Skip to main content
This guide describes how to achieve a highly available deployment of Infisical on Linux machines without containerization. The architecture provided serves as a foundation for minimum high availability, which you can scale based on your specific requirements.

Architecture Overview

High availability stack The deployment consists of the following key components:

Network Architecture

All servers operate within the 52.1.0.0/24 private network range with the following IP assignments:

Component Setup Guide

1. Configure Etcd Cluster

The Etcd cluster is needed for leader election in the PostgreSQL HA setup. Skip this step if using managed PostgreSQL.
  1. Install Etcd on each node:
  1. Configure each node with unique identifiers and cluster membership. Example configuration for Node 1 (/etc/etcd/etcd.conf):

2. Configure PostgreSQL

For production deployments, you have two options for highly available PostgreSQL: Use cloud provider managed services:
  • AWS: Amazon RDS for PostgreSQL with Multi-AZ
  • GCP: Cloud SQL for PostgreSQL with HA configuration
  • Azure: Azure Database for PostgreSQL with zone redundant HA
These services handle replication, failover, and maintenance automatically.

Option B: Self-Managed PostgreSQL Cluster

Full HA installation guide of PostgreSQL is beyond the scope of this document. However, we have provided an overview of resources and code snippets below to guide your deployment.
  1. Required Components:
    • PostgreSQL 14+ on each node
    • Patroni for cluster management
    • Etcd for distributed consensus
  2. Documentation we recommend you read:
  3. Key Steps Overview:
  1. Important considerations:
    • Proper disk configuration for WAL and data directories
    • Network latency between nodes
    • Backup strategy and point-in-time recovery
    • Monitoring and alerting setup
    • Connection pooling configuration
    • Security and network access controls
  2. Recommended readings:

3. Configure Redis and Sentinel

Similar to PostgreSQL, a full HA Redis setup guide is beyond the scope of this document. Below are the key resources and considerations for your deployment. Use cloud provider managed Redis services:
  • AWS: ElastiCache for Redis with Multi-AZ
  • GCP: Memorystore for Redis with HA
  • Azure: Azure Cache for Redis with zone redundancy
Follow your cloud provider’s documentation:

Option B: Self-Managed Redis Cluster

Setting up a production Redis HA cluster requires understanding several components. Refer to these linked resources:
  1. Required Reading:
  2. Key Steps Overview:
  1. Configure replica nodes (52.1.0.10, 52.1.0.11):
  1. Configure Sentinel nodes (52.1.0.12, 52.1.0.13, 52.1.0.14):
  1. Recommended Additional Reading:

4. Configure HAProxy Load Balancer

Install and configure HAProxy for internal load balancing:
ha-proxy-config

5. Deploy Infisical Core

First, add the Infisical repository:
Then install Infisical:
For production environments, we strongly recommend installing a specific version of the package to maintain consistency across reinstalls. View available versions.
Next, create configuration file /etc/infisical/infisical.rb with the following:
To generate ENCRYPTION_KEY and AUTH_SECRET view the following configurations documentation here. If you are using managed services for either Postgres or Redis, please replace the values of the secrets accordingly. Lastly, start and verify each node running infisical-core:

Monitoring and Maintenance

  1. Monitor HAProxy stats: http://52.1.0.2:7000/haproxy?stats
  2. Monitor Infisical logs: sudo infisical-ctl tail
  3. Check cluster health:
    • Etcd: etcdctl cluster-health
    • PostgreSQL: patronictl list
    • Redis: redis-cli info replication