Deploy and Host Infisical HA on Railway

Infisical HA is a highly available, self-hosted deployment of Infisical—the open-source secrets manager for developers and platforms. This Railway template provisions three Infisical Core nodes behind HAProxy, backed by a Patroni‑managed PostgreSQL cluster and Redis with Sentinel, delivering automated failover, redundancy, and zero‑downtime secret access in production.

About Hosting Infisical HA

This template stands up a production-grade HA topology modeled on Infisical’s Linux (HA) reference architecture. It deploys:

• Three Infisical Core services behind a top-level HAProxy
• PostgreSQL HA cluster (3 nodes) managed by Patroni with etcd for leader election and an HAProxy layer for write/read routing
• Redis HA with Sentinel (1 primary, 2 replicas, 3 sentinels) for automated failover

All services communicate over Railway’s private network using internal DNS. Configure SMTP for email/MFA, and optionally map a custom domain/TLS to the HAProxy front-end. The result is resilient, self-hosted secrets management that survives node failures and maintenance windows.

Common Use Cases

• Always-on secrets management for production microservices and CI/CD pipelines
• Self-hosted, compliance-bound environments needing full control of data, keys, and network
• Automated failover during maintenance/outages without changing client configuration

Dependencies for Infisical HA Hosting

• PostgreSQL HA (Patroni + etcd + HAProxy) for leader election, replication, and write routing
• Redis HA with Sentinel for primary promotion and replica reconfiguration
• Top-level HAProxy to front Infisical Core (and to simplify DB/Redis endpoints)

Deployment Dependencies

• Infisical Linux (HA) reference architecture: https://infisical.com/docs/self-hosting/reference-architectures/linux-deployment-ha
• Infisical environment variables: https://infisical.com/docs/self-hosting/configuration/envars
• Redis Sentinel docs: https://redis.io/docs/latest/operate/oss_and_stack/management/sentinel/
• Patroni: https://github.com/patroni/patroni
• etcd: https://etcd.io/
• HAProxy: https://www.haproxy.org/
• Redis HA (w/ Sentinel) template (base used): https://railway.com/deploy/redis-ha-w-sentinel
• Postgres HA template (base used): https://railway.com/deploy/postgres-ha

Implementation Details

• Top-level HAProxy:
  • Routes HTTP(S) traffic to the 3 Infisical Core instances
• PostgreSQL HA:
  • Patroni + etcd ensure a single leader; HAProxy exposes leader (write) and replica (read) endpoints.
• Redis HA:
  • 1 primary + 2 replicas monitored by 3 Sentinels for automatic failover.
• SMTP can be enabled through env vars (Pro plan only):
  • SMTP settings: SMTP_HOST, SMTP_USERNAME, SMTP_PASSWORD, SMTP_PORT, SMTP_SECURE, SMTP_FROM_ADDRESS, SMTP_FROM_NAME

Why Deploy Infisical HA on Railway?

Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.

By deploying Infisical HA on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.