Add support for Infisical

[v0ctor]

This PR adds support for Infisical, either the SaaS or a self-deployment.

By using the official SDK, the same environment variables also work for the official Ansible integration, which makes it very convenient for those who use both tools together for IaC.

[yxxhero]

@v0ctor DCO issue.

[yxxhero]

return err

[v0ctor]

Fixed! Thanks.

[Copilot]

Pull Request Overview

This PR adds support for Infisical, a secrets management platform, as a new provider in vals. The integration uses the official Infisical Go SDK and supports multiple authentication methods (Universal Auth, Kubernetes, AWS IAM, Azure, GCP IAM, and GCP ID Token), making it compatible with the official Ansible integration for users who use both tools.

Key changes:

• Adds a new infisical provider with support for retrieving secrets via the Infisical Go SDK
• Integrates the provider into the vals runtime, string provider, and string map provider systems
• Adds comprehensive documentation for authentication methods and usage examples

Reviewed Changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
vals.go	Registers the Infisical provider in the main runtime
pkg/stringprovider/stringprovider.go	Adds Infisical to the string provider factory
pkg/stringmapprovider/stringmapprovider.go	Adds Infisical to the string map provider factory
pkg/providers/infisical/infisical.go	Implements the complete Infisical provider with authentication and secret retrieval
go.mod	Adds the Infisical Go SDK dependency (v0.5.100) and related transitive dependencies
README.md	Documents the Infisical provider with environment variables, parameters, examples, and authentication methods

[Copilot]

The path handling adds a leading slash unconditionally, which could result in double slashes if the user already provides a path with a leading slash (e.g., '/prometheus' becomes '//prometheus'). Consider trimming leading slashes from the input before adding one: p.path = '/' + strings.TrimPrefix(path, '/') or only add the slash if it's missing.

[v0ctor]

Legit. Fixed.

[Copilot]

Silent failure when parsing the version could mask configuration errors. If an invalid version string is provided, it silently defaults to 0 without informing the user. Consider logging a warning when the version fails to parse, or return an error from the New function if version parsing is critical.

Suggested change

	p.version, _ = strconv.Atoi(
	cfg.String("version"),
	)
	versionStr := cfg.String("version")
	versionInt, err := strconv.Atoi(versionStr)
	if versionStr != "" && err != nil {
	l.Warnf("Invalid version string '%s', defaulting to 0: %v", versionStr, err)
	p.version = 0
	} else {
	p.version = versionInt
	}

[v0ctor]

Legit. Fixed.

[Copilot]

The example description states the project slug is 'infrastructure' but the URL parameter shows 'infrastructure-hue8'. This inconsistency could confuse users. Either update the parameter to match the description or update the description to accurately reflect the parameter value.

Suggested change

	- `ref+infisical://WEBHOOK_URL?project=infrastructure-hue8&path=prometheus&environment=prod`: gets the secret at "infrastructure" (project slug) -> "prometheus" (folder) -> "WEBHOOK_URL" (secret) -> "prod" (environment).
	- `ref+infisical://WEBHOOK_URL?project=infrastructure-hue8&path=prometheus&environment=prod`: gets the secret at "infrastructure-hue8" (project slug) -> "prometheus" (folder) -> "WEBHOOK_URL" (secret) -> "prod" (environment).

[v0ctor]

Legit. Fixed.

[Copilot]

Missing space after the colon. Should be 'Universal: UNIVERSAL_AUTH' for consistency with the other authentication method entries.

Suggested change

	- **Universal**:`UNIVERSAL_AUTH`
	- **Universal**: `UNIVERSAL_AUTH`

[v0ctor]

Legit. Fixed.

[v0ctor]

All issues fixed!