- Start relay
- Start relay as background daemon (Linux only)
Description
Relay-related commands for Infisical that provide identity-aware relay infrastructure for routing encrypted traffic. Relays are organization-deployed servers that route encrypted traffic between Infisical and your gateways.Subcommands & flags
infisical relay start
infisical relay start
Run the Infisical relay component. The relay handles network traffic routing between Infisical and your gateways.
Flags
--host
--host
The host (IP address or hostname) of the instance where the relay is deployed. This must be a static public IP or resolvable hostname that gateways can reach.
--name
--name
The name of the relay. This is an arbitrary identifier for your relay instance.
Authentication
Relays support all standard Infisical authentication methods. Choose the authentication method that best fits your environment and set the corresponding flags when starting the relay.Available Authentication Methods
The Infisical CLI supports multiple authentication methods for relays. Below are the available authentication methods, with their respective flags.Universal Auth
Universal Auth
The Universal Auth method is a simple and secure way to authenticate with Infisical. It requires a client ID and a client secret to authenticate with Infisical.
Flags
Native Kubernetes
Native Kubernetes
The Native Kubernetes method is used to authenticate with Infisical when running in a Kubernetes environment. It requires a service account token to authenticate with Infisical.
Flags
Native Azure
Native Azure
The Native Azure method is used to authenticate with Infisical when running in an Azure environment.
Flags
Native GCP ID Token
Native GCP ID Token
The Native GCP ID Token method is used to authenticate with Infisical when running in a GCP environment.
Flags
GCP IAM
GCP IAM
Native AWS IAM
Native AWS IAM
The AWS IAM method is used to authenticate with Infisical with an AWS IAM role while running in an AWS environment like EC2, Lambda, etc.
Flags
OIDC Auth
OIDC Auth
JWT Auth
JWT Auth
Token Auth
Token Auth
You can use the
INFISICAL_TOKEN
environment variable to authenticate with Infisical with a raw machine identity access token.Flags
infisical relay systemd
infisical relay systemd
Manage systemd service for Infisical relay. This allows you to install and run the relay as a systemd service on Linux systems.
Requirements
- Operating System: Linux only (systemd is not supported on other operating systems)
- Privileges: Root/sudo privileges required for both install and uninstall operations
- Systemd: The system must be running systemd as the init system
Subcommands
install
install
Install and enable systemd service for the relay. Must be run with sudo on Linux systems.
To check the service status:To view service logs:
Flags
--host
--host
The host (IP address or hostname) of the instance where the relay is deployed. This must be a static public IP or resolvable hostname that gateways can reach.
--name
--name
The name of the relay.
--token
--token
Connect with Infisical using machine identity access token.
--domain
--domain
Domain of your self-hosted Infisical instance. Optional flag for specifying a custom domain.