Folder-scoped access control (permissions) or simple organisation wide token access

[2snEM6]

An interesting use case for Infisical is to generate a Docker compose on the fly where every docker compose service maps to an Infisical project.

Dev environment secrets are pulled and injected into the Docker compose. This is helpful in order to sync and share development secrets across development teams/users seamlessly. Developers don't necessarily have the same permissions to each project.
Some developers might have read access to a small subset of services.

The issue is that the SDKs and CLIs don't make it easy to do this after a simple infisical login, since the Infisical Token is scoped per project and thus downloading all the secrets the developer has access to scoped per project is impossible (?).

An alternative is to use folders, but folders can't restrict access to certain members.

Other providers such as Doppler allow organisation access to secrets using the CLI, where subsequent calls can be scoped per project.

Is there a plan to implement either of the solutions? Is there a way I can accomplish this in a different way?

Thank you!

[2snEM6]

I see now that this is doable using the REST API if the developer first provides an API Key.

A couple of things that could be improved are:

• To have an OpenAPI spec for code generation. This makes integrating Infisical into custom solutions easier
• As said above, simple user/password authentication to retrieve org-wide secrets. Having to ask users to create en API Key so it can be used with the API is not ideal.