Infisical
Open source secret management platform
The Lens
Infisical manages your secrets: API keys, database passwords, environment variables, across all your projects and environments. It replaces scattered .env files with a central platform that has versioning, access control, audit logs, and native integrations with Kubernetes, Docker, and CI/CD pipelines. MIT-licensed, free to self-host.
Docker Compose setup with Postgres and Redis. The web UI is genuinely good. CLI syncs secrets to local environments. Native Kubernetes operator handles pod injection. The setup is far less operationally complex than Vault, which is the point.
Engineering teams with dozens of services and no secrets management discipline will get immediate value. The free self-hosted tier has no artificial limits. Infisical Cloud starts at around 6 USD/month per user for those who want managed hosting.
The catch: for teams that need the full Vault feature set (PKI, dynamic secrets, hardware security modules), Infisical does not cover it. It is the right tool for application secrets; it is not a full secret engine.
Free vs Self-Hosted vs Paid
open core**Free tier:** MIT-licensed, fully free self-hosted with no feature limits.
**Self-hosted:** Free. Requires Docker + Postgres + Redis.
**Infisical Cloud:** Pro plan ~6 USD/user/month. Enterprise for SSO/SAML and compliance features.
Self-hosted free tier covers most teams; cloud removes infrastructure overhead.
Similar Tools
About
- Stars
- 25,731
- Forks
- 1,787
Explore Further
More tools in the directory
Get tools like this delivered weekly
The Open Source Drop — the best new open source tools, analyzed. Free.
