# Infisical

> An open-source, all-in-one platform to securely manage application secrets, certificates, SSH keys, and configurations across teams and infrastructure.

Infisical is an open-source, end-to-end secrets management platform that centralizes application secrets, certificates, SSH keys, and configurations across teams and infrastructure. It supports both cloud-hosted and self-hosted deployments, making it suitable for startups and large enterprises alike. Trusted by organizations like NVIDIA, Hugging Face, and UPS, Infisical secures over 500 million secrets daily with AES-GCM-256 encryption and SOC 2, HIPAA, and FIPS 140-3 compliance.

- **Secrets Management** — *Centralize API keys, tokens, and environment variables across environments; sync to AWS, Vercel, GitHub Actions, Kubernetes, and more.*
- **Dynamic Secrets & Secret Rotation** — *Generate short-lived credentials on demand and rotate long-lasting secrets automatically to reduce breach risk.*
- **Certificate Management** — *Automate certificate issuance and renewal across internal and external PKI to eliminate expiration risk.*
- **Privileged Access Management (PAM)** — *Grant just-in-time access to infrastructure with identity-based policies and full auditability.*
- **Agent Sentinel** — *Govern how AI agents access tools and external systems; centralize authentication and policy enforcement across MCP endpoints.*
- **Access Controls & Audit Logs** — *Set granular role-based permissions for human and machine identities; track every action with detailed audit logs.*
- **Approval Workflows** — *Assign reviewers to approve secret changes before they propagate to applications, similar to git pull requests.*
- **Temporary Access** — *Grant time-limited access to sensitive resources that auto-revokes upon expiration.*
- **Secret Scanning** — *Detect and prevent secret leaks in codebases and CI/CD pipelines.*
- **Self-Hostable** — *Deploy on your own infrastructure via Docker, Kubernetes, or use Infisical Cloud with no maintenance overhead.*

## Features
- Secrets Management
- Dynamic Secrets
- Secret Rotation
- Certificate Management
- Privileged Access Management
- Agent Sentinel for AI agents
- Role-based Access Controls
- Audit Logs
- Approval Workflows
- Temporary Access Provisioning
- Secret Scanning & Leak Prevention
- Secret Versioning
- Point-in-time Recovery
- SAML SSO
- LDAP Authentication
- SCIM Provisioning
- IP Allowlisting
- Key Management (KMS)
- Self-hostable deployment
- AES-GCM-256 encryption
- SOC 2 & HIPAA compliance
- FIPS 140-3 compliance
- Secret Sharing
- Webhooks
- Infisical Agent
- Kubernetes Operator

## Integrations
GitHub Actions, GitLab CI/CD, Jenkins, Bitbucket, CircleCI, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, Kubernetes, Docker, Terraform, Ansible, Vercel, Heroku, Render, Cloudflare, AWS ECS

## Platforms
WEB, API, DEVELOPER_SDK, LINUX, MACOS, WINDOWS

## Pricing
Freemium — Free tier available with paid upgrades

## Links
- Website: https://infisical.com
- Documentation: https://infisical.com/docs/documentation/getting-started/overview
- Repository: https://github.com/Infisical/infisical
- EveryDev.ai: https://www.everydev.ai/tools/infisical