Esta página se muestra en inglés. Una traducción al español está en curso.

SkillsApr 3, 2026·2 min de lectura

Infisical — Open-Source Secret Management

Manage API keys and secrets across teams and environments. Auto-sync to apps, rotation, audit logs. 25K+ GitHub stars.

Listo para agents

Staging seguro para este activo

Este activo primero queda en staging. El prompt copiado pide inspeccionar los archivos staged antes de activar scripts, config MCP o config global.

Stage only · 29/100Política: staging

Superficie agent

Cualquier agent MCP/CLI

Tipo

Skill

Instalación

Stage only

Confianza

Confianza: Established

Entrada

infisical.md

Comando de staging seguro

npx -y tokrepo@latest install 41fbcc5c-aac8-4f3e-8305-cf2462809684 --target codex

Primero deja archivos en staging; la activación requiere revisar el README y el plan staged.

TL;DR

Infisical manages API keys and credentials with end-to-end encryption.

§01

What it is

Infisical is an open-source secret management platform that centralizes API keys, database credentials, and environment variables. It provides a dashboard for managing secrets, SDKs for fetching secrets at runtime, CLI tools for injecting secrets into development environments, and integrations with CI/CD platforms. All secrets are end-to-end encrypted.

It targets development teams who currently store secrets in .env files, hardcode them in config, or share them over Slack, and want a secure, centralized alternative.

§02

How it saves time or tokens

Infisical eliminates the manual process of sharing and rotating secrets. Instead of copying .env files between developers or storing API keys in plaintext config, you reference secrets from Infisical and they are injected at build time or runtime. For AI applications with multiple API keys (OpenAI, Anthropic, database, vector store), centralizing secrets prevents the lost-key incidents and configuration drift that waste development time.

§03

How to use

Install the CLI:

brew install infisical/get-cli/infisical
# Or: npm install -g @infisical/cli

infisical login
infisical init  # Select your project

# Run any command with secrets injected
infisical run -- npm run dev
infisical run -- python app.py

Use the SDK in your application:

from infisical_client import InfisicalClient

client = InfisicalClient(token='your-service-token')
secret = client.get_secret('OPENAI_API_KEY', environment='production')
print(secret.secret_value)

§04

Example

# Initialize Infisical in your AI project
infisical init

# Set secrets for different environments
infisical secrets set OPENAI_API_KEY=sk-... --env=dev
infisical secrets set ANTHROPIC_API_KEY=sk-ant-... --env=dev
infisical secrets set DATABASE_URL=postgres://... --env=dev

# Run your AI app with all secrets injected
infisical run --env=dev -- python ai_agent.py

# In CI/CD (GitHub Actions example):
# - uses: infisical/secrets-action@v1
#   with:
#     project-id: your-project-id
#     environment: production

§05

Related on TokRepo

AI tools for DevOps -- Infrastructure and deployment tools
AI tools for security -- Security and compliance tools

§06

Common pitfalls

Self-hosting requires MongoDB or PostgreSQL. The cloud version handles infrastructure but stores secrets on Infisical's servers (encrypted). Choose based on your compliance requirements.
Service tokens for production need proper scoping. Do not use a development token with broad access in production. Create environment-specific tokens with minimal permissions.
Secret rotation requires updating all dependent services. Use Infisical's SDK to fetch secrets at runtime rather than baking them into Docker images for easier rotation.

Preguntas frecuentes

How does Infisical compare to HashiCorp Vault?+

Vault is more feature-rich but significantly more complex to operate. Infisical focuses on developer experience with a simpler setup, visual dashboard, and first-class .env file replacement. Vault is better for large enterprises with dedicated security teams. Infisical is better for small to mid-size teams who want secret management without operational overhead.

Is Infisical end-to-end encrypted?+

Yes. Secrets are encrypted on the client side before being sent to the server. The server never sees plaintext secrets. Infisical uses AES-256-GCM encryption with per-workspace keys. Even if the server is compromised, secrets remain encrypted.

Does Infisical integrate with CI/CD platforms?+

Yes. Infisical provides native integrations with GitHub Actions, GitLab CI, CircleCI, Jenkins, and other CI/CD platforms. It also integrates with cloud platforms like AWS, GCP, Azure, Vercel, and Netlify for automatic secret injection during deployment.

Can I use Infisical with Docker?+

Yes. Use the Infisical CLI to inject secrets into Docker containers at runtime, or use the SDK inside your application to fetch secrets on startup. Avoid baking secrets into Docker images. Infisical also provides a Docker Compose setup for self-hosting.

Does Infisical support secret versioning and audit logs?+

Yes. Infisical tracks all secret changes with version history. You can view who changed a secret, when it was changed, and roll back to previous versions. Audit logs record all access events for compliance and security review.

Referencias (3)

Infisical GitHub Repository— Infisical is an open-source secret management platform
Infisical Documentation— Infisical uses AES-256-GCM end-to-end encryption
OWASP Secrets Management— Secret management is critical for application security

Relacionados en TokRepo

DevOps tools Security tools Featured workflows

🙏

Fuente y agradecimientos

Created by Infisical. Licensed under MIT.

infisical — ⭐ 25,700+

Discusión

Inicia sesión para unirte a la discusión.

Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados

Keycloak — Open Source Identity & Access Management

Keycloak is the most widely deployed open-source IAM solution. SSO, OIDC, SAML, LDAP federation, MFA, social login, and user management for enterprise applications.

Skills

AI Open Source

Ghostfolio — Open Source Wealth Management & Portfolio Tracker

Ghostfolio is an open-source personal finance dashboard for tracking stocks, ETFs, crypto, and other investments with real-time market data and performance analytics.

Skills

AI Open Source

Huly — All-in-One Open Source Project Management Platform

Huly is an open-source alternative to Linear, Jira, Slack, and Notion. Project tracking, team chat, knowledge base, and HR tools in a single unified platform.

Skills

AI Open Source

Plane — Open-Source AI Project Management

Open-source Jira/Linear alternative with AI-powered pages. Issues, sprints, modules, roadmaps, and real-time analytics. Self-hostable via Docker. AGPL-3.0, 47,500+ stars.

Skills

AI Open Source