Introduction

Infisical is the open source secret management platform that teams use to centralize their application configuration and secrets like API keys and database credentials as well as manage their internal PKI.

Features

Secrets Management:

• Dashboard: Manage secrets across projects and environments (e.g. development, production, etc.) through a user-friendly interface.
• Native Integrations: Sync secrets to platforms like GitHub, Vercel, AWS, and use tools like Terraform, Ansible, and more.
• Secret versioning and Point-in-Time Recovery: Keep track of every secret and project state; roll back when needed.
• Secret Rotation: Rotate secrets at regular intervals for services like PostgreSQL, MySQL, AWS IAM, and more.
• Dynamic Secrets: Generate ephemeral secrets on-demand for services like PostgreSQL, MySQL, RabbitMQ, and more.
• Secret Scanning and Leak Prevention: Prevent secrets from leaking to git.
• Infisical Kubernetes Operator: Deliver secrets to your Kubernetes workloads and automatically reload deployments.
• Infisical Agent: Inject secrets into applications without modifying any code logic.

Infisical (Internal) PKI:

• Private Certificate Authority: Create CA hierarchies, configure certificate templates for policy enforcement, and start issuing X.509 certificates.
• Certificate Management: Manage the certificate lifecycle from issuance to revocation with support for CRL.
• Alerting: Configure alerting for expiring CA and end-entity certificates.
• Infisical PKI Issuer for Kubernetes: Deliver TLS certificates to your Kubernetes workloads with automatic renewal.
• Enrollment over Secure Transport: Enroll and manage certificates via EST protocol.

Infisical Key Management System (KMS):

• Cryptographic Keys: Centrally manage keys across projects through a user-friendly interface or via the API.
• Encrypt and Decrypt Data: Use symmetric keys to encrypt and decrypt data.

Infisical SSH

• Signed SSH Certificates: Issue ephemeral SSH credentials for secure, short-lived, and centralized access to infrastructure.

General Platform:

• Authentication Methods: Authenticate machine identities with Infisical using a cloud-native or platform agnostic authentication method (Kubernetes Auth, GCP Auth, Azure Auth, AWS Auth, OIDC Auth, Universal Auth).
• Access Controls: Define advanced authorization controls for users and machine identities with RBAC, additional privileges, temporary access, access requests, approval workflows, and more.
• Audit logs: Track every action taken on the platform.
• Self-hosting: Deploy Infisical on-prem or cloud with ease; keep data on your own infrastructure.
• Infisical SDK: Interact with Infisical via client SDKs (Node, Python, Go, Ruby, Java, .NET)
• Infisical CLI: Interact with Infisical via CLI; useful for injecting secrets into local development and CI/CD pipelines.
• Infisical API: Interact with Infisical via API.

Resources

• Docs for comprehensive documentation and guides
• Slack for discussion with the community and Infisical team.
• GitHub for code, issues, and pull requests
• Twitter for fast news
• YouTube for videos on secret management
• Blog for secret management insights, articles, tutorials, and updates