Skip to main content
PATCH
/
api
/
v1
/
auth
/
kubernetes-auth
/
identities
/
{identityId}
cURL
curl --request PATCH \
  --url https://us.infisical.com/api/v1/auth/kubernetes-auth/identities/{identityId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "kubernetesHost": "<string>",
  "caCert": "<string>",
  "verifyTlsCertificate": true,
  "tokenReviewerJwt": "<string>",
  "tokenReviewMode": "api",
  "allowedNamespaces": "<string>",
  "allowedNames": "<string>",
  "allowedAudience": "<string>",
  "gatewayId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "gatewayPoolId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "accessTokenTrustedIps": [
    {
      "ipAddress": "<string>"
    }
  ],
  "accessTokenTTL": 157680000,
  "accessTokenNumUsesLimit": 1,
  "accessTokenMaxTTL": 157680000
}
'
{
  "identityKubernetesAuth": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "createdAt": "2023-11-07T05:31:56Z",
    "updatedAt": "2023-11-07T05:31:56Z",
    "identityId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "allowedNamespaces": "<string>",
    "allowedNames": "<string>",
    "allowedAudience": "<string>",
    "caCert": "<string>",
    "accessTokenTTL": 7200,
    "accessTokenMaxTTL": 7200,
    "accessTokenNumUsesLimit": 0,
    "accessTokenTrustedIps": "<unknown>",
    "tokenReviewMode": "api",
    "kubernetesHost": "<string>",
    "gatewayId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "gatewayPoolId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "verifyTlsCertificate": false,
    "tokenReviewerJwt": "<string>"
  }
}

Documentation Index

Fetch the complete documentation index at: https://infisical-saif-eng-4890-add-support-for-oracle-db-access-in.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

An access token in Infisical

Path Parameters

identityId
string
required

The ID of the machine identity to update the auth method for.

Body

application/json
kubernetesHost
string | null

The new host string, host:port pair, or URL to the base of the Kubernetes API server.

Minimum string length: 1
caCert
string

The new PEM-encoded CA certificate used to validate the Kubernetes API server's TLS certificate. Required when verifyTlsCertificate is true. Supplying a non-empty caCert always implies verifyTlsCertificate=true; the update is rejected if the resulting effective state would store a CA together with verifyTlsCertificate=false.

verifyTlsCertificate
boolean

Whether to verify the Kubernetes API server's TLS certificate against the configured CA certificate. When true, caCert is required. When false, the connection is still over HTTPS but the API server's certificate is not verified, and the resulting effective CA must be empty. If omitted while supplying a non-empty caCert in the same update, the toggle is auto-promoted to true; otherwise the stored value is preserved.

tokenReviewerJwt
string | null

Optional JWT token for accessing Kubernetes TokenReview API. If provided, this long-lived token will be used to validate service account tokens during authentication. If omitted, the client's own JWT will be used instead, which requires the client to have the system:auth-delegator ClusterRole binding.

tokenReviewMode
enum<string>

The mode to use for token review. Must be one of: 'api', 'gateway'. If gateway is selected, the gateway must be deployed in Kubernetes, and the gateway must have the system:auth-delegator ClusterRole binding.

Available options:
api,
gateway
allowedNamespaces
string

The new comma-separated list of trusted namespaces that service accounts must belong to authenticate with Infisical.

allowedNames
string

The new comma-separated list of trusted service account names that can authenticate with Infisical.

allowedAudience
string

The new optional audience claim that the service account JWT token must have to authenticate with Infisical.

gatewayId
string<uuid> | null

The ID of the gateway to use when performing kubernetes API requests.

gatewayPoolId
string<uuid> | null
accessTokenTrustedIps
object[]

The new IPs or CIDR ranges that access tokens can be used from.

Minimum array length: 1
accessTokenTTL
integer

The new lifetime for an acccess token in seconds.

Required range: 0 <= x <= 315360000
accessTokenNumUsesLimit
integer

The new maximum number of times that an access token can be used.

Required range: x >= 0
accessTokenMaxTTL
integer

The new maximum lifetime for an acccess token in seconds.

Required range: 0 <= x <= 315360000

Response

Default Response

identityKubernetesAuth
object
required