secrets
Infisical
Open-source secrets, PKI and SSH — self-hostable Doppler/Vault alternative
OSS (MIT core + BSL Enterprise) secrets management + PKI + SSH. Self-hostable via Docker or use cloud. Automatic secret rotation, dynamic secrets, K8s operator. YC W22.
Pricing
| Tier | Price | Notes |
|---|---|---|
| Free (Cloud) | Free | $0. Unlimited users. 5 projects. 30-day audit. Community support. |
| Self-Host CE (OSS) | Free | Free forever. MIT license. Core features free. Docker Compose. |
| Pro | $18/mo | $18/user/mo. Unlimited projects, secret rotation, dynamic secrets, 90-day audit, Slack alerts. |
| Enterprise | Custom | Custom. SAML, SCIM, SLA, dedicated deploy, HIPAA-ready, audit 1yr+. |
| Self-Host EE (BSL) | Custom | Custom. BSL-licensed enterprise features for self-hosted deploys. |
Limits
| Tier | Metric | Value | Notes |
|---|---|---|---|
| — | approval policies | Require approvals for prod secret changes (Pro+) | Approvals |
| — | dynamic secrets | Generate short-lived secrets on demand (DB creds, cloud tokens) — like HashiCorp Vault | Dynamic secrets |
| — | e2ee | Client-side encryption with zero-knowledge architecture (optional E2EE mode) | E2EE |
| — | integrations count | 40+ integrations (AWS, GCP, Azure, Vercel, Netlify, K8s, GitHub Actions, CircleCI) | Integrations |
| — | license | MIT core (fully OSS) + BSL for enterprise features (source-visible, non-compete) | License |
| — | products | (1) Secrets Management, (2) PKI (certificate mgmt), (3) SSH (ephemeral access) | Product suite |
| — | secret rotation | Auto-rotate DB passwords, cloud API keys, OAuth tokens | Rotation |
| — | self host f | Docker Compose, Helm chart, AWS AMI — full self-host CE is free + easy | Self-host |
| — | vs doppler | Infisical = OSS + self-host + PKI/SSH bundled; Doppler = hosted-only + polished + 100+ integrations | vs Doppler |
| — | vs vault | Infisical = simpler UX + dev-first; Vault = more powerful + ops-focused + steeper curve | vs Vault |
| — | yc batch | Y Combinator W22 | Origin |
Features
- Approval Policies — PR-style approvals.
- Audit Log — Full activity trail.
- Dynamic Secrets — Generate on-demand creds.
- E2E Encryption — Optional zero-knowledge mode.
- Environments — Multi-env (dev/staging/prod).
- Infisical Agent — Sidecar for secret injection.
- Infisical CLI — Command-line access.
- Kubernetes Operator — Native K8s controller.
- PKI (Certificates) — Private CA + cert lifecycle.
- RBAC — Roles + permissions.
- SCIM — User provisioning.
- Secret Rotation — Auto-rotate keys.
- Secrets Management — Core secret storage.
- Secret Sync — Sync to cloud/hosting.
- Self-Host (CE + EE) — Docker / Helm / AMI.
- SSH — Ephemeral SSH access.
- SSO (SAML) — Enterprise auth.
- Webhooks — Change events.
Developer interfaces
| Slug | Name | Kind | Version |
|---|---|---|---|
| agent | Infisical Agent | other | — |
| cli | infisical CLI | cli | 1.x |
| dashboard | Infisical Dashboard | other | — |
| sdk-python | infisical-python | sdk | 1.x |
| rest-api | Infisical REST API | rest | v1 |
| sdk-js | @infisical/sdk | sdk | 4.x |
| k8s-operator | Kubernetes Operator | other | — |
| self-host | Self-Host (Docker) | other | — |
Compare Infisical with
ai-api
Infisical vs Anthropic API
Side-by-side breakdown.
ai-api
Infisical vs AssemblyAI
Side-by-side breakdown.
ai-api
Infisical vs Deepgram
Side-by-side breakdown.
ai-api
Infisical vs ElevenLabs
Side-by-side breakdown.
ai-api
Infisical vs Google Gemini API
Side-by-side breakdown.
ai-api
Infisical vs Groq
Side-by-side breakdown.
ai-api
Infisical vs OpenAI API
Side-by-side breakdown.
ai-api
Infisical vs Replicate
Side-by-side breakdown.
Staxly is an independent catalog of developer platforms. The link to Infisical above may be an affiliate link — Staxly may earn a commission if you sign up through it, at no extra cost to you. Pricing is verified at publication time — reconfirm on the vendor site before buying.