Cette page est affichée en anglais. Une traduction française est en cours.

SkillsApr 3, 2026·2 min de lecture

Infisical — Open-Source Secret Management

Manage API keys and secrets across teams and environments. Auto-sync to apps, rotation, audit logs. 25K+ GitHub stars.

Prêt pour agents

Staging sûr pour cet actif

Cet actif est d'abord staged. Le prompt copié demande à l'agent d'inspecter les fichiers staged avant d'activer scripts, config MCP ou config globale.

Stage only · 29/100Policy : staging

Surface agent

Tout agent MCP/CLI

Type

Skill

Installation

Stage only

Confiance

Confiance : Established

Point d'entrée

infisical.md

Commande de staging sûr

npx -y tokrepo@latest install 41fbcc5c-aac8-4f3e-8305-cf2462809684 --target codex

Stage les fichiers d'abord; l'activation exige la revue du README et du plan staged.

TL;DR

Infisical manages API keys and credentials with end-to-end encryption.

§01

What it is

Infisical is an open-source secret management platform that centralizes API keys, database credentials, and environment variables. It provides a dashboard for managing secrets, SDKs for fetching secrets at runtime, CLI tools for injecting secrets into development environments, and integrations with CI/CD platforms. All secrets are end-to-end encrypted.

It targets development teams who currently store secrets in .env files, hardcode them in config, or share them over Slack, and want a secure, centralized alternative.

§02

How it saves time or tokens

Infisical eliminates the manual process of sharing and rotating secrets. Instead of copying .env files between developers or storing API keys in plaintext config, you reference secrets from Infisical and they are injected at build time or runtime. For AI applications with multiple API keys (OpenAI, Anthropic, database, vector store), centralizing secrets prevents the lost-key incidents and configuration drift that waste development time.

§03

How to use

Install the CLI:

brew install infisical/get-cli/infisical
# Or: npm install -g @infisical/cli

infisical login
infisical init  # Select your project

# Run any command with secrets injected
infisical run -- npm run dev
infisical run -- python app.py

Use the SDK in your application:

from infisical_client import InfisicalClient

client = InfisicalClient(token='your-service-token')
secret = client.get_secret('OPENAI_API_KEY', environment='production')
print(secret.secret_value)

§04

Example

# Initialize Infisical in your AI project
infisical init

# Set secrets for different environments
infisical secrets set OPENAI_API_KEY=sk-... --env=dev
infisical secrets set ANTHROPIC_API_KEY=sk-ant-... --env=dev
infisical secrets set DATABASE_URL=postgres://... --env=dev

# Run your AI app with all secrets injected
infisical run --env=dev -- python ai_agent.py

# In CI/CD (GitHub Actions example):
# - uses: infisical/secrets-action@v1
#   with:
#     project-id: your-project-id
#     environment: production

§05

Related on TokRepo

AI tools for DevOps -- Infrastructure and deployment tools
AI tools for security -- Security and compliance tools

§06

Common pitfalls

Self-hosting requires MongoDB or PostgreSQL. The cloud version handles infrastructure but stores secrets on Infisical's servers (encrypted). Choose based on your compliance requirements.
Service tokens for production need proper scoping. Do not use a development token with broad access in production. Create environment-specific tokens with minimal permissions.
Secret rotation requires updating all dependent services. Use Infisical's SDK to fetch secrets at runtime rather than baking them into Docker images for easier rotation.

Questions fréquentes

How does Infisical compare to HashiCorp Vault?+

Vault is more feature-rich but significantly more complex to operate. Infisical focuses on developer experience with a simpler setup, visual dashboard, and first-class .env file replacement. Vault is better for large enterprises with dedicated security teams. Infisical is better for small to mid-size teams who want secret management without operational overhead.

Is Infisical end-to-end encrypted?+

Yes. Secrets are encrypted on the client side before being sent to the server. The server never sees plaintext secrets. Infisical uses AES-256-GCM encryption with per-workspace keys. Even if the server is compromised, secrets remain encrypted.

Does Infisical integrate with CI/CD platforms?+

Yes. Infisical provides native integrations with GitHub Actions, GitLab CI, CircleCI, Jenkins, and other CI/CD platforms. It also integrates with cloud platforms like AWS, GCP, Azure, Vercel, and Netlify for automatic secret injection during deployment.

Can I use Infisical with Docker?+

Yes. Use the Infisical CLI to inject secrets into Docker containers at runtime, or use the SDK inside your application to fetch secrets on startup. Avoid baking secrets into Docker images. Infisical also provides a Docker Compose setup for self-hosting.

Does Infisical support secret versioning and audit logs?+

Yes. Infisical tracks all secret changes with version history. You can view who changed a secret, when it was changed, and roll back to previous versions. Audit logs record all access events for compliance and security review.

Sources citées (3)

Infisical GitHub Repository— Infisical is an open-source secret management platform
Infisical Documentation— Infisical uses AES-256-GCM end-to-end encryption
OWASP Secrets Management— Secret management is critical for application security

En lien sur TokRepo

DevOps tools Security tools Featured workflows

🙏

Source et remerciements

Created by Infisical. Licensed under MIT.

infisical — ⭐ 25,700+

Fil de discussion

Connectez-vous pour rejoindre la discussion.

Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires

Keycloak — Open Source Identity & Access Management

Keycloak is the most widely deployed open-source IAM solution. SSO, OIDC, SAML, LDAP federation, MFA, social login, and user management for enterprise applications.

Skills

AI Open Source

Ghostfolio — Open Source Wealth Management & Portfolio Tracker

Ghostfolio is an open-source personal finance dashboard for tracking stocks, ETFs, crypto, and other investments with real-time market data and performance analytics.

Skills

AI Open Source

Huly — All-in-One Open Source Project Management Platform

Huly is an open-source alternative to Linear, Jira, Slack, and Notion. Project tracking, team chat, knowledge base, and HR tools in a single unified platform.

Skills

AI Open Source

Plane — Open-Source AI Project Management

Open-source Jira/Linear alternative with AI-powered pages. Issues, sprints, modules, roadmaps, and real-time analytics. Self-hostable via Docker. AGPL-3.0, 47,500+ stars.

Skills

AI Open Source