@infisical/backstage-plugin-infisical
v0.1.1
Published
 
Readme
Backstage Infisical Plugin
A plugin for Backstage that integrates with Infisical for secrets management. This plugin allows you to:
- View, create, edit, and delete secrets in your Infisical projects
- Navigate secrets across different folders and environments
- Display secrets in a user-friendly table with access controls
Installation
For your Backstage app
# From your Backstage root directory
yarn add --cwd packages/app @infisical/backstage-plugin-infisicalBackend plugin
This frontend plugin requires the corresponding backend plugin to be installed. Please follow the instructions in the backend plugin repository.
Configuration
App Configuration
- Add the plugin to your Backstage application by modifying your
packages/app/src/App.tsx:
import { infisicalPlugin } from '@infisical/backstage-plugin-infisical';
const app = createApp({
// ... other configuration
plugins: [
// ... other plugins
infisicalPlugin,
],
});- Add the Infisical tab to your entity page in
packages/app/src/components/catalog/EntityPage.tsx:
import { EntityInfisicalContent } from '@infisical/backstage-plugin-infisical';
// Add to the service entity page:
const serviceEntityPage = (
<EntityLayout>
{/* ...other tabs */}
<EntityLayout.Route path="/infisical" title="Secrets">
<EntityInfisicalContent />
</EntityLayout.Route>
</EntityLayout>
);Entity Configuration
To connect an entity to its Infisical project, add the following annotation to your entity yaml file:
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
name: example-service
annotations:
infisical/projectId: <your-infisical-project-id>
infisical/environment: "staging"
infisical/secretPath: "+/folder/nested"| Annotation | Required | Description |
|------------|----------|-------------|
| infisical/projectId | ✅ | The ID of your Infisical project |
| infisical/environment | ❌ | Lock the view to a specific environment (e.g., "development", "staging", "production") |
| infisical/secretPath | ❌ | Specify the folder path to display secrets from |
Secret Path Behavior
The infisical/secretPath annotation controls both the starting location and navigation permissions:
Without "+" prefix (restricted navigation):
infisical/secretPath: "/folder/nested"- Shows secrets only from the specified path
- Disables folder navigation - users cannot navigate to subfolders
- Ideal for restricting access to a specific folder level
With "+" prefix (allowed navigation):
infisical/secretPath: "+/folder/nested"- Shows secrets starting from the specified path (without the "+")
- Enables folder navigation - users can navigate to subfolders
- Ideal for setting a starting point while allowing exploration
Examples:
| Configuration | Behavior |
|---------------|----------|
| infisical/secretPath: "/api/config" | View only /api/config, no subfolder navigation |
| infisical/secretPath: "+/api/config" | Start at /api/config, allow navigation to subfolders |
| No secretPath annotation | Start at root (/), allow full navigation |
Features
Secret Management
- View Secrets: Browse secrets in a table with support for hiding sensitive values
- Create Secrets: Add new secrets with key, value, and optional comments
- Update Secrets: Modify existing secret values and metadata
- Delete Secrets: Remove secrets that are no longer needed
Folder Navigation
- Folder Browsing: Navigate the folder structure of your Infisical project
- Breadcrumb Navigation: Easily navigate up and down the folder hierarchy
Environment Support
- Environment Selection: View and manage secrets across different environments (Development, Staging, Production, etc.)
- Environment-specific Secrets: Each environment has its own set of secrets
Search and Filtering
- Instant Filtering: Quickly find secrets by filtering the table by key, value, or comment
Development
Getting Started
- Clone the repository
- Install dependencies:
yarn install- Run the plugin in isolation:
yarn startRunning Tests
Run all tests:
yarn testRun tests with coverage:
yarn test:coverageBuilding
yarn build