Infisical
Self-hosting
curl -o docker-compose.prod.yml https://raw.githubusercontent.com/Infisical/infisical/main/docker-compose.prod.yml
curl -o .env https://raw.githubusercontent.com/Infisical/infisical/main/.env.example
chmod 600 .env
openssl rand -hex 16
openssl rand -base64 32
docker compose -f docker-compose.prod.yml up -d
docker compose -f docker-compose.prod.yml ps
curl -s http://localhost:80/api/status | head -c 100
Client
curl -1sLf \
'https://artifacts-cli.infisical.com/setup.deb.sh' \
| sudo -E bash
sudo apt-get update && sudo apt-get install -y infisical
# Log into the self-hosted Infisical.
infisical login --domain http://localhost:80/
# Navigate to your project folder.
cd .
# Initialize infisical
infisical init
# Create dummy script to read example secret. (It needs to be set in the web UI)
cat > main.py <<'EOF'
import os
print(os.environ["MY_SECRET"])
EOF
# Example usage.
infisical run --env=dev -- python main.py
infisical run --env=staging -- python main.py
infisical run --env=prod -- python main.py
By default, Infisical creates the "environments": Development, Staging, Production. In the terminal they are referred to as "slugs". These "slugs" could be copied as "Copy Environment Slug" in the web UI but can't be viewed.
Advanced
The --path parameter is used to manage multiple sets of secrets in one Infisical project by separating them into folders. You create the folders (/folder-1, /folder-2) within that single project via the web UI or CLI, and then each folder holds its own secrets per environment.