- Blog post • 3 min read
Why we started Infisical?
- Published on
- Tony Dang
Infisical was born out of personal frustration over managing .env files for our previous startup Auledge. For anyone unfamiliar with .env files, they’re simply files that software developers use to store access keys to services like databases used by the app that they’re building. They look like this:
They work fine if you're developing a project by yourself on the weekends. However, as you grow .env files don't scale. Managing them across your engineers becomes a hassle. You can't easily track which engineers have access to which secrets. On top of that, they don't integrate easily with staging and production environments.
This problem is actually called secret sprawl. With .env, time after time, our codebases kept crashing because we’d add more API keys to our local .env files only to forget sharing them with other developers on our team. When we fix those issues, we would need to make sure that our staging, QA, and production environments are also up-to-date. To make matters worse, when we got around to sharing keys to keep our .env files in sync, we did so insecurely over text or email, sometimes sending keys in 2 parts over different channels hoping that no one would intercept them. The reality is:
Software developers lose time due to unsynced .env files and take unnecessary security risks sending API keys over email, slack, and text to sync these files back together.
The problem is so profound that, in some extreme cases, teams go out of their way to build internal tools to sync secrets together across their teams. Equipped with this realization, we started Infisical:
Infisical is a easy-to-use, end-to-end (E2EE) encrypted platform that enables developers to manage secrets across their teams and infrastructure.
Typical secret managers make user-experience and security tradeoffs such that they are either overly complex, not secure enough, or both.
In the current market, on one end of the spectrum, there are solutions like HashiCorp Vault that, despite being secure and comprehensive, are far too expensive and complex to set up for an average team. In fact, some companies hire consultants just to assist them with properly configuring the service for their use-case.
On the other side of the spectrum, we have solutions that are simpler to set up but not entirely as secure as they rely on master keys to symmetrically encrypt and store secrets; one might wonder what happens if these platforms get compromised by a bad actor — could he/she leak everyone’s secrets? On top of that, most of these paltforms are closed-source which means that comapnies can't self-host these.
This trade-off between user experience and security is very common, but it doesn’t have to be this way. With Infisical, syncing secrets locally is as easy as storing them with us and then pulling/injecting them back into your local processes with 1 line of code. It also supports working with .env files by pushing and pulling with 2 commands akin to git.
Try it out!
Infisical can be set up in minutes for developers of any skill-level. We fundamentally believe that we can offer a more secure way for teams to sync their environment variables through E2EE in seconds. Moreover, we know that your secrets are in safer hands when they cannot be read by ourselves — even if our service is compromised then your secrets would still be safe because you are the only ones who can decrypt them locally and any potential workspace breaches are isolated to those workspaces resulting in a smaller blast radius.
With 26M dotenv package downloads per week, helping developers integrate secrets (environment variables) in .env files into their apps, on node package manager, we believe that now more than ever the world needs a dedicated secret manager that is both nimble and secure. With that, we’re excited to have you use Infisical to easily and securely store and share environment variables!