The connector reads one Infisical organization — the organization the
Machine Identity belongs to. It syncs the organization’s users (including
pending invitations, which sync as disabled until accepted), the
organization’s projects, and the membership grants that connect users to
their organization and to each project. The organization ID is discovered
automatically from the projects the identity can see, so it never has to be
configured.
You need administrator access to your Infisical organization to create a
Machine Identity and grant it read access.
1
Sign in to Infisical and open Organization Access Control >
Identities.
2
Create a Machine Identity and attach the Universal Auth
authentication method to it.
3
Give the identity organization and project read access (for example the
Member organization role, plus membership of the projects you want
to sync) so it can list members.
4
Copy the Universal Auth Client ID and Client Secret. The secret
is shown only at creation time.
Follow these instructions to use a built-in, no-code connector hosted by C1.
1
In C1, navigate to Integrations > Connectors and click Add connector.
2
Search for Infisical and click Add.
3
Choose how to set up the new Infisical connector.
4
Set the owner for this connector.
5
Click Next.
6
Find the Settings area of the page and click Edit.
7
Enter the Infisical credentials:
Machine Identity client ID: the Universal Auth client ID you
copied.
Machine Identity client secret: the Universal Auth client
secret paired with the client ID.
Infisical base URL: https://app.infisical.com for Infisical
Cloud (US region), https://eu.infisical.com for the EU region,
or your self-hosted instance URL, with no trailing slash.
8
Click Save.
9
The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.
Done. Your Infisical connector is now pulling access data into C1.
Follow these instructions to run the Infisical connector in your own
environment.
1
Create a secret for the Infisical Machine Identity client secret.
2
Configure the connector environment variables:
BATON_INFISICAL_CLIENT_ID: the Universal Auth client ID you
copied.
BATON_INFISICAL_CLIENT_SECRET: the Universal Auth client
secret paired with the client ID.
BATON_INFISICAL_BASE_URL: https://app.infisical.com for
Infisical Cloud (US region), https://eu.infisical.com for the
EU region, or your self-hosted instance URL, with no trailing
slash.
3
Deploy the connector using your standard self-hosted connector process.
Done. Your Infisical connector is now pulling access data into C1.
