feat(cli): support INFISICAL_PROJECT_ID environment variable

[tysoncung]

Summary

Add support for the INFISICAL_PROJECT_ID environment variable as a fallback when the --projectId flag is not provided. This enables full CI/CD automation without requiring CLI flags for every command.

Problem

Currently, users must pass --projectId as a CLI flag for commands like run, export, secrets, etc. While INFISICAL_TOKEN can be set as an environment variable for authentication, there's no equivalent for the project ID. This breaks CI/CD workflows where you want to configure everything via environment variables.

See: Infisical/infisical#2912

Changes

• Added INFISICAL_PROJECT_ID_NAME constant to packages/util/constants.go
• Added GetProjectIdFromFlag() helper in packages/util/helper.go that checks the --projectId flag first, then falls back to the INFISICAL_PROJECT_ID env var
• Updated all commands that accept --projectId to use the new helper:
  • run
  • export
  • secrets (get, set, delete, list, generate-example-env)
  • folders (get, create, delete)
  • dynamic-secrets (all lease subcommands)
  • tokens (create)
  • ssh (add-host)
• Updated flag help text to mention the env var fallback

Usage

# Before: required flag
infisical run --projectId=abc123 -- ./my-app

# After: can use env var instead
export INFISICAL_PROJECT_ID=abc123
infisical run -- ./my-app

Flag takes precedence over the environment variable when both are set.

Closes Infisical/infisical#2912

[greptile-apps]

Greptile Summary

This PR adds INFISICAL_PROJECT_ID as an environment-variable fallback for the --projectId flag across all CLI commands, enabling fully environment-variable-driven CI/CD workflows without requiring explicit CLI flags.

• New constant INFISICAL_PROJECT_ID_NAME = "INFISICAL_PROJECT_ID" added to constants.go following existing naming conventions.
• New helper GetProjectIdFromFlag() added to helper.go to encapsulate the flag-then-env-var lookup; all 14 cmd.Flags().GetString("projectId") call sites across run, export, secrets, folder, dynamic_secrets, tokens, and ssh are updated to use it.
• Flag help text updated on every --projectId registration to document the env var fallback.
• The helper reimplements logic already present in GetCmdFlagOrEnvWithDefaultValue, and crucially omits the strings.TrimSpace() that the existing utility applies to env var values — this is the one concrete gap to address before merging.

Confidence Score: 4/5

• PR is safe to merge after addressing the missing TrimSpace on the env var read in the new helper.
• The change is mechanical and well-scoped — every call site is updated consistently, the constant follows existing conventions, and the flag-over-env precedence is correct. The only concrete issue is that the new helper skips the whitespace trimming that the existing GetCmdFlagOrEnvWithDefaultValue utility applies, which could silently cause API failures for users whose environment inadvertently includes surrounding spaces. Fixing that (one line) or delegating to the existing utility brings this to a clean merge.
• packages/util/helper.go — missing strings.TrimSpace() for env var fallback

Important Files Changed

Filename	Overview
packages/util/helper.go	Adds GetProjectIdFromFlag() helper that reads --projectId flag and falls back to INFISICAL_PROJECT_ID env var; reimplements existing GetCmdFlagOrEnvWithDefaultValue logic without whitespace trimming
packages/util/constants.go	Adds INFISICAL_PROJECT_ID_NAME constant following the existing naming convention; straightforward and correct
packages/cmd/run.go	Replaces direct cmd.Flags().GetString("projectId") call with util.GetProjectIdFromFlag(cmd); also updates flag help text to document env var fallback
packages/cmd/secrets.go	All five projectId lookups (secrets list, set, delete, get, generate-example-env) updated to use GetProjectIdFromFlag; help text updated consistently
packages/cmd/dynamic_secrets.go	All five dynamic-secret lease commands updated to use GetProjectIdFromFlag; help text updated consistently
packages/cmd/export.go	projectId lookup updated to GetProjectIdFromFlag; help text updated
packages/cmd/folder.go	get/create/delete folder commands updated to use GetProjectIdFromFlag; straightforward change
packages/cmd/ssh.go	sshAddHost projectId lookup updated to GetProjectIdFromFlag; help text updated
packages/cmd/tokens.go	tokensCreate workspaceId lookup updated to GetProjectIdFromFlag; help text updated

_{Last reviewed commit: "feat(cli): support I..."}

[greptile-apps]

Missing whitespace trimming for env var

The existing GetCmdFlagOrEnvWithDefaultValue and GetCmdFlagOrEnv helpers both apply strings.TrimSpace() when reading values from environment variables. GetProjectIdFromFlag skips this step, so a value like INFISICAL_PROJECT_ID=" abc123 " (with leading/trailing spaces) would be passed verbatim to API calls and silently fail. Consider trimming, or simply delegate to the existing helper:

Suggested change

	if projectId == "" {
	projectId = os.Getenv(INFISICAL_PROJECT_ID_NAME)
	}
	if projectId == "" {
	projectId = strings.TrimSpace(os.Getenv(INFISICAL_PROJECT_ID_NAME))
	}

[greptile-apps]

Reuse existing GetCmdFlagOrEnvWithDefaultValue helper

The repo already has GetCmdFlagOrEnvWithDefaultValue that performs exactly this flag-then-env-var lookup (including whitespace trimming). GetProjectIdFromFlag reimplements the same logic, creating a second source of truth. Consider delegating to the existing utility to avoid the divergence:

Suggested change

	func GetProjectIdFromFlag(cmd *cobra.Command) (string, error) {
	projectId, err := cmd.Flags().GetString("projectId")
	if err != nil {
	return "", err
	}
	if projectId == "" {
	projectId = os.Getenv(INFISICAL_PROJECT_ID_NAME)
	}
	return projectId, nil
	}
	func GetProjectIdFromFlag(cmd *cobra.Command) (string, error) {
	return GetCmdFlagOrEnvWithDefaultValue(cmd, "projectId", []string{INFISICAL_PROJECT_ID_NAME}, "")
	}

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}