Infisical service tokens allow users to programmatically interact with Infisical.
st
. The part after the last .
delimiter is a symmetric key; everything
before it is an access token. When authenticating with the Infisical API, it is important to send in only the access token portion
of the token.read
and/or write
permissions broadly applied to all accessible environment(s) and path(s).read/write
access to the paths.
Also, note that Infisical supports glob patterns when defining access scopes to path(s).read
access to all subfolders at any depth
of the /common
path within the development environment of the project; the token expires in 6 months and can be used from any IP address.
Why is the Infisical API rejecting my service token?
/raw
secrets endpoint that requires your project to disable E2EE.Can you provide examples for using glob patterns?
/**
: This pattern matches all folders at any depth in the directory structure. For example, it would match folders like /folder1/
, /folder1/subfolder/
, and so on.
/*
: This pattern matches all immediate subfolders in the current directory. It does not match any folders at a deeper level. For example, it would match folders like /folder1/
, /folder2/
, but not /folder1/subfolder/
.
/*/*
: This pattern matches all subfolders at a depth of two levels in the current directory. It does not match any folders at a shallower or deeper level. For example, it would match folders like /folder1/subfolder/
, /folder2/subfolder/
, but not /folder1/
or /folder1/subfolder/subsubfolder/
.
/folder1/*
: This pattern matches all immediate subfolders within the /folder1/
directory. It does not match any folders outside of /folder1/
, nor does it match any subfolders within those immediate subfolders. For example, it would match folders like /folder1/subfolder1/
, /folder1/subfolder2/
, but not /folder2/subfolder/
.