Projects in Infisical can be configured to restrict client access to specific IP addresses or CIDR ranges. This applies to any client using service tokens and can be useful, for example, for limiting access to traffic coming from corporate networks.

By default, each project is initialized with the entry, representing all possible IPv4 addresses. For enhanced security, we strongly recommend replacing the default entry with your client IPs to tighten access to your secrets.

You must be a project admin to manage your project’s IP whitelist.

IP whitelist

Creating a trusted IP entry

To create a trusted IP entry, head over to the IP Whitelist tab in your project. When creating an entry, you can specify either a specific IP address like or a CIDR range like 2001:db8::/32; both IPv4 and IPv6 formats are accepted.

IP whitelist add