Skip to main content
Infisical Privileged Access Management (PAM) provides a centralized way to manage and secure access to your critical infrastructure. It allows you to enforce fine-grained, policy-based controls over resources like databases, servers, and more, ensuring that only authorized users can access sensitive systems, and only when they need to.

How it Works

Infisical PAM employs a resource-based model to organize and manage access. This model is designed to be intuitive and scalable.

1. Create a Resource

The first step is to define a resource you want to manage. A resource represents a target system, such as a PostgreSQL database. When creating a resource, you’ll provide the necessary connection details, like the host and port. Create Resource

2. Add Accounts to the Resource

Once a resource is created, you can add accounts to it. An account represents a specific set of credentials (e.g., a username and password) that can be used to access the resource. This allows you to manage multiple sets of credentials for a single database or server from one place. Create Account

Infisical PAM Features

Session Logging and Auditing

  • Session Logging: All user sessions are extensively logged, providing a detailed and searchable record of activities performed during a session.
  • Audit Logging: Every significant event, such as a user starting a session or accessing an account’s credentials, is recorded in audit logs. This gives you complete visibility over your project.
Session Page

Automated Credential Rotation

Infisical PAM can automatically rotate account credentials to enhance your security posture. Here’s how it works:
  1. Add a Rotation Account: On the resource level, you configure a “rotation account.” This is a master or privileged account that has the necessary permissions to change the passwords of other accounts on that same resource. Credential Rotation Account
  2. Configure Rotation on Accounts: For each individual account you want to rotate, you can simply enable rotation and set a desired interval (e.g., every 30 days). Rotate Credentials Account
Infisical will then use the rotation account on the resource to automatically update the credentials of the target account at the specified interval, eliminating credential staleness.