Overview

Infisical is architected around several key components that work in concert to provide a secure and streamlined secret management experience. These components span the client, API, and storage layers, ensuring that secrets are protected at every stage of their lifecycle.

1. API (Backend)

Infisical exposes a well-documented REST API that enables programmatic interaction with the platform, enabling a wide range of use cases.

2. Storage Backend

Infisical relies on a robust storage backend to durably store secrets, users, and other platform data. Infisical’s storage backend is PostgreSQL.

3. Caching Layer

Infisical uses Redis to enable more complex workflows including a queuing system to manage long-running asynchronous tasks, cron jobs, as well as reliable cache for frequently used resources.

4. Clients

Clients are interfaces through which users and applications interact with the Infisical API:

  • Web UI: A browser-based portal providing a user-friendly interface for managing secrets, configurations, and performing administrative tasks.

  • CLI: A terminal-based tool for interacting with the Infisical API, enabling automation, scripting, and integration into CI/CD pipelines.

  • SDKs (Software Development Kits): Platform-specific libraries with method abstractions for working with secrets. Supported languages include Node.js, Python, Java, Golang, Ruby and .NET.

  • Kubernetes Operator: A Kubernetes-native component that facilitates the secure retrieval and management of secrets within a Kubernetes cluster. The operator supports multiple custom resource definitions (CRDs) for syncing secrets.

  • Infisical Agent: Daemon that automatically fetches and manages access tokens and secrets to be used in various client resources.