Note: Event Subscriptions is a paid feature. - Infisical Cloud users: Event Subscriptions is available under the Enterprise Tier. - Self-Hosted Infisical: Please contact [email protected] to purchase an enterprise license.
Event Subscriptions in Infisical allow you to receive real-time notifications when specific actions occur within your account or organization. These notifications include changes to secrets, users, teams, and many more coming soon.

How It Works

  • Server receives message over pubsub connection indicating changes have occurred
  • Server processes the change notification
  • Updated data is synchronized across all connected Infisical instances
  • Client applications receive real-time updates through Server-Sent Events (SSE)
  • All servers maintain consistent state without manual intervention
This ensures your infrastructure stays up-to-date automatically, without requiring restarts or manual synchronization.
Event Subscriptions are designed for real-time communication and do not include persistence or replay capabilities—events are delivered once and are not stored for future retrieval.

Supported Resources

You can currently subscribe to notifications for the following resources and event types:
  • Secrets
    • secret:created: Triggered when a secret is created
    • secret:updated: Triggered when a secret is updated
    • secret:deleted: Triggered when a secret is deleted

Permissions Setup

To receive events on a supported resource, the identity must have Subscribe action permission on that resource. Follow these steps to set up the necessary permissions:
1

Select a project and copy the Project ID

Select ProjectOn your project page, open Project Settings from the sidebar.In the Project name section, click Copy Project ID to copy your Project ID, or extract it from the URL: https://app.infisical.com/project/<your_project_id>/settings
2

Navigate to Access Management and open Project Roles

Project Detail Project
Access Navigate to Access Management, then select Project Roles.
3

Select an existing role or create a new one

Project Role You can either edit an existing role or create a new role for event subscriptions.
4

Assign policies to the role

Role Detail Select the specific resources that the role should have access to. Add policy
5

Enable the Subscribe action in permissions

Policy settingEnsure the Subscribe action is selected for the relevant resources and events.

Conditions

By default, the role will have access to all events for the selected resources in this project.

Getting Started

Currently, events are only available via API but will soon be available in our SDKs, Kubernetes Operator, and more.

API Usage

You need an auth token to use this API. To get an authentication token, follow the authentication guide for one of our supported auth methods from the machine identities documentation.

Creating a Subscription

Postman Subscription Request Parameters:
  • projectId: Project whose events you want to subscribe to
  • register: List of event filters
    • conditions: Conditions to filter events on
      • environmentSlug: Project environment
      • secretPath: Path of the secrets
Postman Subscription Response The subscribe endpoint responds with a text/event-stream content type to initiate SSE streaming. For more specific details, please refer to our API Reference.