Skip to main content

What is a Secret?

A secret is a confidential value used by an application such as a database credential, API key, or other configuration. In most cases, secrets allow applications to access systems and control how they behave across the development cycle. For example, an application might use a database password stored in an environment variable like DB_PASSWORD to connect to production data. These secrets must be kept secure to protect infrastructure and data.

What is Secrets Management?

As infrastructure scales and systems become more distributed, secrets sprawl. Without consistent security practices, secrets get hardcoded in source code, exposed in environment variables, left unrotated for long periods, and scattered across systems without clear visibility into who can access them. To solve secret sprawl, organizations rely on secrets management: the practice of centralizing secrets and managing them through well-defined workflows. This includes secure storage, fine-grained access controls, automatic rotation, audit logging, and support for dynamic, short-lived credentials.

How Infisical Organizes Secrets

Infisical structures secrets in a hierarchy of four building blocks:
Project (orders-service)
└── Environment (production)
    └── Folder (/postgres)
        └── Secret (DB_PASSWORD)
Projects are dedicated workspaces for one application or service. Each project holds all of that application’s secrets and defines who can access them. Learn more about Projects → Environments separate where secrets are used, such as development, staging, and production. The same secret key can hold a different value in each environment, so applications pick up the right configuration for the stage they run in. Learn more about Environments → Folders are optional paths within an environment that group related secrets, such as /postgres, /redis, or per-service paths like /checkout-service. Folders keep large projects navigable and act as boundaries for access control. Learn more about Folders → Secrets are the key-value pairs themselves. Every change is versioned, secrets can reference other secrets to avoid duplication, and values can be restored to any point in time. This hierarchy is also what access control attaches to: permissions are scoped to environments and paths, so you can grant an engineer read access to development without exposing production. Learn more about Access Control →

Next Steps

Deliver Your First Secret

Store a secret and inject it into an application in under 10 minutes.

Access Control

Control who can access which environments and paths.

Secrets Delivery

Get secrets into your applications and infrastructure.

Projects

Explore the project dashboard, environments, and secret organization.