#navbar .max-w-8xl {
  max-width: 100%;
  border-bottom: 1px solid #ebebeb;
  background-color: #F4F3EF;
}

.max-w-8xl {
  /* background-color: #f5f5f5; */
}

#sidebar {
  left: 0;
  padding-right: 30px;
  border-right: 1px;
  border-color: #cdd64b;
  background-color: #F4F3EF;
  border-right: 1px solid #ebebeb;
}

#sidebar-content {
  padding-left: 2rem;
}

#sidebar .relative .sticky {
  opacity: 0;
}

#sidebar li > div.mt-2 {
  border-radius: 0;
  padding: 5px;
}

#sidebar li > a.text-primary {
  border-radius: 0;
  background-color: #FBFFCC;
  border-left: 4px solid #EFFF33;
  padding: 5px;
}

#sidebar li > a.mt-2 {
  border-radius: 0;
  padding: 5px;
}

#sidebar li > a.leading-6 {
  border-radius: 0;
  padding: 0px;
}

/* #sidebar ul > div.mt-12 {
  padding-top: 30px;
  position: relative;
}

#sidebar ul > div.mt-12 h5 {
  position: absolute;
  left: -12px;
  top: -0px;
} */

#header {
  border-left: 4px solid #EFFF33;
  padding-left: 16px;
  padding-right: 16px;
  background-color: #FDFFE5;
  padding-bottom: 10px;
  padding-top: 10px;
}

#content-area .mt-8 .block{
  border-radius: 0;
  border-width: 1px;
  background-color: #FCFBFA;
  border-color: #ebebeb;
}

/* #content-area:hover .mt-8 .block:hover{
  border-radius: 0;
  border-width: 1px;
  background-color: #FDFFE5;
  border-color: #EFFF33;
} */

#content-area .mt-8 .rounded-xl{
  border-radius: 0;
}

#content-area .mt-8 .rounded-lg{
  border-radius: 0;
}

#content-area .mt-6 .rounded-xl{
  border-radius: 0;
}

#content-area .mt-6 .rounded-lg{
  border-radius: 0;
}

#content-area .mt-6 .rounded-md{
  border-radius: 0;
}

#content-area .mt-8 .rounded-md{
  border-radius: 0;
}

#content-area div.my-4{
  border-radius: 0;
  border-width: 1px;
}

#content-area div.flex-1 {
  /* text-transform: uppercase; */
  opacity: 0.8;
  font-weight: 400;
}

#content-area button {
  border-radius: 0;
}

#content-area a {
  border-radius: 0;
}

#content-area .not-prose {
  border-radius: 0;
}

/* .eyebrow {
  text-transform: uppercase;
  font-weight: 400;
  color: red;
} */

#content-container {
  /* background-color: #f5f5f5; */
  margin-top: 2rem;
}

#topbar-cta-button .group .absolute {
  background-color: black;
  border-radius: 0px;
}

/* #topbar-cta-button .group .absolute:hover {
  background-color: white;
  border-radius: 0px;
} */

#topbar-cta-button .group .flex {
  margin-top: 5px;
  margin-bottom: 5px;
  font-size: medium;
}

.flex-1 .flex .items-center {
  /* background-color: #f5f5f5; */
}


Summary

Subjects and Actions

Infisical

Integrations

API Reference

SDKs

Changelog

Start for Free

Log In

Infisical's permissions system provides granular access control.

Permissions

An Introduction to the Infisical secret management platform.

What is Infisical?

Learn how to manage secrets in local development environments.

Local Development

Secret Management in Development Environments

Introduction

Node

Python

Next.js + Vercel

Learn how to manage secrets in Microsoft Power Apps with Infisical.

Microsoft Power Apps

Learn more and understand the concept of Infisical organizations.

Organizations

Learn more and understand the concept of Infisical projects.

Projects

Learn how to organize secrets with folders.

Folders

Learn how secret versioning works in Infisical.

Secret Versioning

Learn how to rollback secrets and configurations to any snapshot with Infisical.

Point-in-Time Recovery

Learn the fundamentals of secret referencing and importing in Infisical.

Referencing and Importing

Secret Referencing and Importing

Learn the fundamentals of Infisical webhooks.

Webhooks

Learn how to create a Private CA hierarchy and issue X.509 certificates.

Overview

Internal PKI

Learn how to create a Private CA hierarchy with Infisical.

Private CA

Learn how to issue X.509 certificates with Infisical.

Certificates

Learn how to automatically provision and manage TLS certificates for in Kubernetes using Infisical PKI

Certificates for Kubernetes

Kubernetes Issuer

Learn how to manage certificate enrollment of clients using EST

Enrollment over Secure Transport (EST)

Learn how to set up alerting for expiring certificates with Infisical

Alerting

Learn more about identities to interact with resources in Infisical.

User and Machine Identities

Read more about the concept of user identities in Infisical.

User Identities

Learn how to use Machine Identities to programmatically interact with Infisical.

Machine Identities

Learn about Infisical's access control toolset.

Access Controls

Learn how to use RBAC to manage user permissions.

Role-based Access Controls

Learn how to add specific privileges on top of predefined roles.

Additional Privileges

Learn how to set up timed access to sensitive resources for user and machine identities.

Temporary Access

Learn how to request access to sensitive resources in Infisical.

Access Requests

Learn how to enable a set of policies to manage changes to sensitive secrets and environments.

Approval Workflows

User Groups

Track evert event action performed within Infisical projects.

Learn how to stream Infisical Audit Logs to external logging providers.

Audit Log Streams

How to stream Infisical Audit Logs to Non-HTTP log providers

Stream to Non-HTTP providers

Learn how to set up automated secret rotation in Infisical.

Secret Rotation

Find out how to rotate Twilio SendGrid API keys.

Twilio SendGrid

Learn how to automatically rotate PostgreSQL/CockroachDB user passwords.

PostgreSQL/CockroachDB

Learn how to automatically rotate MySQL/MariaDB user passwords.

MySQL/MariaDB

Learn how to automatically rotate Access Key Id and Secret Key of AWS IAM Users.

AWS IAM User

Learn how to generate secrets dynamically on-demand.

Dynamic Secrets

Learn how to dynamically generate PostgreSQL database users.

PostgreSQL

Learn how to dynamically generate MySQL Database user credentials.

MySQL

Learn how to dynamically generate MS SQL database user credentials.

MS SQL

Learn how to dynamically generate Oracle Database user credentials.

Oracle

Learn how to dynamically generate Cassandra database user credentials

Cassandra

Learn how to dynamically generate Redis Database user credentials.

Redis

Learn how to dynamically generate AWS ElastiCache user credentials.

AWS ElastiCache

Learn how to dynamically generate Elasticsearch user credentials.

Elasticsearch

Learn how to dynamically generate RabbitMQ user credentials.

RabbitMQ

Learn how to dynamically generate AWS IAM Users.

AWS IAM

Learn how to dynamically generate Mongo Atlas Database user credentials.

Mongo Atlas

Learn how to dynamically generate Mongo DB Database user credentials.

Mongo DB

Learn how to configure your project's encryption

Key Management Service (KMS)

Learn how to manage encryption using AWS KMS

AWS Key Management Service

Learn how to manage encryption using AWS CloudHSM

AWS CloudHSM

Slack integration

Learn how to share time & view-count bound secrets securely with anyone on the internet.

Secret Sharing

Learn how to authenticate into Infisical with email and password.

Email and Password

Infisical service tokens allow users to programmatically interact with Infisical.

Service Token

Learn how to authenticate to Infisical from any platform or environment using an access token.

Token Auth

Learn how to authenticate to Infisical from any platform or environment.

Universal Auth

Learn how to authenticate with Infisical in Kubernetes

Kubernetes Auth

Learn how to authenticate with Infisical for services on Google Cloud Platform

GCP Auth

Learn how to authenticate with Infisical for services on Azure

Azure Auth

Learn how to authenticate with Infisical for EC2 instances, Lambda functions, and other IAM principals.

AWS Auth

Learn how to authenticate with Infisical from any platform or environment using OpenID Connect (OIDC).

General

Learn how to authenticate Github workflows with Infisical using OpenID Connect (OIDC).

Github

Learn how to secure your Infisical account with MFA.

Multi-factor Authentication

Learn how to log in to Infisical via SSO protocols.

SSO Overview

Learn how to configure Google SSO for Infisical.

Google SSO

Learn how to configure GitHub SSO for Infisical.

GitHub SSO

Learn how to configure GitLab SSO for Infisical.

GitLab SSO

Learn how to configure Okta SAML 2.0 for Infisical SSO.

Okta SAML

Learn how to configure Microsoft Entra ID for Infisical SSO.

Entra ID / Azure AD SAML

Learn how to configure JumpCloud SAML for Infisical SSO.

JumpCloud SAML

Learn how to configure Keycloak SAML for Infisical SSO.

Keycloak SAML

Learn how to configure Google SAML for Infisical SSO.

Google SAML

Learn how to configure Keycloak OIDC for Infisical SSO.

Keycloak OIDC

Learn how to configure Auth0 OIDC for Infisical SSO.

Auth0 OIDC

Learn how to configure OIDC for Infisical SSO with any OIDC-compliant identity provider

General OIDC

Learn how to authenticate into Infisical with LDAP.

LDAP Overview

Learn how to configure JumpCloud LDAP for authenticating into Infisical.

JumpCloud LDAP

Learn how to log in to Infisical with LDAP.

General LDAP

Learn how to provision users for Infisical via SCIM.

SCIM Overview

Learn how to configure SCIM provisioning with Okta for Infisical.

Okta SCIM

Learn how to configure SCIM provisioning with Azure for Infisical.

Azure SCIM

Learn how to configure SCIM provisioning with JumpCloud for Infisical.

JumpCloud SCIM

Learn how to self-host Infisical on your own infrastructure.

Docker

How to self Infisical with Docker Swarm (HA).

Docker Swarm

Read how to run Infisical with Docker Compose template.

Docker Compose

Learn how to use Helm chart to install Infisical on your Kubernetes cluster.

Kubernetes via Helm Chart

Read how to configure environment variables for self-hosted Infisical.

Configurations

Find out the minimal requirements for operating Infisical.

Hardware requirements

Learn how to run Postgres schema migrations.

Schema migration

Learn how to migrate Infisical from MongoDB to PostgreSQL.

Migrate Mongo to Postgres

Learn how to configure Infisical with custom certificates

Adding Custom Certificates

Reference architecture for self-hosting Infisical on AWS ECS

Subject	Actions
`secrets`	`read`, `create`, `edit`, `delete`
`secret-approval`	`read`, `create`, `edit`, `delete`
`secret-rotation`	`read`, `create`, `edit`, `delete`
`secret-rollback`	`read`, `create`
`member`	`read`, `create`, `edit`, `delete`
`groups`	`read`, `create`, `edit`, `delete`
`role`	`read`, `create`, `edit`, `delete`
`integrations`	`read`, `create`, `edit`, `delete`
`webhooks`	`read`, `create`, `edit`, `delete`
`identity`	`read`, `create`, `edit`, `delete`
`service-tokens`	`read`, `create`, `edit`, `delete`
`settings`	`read`, `create`, `edit`, `delete`
`environments`	`read`, `create`, `edit`, `delete`
`tags`	`read`, `create`, `edit`, `delete`
`audit-logs`	`read`, `create`, `edit`, `delete`
`ip-allowlist`	`read`, `create`, `edit`, `delete`
`certificate-authorities`	`read`, `create`, `edit`, `delete`
`certificates`	`read`, `create`, `edit`, `delete`
`certificate-templates`	`read`, `create`, `edit`, `delete`
`pki-alerts`	`read`, `create`, `edit`, `delete`
`pki-collections`	`read`, `create`, `edit`, `delete`
`workspace`	`edit`, `delete`
`kms`	`edit`

Getting Started

Platform

Authentication Methods

Self-host Infisical

Internals

Contributing

Permissions

Summary

Subjects and Actions

Getting Started

Platform

Authentication Methods

Self-host Infisical

Internals

Contributing

​Summary

​Subjects and Actions

Summary

Subjects and Actions