Create Operator Managed Secrets
Now finally we need to create the manage secret.
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
name: infisicalsecret-sample
namespace: default
labels:
label-to-be-passed-to-managed-secret: sample-value
annotations:
example.com/annotation-to-be-passed-to-managed-secret: "sample-value"
spec:
# 🌐 Point this to your self-hosted Infisical API endpoint
hostAPI: http://192.168.88.14:30880/api
# 🔄 How often to resync (seconds)
resyncInterval: 10
# 🔑 Authentication using KubernetesAuth
authentication:
kubernetesAuth:
identityId: "a70bd403-be77-456a-8e26-30f48cc78798" # 👈 from your Infisical machine identity
serviceAccountRef:
name: infisical-service-account # 👈 e.g. infisical-token-reviewer
namespace: default # 👈 e.g. default
secretsScope: # 👈 Required field
projectSlug: k8s-operator-ye-zs # Replace with your Infisical project slug
envSlug: prod # Replace with your Infisical environment slug
secretsPath: "/" # The path to sync (root or specific folder)
recursive: true # Optional – include nested secrets
# 🔐 Add your custom CA certificate for HTTPS validation
tls:
caRef:
secretName: custom-ca-certificate # 👈 name of the secret you created earlier
secretNamespace: default # 👈 where that secret lives
key: ca.crt # 👈 the key inside the secret file
# 📦 Define where to sync secrets inside Kubernetes
managedKubeSecretReferences:
- secretName: managed-secret
secretNamespace: default
creationPolicy: "Orphan"
template:
includeAllSecrets: trueTo get the project slug go to project and in the left sidebar select project setting.
And in the same file check env slug also.
Then to debug run
kubectl describe infisicalsecret infisicalsecret-sample -n defaultAnd to extract run
kubectl get secret managed-secret -n default -o yaml