The open source security infrastructure platform that teams use for secrets, certificates, and privileged access management.

Joined August 2022
68 Photos and videos
Pinned Post
Rest in peace, .env. You served us well but you gotta go. Infisical fetches secrets at runtime so they never touch disk. CLI works with any language SDKs and infra integrations. Docs below.
19
75
731
255,072
Infisical reposted
Every forward-thinking company, startup or not, should be investing time into building out internal agents capabilities and the infrastructure needed for it. We run an equivalent solution to what Clay describes as an MCP gateway called Agent Vault that we’ve actually open sourced at @infisical. Agent Vault inventories all of our internal agents and brokers them granular access to any service, agnostic of the interface be it MCP, SDK, CLI, or raw API call. It’s deployed within a private network within close proximity to internal agents to reduce latency amid hundreds and thousands of inference calls passing through it. We also have an internal template that folks can use to build custom agents that are readily compatible with Agent Vault. We’ll be publishing more on how to build an agent workforce, especially the security infrastructure portion of it, soon but for now I’d recommend peeking Agent Vault. This is basically the starting point.
Super interesting hearing @claybavor talk about the internal AI tool (called 'Pinecone'), that Sierra has built for all it's employees. And it must be working because they hit $100M ARR in their first 7 quarters, and are now worth north of $15B. 'Pinecone' does two main things: 1. Gives every employee access to find and interrogate information across the whole company = so they can make higher quality decisions faster. 2. Let's employees build their own mini agents to help them with their work = each person starts to feel more like 2-3 people, as these agents free up time for them to spend on higher value work. ^^^Every company should have their own version of this, Clay says it has become an 'approaching indispensable tool for running the company'. thanks @HarryStebbings for another banger interview!
11
21
161
47,518
It's the day before a long weekend. Let's be real about where your focus is. Leak Hunt is 8 levels of spotting leaked secrets against a timer. It looks a lot like work. You can make the argument that it's technically security training. See where you land on the leaderboard: hunt.infisical.com
1
4
12
1,477
Wow, just seeing the flag now. Appreciate the love but you should get down now.
5
8
29
1,719
Infisical reposted
i'm a huge fan of @dakshgup and the whole @greptile team we love and use greptile at @infisical, so I'm incredibly bullish on what they are building and glad to help them with security along the way. here is a quick story about it: infisical.com/customers/grep…
5
31
7,012
When @greptile scaled its engineering team after a Series A, its secrets setup did not. Secrets lived in .env handoffs and password shares. One rename broke everyone's setup. So they centralized on Infisical. Onboarding is now one grant. Rotation is swap-and-deploy. See the full story: infisical.com/customers/grep…
3
8
532
Our old Kubernetes operator made every secret resource hold its own auth and connection. At scale, that meant OOM crashes and a thundering herd of auth calls on every restart. So we rebuilt it.
2
3
21
2,256
Another day, another Infisical update. Today: Product Settings. Secrets Management settings were previously scattered across the organization. With Product Settings, features like honey tokens, project templates, and secret sync controls are now easier to discover and manage in one central place.
1
3
8
501
To check it out, open Secrets Management and select the new Product Settings tab before entering an individual project.
2
212
If you do code-signing on Windows, signtool is the tool you already live in. Infisical PKI now works with the Windows KSP signtool. We shipped a dedicated KSP library and tightened up PKCS#11 so both flows are more intuitive. Plus: you can now sign with a user's token directly, not only machine identities. Check it out 👇
1
7
9
729
Thank you for the shoutout @hasantoxr 🤝 You've put us in great company too! x.com/hasantoxr/status/20689…
10 GITHUB REPOS THAT LET ONE PERSON RUN A STARTUP LIKE A TEAM Bookmark every single one. Each one replaces a painful part of running a company, the kind of boring backend work startups usually hire operators, engineers, analysts, support people, and growth teams to manage. 1. github.com/windmill-labs/win… Turn any script into an internal app, workflow, webhook, cron job, approval flow, or admin panel. The ops layer founders usually duct tape across Zapier, Retool, random scripts, and Slack alerts, packed into one open-source platform. Write the script once, give it a UI, trigger it from anywhere, and suddenly your startup has an internal tools team without hiring one. 2. github.com/papermark/paperma… The open-source DocSend for founders who send decks, proposals, contracts, investor updates, and data rooms. Share a link, track who opened it, see which pages they viewed, and know what they ignored. The difference between “I sent the deck” and “I know exactly which investor is actually interested.” 3. github.com/getlago/lago The billing engine your SaaS needs the second pricing gets complicated. Subscriptions, usage-based billing, metering, credits, invoices, add-ons, and revenue analytics, all the stuff founders think Stripe will magically solve until they build a real product. If you charge by seats, API calls, credits, storage, or usage, this is the billing team in repo form. 4. github.com/unkeyed/unkey The API key system every AI startup ends up building badly. Create keys, revoke them, rate limit users, track usage, protect endpoints, and stop one customer from torching your infrastructure bill. The control layer behind every serious API business, open source before your first abuse problem shows up. 5. github.com/langfuse/langfuse The black box recorder for your AI product. Track prompts, costs, latency, traces, evals, datasets, and model outputs so you can see what your agents are actually doing. Most AI apps fail in the invisible layer. Langfuse shows you the broken prompt, the expensive call, the hallucinated step, and the exact place your user experience fell apart. 6. github.com/novuhq/novu Notification infrastructure without building a notification team. Email, SMS, push, in-app messages, chat alerts, digests, preferences, and workflows in one place. Every startup starts with “just send an email” and ends up with onboarding emails, usage alerts, failed payment warnings, team invites, product updates, and support messages everywhere. Novu turns the mess into a system. 7. github.com/formbricks/formbr… The customer research layer most founders skip until churn hurts. Run product surveys, NPS, onboarding questions, churn surveys, website forms, and in-app feedback at the exact moment users are confused. Instead of guessing why people leave, why they do not activate, or what they want next, ask them inside the product while the pain is still fresh. 8. github.com/dittofeed/dittofe… The open-source lifecycle marketing machine. Build customer journeys across email, SMS, push, WhatsApp, Slack, and more. New user signs up, onboard them. Trial is ending, convert them. User goes quiet, reactivate them. Customer hits a milestone, upsell them. The retention and growth team most startups pay for later, sitting in GitHub now. 9. github.com/Infisical/infisic… The secrets manager for startups that outgrew .env files and Slack messages. Store API keys, database passwords, certificates, environment variables, and sensitive credentials in one controlled place. Early teams leak secrets because everything is scattered. Infisical gives you the security hygiene of a real company before you hire a security person. 10. github.com/openreplay/openre… Session replay and product analytics you can self-host. Watch users click, rage tap, break flows, hit errors, and abandon the product in real time. When someone says “your app is broken,” you do not guess for four hours. You replay the exact session, see the bug, fix the flow, and ship. The product debugging team your users wish you had. Founders used to hire for this. Now the stack is public. One person. Ten repos. A startup that runs like a team.
2
1
10
4,478
How fast can you find a leaked API key? Leak Hunt is a game about catching it before an attacker does. 8 levels, and the clock gets shorter every round. See if you can get to the top of the leaderboard: hunt.infisical.com Drop your score below 👇
3
7
20
2,074
The same secrets setup that worked for two founders now powers an engineering team serving 20,000 companies and 100 million end users. When Mintlify was three people, the team made a deliberate call: get secrets management right before it became a problem. They chose Infisical to centralize secrets and avoid a costly secrets migration later. Today, it's a Series B company of around 60 engineers, and Infisical is still part of every dev and production build. A new engineer needs exactly two tools to get the codebase running: GitHub and Infisical. "Every single engineer loves it," says co-founder Hahnbee Lee. "We're divided between Cursor and Codex, but I don't know a single person who hates Infisical." See how Mintlify scaled secrets management from pre-seed to Series B: infisical.com/customers/mint…
8
15
3,397
Infisical reposted
Agent Security is indeed tricky and there’s ton more left to figure out. A big step in the right direction that we’ve been working on has been to stop credential exfiltration through credential brokering with tooling like Agent Vault which I’ll link below. An AI agent can be manipulated into doing unintended things and while there are no definitive guardrails that you can apply today, you can at least guarantee that it won’t leak credentials to sensitive systems by not giving it any to begin with. This should be P0.
JUST IN: 🇺🇸 Anthropic admits that no AI company (including themselves), can build a model that's 100% resistant to jailbreaks.
3
1
8
2,800
For everyone who couldn’t invest in SpaceX pre-IPO, here is how you can invest in Infisical now:
1
4
20
590
Infisical reposted
new website
5
4
48
3,434
Introducing the new Infisical homepage 💫 The security landscape is changing with novel attack vectors requiring modern approaches to the toughest problems. This is a step in that direction: Infisical is the security infrastructure platform for developers, enterprises, and AI agents.
5
12
36
4,703