Create Operator Managed Secrets
Now finally we need to create the manage secret.
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
name: infisicalsecret-sample
namespace: default
labels:
label-to-be-passed-to-managed-secret: sample-value
annotations:
example.com/annotation-to-be-passed-to-managed-secret: "sample-value"
spec:
# 🌐 Point this to your self-hosted Infisical API endpoint
hostAPI: http://192.168.88.14:30880/api
# 🔄 How often to resync (seconds)
resyncInterval: 10
# 🔑 Authentication using KubernetesAuth
authentication:
kubernetesAuth:
identityId: "a70bd403-be77-456a-8e26-30f48cc78798" # 👈 from your Infisical machine identity
serviceAccountRef:
name: infisical-service-account # 👈 e.g. infisical-token-reviewer
namespace: default # 👈 e.g. default
secretsScope: # 👈 Required field
projectSlug: k8s-operator-ye-zs # Replace with your Infisical project slug
envSlug: prod # Replace with your Infisical environment slug
secretsPath: "/" # The path to sync (root or specific folder)
recursive: true # Optional – include nested secrets
# 🔐 Add your custom CA certificate for HTTPS validation
tls:
caRef:
secretName: custom-ca-certificate # 👈 name of the secret you created earlier
secretNamespace: default # 👈 where that secret lives
key: ca.crt # 👈 the key inside the secret file
# 📦 Define where to sync secrets inside Kubernetes
managedKubeSecretReferences:
- secretName: managed-secret
secretNamespace: default
creationPolicy: "Orphan"
template:
includeAllSecrets: trueTo get the project slug go to project and in the left sidebar select project setting.
And in the same file check env slug also.