{
  "title": "Create Dynamic Secret (PostgreSQL) — Request Example",
  "description": "Create a dynamic secret that generates ephemeral PostgreSQL credentials on demand. Each lease produces a unique username/password pair that is automatically revoked after the TTL expires.",
  "request": {
    "method": "POST",
    "url": "https://app.infisical.com/api/v1/dynamic-secrets",
    "headers": {
      "Authorization": "Bearer <access-token>",
      "Content-Type": "application/json"
    },
    "body": {
      "projectSlug": "my-project",
      "environmentSlug": "prod",
      "path": "/database",
      "name": "postgres-dynamic",
      "defaultTTL": "1h",
      "maxTTL": "24h",
      "provider": {
        "type": "sql-database",
        "inputs": {
          "client": "postgres",
          "host": "db.internal.example.com",
          "port": 5432,
          "database": "appdb",
          "username": "infisical_admin",
          "password": "admin-password",
          "creationStatement": "CREATE ROLE \"{{username}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{username}}\";",
          "revocationStatement": "REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM \"{{username}}\"; DROP ROLE IF EXISTS \"{{username}}\";",
          "renewStatement": "ALTER ROLE \"{{username}}\" VALID UNTIL '{{expiration}}';"
        }
      }
    }
  },
  "response": {
    "statusCode": 200,
    "body": {
      "dynamicSecret": {
        "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "name": "postgres-dynamic",
        "type": "sql-database",
        "defaultTTL": "1h",
        "maxTTL": "24h",
        "status": "active",
        "createdAt": "2026-06-13T00:00:00.000Z",
        "updatedAt": "2026-06-13T00:00:00.000Z"
      }
    }
  }
}