infisical (#8926)

* 'Add new script'

* Update infisical.sh

* Update Infisical installation script with dynamic keys

* Remove cleanup commands from install script

Removed cleanup commands from the Infisical installation script.

* Refactor Infisical repository setup process

* Update date_created to 2025-11-07

---------

Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com>
Co-authored-by: Slaviša Arežina <[email protected]>
Co-authored-by: CanbiZ <[email protected]>

Author: 3 people

ct/headers/infisical

@@ -0,0 +1,6 @@
+    ____      _____      _            __
+   /  _/___  / __(_)____(_)________ _/ /
+   / // __ \/ /_/ / ___/ / ___/ __ `/ / 
+ _/ // / / / __/ (__  ) / /__/ /_/ / /  
+/___/_/ /_/_/ /_/____/_/\___/\__,_/_/   
+                                        

ct/infisical.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: Slaviša Arežina (tremor021)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://infisical.com/
+
+APP="Infisical"
+var_tags="${var_tags:-auth}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-6}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+  if [[ ! -d /etc/infisical ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  msg_info "Stopping service"
+  $STD infisical-ctl stop
+  msg_ok "Service stopped"
+
+  msg_info "Creating backup"
+  DB_PASS=$(grep -Po '(?<=^Database Password:\s).*' ~/infisical.creds | head -n1)
+  PGPASSWORD=$DB_PASS pg_dump -U infisical -h localhost -d infisical_db > /opt/infisical_backup.sql
+  msg_ok "Created backup"
+
+  msg_info "Updating Infisical"
+  $STD apt update
+  $STD apt install -y infisical-core
+  $STD infisical-ctl reconfigure
+  msg_ok "Updated Infisical"
+
+  msg_info "Starting service"
+  infisical-ctl start
+  msg_ok "Started service"
+  msg_ok "Updated successfully"
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"

frontend/public/json/infisical.json

@@ -0,0 +1,35 @@
+{
+  "name": "Infisical",
+  "slug": "infisical",
+  "categories": [
+    6
+  ],
+  "date_created": "2025-11-07",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": 8080,
+  "documentation": "https://infisical.com/docs/documentation/getting-started/overview",
+  "config_path": "/etc/infisical/infisical.rb",
+  "website": "https://infisical.com/",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/infisical.webp",
+  "description": "Secrets, certificates, and access management on autopilot. All-in-one platform to securely manage application secrets, certificates, SSH keys, and configurations across your team and infrastructure.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/infisical.sh",
+      "resources": {
+        "cpu": 2,
+        "ram": 2048,
+        "hdd": 6,
+        "os": "Debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": []
+}

install/infisical-install.sh

@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: Slaviša Arežina (tremor021)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://infisical.com/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  apt-transport-https \
+  ca-certificates \
+  redis
+msg_ok "Installed Dependencies"
+
+PG_VERSION="17" setup_postgresql
+
+msg_info "Setting up Infisical Repository"
+setup_deb822_repo \
+  "infisical" \
+  "https://artifacts-infisical-core.infisical.com/infisical.gpg" \
+  "https://artifacts-infisical-core.infisical.com/deb" \
+  "stable"
+msg_ok "Setup Infisical repository"
+
+msg_info "Configuring PostgreSQL"
+DB_NAME="infisical_db"
+DB_USER="infisical"
+DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
+$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
+$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;"
+$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
+$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
+$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC';"
+{
+  echo "Infiscal Credentials"
+  echo "Database Name: $DB_NAME"
+  echo "Database User: $DB_USER"
+  echo "Database Password: $DB_PASS"
+} >>~/infisical.creds
+msg_ok "Configured PostgreSQL"
+
+msg_info "Setting up Infisical"
+AUTH_SECRET="$(openssl rand -base64 32 | tr -d '\n')"
+ENC_KEY="$(openssl rand -hex 16 | tr -d '\n')"
+IP_ADDR=$(hostname -I | awk '{print $1}')
+$STD apt install -y infisical-core
+mkdir -p /etc/infisical
+cat <<EOF >/etc/infisical/infisical.rb
+infisical_core['ENCRYPTION_KEY'] = '$ENC_KEY'
+infisical_core['AUTH_SECRET'] = '$AUTH_SECRET'
+infisical_core['HOST'] = '$IP_ADDR'
+infisical_core['DB_CONNECTION_URI'] = 'postgres://${DB_USER}:${DB_PASS}@localhost:5432/${DB_NAME}'
+infisical_core['REDIS_URL'] = 'redis://localhost:6379'
+EOF
+$STD infisical-ctl reconfigure
+msg_ok "Setup Infisical"
+
+motd_ssh
+customize
+cleanup_lxc