Prerequisites
- An Infisical project (Secrets Management) with the secrets you want to broker.
- The Infisical CLI installed on the machines that will run the agent proxy and the agent.
Add the secrets to broker
In your project, pick or create a folder for your agent workloads (for example
/ai-agents in the prod environment) and add the secrets the agents will need, such as STRIPE_API_KEY. These are regular Infisical secrets; nothing about them changes when they are brokered.Create a proxied service
In the same folder, click the dropdown arrow next to Add Secret and select Add Proxied Service.Under Header Rewriting, keep the pre-filled
A slug that identifies the service, such as
stripe-api.The host(s) this service applies to, such as
api.stripe.com. See host patterns for wildcards, ports, and paths.Authorization header with the Bearer prefix and select STRIPE_API_KEY as the value. This tells the agent proxy to set Authorization: Bearer <real-stripe-key> on every request to api.stripe.com.See Proxied Services for basic auth, custom headers, and credential substitution.Create two machine identities
Create two machine identities with Universal Auth and add both to your project:
- Agent proxy identity: assign it the built-in Agent Proxy role. It fetches the real credential values, so it needs read access to the referenced secrets.
- Agent identity: assign it the built-in Agent role. It can route traffic through proxied services but cannot read any secret values.
The built-in roles grant broad access across all environments and paths for a quick start. For production, consider custom roles scoped to specific environments and paths. Running more than one agent? See how many machine identities you need.
Start the agent proxy
On the machine that will run the agent proxy (ideally in the same private network as your agents, but not on the same machine), authenticate with the agent proxy identity and start it:The proxy authenticates to Infisical, sets up its certificate chain, and listens on port
17322 by default. See the CLI reference for flags such as --port and --unmatched-host.If you are self-hosting Infisical or using EU Cloud, point the CLI at your instance with
--domain or the INFISICAL_DOMAIN environment variable (for example https://eu.infisical.com).Connect an agent
On the agent machine, authenticate with the agent identity and launch the agent through the Before starting the agent, the wrapper:The project can also be set via
connect wrapper. Everything after -- is the agent’s own start command:- Claude Code
- Codex
- Any command
- Routes the agent’s traffic through the agent proxy (
HTTPS_PROXY,HTTP_PROXY). - Downloads your organization’s root CA certificate and points the common trust variables (
SSL_CERT_FILE,NODE_EXTRA_CA_CERTS,REQUESTS_CA_BUNDLE,CURL_CA_BUNDLE, and others) at it, so the agent’s HTTP clients accept the proxy’s certificates. - Sets dummy placeholder environment variables for any credential-substitution services.
- Sets environment variables with real values for regular secrets the agent identity has Read Value on in the folder (including secrets imported into it), similar to
infisical run.
Real values in the agent’s environment are deliberate and opt-in. The built-in Agent role grants no secret read access, so nothing real lands in the environment unless an admin explicitly grants Read Value on specific secrets. Brokered credentials never appear in the agent’s environment; the proxy only attaches them on the wire.
INFISICAL_PROJECT_ID or an .infisical.json file (created by infisical init) instead of --projectId.Verify it works
You can watch the proxy attach a credential by calling an echo service that reflects request headers back. Add a secret The echoed headers include
TEST_API_KEY to the folder, create a proxied service for it (host pattern postman-echo.com, header Authorization with prefix Bearer, secret TEST_API_KEY), then run a plain curl through the wrapper:"authorization": "Bearer <your TEST_API_KEY value>". curl sent no credential; the proxy attached it on the way out. The same happens to api.stripe.com with the service from step 2. Requests to hosts with no proxied service are forwarded untouched by default (see unmatched hosts).Next Steps
- Configure host patterns, header rewriting, and credential substitution in depth.
- Understand the isolation and trust model behind the proxy.
- Browse every flag in the CLI reference.