@tadnt2003/n8n-nodes-infisical 0.2.0 → 0.3.0

package/LICENSE

@@ -1,6 +1,7 @@
 MIT License
 
 Copyright (c) 2025 Kennis AI
+Copyright (c) 2026 Nguyen Thanh Dat
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md

@@ -1,4 +1,4 @@
-# n8n-nodes-infisical
+# @tadnt2003/n8n-nodes-infisical
 
 An n8n community node for integrating [Infisical](https://infisical.com/) — the open-source secrets management platform — into your n8n workflows.
 
@@ -10,7 +10,6 @@ An n8n community node for integrating [Infisical](https://infisical.com/) — th
 [Installation](#installation)  
 [Credentials](#credentials)  
 [Operations](#operations)  
-[Usage Examples](#usage-examples)  
 [Compatibility](#compatibility)  
 [Resources](#resources)  
 
@@ -20,7 +19,7 @@ An n8n community node for integrating [Infisical](https://infisical.com/) — th
 
 Follow the [community nodes installation guide](https://docs.n8n.io/integrations/community-nodes/installation/) in the n8n documentation.
 
-Package name: `n8n-nodes-infisical`
+Package name: `@tadnt2003/n8n-nodes-infisical`
 
 ---
 
@@ -39,15 +38,6 @@ Universal Auth uses a Machine Identity's Client ID and Client Secret to obtain a
 5. Assign the identity to your project with appropriate roles
 6. Copy the **Client ID** and **Client Secret**
 
-**Credential fields:**
-
-| Field | Description |
-| --- | --- |
-| API URL | Base URL of your Infisical API (default: `https://app.infisical.com/api`) |
-| Authentication Type | Select **Universal Auth (Machine Identity)** |
-| Client ID | The Machine Identity's Client ID |
-| Client Secret | The Machine Identity's Client Secret |
-
 ### Service Token (Legacy)
 
 Service Tokens are deprecated by Infisical and may be removed in future versions. Use Universal Auth for new integrations.
@@ -57,14 +47,6 @@ Service Tokens are deprecated by Infisical and may be removed in future versions
 3. Create a new Service Token with the required permissions
 4. Copy the token
 
-**Credential fields:**
-
-| Field | Description |
-| --- | --- |
-| API URL | Base URL of your Infisical API (default: `https://app.infisical.com/api`) |
-| Authentication Type | Select **Service Token (Legacy)** |
-| Service Token | Your Infisical Service Token |
-
 > For self-hosted Infisical, set API URL to your instance (e.g., `https://infisical.example.com/api`).
 
 ---
@@ -75,15 +57,16 @@ Service Tokens are deprecated by Infisical and may be removed in future versions
 
 All Secret operations require: **Project ID**, **Environment**, **Secret Path** (default: `/`).
 
-| Operation | Description | API |
-| --- | --- | --- |
-| **Get** | Fetch a single secret by key | `GET /v3/secrets/raw/{key}` |
-| **Get Many** | List all secrets in a path | `GET /v3/secrets/raw` |
-| **Create** | Create a single secret | `POST /v3/secrets/raw/{key}` |
-| **Create Many** | Create multiple secrets in one request | `POST /v4/secrets/batch` |
-| **Update** | Update a single secret | `PATCH /v4/secrets/{key}` |
-| **Update Many** | Update multiple secrets in one request | `PATCH /v4/secrets/batch` |
-| **Delete** | Delete a single secret by key | `DELETE /v3/secrets/raw/{key}` |
+| Operation | Description | Method | API endpoint |
+| --- | --- | --- | --- |
+| **Get** | Fetch a single secret by key | `GET` | `/v4/secrets/{key}` |
+| **Get Many** | List all secrets in a path | `GET` | `/v4/secrets` |
+| **Create** | Create a single secret | `POST` | `/v4/secrets/{key}` |
+| **Create Many** | Create multiple secrets in one request | `POST` | `/v4/secrets/batch` |
+| **Update** | Update a single secret | `PATCH` | `/v4/secrets/{key}` |
+| **Update Many** | Update multiple secrets in one request | `PATCH` | `/v4/secrets/batch` |
+| **Delete** | Delete a single secret by key | `DELETE` | `/v4/secrets/{key}` |
+| **Delete Many** | Delete multiple secrets in one request | `DELETE` | `/v4/secrets/batch` |
 
 #### Get
 
@@ -105,17 +88,25 @@ Required: **Secret Key**, **Secret Value**
 | Skip Multiline Encoding | Disable multiline encoding for the value |
 | Type | `shared` (default) or `personal` |
 
+**Secret Metadata (optional):** Add one or more key/value metadata tags to attach to the secret.
+
 #### Create Many
 
 Add secrets using the repeatable **Secrets** list. Each entry requires **Secret Key** and **Secret Value**.
 
-Per-secret optional fields: Secret Comment, Skip Multiline Encoding
+Per-secret optional fields:
+
+| Field | Description |
+| --- | --- |
+| Secret Comment | Attach a comment to this secret |
+| Skip Multiline Encoding | Disable multiline encoding for this secret's value |
+| Secret Metadata | Key/value metadata tags for this secret |
 
 **Additional Fields (optional):**
 
 | Field | Description |
 | --- | --- |
-| Secret Path Override | Use a different path than the top-level Secret Path |
+| Secret Path Override | Use a different path than the top-level Secret Path for this batch |
 
 Returns each created secret as a separate output item. If a secret protection policy is active, returns an approval object instead.
 
@@ -123,9 +114,9 @@ Returns each created secret as a separate output item. If a secret protection po
 
 Required: **Secret Key** (identifies the secret to update)
 
-All update values are optional — set only what needs to change:
+All update values are optional — set only what needs to change.
 
-**Additional Fields:**
+**Additional Fields (optional):**
 
 | Field | Description |
 | --- | --- |
@@ -135,73 +126,211 @@ All update values are optional — set only what needs to change:
 | Type | `shared` or `personal` |
 | Skip Multiline Encoding | Disable multiline encoding for the value |
 
+**Secret Metadata (optional):** Add one or more key/value metadata tags to attach to the secret.
+
 #### Update Many
 
 Add secrets using the repeatable **Secrets** list. Each entry requires **Secret Key** (the current name).
 
-Per-secret optional fields: Secret Value, New Secret Name, Secret Comment, Skip Multiline Encoding
+Per-secret optional fields:
+
+| Field | Description |
+| --- | --- |
+| Secret Value | The new value (leave blank to keep existing) |
+| New Secret Name | Rename this secret |
+| Secret Comment | Update the comment for this secret |
+| Skip Multiline Encoding | Disable multiline encoding for this secret's value |
+| Secret Metadata | Key/value metadata tags for this secret |
 
 **Additional Fields (optional):**
 
 | Field | Description |
 | --- | --- |
 | Mode | `failOnNotFound` (default) — error if secret missing; `upsert` — create if missing; `ignore` — skip missing secrets |
-| Secret Path Override | Use a different path than the top-level Secret Path |
+| Secret Path Override | Use a different path than the top-level Secret Path for this batch |
 
-Returns each updated secret as a separate output item.
+Returns each updated secret as a separate output item. If a secret protection policy is active, returns an approval object instead.
 
 #### Delete
 
 Required: **Secret Key**
 
-### Workspace
+#### Delete Many
+
+Add secrets using the repeatable **Secrets** list. Each entry requires **Secret Key** and **Type** (`shared` or `personal`).
+
+**Additional Fields (optional):**
+
+| Field | Description |
+| --- | --- |
+| Secret Path Override | Use a different path than the top-level Secret Path for this batch |
+
+---
+
+### Project
+
+| Operation | Description | Method | API endpoint |
+| --- | --- | --- | --- |
+| **Get** | Fetch a project by ID | `GET` | `/v1/projects/{id}` |
+| **Get by Slug** | Fetch a project by slug | `GET` | `/v1/projects/slug/{slug}` |
+| **Get Many** | List all accessible projects | `GET` | `/v1/projects` |
+| **Get Secret Snapshots** | List secret snapshots for a project environment | `GET` | `/v1/projects/{id}/secret-snapshots` |
+| **Get User Memberships** | List all user memberships in a project | `GET` | `/v1/projects/{id}/memberships` |
+| **Get User by Username** | Fetch a project member by username | `POST` | `/v1/projects/{id}/memberships/details` |
+
+#### Get Project
+
+Required: **Project ID**
+
+#### Get by Slug
+
+Required: **Project Slug**
+
+#### Get Many Projects
+
+No extra required fields. Returns each project as a separate output item.
+
+#### Get Secret Snapshots
+
+Required: **Project ID**, **Environment**
+
+**Additional Fields (optional):**
+
+| Field | Description |
+| --- | --- |
+| Secret Path | Filter snapshots by path (default: `/`) |
+| Offset | Number of results to skip (for pagination) |
+| Limit | Maximum number of results to return |
+
+Returns each snapshot as a separate output item.
+
+#### Get User Memberships
+
+Required: **Project ID**
+
+Returns each membership as a separate output item.
+
+#### Get User by Username
+
+Required: **Project ID**, **Username**
 
-| Operation | Description |
+---
+
+### Folder
+
+All Folder operations except **Get Folder by ID** require: **Project ID**, **Environment**, **Folder Path** (default: `/`).
+
+| Operation | Description | Method | API endpoint |
+| --- | --- | --- | --- |
+| **Get Folder by ID** | Fetch a folder by its ID | `GET` | `/v2/folders/{id}` |
+| **List Folders** | List all folders at a path | `GET` | `/v2/folders` |
+| **Create** | Create a new folder | `POST` | `/v2/folders` |
+| **Update** | Rename or update a folder | `PATCH` | `/v2/folders/{id}` |
+| **Delete** | Delete a folder | `DELETE` | `/v2/folders/{id}` |
+
+#### Get Folder by ID
+
+Required: **Folder ID**
+
+#### List Folders
+
+Required: **Project ID**, **Environment**, **Folder Path**
+
+**Additional Fields (optional):**
+
+| Field | Description |
 | --- | --- |
-| **Get Many** | List all workspaces accessible with the configured credentials |
+| Recursive | Return all nested subfolders as well |
+| Last Secret Modified | Filter folders by last secret modification time |
+
+Returns each folder as a separate output item.
+
+#### Create Folder
+
+Required: **Project ID**, **Environment**, **Folder Path** (parent path), **Folder Name**
+
+**Additional Fields (optional):**
+
+| Field | Description |
+| --- | --- |
+| Description | A description for the folder |
+
+#### Update Folder
+
+Required: **Project ID**, **Environment**, **Folder Path**, **Folder ID**, **Folder Name** (new name)
+
+**Additional Fields (optional):**
+
+| Field | Description |
+| --- | --- |
+| Description | A description for the folder |
+
+#### Delete Folder
+
+Required: **Project ID**, **Environment**, **Folder Path**, **Folder ID or Name**
+
+**Additional Fields (optional):**
+
+| Field | Description |
+| --- | --- |
+| Force Delete | Delete the folder even if it contains secrets or subfolders |
 
 ---
 
-## Usage Examples
+## InfisicalSync
+
+The **InfisicalSync** node provides bidirectional sync between n8n credentials and Infisical secrets. It requires an **InfisicalApi** credential (to authenticate to Infisical) and optionally an **n8nApi** credential (to read and write n8n credentials via the REST API).
 
-### Fetch a single secret
+### Sync Operations
 
-1. Add the **Infisical** node
-2. Resource: `Secret` → Operation: `Get`
-3. Fill in **Project ID**, **Environment** (e.g. `prod`), **Secret Path** (e.g. `/`), **Secret Key** (e.g. `DATABASE_URL`)
-4. The secret object is available in the node output
+| Operation | Direction | Description |
+| --- | --- | --- |
+| **Sync to Infisical** | n8n → Infisical | Push an n8n credential as a folder of secrets in Infisical. Each field becomes a secret; a `n8n_credential_type` metadata tag is attached to every secret for auto-discovery. Supports **Form** mode (select credential type from a dropdown and fill individual fields) and **JSON** mode (paste any credential type as a raw JSON object). When an n8nApi credential is configured, the input is validated against the n8n schema before any Infisical write occurs. |
+| **Sync from Infisical** | Infisical → n8n | Pull all secrets from a named Infisical folder and update an existing n8n credential by ID. |
+| **Auto Sync from Infisical** | Infisical → n8n | Discover all subfolders under a root Infisical path, read the `n8n_credential_type` metadata tag from each folder's secrets, then create or update the matching n8n credentials automatically. Uses the n8n REST API and validates credential data against each type's JSON Schema before saving. |
 
-### List all secrets in a folder
+### Supported Credential Types (Form Mode)
 
-1. Resource: `Secret` → Operation: `Get Many`
-2. Fill in **Project ID**, **Environment**, **Secret Path**
-3. Each secret is output as a separate item
+Form mode supports **31 credential types**. JSON mode accepts any type registered in n8n.
 
-### Create a secret
+#### AI / LLM
 
-1. Resource: `Secret` → Operation: `Create`
-2. Fill in **Project ID**, **Environment**, **Secret Path**, **Secret Key**, **Secret Value**
-3. Optionally add a comment or set the type via **Additional Fields**
+`anthropicApi`, `openAiApi`, `groqApi`, `cohereApi`, `huggingFaceApi`, `mistralCloudApi`
 
-### Bulk-create secrets
+#### Productivity / Project Management
 
-1. Resource: `Secret` → Operation: `Create Many`
-2. Fill in **Project ID**, **Environment**, **Secret Path**
-3. Click **Add Secret** to add each key/value pair
-4. Each created secret is returned as an output item
+`jiraSoftwareCloudApi`
 
-### Update a secret (rename + new value)
+#### Messaging / Webhooks
 
-1. Resource: `Secret` → Operation: `Update`
-2. Fill in **Project ID**, **Environment**, **Secret Path**, **Secret Key**
-3. Open **Additional Fields** → set **New Secret Name** and/or **Secret Value**
+`discordBotApi`, `discordWebhookApi`
+
+#### Google
+
+`googleApi`, `googleOAuth2Api`, `googleSheetsOAuth2Api`, `googleDriveOAuth2Api`, `googleDocsOAuth2Api`
+
+#### Databases
+
+`mySql`, `postgres`, `mongoDb`, `microsoftSql`, `redis`
+
+#### Infrastructure
+
+`n8nApi`, `infisicalApi`
+
+#### Generic HTTP Auth
+
+`httpBearerAuth`, `httpBasicAuth`, `httpDigestAuth`, `httpHeaderAuth`, `httpQueryAuth`, `httpCustomAuth`, `httpSslAuth`, `oAuth1Api`, `oAuth2Api`, `jwtAuth`
+
+> **Note**: `httpMultipleHeadersAuth` is not supported in form mode because its `headers` field is a `fixedCollection` that cannot be serialised to flat Infisical key-value secrets. Use JSON mode for that type.
+
+---
 
-### Bulk-update secrets
+## API behaviour notes
 
-1. Resource: `Secret` → Operation: `Update Many`
-2. Fill in **Project ID**, **Environment**, **Secret Path**
-3. Click **Add Secret** and enter the key and any fields to update
-4. In **Additional Fields** → set **Mode** (e.g. `upsert` to create missing secrets)
+- All operations use **Infisical API v4** for single-secret endpoints (`/api/v4/secrets/…`) and batch secret endpoints (`/api/v4/secrets/batch`).
+- Project operations use **Infisical API v1** (`/api/v1/projects/…`).
+- Folder operations use **Infisical API v2** (`/api/v2/folders/…`).
+- When a **secret protection policy** is active on the project, create/update/delete endpoints return an approval object (`{ approval: { id, status, … } }`) instead of the secret directly.
 
 ---
 
@@ -209,9 +338,9 @@ Required: **Secret Key**
 
 | Component | Version |
 | --- | --- |
-| n8n | v1.0.0+ |
+| n8n | v2.21.5 |
 | Infisical | Cloud and Community Edition |
-| Infisical API | v3 (single-secret ops), v4 (update + batch ops) |
+| Infisical API | v4 |
 | n8n Nodes API | v1 |
 
 ---

package/dist/credentials/InfisicalApi.credentials.js

@@ -64,6 +64,19 @@ class InfisicalApi {
                 required: true,
                 description: 'The Client Secret of your Infisical Machine Identity (Universal Auth)',
             },
+            {
+                displayName: 'Organization Slug',
+                name: 'organizationSlug',
+                type: 'string',
+                displayOptions: {
+                    show: {
+                        authType: ['universalAuth'],
+                    },
+                },
+                default: '',
+                description: 'Optional. Scope the access token to a specific organization. Leave blank to use the organization the machine identity was created in. ' +
+                    'To restrict this credential to a specific project, assign the machine identity to that project with the appropriate role in Infisical (Organization Settings → Machine Identities → your identity → Project Access).',
+            },
             {
                 displayName: 'Service Token',
                 name: 'apiKey',