Infisical
diff --git a/‎go.mod‎
Lines changed: 2 additions & 1 deletion b/‎go.mod‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 2 additions & 0 deletions b/‎go.sum‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/api/model.go‎
Lines changed: 13 additions & 0 deletions b/‎packages/api/model.go‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎packages/cmd/pam.go‎
Lines changed: 76 additions & 0 deletions b/‎packages/cmd/pam.go‎
Lines changed: 76 additions & 0 deletions
@@ -13,6 +13,7 @@ require (
 	github.com/fatih/semgroup v1.2.0
 	github.com/gitleaks/go-gitdiff v0.9.1
 	github.com/go-mysql-org/go-mysql v1.13.0
+	github.com/google/uuid v1.6.0
 	github.com/h2non/filetype v1.1.3
 	github.com/infisical/go-sdk v0.6.1
 	github.com/infisical/infisical-kmip v0.3.17
@@ -104,14 +105,14 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20250302191652-9094ed2288e7 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.5 // indirect
 	github.com/gosimple/slug v1.15.0 // indirect
 	github.com/gosimple/unidecode v1.0.1 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.17.8 // indirect
 
@@ -346,6 +346,8 @@ github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
+github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 
@@ -823,6 +823,8 @@ type PAMSessionCredentials struct {
 	Password              string `json:"password"`
 	AuthMethod            string `json:"authMethod,omitempty"`
 	PrivateKey            string `json:"privateKey,omitempty"`
+	Url                   string `json:"url,omitempty"`
+	ServiceAccountToken   string `json:"serviceAccountToken,omitempty"`
 }
 
 type UploadSessionLogEntry struct {
@@ -839,6 +841,17 @@ type UploadTerminalEvent struct {
 	ElapsedTime float64   `json:"elapsedTime"`
 }
 
+type UploadHttpEvent struct {
+	Timestamp time.Time           `json:"timestamp"`
+	EventType string              `json:"eventType"`
+	RequestId string              `json:"requestId"`
+	Method    string              `json:"method,omitempty"`
+	Url       string              `json:"url,omitempty"`
+	Status    string              `json:"status,omitempty"`
+	Headers   map[string][]string `json:"headers,omitempty"`
+	Body      []byte              `json:"body,omitempty"`
+}
+
 type UploadPAMSessionLogsRequest struct {
 	Logs interface{} `json:"logs"` // Can be []UploadSessionLogEntry or []UploadTerminalEvent
 }
 
@@ -151,6 +151,76 @@ var pamSshAccessAccountCmd = &cobra.Command{
 		pam.StartSSHLocalProxy(loggedInUserDetails.UserCredentials.JTWToken, accountPath, projectID, durationStr)
 	},
 }
+var pamKubernetesCmd = &cobra.Command{
+	Use:                   "kubernetes",
+	Aliases:               []string{"k8s"},
+	Short:                 "Kubernetes-related PAM commands",
+	Long:                  "Kubernetes-related PAM commands for Infisical",
+	DisableFlagsInUseLine: true,
+	Args:                  cobra.NoArgs,
+}
+
+var pamKubernetesAccessAccountCmd = &cobra.Command{
+	Use:                   "access-account <account-path>",
+	Short:                 "Access Kubernetes PAM account",
+	Long:                  "Access Kubernetes via a PAM-managed Kubernetes account. This command automatically launches a proxy connected to your Kubernetes cluster through the Infisical Gateway.",
+	Example:               "infisical pam kubernetes access-account prod/ssh/my-k8s-account --duration 2h",
+	DisableFlagsInUseLine: true,
+	Args:                  cobra.ExactArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		util.RequireLogin()
+
+		accountPath := args[0]
+
+		durationStr, err := cmd.Flags().GetString("duration")
+		if err != nil {
+			util.HandleError(err, "Unable to parse duration flag")
+		}
+
+		// Parse duration
+		_, err = time.ParseDuration(durationStr)
+		if err != nil {
+			util.HandleError(err, "Invalid duration format. Use formats like '1h', '30m', '2h30m'")
+		}
+
+		port, err := cmd.Flags().GetInt("port")
+		if err != nil {
+			util.HandleError(err, "Unable to parse port flag")
+		}
+
+		projectID, err := cmd.Flags().GetString("project-id")
+		if err != nil {
+			util.HandleError(err, "Unable to parse project-id flag")
+		}
+
+		if projectID == "" {
+			workspaceFile, err := util.GetWorkSpaceFromFile()
+			if err != nil {
+				util.PrintErrorMessageAndExit("Please either run infisical init to connect to a project or pass in project id with --project-id flag")
+			}
+			projectID = workspaceFile.WorkspaceId
+		}
+
+		log.Debug().Msg("PAM Kubernetes Access: Trying to fetch credentials using logged in details")
+
+		loggedInUserDetails, err := util.GetCurrentLoggedInUserDetails(true)
+		isConnected := util.ValidateInfisicalAPIConnection()
+
+		if isConnected {
+			log.Debug().Msg("PAM Kubernetes Access: Connected to Infisical instance, checking logged in creds")
+		}
+
+		if err != nil {
+			util.HandleError(err, "Unable to get logged in user details")
+		}
+
+		if isConnected && loggedInUserDetails.LoginExpired {
+			loggedInUserDetails = util.EstablishUserLoginSession()
+		}
+
+		pam.StartKubernetesLocalProxy(loggedInUserDetails.UserCredentials.JTWToken, accountPath, projectID, durationStr, port)
+	},
+}
 
 func init() {
 	pamDbCmd.AddCommand(pamDbAccessAccountCmd)
@@ -162,7 +232,13 @@ func init() {
 	pamSshAccessAccountCmd.Flags().String("duration", "1h", "Duration for SSH access session (e.g., '1h', '30m', '2h30m')")
 	pamSshAccessAccountCmd.Flags().String("project-id", "", "Project ID of the account to access")
 
+	pamKubernetesCmd.AddCommand(pamKubernetesAccessAccountCmd)
+	pamKubernetesAccessAccountCmd.Flags().String("duration", "1h", "Duration for kubernetes access session (e.g., '1h', '30m', '2h30m')")
+	pamKubernetesAccessAccountCmd.Flags().Int("port", 0, "Port for the local kubernetes proxy server (0 for auto-assign)")
+	pamKubernetesAccessAccountCmd.Flags().String("project-id", "", "Project ID of the account to access")
+
 	pamCmd.AddCommand(pamDbCmd)
 	pamCmd.AddCommand(pamSshCmd)
+	pamCmd.AddCommand(pamKubernetesCmd)
 	rootCmd.AddCommand(pamCmd)
 }