This guide demonstrates how to use Infisical to manage secrets for your Python stack from local development to production. It uses:

Project Setup

To begin, we need to set up a project in Infisical and add secrets to an environment in it.

Create a project

  1. Create a new project in Infisical.

  2. Add a secret to the development environment of this project so we can pull it back for local development. In the Secrets Overview page, press Explore Development and add a secret with the key NAME and value YOUR_NAME.

Create a Machine Identity

Now that we’ve created a project and added a secret to its development environment, we need to configure an Infisical Machine Identity that our Python application can use to access the secret.

Create a Python app

For this demonstration, we use a minimal Flask application. However, the same principles will apply to any Python application such as those built with Django.

Create a Flask app

First, create a virtual environment and activate it.

python3 -m venv env
source env/bin/activate

Install Flask and infisical-python, the client Python SDK for Infisical.

pip install Flask infisical-python

Finally, create an app.py file containing the application code.

from flask import Flask
from infisical_client import ClientSettings, InfisicalClient, GetSecretOptions

app = Flask(__name__)

client = InfisicalClient(ClientSettings(
    client_id="MACHINE_IDENTITY_CLIENT_ID",
    client_secret="MACHINE_IDENTITY_CLIENT_SECRET",
))

@app.route("/")
def hello_world():
    # access value

    name = client.getSecret(options=GetSecretOptions(
       environment="dev",
       project_id="PROJECT_ID",
       secret_name="NAME"
    ))

    return f"Hello! My name is: {name.secret_value}"

Here, we initialized a client instance of the Infisical Python SDK with the Infisical Token that we created earlier, giving access to the secrets in the development environment of the project in Infisical that we created earlier.

Finally, start the app and head to http://localhost:5000 to see the message Hello, Your Name.

flask run

The client fetched the secret with the key NAME from Infisical that we returned in the response of the endpoint.

At this stage, you know how to fetch secrets from Infisical back to your Python application. By using Infisical Tokens scoped to different environments, you can easily manage secrets across various stages of your project in Infisical, from local development to production.

FAQ

See also: