# Infisical — Open-Source Secret Management

> Manage API keys and secrets across teams and environments. Auto-sync to apps, rotation, audit logs. 25K+ GitHub stars.

## Install

Save the content below to `.claude/skills/` or append to your `CLAUDE.md`:

# Infisical — Open-Source Secret Management

## Quick Use

```bash
brew install infisical/get-cli/infisical
# Or: npm install -g @infisical/cli
```

```bash
# Login and pull secrets
infisical login
infisical init

# Run your app with secrets injected
infisical run -- python app.py
# All secrets from your Infisical project are available as env vars
```

```python
# Or use the Python SDK
from infisical_client import InfisicalClient

client = InfisicalClient(token="your-machine-identity-token")

secret = client.get_secret(
    secret_name="OPENAI_API_KEY",
    project_id="your-project",
    environment="production",
)
print(secret.secret_value)
```

---

## Intro

Infisical is an open-source secret management platform with 25,700+ GitHub stars for storing, syncing, and rotating API keys, database credentials, and other secrets across teams and environments. For AI applications that juggle multiple LLM API keys (OpenAI, Anthropic, Gemini), database credentials, and service tokens, Infisical eliminates scattered .env files and hardcoded secrets. It provides a web dashboard, CLI, SDKs for 10+ languages, auto-sync to cloud services, secret rotation, and audit logs — everything you need to manage secrets properly.

Works with: Python, Node.js, Go, Java, Ruby, .NET, AWS, GCP, Azure, Vercel, Docker, Kubernetes. Best for teams managing multiple API keys for LLM providers and cloud services. Setup time: under 5 minutes.

---

## Infisical Features

### Why Infisical for AI Apps?

AI applications typically manage:
- 3-5 LLM API keys (OpenAI, Anthropic, Google, Mistral, Groq)
- Database credentials (PostgreSQL, Redis, vector DBs)
- Cloud storage keys (S3, GCS)
- Service tokens (GitHub, Slack, email)
- Per-environment configs (dev, staging, production)

Infisical centralizes all of these with access control, rotation, and audit.

### Web Dashboard

- Visual secret management per project and environment
- Team access control (RBAC)
- Secret versioning and change history
- Folder organization
- Search and filter

### CLI Injection

```bash
# Inject secrets as environment variables
infisical run -- npm start
infisical run -- python train_model.py
infisical run -- docker compose up

# Specific environment
infisical run --env=production -- python deploy.py
```

### SDKs (10+ Languages)

```python
# Python
from infisical_client import InfisicalClient
client = InfisicalClient(token="...")
api_key = client.get_secret("OPENAI_API_KEY", project_id="...", environment="prod")
```

```typescript
// Node.js
import { InfisicalClient } from '@infisical/sdk';
const client = new InfisicalClient({ token: '...' });
const secret = await client.getSecret({ secretName: 'OPENAI_API_KEY', ... });
```

### Secret Rotation

```yaml
# Auto-rotate API keys on a schedule
rotation:
  - secret: OPENAI_API_KEY
    interval: 30d
    provider: custom
    script: rotate-openai-key.sh
```

### Auto-Sync to Cloud Services

Sync secrets automatically to:
- AWS Secrets Manager / Parameter Store
- GCP Secret Manager
- Azure Key Vault
- Vercel, Netlify, Railway
- GitHub Actions, GitLab CI
- Kubernetes Secrets
- Docker Compose

### Audit Logs

Every secret access is logged:
- Who accessed which secret
- When and from where
- IP address and user agent
- Exportable for compliance

---

## FAQ

**Q: What is Infisical?**
A: Infisical is an open-source secret management platform with 25,700+ GitHub stars for storing, syncing, and rotating API keys and secrets across teams, environments, and cloud services.

**Q: Why not just use .env files?**
A: .env files don't scale — they get committed to git, can't be rotated, have no access control, and are impossible to audit. Infisical provides centralized management, team RBAC, auto-rotation, cloud sync, and audit logs.

**Q: Is Infisical free?**
A: Yes, open-source under MIT (core). Self-host for free. Infisical Cloud has a free tier for small teams.

---

## Source & Thanks

> Created by [Infisical](https://github.com/Infisical). Licensed under MIT.
>
> [infisical](https://github.com/Infisical/infisical) — ⭐ 25,700+

---

<!-- ZH -->

## 快速使用

```bash
brew install infisical/get-cli/infisical
infisical login && infisical init
infisical run -- python app.py
```

---

## 简介

Infisical 是一个拥有 25,700+ GitHub stars 的开源密钥管理平台，集中管理 API 密钥、数据库凭据和服务令牌。提供 Web 控制台、CLI、10+ 语言 SDK、自动轮换和审计日志。对于管理多个 LLM API 密钥的 AI 应用尤其有用。

---

## 来源与感谢

> Created by [Infisical](https://github.com/Infisical). Licensed under MIT.
>
> [infisical](https://github.com/Infisical/infisical) — ⭐ 25,700+


---
Source: https://tokrepo.com/en/workflows/41fbcc5c-aac8-4f3e-8305-cf2462809684
Author: Skill Factory