Skip to main content
POST
/
api
/
v1
/
auth
/
kubernetes-auth
/
identities
/
{identityId}
cURL
curl --request POST \
  --url https://us.infisical.com/api/v1/auth/kubernetes-auth/identities/{identityId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "kubernetesHost": "<string>",
  "allowedNamespaces": "<string>",
  "allowedNames": "<string>",
  "allowedAudience": "<string>",
  "caCert": "",
  "verifyTlsCertificate": true,
  "tokenReviewerJwt": "<string>",
  "tokenReviewMode": "api",
  "gatewayId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "gatewayPoolId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "accessTokenTrustedIps": [
    {
      "ipAddress": "0.0.0.0/0"
    },
    {
      "ipAddress": "::/0"
    }
  ],
  "accessTokenTTL": 2592000,
  "accessTokenMaxTTL": 2592000,
  "accessTokenNumUsesLimit": 0
}
'
{
  "identityKubernetesAuth": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z",
    "identityId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "allowedNamespaces": "<string>",
    "allowedNames": "<string>",
    "allowedAudience": "<string>",
    "caCert": "<string>",
    "accessTokenTTL": 7200,
    "accessTokenMaxTTL": 7200,
    "accessTokenNumUsesLimit": 0,
    "accessTokenTrustedIps": "<unknown>",
    "tokenReviewMode": "api",
    "kubernetesHost": "<string>",
    "gatewayId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "gatewayPoolId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "verifyTlsCertificate": false,
    "tokenReviewerJwt": "<string>"
  }
}

Documentation Index

Fetch the complete documentation index at: https://infisical-saif-eng-4890-add-support-for-oracle-db-access-in.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

An access token in Infisical

Path Parameters

identityId
string
required

The ID of the machine identity to attach the configuration onto.

Body

application/json
kubernetesHost
string | null
required

The host string, host:port pair, or URL to the base of the Kubernetes API server.

Minimum string length: 1
allowedNamespaces
string
required

The comma-separated list of trusted namespaces that service accounts must belong to authenticate with Infisical.

allowedNames
string
required

The comma-separated list of trusted service account names that can authenticate with Infisical.

allowedAudience
string
required

The optional audience claim that the service account JWT token must have to authenticate with Infisical.

caCert
string
default:""

The PEM-encoded CA certificate used to validate the Kubernetes API server's TLS certificate. Required when verifyTlsCertificate is true. Supplying a non-empty caCert always implies verifyTlsCertificate=true; explicitly setting the toggle to false in the same request is rejected.

verifyTlsCertificate
boolean

Whether to verify the Kubernetes API server's TLS certificate against the configured CA certificate. When true, caCert is required. When false, the connection is still over HTTPS but the API server's certificate is not verified, and caCert must be empty. If omitted, defaults to true when caCert is provided and false otherwise.

tokenReviewerJwt
string

Optional JWT token for accessing Kubernetes TokenReview API. If provided, this long-lived token will be used to validate service account tokens during authentication. If omitted, the client's own JWT will be used instead, which requires the client to have the system:auth-delegator ClusterRole binding.

tokenReviewMode
enum<string>
default:api

The mode to use for token review. Must be one of: 'api', 'gateway'. If gateway is selected, the gateway must be deployed in Kubernetes, and the gateway must have the system:auth-delegator ClusterRole binding.

Available options:
api,
gateway
gatewayId
string<uuid> | null

The ID of the gateway to use when performing kubernetes API requests.

gatewayPoolId
string<uuid> | null
accessTokenTrustedIps
object[]

The IPs or CIDR ranges that access tokens can be used from.

Minimum array length: 1
accessTokenTTL
integer
default:2592000

The lifetime for an access token in seconds.

Required range: 0 <= x <= 315360000
accessTokenMaxTTL
integer
default:2592000

The maximum lifetime for an access token in seconds.

Required range: 0 <= x <= 315360000
accessTokenNumUsesLimit
integer
default:0

The maximum number of times that an access token can be used.

Required range: x >= 0

Response

Default Response

identityKubernetesAuth
object
required