Skip to main content
This quickstart walks you through the core secrets management workflow. You’ll create a project, add a secret to an environment, and inject it into an application with the Infisical CLI, replacing your .env file.

Prerequisites

1

Create a Project

A project holds all secrets for one application or service, split across environments.
  1. Log in to Infisical
  2. Click Create Project and give it a name (e.g., orders-service)
Every new project starts with three environments: Development, Staging, and Production.
2

Add a Secret

  1. On the Secrets Overview page, click into the Development environment
  2. Click Add Secret and enter a key and value (e.g., DB_PASSWORD)
Migrating an existing app? Drag and drop your .env file onto the dashboard to import all of its secrets at once.
3

Install the CLI and Log In

Install the Infisical CLI for your platform, then authenticate:
infisical login
Your browser opens to complete the login.
In a containerized environment such as WSL 2 or Codespaces, run infisical login -i to avoid browser-based login.
4

Connect Your Project

In your application’s directory, link it to the Infisical project you created:
infisical init
This writes a .infisical.json file with local project settings. It contains no secrets and is safe to commit.
5

Inject Secrets into Your App

Start your application through the CLI. Infisical fetches the secrets for the environment and injects them as environment variables:
# e.g., npm run dev, flask run, go run main.go
infisical run --env=dev -- <your start command>
Your application reads DB_PASSWORD from its environment like any other variable. No .env file needed.

Next Steps

Core Concepts

Understand how projects, environments, folders, and secrets fit together.

Secrets Delivery

Deliver secrets to production with SDKs, agents, Kubernetes, and CI/CD.

Local Development Guide

Set up a secure local development workflow for your whole team.

Access Control

Scope who can access which environments and paths.