Infisical
An open-source, all-in-one platform to securely manage application secrets, certificates, SSH keys, and configurations across teams and infrastructure.
At a Glance
About Infisical
Infisical is an open-source, end-to-end secrets management platform that centralizes application secrets, certificates, SSH keys, and configurations across teams and infrastructure. It supports both cloud-hosted and self-hosted deployments, making it suitable for startups and large enterprises alike. Trusted by organizations like NVIDIA, Hugging Face, and UPS, Infisical secures over 500 million secrets daily with AES-GCM-256 encryption and SOC 2, HIPAA, and FIPS 140-3 compliance.
- Secrets Management — Centralize API keys, tokens, and environment variables across environments; sync to AWS, Vercel, GitHub Actions, Kubernetes, and more.
- Dynamic Secrets & Secret Rotation — Generate short-lived credentials on demand and rotate long-lasting secrets automatically to reduce breach risk.
- Certificate Management — Automate certificate issuance and renewal across internal and external PKI to eliminate expiration risk.
- Privileged Access Management (PAM) — Grant just-in-time access to infrastructure with identity-based policies and full auditability.
- Agent Sentinel — Govern how AI agents access tools and external systems; centralize authentication and policy enforcement across MCP endpoints.
- Access Controls & Audit Logs — Set granular role-based permissions for human and machine identities; track every action with detailed audit logs.
- Approval Workflows — Assign reviewers to approve secret changes before they propagate to applications, similar to git pull requests.
- Temporary Access — Grant time-limited access to sensitive resources that auto-revokes upon expiration.
- Secret Scanning — Detect and prevent secret leaks in codebases and CI/CD pipelines.
- Self-Hostable — Deploy on your own infrastructure via Docker, Kubernetes, or use Infisical Cloud with no maintenance overhead.
Community Discussions
Be the first to start a conversation about Infisical
Share your experience with Infisical, ask questions, or help others learn from your insights.
Pricing
Free
The basics for individuals and startups. Free forever.
- Dashboard UI, API, CLI, SDKs
- Kubernetes Operator
- Infisical Agent
- Webhooks
- 2FA
Pro
For growing teams needing advanced security and compliance features.
- All Free features
- Secret Versioning
- Point-in-time Recovery
- Role-based Access Controls
- Secret Rotation
- Temporary Access Provisioning
- SAML SSO
- IP Allowlisting
- 90-day Audit Log Retention
- Higher Rate Limits
- Priority Customer Support
- Up to 12 environments
- Up to 50 integrations
Enterprise
Flexible pricing that scales with your organization.
- All Pro features
- Dedicated Infrastructure
- Enterprise SCIM
- LDAP Authentication
- Dynamic Secrets
- AI Security Advisor
- Approval Workflows
- Access Requests
- Gateways
- Sub-organizations
- KMIP
- KMS & HSM Support
- Audit Log Streaming
- Custom Audit Log Retention
- Custom Rate Limits
- User Groups
- Custom Roles
- 99.99% SLA
- SOC2 & PenTest Reports
- Dedicated Support Engineer
Capabilities
Key Features
- Secrets Management
- Dynamic Secrets
- Secret Rotation
- Certificate Management
- Privileged Access Management
- Agent Sentinel for AI agents
- Role-based Access Controls
- Audit Logs
- Approval Workflows
- Temporary Access Provisioning
- Secret Scanning & Leak Prevention
- Secret Versioning
- Point-in-time Recovery
- SAML SSO
- LDAP Authentication
- SCIM Provisioning
- IP Allowlisting
- Key Management (KMS)
- Self-hostable deployment
- AES-GCM-256 encryption
- SOC 2 & HIPAA compliance
- FIPS 140-3 compliance
- Secret Sharing
- Webhooks
- Infisical Agent
- Kubernetes Operator