abnov/infisical-bridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
32 Commits 2 Branches 0 Tags
6000582d55df6348039057c77609f50b283ad4df
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Aboubacar TRAORE 6000582d55 Merge pull request 'adding support for dokploy application' (#8) from dev into main 
Reviewed-on: #8
2025-12-25 07:40:07 +00:00
gradle/wrapper
hello world
2025-12-24 07:37:53 +00:00
src
adding support for dokploy application
2025-12-25 07:39:17 +00:00
.gitattributes
hello world
2025-12-24 07:37:53 +00:00
.gitignore
ignoring env files
2025-12-24 07:56:04 +00:00
build.gradle.kts
remove unecessary code
2025-12-24 13:59:54 +00:00
compose.yaml
removing rabbitmq integration
2025-12-24 11:25:37 +00:00
docker-compose.yml
adding ci
2025-12-24 14:12:03 +00:00
Dockerfile
use java 21 instead of 17
2025-12-24 14:21:24 +00:00
gradlew
hello world
2025-12-24 07:37:53 +00:00
gradlew.bat
hello world
2025-12-24 07:37:53 +00:00
README.md
update doc
2025-12-24 16:50:46 +00:00
settings.gradle.kts
hello world
2025-12-24 07:37:53 +00:00

README.md

Infisical ↔ Dokploy Bridge

A Spring Boot (Java 21) application acting as a secure bridge between Infisical and Dokploy, enabling automated synchronization and deployment of secrets through APIs and webhooks.

Features

  • Secure integration with Infisical
  • Automated updates via Dokploy API
  • Webhook-driven synchronization
  • Docker and Docker Compose ready

Architecture Overview

Infisical
↓ (Webhook / API)
InfisicalDokploy Bridge (Spring Boot)
↓ (Dokploy API)
Dokploy

Requirements

  • Java 21
  • Docker and Docker Compose
  • Infisical account
  • Dokploy instance with API access

Environment Variables

Infisical

  • INFISICAL_API_URL: Base URL of Infisical API
  • INFISICAL_CLIENT_ID: Infisical service client ID
  • INFISICAL_CLIENT_SECRET: Infisical service client secret
  • INFISICAL_WEBHOOK_SECRET: Webhook signature validation secret

Dokploy

  • DOKPLOY_API_URL: Base URL of Dokploy API
  • DOKPLOY_API_KEY: Dokploy API key

Docker Compose

services:
  infisical-bridge:
    build: .
    restart: always
    environment:
      INFISICAL_API_URL: ${INFISICAL_API_URL}
      INFISICAL_CLIENT_ID: ${INFISICAL_CLIENT_ID}
      INFISICAL_CLIENT_SECRET: ${INFISICAL_CLIENT_SECRET}
      INFISICAL_WEBHOOK_SECRET: ${INFISICAL_WEBHOOK_SECRET}
      DOKPLOY_API_URL: ${DOKPLOY_API_URL}
      DOKPLOY_API_KEY: ${DOKPLOY_API_KEY}

Running

With Docker Compose:

docker compose up -d --build

Local development:

./gradlew bootRun

Application runs on http://localhost:8080

Use a service like ngrok.

Infisical Webhook Configuration

When creating a webhook in Infisical, the following rules must be respected.

Webhook URL format

${INFISICAL_API_URL}/webhook?dokployComposeId=${DOKPLOY_COMPOSE_ID}

  • dokployComposeId must be the target Dokploy compose identifier
  • This value is required and used to determine which Dokploy service is updated

Webhook Secret

The webhook secret must exactly match:

${INFISICAL_WEBHOOK_SECRET}

Requests with an invalid or missing secret will be rejected.

Webhooks Behavior

  • Incoming webhook signatures are validated
  • Secrets are fetched from Infisical
  • Dokploy is updated using its API
  • Invalid or unsigned requests are ignored

Security Notes

  • Secrets are never persisted
  • Configuration is environment-driven
  • HTTPS is recommended in production
  • Restrict network access to trusted sources only

Testing

./gradlew test

Tech Stack

  • Java 21
  • Spring Boot
  • Gradle (Kotlin DSL)
  • Docker / Docker Compose

License

MIT License

Description
Infisical - Dokploy -- Bridge
Readme 114 KiB
Languages
Java 97.9%
Dockerfile 2.1%