Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow passing customer headers from the CLI #2932

Open
jeremyoverman opened this issue Jan 2, 2025 · 3 comments
Open

Allow passing customer headers from the CLI #2932

jeremyoverman opened this issue Jan 2, 2025 · 3 comments

Comments

@jeremyoverman
Copy link

Feature description

The Infisical CLI should support sending custom HTTP headers with requests, such as Cf-Access-Client-Id and Cf-Access-Client-Secret, to facilitate authentication when the Infisical server is protected by a reverse proxy or Cloudflare Access.

Why would it be useful?

This feature would allow users to seamlessly integrate the Infisical CLI with security solutions like Cloudflare Access, which require custom headers for authentication. It would enable users to interact with their Infisical instance in environments where external authentication layers are in place, without needing to bypass or weaken security measures. This would improve compatibility and enhance usability for users with advanced networking setups.

Additional context

Currently, when the Infisical server is protected by Cloudflare Access, the CLI cannot pass the required authentication headers (Cf-Access-Client-Id and Cf-Access-Client-Secret) to gain access. This limitation forces users to use workarounds such as bypass policies, which may not align with their security requirements. Supporting custom headers would provide a more secure and flexible solution.
@akhilmhdh
Copy link
Member

Very interesting! Need to explore more about this and the recommended way other CLI execute it.

@nayyara-airlangga
Copy link

nayyara-airlangga commented Jan 9, 2025
edited
Loading

We can use Vault's CLI as an example. They support this in two ways in which we can try to do:

  1. Using multiple --header flags in the format of headername:headervalue to specify the custom headers. Link to PR
  2. Using an environment variable such as INFISICAL_CUSTOM_HEADERS and specify the headers as INFISICAL_CUSTOM_HEADERS=headername1:headervalue1 headername2:headervalue2 where the headers are separated by spaces. Link to PR

I think the first approach might be good to prioritize. I'd be interested to pick this one up if you don't mind @akhilmhdh

aaryan182 added a commit to aaryan182/infisical that referenced this issue Jan 23, 2025
@aaryan182
feat: Allow passing customer headers from the CLI Infisical#2932
2a11fe4
@aaryan182
Copy link

Custom HTTP Headers Support for Infisical CLI

Overview

This enhancement adds support for custom HTTP headers in the Infisical CLI, enabling seamless integration with security solutions like Cloudflare Access. The implementation allows users to configure custom headers that are automatically included in all requests made by the CLI.

Implementation Details

The solution introduces a new configuration structure for HTTP headers and modifies the agent manager to handle these headers consistently across all requests.

Technical Implementation

Added an HttpConfig structure to manage custom headers
Modified the AgentManager to maintain a consistent HTTP client with configured headers
Implemented header persistence across token refresh cycles
Ensured headers are applied uniformly across all API requests

Configuration Structure

The CLI now supports HTTP header configuration through the agent configuration file:

infisical:
  address: https://app.infisical.com
http:
  headers:
    Cf-Access-Client-Id: "client-id-value"
    Cf-Access-Client-Secret: "client-secret-value"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jeremyoverman @akhilmhdh @aaryan182 @nayyara-airlangga