By default, the Infisical Docker image includes certificates from well-known public certificate authorities. However, some integrations with Infisical may need to communicate with your internal services that use private certificate authorities. To configure trust for custom certificates, follow these steps. This is particularly useful for connecting Infisical with self-hosted services like GitLab.

Prerequisites

Setup

  1. Place all your public key .crt files into a single directory.
  2. Mount the directory containing the .crt files to the /usr/local/share/ca-certificates/ path in the Infisical container.
  3. Set the following environment variable on your Infisical container: 
    NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
  4. Start the Infisical container.
By following these steps, your Infisical container will trust the specified certificates, allowing you to securely connect Infisical to your internal services.