feat: add certificates to Infisical agent

[carlosmonastyrski]

Description 📣

This PR introduces certificate management capabilities to the Infisical Agent. It adds support for:

• Issuing certificates, either by manually specifying all fields or by supplying a CSR
• Automatically renewing certificates that were not issued via CSR
• Executing post-event hooks
• Storing all generated certificate files in the configured destination directory

Type ✨

• Bug fix
• New feature
• Improvement
• Breaking change
• Documentation

Tests 🛠️

# Here's some code block to paste some code snippets

---

• I have read the contributing guide, agreed and acknowledged the code of conduct. 📝

[greptile-apps]

Greptile Overview

Greptile Summary

This PR extends the Infisical Agent from a secrets management tool to also handle PKI certificate lifecycle management. The changes introduce comprehensive certificate management capabilities including automated issuance, renewal, and file management. The implementation adds new API models for certificate operations (IssueCertificateRequest, CertificateAttributes, etc.) and corresponding API client functions for issuing, retrieving, and renewing certificates. The core functionality is integrated into the agent's main monitoring loop, providing concurrent certificate lifecycle management alongside existing secrets operations.

The certificate management engine supports both manual certificate specification and CSR-based workflows, implements configurable renewal policies to prevent expiration, and includes post-event hooks for downstream system integration (like reloading web servers). A new configuration file demonstrates practical usage with nginx integration, and the implementation follows the agent's existing architectural patterns of concurrent goroutines, unified configuration management, and graceful shutdown handling.

Important Files Changed

Filename	Score	Overview
packages/api/model.go	5/5	Adds comprehensive certificate management data structures and API models
packages/api/api.go	4/5	Implements certificate management API client functions for PKI operations
certificate-agent-config.yaml	4/5	New configuration file demonstrating certificate management setup with post-hooks
packages/cmd/agent.go	4/5	Integrates certificate lifecycle management into the main agent workflow

Confidence score: 3/5

• This PR introduces complex certificate management functionality but may have potential security and operational risks that need careful review
• Score reflects concerns about command execution security in post-hooks, missing input validation on certificate parameters, and lack of comprehensive testing documentation
• Pay close attention to the post-hooks command execution in certificate-agent-config.yaml and certificate validation logic in packages/cmd/agent.go

[greptile-apps]

_{4 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}