Open-source secrets, certificate, and privileged access management for teams and infrastructure
- Stars27.4k
- Forks2k
- Open Issues584
Other
- TypeScript
- Go
- Gherkin
About Infisical
Infisical is an open-source platform for centralizing application configuration and secrets such as API keys and database credentials. Teams use it to sync secrets across projects, environments, infrastructure, and CI/CD workflows while preventing secrets from leaking to git.
The platform includes a dashboard, CLI, API, SDKs, Kubernetes Operator, and agent. It supports secret versioning, point-in-time recovery, scheduled rotation, dynamic on-demand secrets, and syncs to platforms such as GitHub, Vercel, AWS, Terraform, and Ansible. It also manages internal PKI, external CA integrations, certificate lifecycle, KMS keys, and signed SSH certificates.
Infisical is available as Infisical Cloud and can be self-hosted on-prem or in cloud infrastructure to keep data on your own systems. Access controls cover users and machine identities with RBAC, temporary access, access requests, approval workflows, and audit logs that track every action on the platform.
Key features
- Centralized secrets across projects and environments
- Secret syncs for GitHub, Vercel, AWS, Terraform, and Ansible
- Secret versioning, point-in-time recovery, rotation, and dynamic secrets
- Internal PKI, external CA integrations, and certificate lifecycle management
- RBAC, temporary access, approval workflows, and audit logs
Details
- First released
- 2022
- Self-hosting
- On-prem or cloud infrastructure
- Interfaces
- Dashboard · CLI · API · SDKs
- Secrets
- Versioning · rotation · dynamic
- PKI
- Internal CA · external CA
- Access
- RBAC · requests · approvals