ContextQMD
Back to Infisical

SMB

docs/integrations/app-connections/smb.mdx

0.159.254.8 KB
Original Source

The SMB Connection allows Infisical to connect to Windows servers using the SMB (Server Message Block) protocol for remote management operations such as password rotation.

Prerequisites

You will need the following information to establish an SMB connection:

  • Host - The hostname or IP address of the Windows server where the local accounts to be managed reside. This must be a member server or standalone machine, not a Domain Controller.
  • Port - The SMB port (default is 445)
  • Username - A Windows administrator account with permissions to manage local accounts on the target machine
  • Password - The password for the administrator account
  • Domain (optional) - The Windows domain name if using domain credentials to authenticate. When provided, Infisical authenticates as a domain user (e.g., MYDOMAIN\Administrator) to manage local accounts on the target machine. This allows domain administrators to rotate local account passwords on domain-joined member servers.

Windows Server Requirements

  • SMB3 Support - This connection uses SMB3 with encryption enabled for secure communication with Windows servers.
  • Firewall Configuration - The server must be accessible from Infisical or from the Infisical Gateway if using it.
<Accordion title="Open firewall on Windows Defender for SMB connection"> Run the following PowerShell command as Administrator on the Windows server to allow inbound SMB connections: 
```powershell
New-NetFirewallRule -DisplayName "Allow SMB Inbound" -Direction Inbound -Protocol TCP -LocalPort 445 -Action Allow
```

To verify the rule was created:

```powershell
Get-NetFirewallRule -DisplayName "Allow SMB Inbound"
```
</Accordion>

Setup SMB Connection in Infisical

<Tabs> <Tab title="Infisical UI"> <Steps> <Step title="Navigate to App Connections"> Navigate to the **App Connections** tab in your Organization Settings. ![App Connections Tab](/images/app-connections/general/add-connection.png) </Step> <Step title="Select SMB Connection"> Click the **+ Add Connection** button and select **SMB** from the available options. 
            ![Select SMB Connection](/images/app-connections/smb/smb-app-connection-option.png)
        </Step>
        <Step title="Fill out the SMB Connection Modal">
            Complete the SMB Connection form by entering:
            - A descriptive name for the connection
            - An optional description for future reference
            - The Windows server host (hostname or IP address)
            - The SMB port (default is 445)
            - The domain name (optional, for domain-joined servers)
            - The administrator username
            - The administrator password

            ![SMB Connection Modal](/images/app-connections/smb/smb-app-connection-form.png)
        </Step>
        <Step title="Connection Created">
            After clicking Create, your **SMB Connection** is established and ready to use with your Infisical project.

            ![SMB Connection Created](/images/app-connections/smb/smb-app-connection-generated.png)
        </Step>
    </Steps>
</Tab>
<Tab title="API">
    To create an SMB Connection, make an API request to the [Create SMB
    Connection](/api-reference/endpoints/app-connections/smb/create) API endpoint.

    ### Sample request

    ```bash Request
    curl --request POST \
        --url https://app.infisical.com/api/v1/app-connections/smb \
        --header 'Content-Type: application/json' \
        --data '{
            "name": "my-windows-connection",
            "method": "credentials",
            "credentials": {
                "host": "192.168.1.100",
                "port": 445,
                "username": "Administrator",
                "password": "your-admin-password",
                "domain": "MYDOMAIN"
            }
        }'
    ```

    ### Sample response

    ```bash Response
    {
        "appConnection": {
            "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "name": "my-windows-connection",
            "version": 1,
            "orgId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "createdAt": "2023-11-07T05:31:56Z",
            "updatedAt": "2023-11-07T05:31:56Z",
            "app": "smb",
            "method": "credentials",
            "credentials": {
                "host": "192.168.1.100",
                "port": 445,
                "username": "Administrator",
                "domain": "MYDOMAIN"
            }
        }
    }
    ```
</Tab>
</Tabs>