- Blog post • 3 min read
Open Sourcing Infisical - manage secrets across your team and infrastructure
- Published on
- Tony Dang
Back in August, we started building Infisical as a closed-source, Node.js-focused solution to keep our team’s environment variables in sync. After feeling dissatisfied with the complexity of existing solutions, we decided to build our own.
Fast-forward 3.5 months, we’ve made significant iterations on the tool including making the CLI platform-agnostic and are iterating towards an awesome SecretOps platform. Today, we’re making Infisical open-source and announcing our commitment to build in public. We believe the best way to build something practical and simple is to get perspective, feedback, and contributions from the community.
Here’s what Infisical offers:
- UI: A user-friendly UI to manage teams and variables across different projects and environments; variables can be shared or personal.
- CLI: A platform-agnostic CLI to inject environment variables into (monolithic) apps in development.
- Docker: A way to inject environment variables into Docker containers using service tokens.
- Client-side encryption: All environment variables are encrypted/decrypted locally.
- Self-hosting: Spin up a production-instance of Infisical on Linux VMs (more deployment options coming soon).
Where we’re going (check out our roadmap):
- Ironing out: It’s the early days of Infisical and there’re many parts that need to be optimized/changed. We’re in public-alpha and have a long way to get to enterprise-ready — Do expect rapid development. Infrastructure integrations: Beyond development workflows, Infisical will inject environment variables across your entire cloud infrastructure.
- 1–Click Deploy: To platforms like DigitalOcean and Heroku for those who want it up fast. MFA.
- Access logs and fine-grained access controls.
- Integrations with Slack.
- Regarding security, we use client-side encryption to ensure that the server is never able to decrypt/view any environment variables; environment variable is encrypted symmetrically by a vault key that’s copied and asymmetrically encrypted by the public keys of every project member. Amongst many measures we take, we also use TLS to provide end-to-end encryption for all requests/traffic and enforce content security headers to protect against some common attacks. That said, security is a moving target and we welcome contributions to our codebase as it will help everyone.
Ultimately, our goal is to provide teams an easy way to manage and sync environment variables across their development workflows and infrastructure. We believe there’s still room to innovate and especially make secret management more simple and accessible to teams worldwide, given that only 10% of organizations were using secret management solutions as of 2019 according to one report. Since we do have to make money somehow, we intend on charging (1) for advanced enterprise features later down the road, and (2) for a hosted/managed offering that we’re continuing to build out but rest-assured that we want the self-hosted edition to cover the vast majority of use-cases.
Please come support and check out our repo :)