Skills2026年4月3日·1 分钟阅读

Infisical — Open-Source Secret Management

Manage API keys and secrets across teams and environments. Auto-sync to apps, rotation, audit logs. 25K+ GitHub stars.

Skill Factory
Skill Factory · Community
Agent 就绪

这个资产会安全暂存

这个资产会先安全暂存。复制的指令会要求 Agent 读取暂存文件,并在激活脚本、MCP 配置或全局配置前先确认。

Stage only · 29/100策略:需暂存
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Stage only
信任
信任等级:Established
入口
infisical.md
安全暂存命令
npx -y tokrepo@latest install 41fbcc5c-aac8-4f3e-8305-cf2462809684 --target codex

先暂存文件;激活前需要读取暂存 README 和安装计划。

TL;DR
Infisical manages API keys and credentials with end-to-end encryption.
§01

What it is

Infisical is an open-source secret management platform that centralizes API keys, database credentials, and environment variables. It provides a dashboard for managing secrets, SDKs for fetching secrets at runtime, CLI tools for injecting secrets into development environments, and integrations with CI/CD platforms. All secrets are end-to-end encrypted.

It targets development teams who currently store secrets in .env files, hardcode them in config, or share them over Slack, and want a secure, centralized alternative.

§02

How it saves time or tokens

Infisical eliminates the manual process of sharing and rotating secrets. Instead of copying .env files between developers or storing API keys in plaintext config, you reference secrets from Infisical and they are injected at build time or runtime. For AI applications with multiple API keys (OpenAI, Anthropic, database, vector store), centralizing secrets prevents the lost-key incidents and configuration drift that waste development time.

§03

How to use

  1. Install the CLI:
brew install infisical/get-cli/infisical
# Or: npm install -g @infisical/cli
  1. Login and pull secrets:
infisical login
infisical init  # Select your project

# Run any command with secrets injected
infisical run -- npm run dev
infisical run -- python app.py
  1. Use the SDK in your application:
from infisical_client import InfisicalClient

client = InfisicalClient(token='your-service-token')
secret = client.get_secret('OPENAI_API_KEY', environment='production')
print(secret.secret_value)
§04

Example

# Initialize Infisical in your AI project
infisical init

# Set secrets for different environments
infisical secrets set OPENAI_API_KEY=sk-... --env=dev
infisical secrets set ANTHROPIC_API_KEY=sk-ant-... --env=dev
infisical secrets set DATABASE_URL=postgres://... --env=dev

# Run your AI app with all secrets injected
infisical run --env=dev -- python ai_agent.py

# In CI/CD (GitHub Actions example):
# - uses: infisical/secrets-action@v1
#   with:
#     project-id: your-project-id
#     environment: production
§05

Related on TokRepo

§06

Common pitfalls

  • Self-hosting requires MongoDB or PostgreSQL. The cloud version handles infrastructure but stores secrets on Infisical's servers (encrypted). Choose based on your compliance requirements.
  • Service tokens for production need proper scoping. Do not use a development token with broad access in production. Create environment-specific tokens with minimal permissions.
  • Secret rotation requires updating all dependent services. Use Infisical's SDK to fetch secrets at runtime rather than baking them into Docker images for easier rotation.

常见问题

How does Infisical compare to HashiCorp Vault?+

Vault is more feature-rich but significantly more complex to operate. Infisical focuses on developer experience with a simpler setup, visual dashboard, and first-class .env file replacement. Vault is better for large enterprises with dedicated security teams. Infisical is better for small to mid-size teams who want secret management without operational overhead.

Is Infisical end-to-end encrypted?+

Yes. Secrets are encrypted on the client side before being sent to the server. The server never sees plaintext secrets. Infisical uses AES-256-GCM encryption with per-workspace keys. Even if the server is compromised, secrets remain encrypted.

Does Infisical integrate with CI/CD platforms?+

Yes. Infisical provides native integrations with GitHub Actions, GitLab CI, CircleCI, Jenkins, and other CI/CD platforms. It also integrates with cloud platforms like AWS, GCP, Azure, Vercel, and Netlify for automatic secret injection during deployment.

Can I use Infisical with Docker?+

Yes. Use the Infisical CLI to inject secrets into Docker containers at runtime, or use the SDK inside your application to fetch secrets on startup. Avoid baking secrets into Docker images. Infisical also provides a Docker Compose setup for self-hosting.

Does Infisical support secret versioning and audit logs?+

Yes. Infisical tracks all secret changes with version history. You can view who changed a secret, when it was changed, and roll back to previous versions. Audit logs record all access events for compliance and security review.

引用来源 (3)
TokRepo 相关
DevOps toolsSecurity toolsFeatured workflows
🙏

来源与感谢

Created by Infisical. Licensed under MIT.

infisical — ⭐ 25,700+

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产

Keycloak — Open Source Identity & Access Management

Keycloak is the most widely deployed open-source IAM solution. SSO, OIDC, SAML, LDAP federation, MFA, social login, and user management for enterprise applications.

Skills
AI Open Source

Ghostfolio — Open Source Wealth Management & Portfolio Tracker

Ghostfolio is an open-source personal finance dashboard for tracking stocks, ETFs, crypto, and other investments with real-time market data and performance analytics.

Skills
AI Open Source

Huly — All-in-One Open Source Project Management Platform

Huly is an open-source alternative to Linear, Jira, Slack, and Notion. Project tracking, team chat, knowledge base, and HR tools in a single unified platform.

Skills
AI Open Source

Plane — Open-Source AI Project Management

Open-source Jira/Linear alternative with AI-powered pages. Issues, sprints, modules, roadmaps, and real-time analytics. Self-hostable via Docker. AGPL-3.0, 47,500+ stars.

Skills
AI Open Source
首页🔍搜索👤我的