Keeping keys secure without slowing your iteration speed

How I use Infisical

Context

At Doctor Droid, we are building a cutting-edge AI recommendation platform for on-call teams. Whenever an alert or ticket is raised, Doctor Droid:

  • Looks for all past investigations and see if it finds anything similar

  • Looks for SOPs for the issue at hand (these SOPs are also created by Doctor Droid by reading past Slack threads & existing docs)

  • Executes autonomous investigation for popular infrastructure & microservices symptoms.

Problem Statement

This requires a fair bit of experimentation with our early adopters and extensive usage of Jupyter Notebooks. Often as the Notebooks are not connected to a cloud environment, how does one go about managing secrets and ensure they are not lying around anywhere? I wanted a solution where I could have access to keys JUST-IN-TIME (get it just when I need to run it) and become unavailable right after.

Solution

With Infisical, I found a convenient solution for this issue. Here’s how it works:

  1. Step 1: Configure keys

  2. Step 2: Use APIs to retrieve keys securely on-the-go

    ```python url = "app.infisical.com/api/v1/auth/universal-aut.."

    payload = 'clientSecret=xxxx&clientId=yyyyy' headers = { 'Content-Type': 'application/x-www-form-urlencoded' }

    response = requests.request("POST", url, headers=headers, data=payload)

    access_token = json.loads(response.text)['accessToken']

url = "app.infisical.com/api/v3/secrets/raw/KEY_NA.."

payload = {} headers = { 'Authorization': f'Bearer {access_token}' }

response = requests.request("GET", url, headers=headers, data=payload)

KEY_VALUE = json.loads(response.text)['secret']['secretValue']

```

Benefits of using Infisical:

  1. Change environment and get updated key

  2. Quarantine keys easily: If you’ve been close to any production incident, you’ll know that being able to flush keys in a jiffy is super important and at the same time, super difficult because of it’s underlying dependencies across the stack. Using Infisical gives me the buffer of instantly disabling access by disabling infisical key/secret

  3. Free to get started: It’s an opensource project with a convenient cloud option

  4. Too many features (although I have only used like 5% of the platform probably) so I feel like as my requirements expand, I’ll learn about new things easily

  5. Helpful team / community: They have a community, a prompt support team and well-written documentation.