IP Allowlisting

Projects in Infisical can be configured to restrict client access to specific IP addresses or CIDR ranges. This applies to any client using service tokens and can be useful, for example, for limiting access to traffic coming from corporate networks.

By default, each project is initialized with the 0.0.0.0/0 entry, representing all possible IPv4 addresses. For enhanced security, we strongly recommend replacing the default entry with your client IPs to tighten access to your secrets.

You must be a project admin to manage your project’s IP whitelist.

IP whitelist

Creating a trusted IP entry

To create a trusted IP entry, head over to the IP Whitelist tab in your project. When creating an entry, you can specify either a specific IP address like 192.0.2.1 or a CIDR range like 2001:db8::/32; both IPv4 and IPv6 formats are accepted.

IP whitelist add

Creating a trusted IP entry

Overview

Platform

Self-host Infisical

Command line

Integrations

Infrastructure Integrations

3rd-party Integrations

Framework Integrations

Security

Creating a trusted IP entry

Overview

Platform

Self-host Infisical

Command line

Integrations

Infrastructure Integrations

3rd-party Integrations

Framework Integrations

Security

​Creating a trusted IP entry

Creating a trusted IP entry