abnov/infisical-bridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
23 Commits 2 Branches 0 Tags
a65b2dbeb0de5aa756cbdfa9c9d3947c40f88527
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Aboubacar TRAORE a65b2dbeb0 update README
2025-12-24 16:44:54 +00:00
gradle/wrapper
hello world
2025-12-24 07:37:53 +00:00
src
remove application-dev yaml
2025-12-24 14:01:48 +00:00
.gitattributes
hello world
2025-12-24 07:37:53 +00:00
.gitignore
ignoring env files
2025-12-24 07:56:04 +00:00
build.gradle.kts
remove unecessary code
2025-12-24 13:59:54 +00:00
compose.yaml
removing rabbitmq integration
2025-12-24 11:25:37 +00:00
docker-compose.yml
adding ci
2025-12-24 14:12:03 +00:00
Dockerfile
use java 21 instead of 17
2025-12-24 14:21:24 +00:00
gradlew
hello world
2025-12-24 07:37:53 +00:00
gradlew.bat
hello world
2025-12-24 07:37:53 +00:00
README.md
update README
2025-12-24 16:44:54 +00:00
settings.gradle.kts
hello world
2025-12-24 07:37:53 +00:00

README.md

Infisical ↔ Dokploy Bridge

A Spring Boot (Java 21) application acting as a secure bridge between Infisical and Dokploy, enabling automated synchronization and deployment of secrets through APIs and webhooks.

Features

  • Secure integration with Infisical
  • Automated updates via Dokploy API
  • Webhook-driven synchronization
  • Docker and Docker Compose ready

Architecture Overview

Infisical
↓ (Webhook / API)
InfisicalDokploy Bridge (Spring Boot)
↓ (Dokploy API)
Dokploy

Requirements

  • Java 21
  • Docker and Docker Compose
  • Infisical account
  • Dokploy instance with API access

Environment Variables

Infisical

  • INFISICAL_API_URL: Base URL of Infisical API
  • INFISICAL_CLIENT_ID: Infisical service client ID
  • INFISICAL_CLIENT_SECRET: Infisical service client secret
  • INFISICAL_WEBHOOK_SECRET: Webhook signature validation secret

Dokploy

  • DOKPLOY_API_URL: Base URL of Dokploy API
  • DOKPLOY_API_KEY: Dokploy API key

Docker Compose

services:
  infisical-bridge:
    build: .
    restart: always
    environment:
      INFISICAL_API_URL: ${INFISICAL_API_URL}
      INFISICAL_CLIENT_ID: ${INFISICAL_CLIENT_ID}
      INFISICAL_CLIENT_SECRET: ${INFISICAL_CLIENT_SECRET}
      INFISICAL_WEBHOOK_SECRET: ${INFISICAL_WEBHOOK_SECRET}
      DOKPLOY_API_URL: ${DOKPLOY_API_URL}
      DOKPLOY_API_KEY: ${DOKPLOY_API_KEY}

Running

With Docker Compose:

docker compose up -d --build

Local development:

./gradlew bootRun

Application runs on http://localhost:8080

Use a service like ngrok.

Infisical Webhook Configuration

When creating a webhook in Infisical, the following rules must be respected.

Webhook URL format

${INFISICAL_API_URL}/webhook?dokployComposeId=${DOKPLOY_COMPOSE_ID}

  • dokployComposeId must be the target Dokploy compose identifier
  • This value is required and used to determine which Dokploy service is updated

Webhook Secret

The webhook secret must exactly match:

${INFISICAL_WEBHOOK_SECRET}

Requests with an invalid or missing secret will be rejected.

Webhooks Behavior

  • Incoming webhook signatures are validated
  • Secrets are fetched from Infisical
  • Dokploy is updated using its API
  • Invalid or unsigned requests are ignored

Security Notes

  • Secrets are never persisted
  • Configuration is environment-driven
  • HTTPS is recommended in production
  • Restrict network access to trusted sources only

Testing

./gradlew test

Tech Stack

  • Java 21
  • Spring Boot
  • Gradle (Kotlin DSL)
  • Docker / Docker Compose

License

MIT License

Description
Infisical - Dokploy -- Bridge
Readme 114 KiB
Languages
Java 97.9%
Dockerfile 2.1%