Infisical uses identity-based access control to govern how users and systems interact with secrets, certificates, infrastructure, and other resources on the platform. There are two types of identities:
  • User identities: Represent individuals such as developers or administrators that typically access the platform via browser.
  • Machine identities: Represent systems such as CI pipelines or applications that programmatically interact with the platform.
Each identity is granted access based on its assigned roles and permissions and must authenticate with the platform in order to access any resources. To learn more, refer to the identities documentation.

Roles and Access

Infisical provides a robust and flexible access control system. The primary authorization mechanism is role-based access control (RBAC), where identities are assigned roles at two access control levels: Beyond RBAC, Infisical also supports additional project-level permissioning features, including attribute-based access control (ABAC), temporary access grants, and additional privileges for select project types. To learn more, refer to the access control documentation.