_LOGIN= +CLIENT_SECRET_GOOGLE_LOGIN= + +CLIENT_ID_GITHUB_LOGIN= +CLIENT_SECRET_GITHUB_LOGIN= + +CLIENT_ID_GITLAB_LOGIN= +CLIENT_SECRET_GITLAB_LOGIN= + +CAPTCHA_SECRET= + +NEXT_PUBLIC_CAPTCHA_SITE_KEY= + +OTEL_TELEMETRY_COLLECTION_ENABLED=false +OTEL_EXPORT_TYPE=prometheus +OTEL_EXPORT_OTLP_ENDPOINT= +OTEL_OTLP_PUSH_INTERVAL= + +OTEL_COLLECTOR_BASIC_AUTH_USERNAME= +OTEL_COLLECTOR_BASIC_AUTH_PASSWORD= + +PLAIN_API_KEY= +PLAIN_WISH_LABEL_IDS= + +SSL_CLIENT_CERTIFICATE_HEADER_KEY= + +ENABLE_MSSQL_SECRET_ROTATION_ENCRYPT=true + +# App Connections + +# aws assume-role connection +INF_APP_CONNECTION_AWS_ACCESS_KEY_ID= +INF_APP_CONNECTION_AWS_SECRET_ACCESS_KEY= + +# github oauth connection +INF_APP_CONNECTION_GITHUB_OAUTH_CLIENT_ID= +INF_APP_CONNECTION_GITHUB_OAUTH_CLIENT_SECRET= + +#github app connection +INF_APP_CONNECTION_GITHUB_APP_CLIENT_ID= +INF_APP_CONNECTION_GITHUB_APP_CLIENT_SECRET= +INF_APP_CONNECTION_GITHUB_APP_PRIVATE_KEY= +INF_APP_CONNECTION_GITHUB_APP_SLUG= +INF_APP_CONNECTION_GITHUB_APP_ID= + +#gcp app connection +INF_APP_CONNECTION_GCP_SERVICE_ACCOUNT_CREDENTIAL= + +# azure app connection +INF_APP_CONNECTION_AZURE_CLIENT_ID= +INF_APP_CONNECTION_AZURE_CLIENT_SECRET= + +# datadog +SHOULD_USE_DATADOG_TRACER= +DATADOG_PROFILING_ENABLED= +DATADOG_ENV= +DATADOG_SERVICE= +DATADOG_HOSTNAME= diff --git a/infisical/docker-compose.yml b/infisical/docker-compose.yml new file mode 100644 index 0000000..5466cf0 --- /dev/null +++ b/infisical/docker-compose.yml @@ -0,0 +1,66 @@ +services: + infisical: + container_name: infisical + restart: always + depends_on: + postgres: + condition: service_healthy + redis: + condition: service_healthy + image: infisical/infisical:${INFISICAL_VERSION:-v0.129.0-postgres} + environment: + NODE_ENV: production + DB_CONNECTION_URI: postgres://infisical:${POSTGRES_PASSWORD:-infisical}@postgres:5432/infisical + REDIS_URL: redis://redis:6379 + SITE_URL: ${SITE_URL:-http://localhost} + ENCRYPTION_KEY: ${ENCRYPTION_KEY:-6c1fe4e407b8911c104518103505b218} + AUTH_SECRET: ${AUTH_SECRET:-5lrMXKKWCVocS/uerPsl7V+TX/aaUaI7iDkgl3tSmLE=} + # SMTP_HOST: ${SMTP_HOST} + # SMTP_PORT: ${SMTP_PORT} + # SMTP_FROM_ADDRESS: ${SMTP_FROM_ADDRESS} + # SMTP_FROM_NAME: ${SMTP_FROM_NAME} + # SMTP_USERNAME: ${SMTP_USERNAME} + # SMTP_PASSWORD: ${SMTP_PASSWORD} + ports: + - 80:8080 + networks: + - infisical + + redis: + container_name: redis + image: redis:${REDIS_VERSION:-8.0.0} + restart: always + environment: + ALLOW_EMPTY_PASSWORD: yes + networks: + - infisical + volumes: + - ${DATA_DIR:-./data}/redis:/data + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 30s + + postgres: + container_name: postgres + image: postgres:${POSTGRES_VERSION:-14-alpine} + restart: always + environment: + POSTGRES_DB: infisical + POSTGRES_USER: infisical + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-infisical} + volumes: + - ${POSTGRES_VERSION:-./data}/postgres:/var/lib/postgresql/data + networks: + - infisical + healthcheck: + test: ["CMD-SHELL", "pg_isready -U infisical"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 30s + +networks: + infisical: