Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: wire breakpilot-compliance to Infisical for local dev #30

Merged
sharang merged 1 commits from feat/infisical-secrets into main 2026-06-22 19:12:55 +00:00
Conversation 0 Commits 1 Files Changed 6
+232 -9
sharang commented 2026-06-22 19:04:42 +00:00
Owner
Copy Link
Copy Source

Summary

  • Add .infisical.json linking the repo to the breakpilot-compliance project on the self-hosted secrets.meghsakha.com instance.
  • Add a Makefile with infisical-aware targets (make dev, dev-build, dev-down, secrets, secrets-set, check-loc). make dev runs infisical run --env=dev -- docker compose up, so secrets are injected at run time and .env files no longer touch disk.
  • Add INFISICAL_SETUP.md with per-developer onboarding (CLI install, login, verify project link, run targets, Claude Code usage patterns, troubleshooting, optional .claude/settings.json deny-list for infisical export / secrets get).
  • Update README Quick Start to drop the cp .env.example .env step and point at make dev + INFISICAL_SETUP.md.
  • Remove HashiCorp Vault references from CLAUDE.md (core-services list + sensitive-files list) and compliance-checklist.md TOM section; replace with Infisical.

Test plan

  • infisical --domain https://secrets.meghsakha.com secrets --env=dev lists the dev secrets
  • make dev brings the compose stack up with secrets injected
  • make dev-down cleans up
  • CI passes (scripts/check-loc.sh and the rest of the pipeline)
## Summary - Add `.infisical.json` linking the repo to the `breakpilot-compliance` project on the self-hosted `secrets.meghsakha.com` instance. - Add a **Makefile** with infisical-aware targets (`make dev`, `dev-build`, `dev-down`, `secrets`, `secrets-set`, `check-loc`). `make dev` runs `infisical run --env=dev -- docker compose up`, so secrets are injected at run time and `.env` files no longer touch disk. - Add **INFISICAL_SETUP.md** with per-developer onboarding (CLI install, login, verify project link, run targets, Claude Code usage patterns, troubleshooting, optional `.claude/settings.json` deny-list for `infisical export` / `secrets get`). - Update README Quick Start to drop the `cp .env.example .env` step and point at `make dev` + `INFISICAL_SETUP.md`. - Remove HashiCorp Vault references from `CLAUDE.md` (core-services list + sensitive-files list) and `compliance-checklist.md` TOM section; replace with Infisical. ## Test plan - [ ] `infisical --domain https://secrets.meghsakha.com secrets --env=dev` lists the dev secrets - [ ] `make dev` brings the compose stack up with secrets injected - [ ] `make dev-down` cleans up - [ ] CI passes (`scripts/check-loc.sh` and the rest of the pipeline)
sharang added 1 commit 2026-06-22 19:04:44 +00:00
feat: wire breakpilot-compliance to Infisical for local dev
CI / detect-changes (pull_request) Successful in 9s
Details
CI / branch-name (pull_request) Successful in 1s
Details
CI / guardrail-integrity (pull_request) Successful in 7s
Details
CI / secret-scan (pull_request) Successful in 11s
Details
CI / dep-audit (pull_request) Failing after 58s
Details
CI / sbom-scan (pull_request) Failing after 1m4s
Details
CI / build-sha-integrity (pull_request) Successful in 6s
Details
CI / validate-canonical-controls (pull_request) Successful in 4s
Details
CI / loc-budget (pull_request) Successful in 25s
Details
CI / go-lint (pull_request) Failing after 22s
Details
CI / python-lint (pull_request) Failing after 13s
Details
CI / nodejs-lint (pull_request) Failing after 1m15s
Details
CI / nodejs-build (pull_request) Successful in 3m12s
Details
CI / test-go (pull_request) Successful in 57s
Details
CI / iace-gt-coverage (pull_request) Successful in 16s
Details
CI / test-python-backend (pull_request) Successful in 25s
Details
CI / test-python-document-crawler (pull_request) Successful in 14s
Details
CI / test-python-dsms-gateway (pull_request) Successful in 10s
Details
d82f86fc95 
- Add .infisical.json linking the repo to the breakpilot-compliance
  project on the self-hosted secrets.meghsakha.com instance.
- Add Makefile with infisical-aware targets (make dev, dev-build,
  dev-down, secrets, secrets-set). `make dev` runs `infisical run
  --env=dev -- docker compose up`, so secrets are injected at run
  time and .env files no longer touch disk.
- Add INFISICAL_SETUP.md with per-developer onboarding (CLI install,
  login, verify project link, run targets, Claude Code usage patterns,
  troubleshooting).
- Update README Quick Start to drop the cp .env.example .env step and
  point at make dev + INFISICAL_SETUP.md.
- Remove HashiCorp Vault references from CLAUDE.md (core-services list
  + sensitive-files list) and compliance-checklist.md TOM section;
  replace with Infisical.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
sharang merged commit 23c6ac6f32 into main 2026-06-22 19:12:55 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
config
Env vars, secrets management, startup validation
 data-integrity
Transactions, indexes, pagination
 frontend
Next.js, client-side concerns
 observability
Logging, audit trails, health checks
 reliability
Error handling, retries, circuit breakers
 security
Auth, secrets, injection, tenant isolation
 severity: critical
System-level risk, data breach or full outage
 severity: high
Significant risk, must fix before go-live
 severity: medium
Important but not blocking go-live
 testing
Test coverage, integration tests
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
sharang (Sharang Parnerkar) Benjamin_Boenisch
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Benjamin_Boenisch/breakpilot-compliance#30
Delete Branch "feat/infisical-secrets"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?