Skip to main content
An Account contains the credentials (such as a username and password) used to connect to a Resource.

Relationship to Resources

Accounts belong to Resources. A single Resource can have multiple Accounts associated with it, each with different permission levels. For example, your database would normally have multiple accounts. You might have a superuser account for admins, a standard read/write account for applications, and a read-only account for reporting. In PAM, these are represented as:
  • Resource: Production Database (PostgreSQL)
    • Account 1: postgres (Superuser)
    • Account 2: app_user (Read/Write)
    • Account 3: analytics (Read-only)
When a user requests access in PAM, they request access to a specific Account on a Resource.

Creating an Account

Prerequisite: You must have at least one Resource created before adding accounts.
To add an account, navigate to the Accounts tab in your PAM project and click Add Account. Add Account Button Next, select the Resource that this account belongs to. Select Resource After selecting a resource, provide the credentials (username, password, etc.) for this account. The required fields vary depending on the resource type. For example, for a Linux server, you would enter the username and the corresponding password or SSH key. Create Account Clicking Create Account will trigger a validation check. Infisical will attempt to connect to the resource using the provided credentials to verify they are valid.

Automated Credential Rotation

Infisical supports automated credential rotation for some accounts on select resources, allowing you to automatically change passwords at set intervals to enhance security. To learn more about how to configure this, please refer to the Credential Rotation guide.