feat(secret-manager): secrets brokering (proxied services + agent proxy CA)#7246
Conversation
Backend + frontend for the Secrets Brokering feature: proxied service CRUD, org-level agent proxy root CA, ProxiedService CASL subject with Agent/Agent Proxy built-in roles, license gating, and dashboard/overview integration.
Backend: - CA: 10-year root, clamp intermediate lifetime to root, refuse to sign against an expired root, backdate notBefore for clock skew - CA endpoints locked to machine identities (drop AuthMode.JWT) - proxied service: per-key ReadValue check (not folder-wide), so a denied secret can't be wired into a service - cross-credential validation (basic-auth pairing, unique header names / placeholder keys+values, mutually-exclusive header modes), min 1 credential - hostPattern grammar validation with a 255-char cap - GET by name without scope returns 400 instead of 500 on the uuid column - dashboard: return the canonical secret path instead of the folder name Frontend: - send undefined (not null) for empty headerPrefix so the API accepts it - add Proxied Services to the overview resource filter - match honey-token/dynamic-secret upgrade-modal pattern; consistent Enterprise copy - warn when switching auth mode discards the other mode's credentials on edit - mirror backend cross-credential validation in the form schema
- fix the secret pickers: use the searchable FilterableSelect (the app's standard list picker) instead of a hand-rolled Select that showed no options - header rewriting: single shared column header row, an empty state when no headers remain, and inline validation errors per row - surface validation errors for name, host pattern, basic auth, and substitutions - use text-bunker-300 for section descriptions (not text-muted-foreground) and Title Case field labels, matching the honey-token form
Mirror the multi-env Create Secret sheet exactly: form owns a scrollable body with a sticky SheetFooter (border-t, primary action first); repeated header and substitution rows use the metadata-row pattern (label only on the first row, bordered bg-container/50 container, centered empty state, ghost Add button); neutral section descriptions use text-muted and warnings use text-warning.
- add --color-proxied-service (#4c7da1, steel blue) and use it for the entity icon in the add menu, resource filter, table row, and list view - add info tooltips to the Host Pattern field and the Credential Substitution section explaining matching and the placeholder-substitution flow - drop the auth-mode switch warning
…ew footer - host pattern badge truncates at 240px with a hover title (was overflowing the row) - hoist the secret picker option formatter out of render (react/no-unstable-nested-components) - show a proxied service count in the overview ResourceCount footer
The no-access secret row count subtracted every resource type except proxied services, so N proxied services in a page rendered N phantom 'no permission' secret rows. Add totalUniqueProxiedServicesInPage and subtract it too.
…xied services Backend: - emit audit logs on proxied service create/update/delete - soft-gate the dashboard proxied-service methods on the secretsBrokering license (return empty rather than throwing, so the shared overview isn't broken) - move host-pattern + credential validation schemas into proxied-service-schemas.ts and switch the backend regexes to RE2 (codebase convention) - de-duplicate the sanitized response schema (shared base + credential picks) Frontend: - mirror the host-pattern grammar + 255 cap in the form schema (inline errors) - surface the backend error message on save failure instead of a generic toast - gate the dashboard includeProxiedServices flag on the subscription
… viewer Add create/update/delete proxied service events to the audit-log EventType enum and display-name map so they render with labels and appear in the event filter.
Backend: - sanitize ILIKE search input in proxied service DAL - use isUuidV4 helper for id-or-name disambiguation - group proxied service audit events contiguously - add audit event for intermediate CA signing - unify update/delete return shape; drop redundant credentials fetch - type keyAlgorithm response as CertKeyAlgorithm; unify KeyUsage style Frontend: - add Agent / Agent Proxy role display names - remove dead proxied service query hooks, DTOs, and canProxy field - drop unused projectId from update/delete mutations - type-to-confirm delete modal, truncate host pattern badge - wire Enabled label to its switch; add color to DESIGN.md accent list
|
💬 Discussion in Slack: #pr-review-infisical-7246-feat-secret-manager-secrets-brokering-proxied-services Posted by Review Police — reviews, comments, new commits, and CI failures will stream into this channel. |
|
| Filename | Overview |
|---|---|
| backend/src/ee/services/proxied-service/proxied-service-service.ts | Core business logic for proxied service CRUD + dashboard aggregates; permissions are correctly enforced per-operation; per-key ReadValue guard on credential wiring is well implemented; pagination with DENSE_RANK in the DAL is consistent with countDistinct-based counts |
| backend/src/ee/services/proxied-service/proxied-service-dal.ts | DAL with multi-env DENSE_RANK pagination; search filter in countByFolderIds uses direct .whereILike() (AND logic, not OR), which is safe and consistent with the grouped form in findDashboardByFolderIds; no OR query violations |
| backend/src/ee/services/proxied-service/proxied-service-schemas.ts | Validation schemas for hostPattern and credentials; uses RE2 for linear-time matching; cross-credential validation (basic-auth pairing, unique header names/placeholder keys) is thorough |
| backend/src/ee/services/agent-proxy-ca/agent-proxy-ca-service.ts | Lazily generates per-org root CA with advisory lock to prevent races; root private key stays encrypted in KMS; intermediate CA clamped to not outlive root; correct ECDSA P-256 key handling |
| backend/src/ee/routes/v1/proxied-service-router.ts | CRUD routes with appropriate rate limits and auth modes; audit log emission after each write; audit log reads from the returned service object before Fastify strips scope fields from the response |
| backend/src/server/routes/v1/dashboard-router.ts | Integrates proxied service count and listing into both multi-env overview and single-env detail dashboard aggregates; pagination accounting is consistent with other resource types (unique-name decrement for multi-env) |
| backend/src/ee/services/permission/project-permission.ts | Adds ProxiedServiceSubjectFields with environment/secretPath conditions and ProxiedServiceConditionSchema; correctly wired into the GeneralPermissionSchema union and ProjectPermissionSet type |
| backend/src/ee/services/permission/default-roles.ts | Two new built-in roles: Agent (Proxy only, no secret read) and AgentProxy (DescribeSecret + ReadValue on all secrets, all environments, no path conditions — intentionally broad for the proxy machine identity) |
| backend/src/db/migrations/20260710162607_create-proxied-services.ts | Creates three tables with correct FK cascades and unique constraints; rollback order is safe because DROP TABLE auto-removes triggers and dropOnUpdateTrigger uses IF EXISTS |
| frontend/src/components/proxied-services/forms/schema.ts | Frontend Zod schema mirrors backend host-pattern grammar exactly; conditional field validation correctly suppresses inactive-mode fields; placeholder key uniqueness is enforced client-side |
Reviews (3): Last reviewed commit: "chore: drop proxied services from the le..." | Re-trigger Greptile
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: eb8411a784
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
PR overviewAll previously flagged issues have been addressed. No open security concerns remain on this pull request. Security reviewNo open security issues remain on this pull request. Fixed/addressed: 6 · PR risk: 0/10 |
|
@greptile review |
Unhide the CRUD routes, tag them, and add field descriptions so they render in the OpenAPI spec, plus the api-reference stub pages.
Simplify language, add network placement and identity-count guidance, document import/reference reuse patterns, and align tone across pages.
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
akhilmhdh
left a comment
There was a problem hiding this comment.
Some minor changes but overall code looks good.
Pending application test, ux review and doc review
Context
Adds Secrets Brokering to Secrets Management: a way to consume secrets where untrusted code (AI agents, unsafe code-execution environments) never holds real credentials. The agent routes its HTTP traffic through the Infisical Agent Proxy, which injects the real credential on the wire — rewriting a header or substituting a placeholder value — based on proxied services an admin configures in a folder alongside secrets. The agent only ever sees placeholders.
This is the backend + frontend. The agent proxy itself lives in the CLI: companion PR Infisical/cli#308.
Backend
proxied_servicesandproxied_service_credentials(folder-scoped, noprojectId— project/env/path derived throughfolder → environment → project, same assecrets_v2), plusorg_agent_proxy_config(one KMS-encrypted root CA per org).ReadValue, so an Edit-only actor can't wire in a secret they can't read and exfiltrate it through the proxy.ProxiedServiceCASL subject (Read/Create/Edit/Delete/Proxy) and two built-in Secret Manager roles —Agent(Proxy only, no secret read) andAgent Proxy(ReadValue on all secrets, for the proxy machine identity).secretsBrokeringlicense flag, audit events for create/update/delete + intermediate-CA signing, and the dashboard aggregate endpoint extended with proxied services.Frontend
ProxiedServiceadded to the custom-role editor, and the two new built-in roles surface in Access Control.Screenshots
Steps to verify the change
Type
Checklist
type(scope): short description(scope is optional, e.g.,fix: prevent crash on syncorfix(api): handle null response).