What is Infisical?
Infisical is an open-source secret management platform — an alternative to HashiCorp Vault, AWS Secrets Manager, and .env files. It stores, syncs, and rotates secrets across your infrastructure.
The cloud free tier includes unlimited secrets for up to 5 team members.
Quick Start
# Install CLI
brew install infisical/get-cli/infisical
# Login
infisical login
# Initialize project
infisical init
# Run with secrets injected
infisical run -- npm start
Your app gets all secrets as environment variables — no .env files, no hardcoded keys.
The REST API
export INFISICAL_URL="https://app.infisical.com/api"
export INFISICAL_TOKEN="your-service-token"
Get Secrets
curl -s "$INFISICAL_URL/v3/secrets/raw?workspaceId=YOUR_PROJECT_ID&environment=prod" \
-H "Authorization: Bearer $INFISICAL_TOKEN" | jq '.secrets[] | {key: .secretKey, value: .secretValue}'
Create Secret
curl -X POST "$INFISICAL_URL/v3/secrets/raw/STRIPE_KEY" \
-H "Authorization: Bearer $INFISICAL_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"workspaceId": "YOUR_PROJECT_ID",
"environment": "prod",
"secretValue": "sk_live_xxx"
}'
Update Secret
curl -X PATCH "$INFISICAL_URL/v3/secrets/raw/STRIPE_KEY" \
-H "Authorization: Bearer $INFISICAL_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"workspaceId": "YOUR_PROJECT_ID",
"environment": "prod",
"secretValue": "sk_live_new_xxx"
}'
Node.js SDK
import { InfisicalClient } from "@infisical/sdk";
const client = new InfisicalClient({
siteUrl: "https://app.infisical.com",
auth: {
universalAuth: {
clientId: process.env.INFISICAL_CLIENT_ID,
clientSecret: process.env.INFISICAL_CLIENT_SECRET,
},
},
});
// Get a single secret
const secret = await client.getSecret({
environment: "prod",
projectId: "YOUR_PROJECT_ID",
secretName: "DATABASE_URL",
});
console.log(secret.secretValue);
// List all secrets
const secrets = await client.listSecrets({
environment: "prod",
projectId: "YOUR_PROJECT_ID",
});
Integrations
Infisical syncs secrets to:
# Sync to Vercel
infisical integrations create vercel
# Sync to AWS Secrets Manager
infisical integrations create aws-secret-manager
# Sync to GitHub Actions
infisical integrations create github
# Sync to Kubernetes
infisical integrations create kubernetes
Change a secret in Infisical → it updates everywhere automatically.
Docker Integration
# docker-compose.yml
services:
app:
image: myapp
environment:
INFISICAL_TOKEN: ${INFISICAL_TOKEN}
command: infisical run -- node server.js
Secret Rotation
# Auto-rotate database credentials
infisical secrets rotation create \
--type postgres \
--secret-name DB_PASSWORD \
--interval 30d
Self-Host
git clone https://github.com/Infisical/infisical
cd infisical
docker compose -f docker-compose.prod.yml up -d
Infisical vs Alternatives
| Feature | Infisical | Vault | AWS SM | .env files |
|---|---|---|---|---|
| Price (self-hosted) | Free | Free | N/A | Free |
| UI | Modern web | Basic | AWS Console | None |
| Secret Rotation | Built-in | Complex | Built-in | Manual |
| Team Management | Yes | Yes | IAM | No |
| Versioning | Yes | Yes | Yes | Git |
| Setup Time | 5 min | 30+ min | 10 min | 0 |
Need secure secret management or DevOps security setup?
📧 spinov001@gmail.com
🔧 My tools on Apify Store
How do you manage secrets? .env, Vault, or something else?
Top comments (0)