{"id":6676,"library":"infisicalsdk","title":"Infisical Python SDK","description":"The `infisicalsdk` is the official Python client SDK for Infisical, an open-source, end-to-end encrypted platform for managing secrets and configurations. It enables Python applications to fetch secrets on demand from Infisical deployments (cloud or self-hosted). The library is actively maintained, with its latest version being 1.0.16, and receives regular updates and feature enhancements.","status":"active","version":"1.0.16","language":"en","source_language":"en","source_url":"https://github.com/Infisical/python-sdk-official","tags":["secrets management","environment variables","security","devops","configuration"],"install":[{"cmd":"pip install infisicalsdk","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Requires Python 3.7 or newer.","package":"Python","optional":false}],"imports":[{"symbol":"InfisicalSDKClient","correct":"from infisical_sdk import InfisicalSDKClient"},{"note":"This import path refers to a previous, now legacy, Python SDK ('infisical' package) which is no longer actively maintained. For new projects and upgrades, use `from infisical_sdk import InfisicalSDKClient`.","wrong":"from infisical import InfisicalClient","symbol":"InfisicalClient","correct":"This import is for an older, deprecated SDK."}],"quickstart":{"code":"import os\nfrom infisical_sdk import InfisicalSDKClient\nfrom infisical_sdk.models.shared import UniversalAuthLoginInput\n\n# It's recommended to use environment variables for sensitive data like tokens\n# For Universal Auth, you would typically use INFISICAL_UNIVERSAL_AUTH_CLIENT_ID and INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET\n# Or a service token directly via INFISICAL_TOKEN\n# For this example, we'll use a direct token, but env vars are preferred.\nINFISICAL_TOKEN = os.environ.get('INFISICAL_TOKEN', 'your_infisical_service_token') # Replace with your actual token or set as env var\nINFISICAL_PROJECT_ID = os.environ.get('INFISICAL_PROJECT_ID', 'your_project_id') # Replace with your project ID or set as env var\nINFISICAL_ENVIRONMENT = os.environ.get('INFISICAL_ENVIRONMENT', 'dev') # Replace with your environment or set as env var\n\ntry:\n    # Initialize the client. The 'token' parameter allows direct authentication.\n    # Alternatively, you can use client.auth.universal_auth.login() with client_id/client_secret.\n    client = InfisicalSDKClient(token=INFISICAL_TOKEN)\n\n    # Fetch a single secret by its name\n    secret = client.secrets.get_secret_by_name(\n        secret_name='MY_APPLICATION_SECRET',\n        project_id=INFISICAL_PROJECT_ID,\n        environment_slug=INFISICAL_ENVIRONMENT,\n        secret_path='/'\n    )\n\n    if secret and hasattr(secret, 'secret_value'):\n        print(f\"Fetched secret 'MY_APPLICATION_SECRET': {secret.secret_value}\")\n    else:\n        print(\"Secret 'MY_APPLICATION_SECRET' not found or has no value.\")\n\n    # List all secrets in a specific path and environment\n    all_secrets_response = client.secrets.list_secrets(\n        project_id=INFISICAL_PROJECT_ID,\n        environment_slug=INFISICAL_ENVIRONMENT,\n        secret_path='/'\n    )\n\n    if all_secrets_response and all_secrets_response.secrets:\n        print(\"\\nAll secrets in root path:\")\n        for s in all_secrets_response.secrets:\n            print(f\"  - {s.secret_name}: {s.secret_value}\")\n    else:\n        print(\"No secrets found in the specified path.\")\n\nexcept Exception as e:\n    print(f\"An error occurred: {e}\")","lang":"python","description":"This quickstart demonstrates how to initialize the `InfisicalSDKClient` and fetch secrets. It shows how to retrieve a single secret by name and how to list all secrets within a specified project, environment, and path. Authentication can be done via a direct service token or through Machine Identity credentials (e.g., Universal Auth)."},"warnings":[{"fix":"Upgrade to `infisicalsdk` version 1.0.3 or higher and update your code to reflect the new response object types and property names as per the official documentation. You may need to import `BaseSecret` and other response types from `infisical_sdk.models.shared`.","message":"Breaking changes were introduced in version 1.0.3 related to API response structures and property naming. The `rest` attribute was removed, new response types like `BaseSecret` are used, and some properties (e.g., `secret_key`) were renamed to `secretKey`.","severity":"breaking","affected_versions":"< 1.0.3"},{"fix":"Ensure you are using `infisicalsdk` version 1.0.10 or newer for OIDC Auth, 1.0.13 or newer for Token Auth, and 1.0.16 or newer for LDAP Auth. Always update to the latest SDK version to access the newest authentication capabilities and bug fixes.","message":"Specific authentication methods like OIDC Auth, Token Auth, and LDAP Auth require minimum SDK versions to function correctly. Using these methods with older SDK versions will result in errors.","severity":"gotcha","affected_versions":"< 1.0.10 (OIDC), < 1.0.13 (Token), < 1.0.16 (LDAP)"},{"fix":"If you intend for fetched secrets to be accessible via `os.environ`, you must explicitly set `attach_to_os_environ=True` when calling `list_secrets`.","message":"The `list_secrets` method's `attach_to_os_environ` parameter defaults to `False`. This means secrets fetched will *not* automatically be set as environment variables in your Python process unless explicitly specified.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Store Infisical tokens and other sensitive information in environment variables (e.g., `INFISICAL_TOKEN`, `INFISICAL_UNIVERSAL_AUTH_CLIENT_ID`, `INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET`) and retrieve them using `os.environ.get()` at runtime. Infisical also supports more secure authentication mechanisms like Universal Auth via Machine Identities.","message":"Hardcoding Infisical Machine Identity Tokens or other sensitive credentials directly in your code is a security risk and is strongly discouraged.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Upgrade to `infisicalsdk` version 1.0.15 or newer to benefit from the thread leak fix and improve application stability, especially in concurrent or long-running environments.","message":"A `thread leak` issue was fixed in version 1.0.15. Older versions might suffer from resource exhaustion in long-running applications.","severity":"gotcha","affected_versions":"< 1.0.15"}],"env_vars":null,"last_verified":"2026-04-15T00:00:00.000Z","next_check":"2026-07-14T00:00:00.000Z","problems":[]}