Open Saas Directory
Infisical

Infisical

Description

Infisical is an open-source secret management platform that helps teams securely manage and sync secrets, configurations, and cryptographic assets across environments. It prevents leaks, integrates with major cloud and CI/CD platforms, and simplifies PKI, KMS, and SSH management. Infisical is designed to make enterprise-grade security tooling accessible to developers and organizations of all sizes.

Features

Secrets Management

  • Dashboard: Manage secrets across projects and environments via a simple UI.
  • Native Integrations: Sync secrets to GitHub, Vercel, AWS, Terraform, Ansible, and more.
  • Secret Versioning & Recovery: Track changes and roll back to earlier states.
  • Secret Rotation: Automatically rotate credentials for PostgreSQL, MySQL, AWS IAM, etc.
  • Dynamic Secrets: Generate ephemeral credentials on-demand for databases and messaging services.
  • Secret Scanning: Detect and prevent secret leaks in git repositories.
  • Kubernetes Operator: Deliver secrets to workloads with auto-reload support.
  • Infisical Agent: Inject secrets into apps without changing code.

Internal PKI

  • Private Certificate Authority: Create CA hierarchies and enforce certificate policies.
  • Certificate Lifecycle Management: Automate issuance, renewal, and revocation with CRL support.
  • Alerting: Get notified about expiring certificates.
  • PKI Issuer for Kubernetes: Auto-manage TLS certificates in Kubernetes workloads.
  • Enrollment via EST: Securely enroll and manage certificates with EST protocol.

Key Management System (KMS)

  • Centralized Key Storage: Manage cryptographic keys across projects.
  • Data Encryption/Decryption: Use symmetric keys for secure encryption workflows.

SSH Management

  • Signed SSH Certificates: Provide ephemeral SSH credentials for short-lived, secure access.

Platform Features

  • Flexible Authentication: Authenticate via Kubernetes, GCP, AWS, Azure, OIDC, or universal methods.
  • Access Controls: Implement RBAC, temporary access, approval workflows, and granular privileges.
  • Audit Logs: Monitor all actions performed within Infisical.
  • Self-Hosting: Deploy on your own infrastructure or use the managed cloud version.
  • SDKs: Use client libraries in Node, Python, Go, Ruby, Java, and .NET.
  • CLI: Manage secrets and scan repositories from the command line.
  • API: Programmatically integrate Infisical with your stack.

Technology Stack

  • Docker (self-hosting and local setup)
  • GitHub Actions & Cloudsmith (distribution and CI/CD)
  • Kubernetes (operator and PKI issuer)
  • Languages/SDKs: Node.js, Python, Go, Ruby, Java, .NET
  • CLI Tools for scanning and automation

Requirements

  • Git installed
  • Docker installed (for local and self-hosted deployments)

Categories

secretops-platform

Topics

secret-management

Quick Links

GithubWebsiteDocsSlack CommunitySelf-Hosting Guide

GitHub Metrics

Stars
20,035
Forks
1,347
Contributors
1,347
Last Updated
9/10/2025
DigitalOcean
DigitalOcean

Deploy Infisical on DigitalOcean

Get started with $200 in free credits and deploy your application in minutes.

Deploy NowView pricing
Trusted by 600,000+ developers