> ## Documentation Index
> Fetch the complete documentation index at: https://infisical-devin-1781641701-docs-github-pat-fine-grained.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Packer

> Learn how to fetch secrets from Infisical with Packer using a data source

This guide demonstrates how to use the Infisical Packer plugin to fetch secret data using a data source. The Packer plugin supports both [Infisical Cloud](https://app.infisical.com) and [self-hosted instances of Infisical](https://infisical.com/docs/self-hosting/overview).

## Prerequisites

Before you begin, make sure you have:

* [Packer](https://developer.hashicorp.com/packer/install) installed
* An Infisical account with access to a project
* Basic understanding of Packer

## Project Setup

### Configure Provider

First, specify the Infisical provider in your Packer configuration:

```hcl theme={null}
packer {
  required_plugins {
    infisical = {
      source  = "github.com/infisical/infisical"
      version = ">=0.0.1"
    }
  }
}
```

### Authentication

Using a Machine Identity, you can authenticate with [Universal Auth](https://infisical.com/docs/documentation/platform/identities/universal-auth).

```hcl theme={null}
data "infisical-secrets" "dev-secrets" {
  folder_path = "/"
  env_slug    = "dev" # The environment to list secrets from (e.g. dev, staging, prod)
  project_id  = "00000000-0000-0000-0000-000000000000"
  host        = "https://app.infisical.com" # Optional for cloud, required for self-hosted

  universal_auth {
    client_id = "00000000-0000-0000-0000-000000000000"
    client_secret = "..." # Optional if using INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET env variable
  }
}
```

Learn more about [machine identities](/documentation/platform/identities/machine-identities).

## Using Secrets in Packer

You're able to fetch secrets from Infisical using the `infisical-secrets` Data Source:

```hcl theme={null}
# Fetch all secrets from a folder
data "infisical-secrets" "dev-secrets" {
  folder_path = "/"
  env_slug    = "dev"
  project_id  = "00000000-0000-0000-0000-000000000000"

  universal_auth {
    ...
  }
}

locals {
  secrets = data.infisical-secrets.dev-secrets.secrets
}

source "null" "basic-example" {
  communicator = "none"
}

build {
  sources = [
    "source.null.basic-example"
  ]

  provisioner "shell-local" {
    inline = [
      "echo secret_key: ${local.secrets["SECRET_KEY"].secret_value}",
    ]
  }
}
```

The `local.secrets` object maps secret keys to [secret objects](https://github.com/Infisical/packer-plugin-infisical/blob/main/docs/datasources/secrets.md#secret-object).

See also:

* [Packer Plugin Repository Example](https://github.com/Infisical/packer-plugin-infisical/blob/main/example/build.pkr.hcl)
* [Packer Plugin Repository Docs](https://github.com/Infisical/packer-plugin-infisical/tree/main/docs)
* [Machine Identity setup guide](/documentation/platform/identities/machine-identities)