Infisical is an open-source, self-hosted secret management platform designed for DevOps teams and enterprises. It provides end-to-end encrypted storage for application secrets, certificates, and machine identities with access controls, audit logging, and seamless CI/CD integrations. With over 12,000 organizations using Infisical worldwide, it has become a trusted solution for securing environment variables, API keys, database credentials, and certificates across development, staging, and production environments.
The platform supports multiple deployment methods including Docker, Kubernetes, and native Linux installations, making it suitable for homelabs, small teams, and enterprise infrastructure. Infisical is SOC 2 Type II, HIPAA, and FIPS 140-3 compliant, meeting stringent regulatory requirements for organizations in regulated industries.
| Feature | Description |
|---|---|
| Secrets Management | Centralized secret storage with end-to-end AES-GCM-256 encryption, RBAC, and audit trails |
| PKI & Certificate Management | Automated certificate lifecycle management with ACME client support and custom PKI |
| Privileged Access Management | Just-in-time access with identity-based policies, break-glass workflows, and auto-revocation |
| Dynamic Secrets | On-demand credential generation for databases (PostgreSQL, MySQL, OracleDB, Vertica) and cloud services |
| Secret Rotation | Automated rotation for database credentials, API tokens, and integration secrets |
| SSH Management | SSH V2 with host groups, certificate-based authentication, and session recording |
| Agent Sentinel | Govern AI agent access to tools and systems with MCP endpoints and policy enforcement |
| Infisical Gateway | Secure access to private network resources without exposing services publicly |
| Component | Technology |
|---|---|
| Backend | Node.js, TypeScript |
| Frontend | React, Next.js |
| Database | PostgreSQL 14+ (required), Redis for caching |
| Deployment | Docker, Docker Compose, Kubernetes, Linux binary |
| Encryption | AES-GCM-256, TLS 1.3, PKI with X.509 certificates |
| Resource | Specification |
|---|---|
| CPU | 2 cores |
| RAM | 2 GB |
| Disk | 10 GB SSD |
| Network | 100 Mbps |
| Resource | Specification |
|---|---|
| CPU | 4+ cores |
| RAM | 4-8 GB |
| Disk | 50+ GB SSD (depending on audit log retention) |
| Network | 1 Gbps |
| Database | Managed PostgreSQL service (recommended) |
| Cache | Managed Redis service (recommended) |
For production environments requiring high availability:
| Release Track | Version | Description |
|---|---|---|
| Latest Stable | v0.158.5 (February 2026) | Current production-ready release |
| Docker Image | infisical/infisical:latest-postgres |
Recommended for PostgreSQL deployments |
| FIPS Image | infisical/infisical-fips |
FIPS 140-3 compliant (Enterprise) |
| Linux Binary | Available | Native Linux installation (amd64, arm64) |
💡 Tip: Always use specific version tags in production (e.g.,
infisical/infisical:v0.158.5-postgres) instead oflatestto ensure reproducible deployments.
Choose your preferred deployment method:
For a complete installation walkthrough, see Setup Infisical.
Any questions?
Feel free to contact us. Find all contact information on our contact page.