Why Infisical?

Infisical was born out of personal frustration over managing .env files for our previous startup Auledge. For anyone unfamiliar with .env files, they’re simply files that software developers use to store access keys to services like databases used by the app that they’re building. Time after time, our codebases kept crashing because we’d add more API keys to our local .env files only to forget sharing them with other developers on our team — later we learned that there was a term for this called secret sprawl. To make matters worse, when we got around to sharing keys to keep our .env files in sync, we did so insecurely over text or email, sometimes sending keys in 2 parts over different channels hoping that no one would intercept them. The reality is:

Software developers lose time debugging errors due to unsynced .env files and take unnecessary security risks sending API keys over email, slack, and text to sync these files back together.

The problem is so profound that, in some extreme cases, teams go out of their way to build internal tools to sync secrets together across their teams. Equipped with this realization, we started Infisical:

Infisical is a simple, end-to-end (E2EE) encrypted solution that enables teams to sync and manage their environment variables in seconds.

We’re different from other solutions because we’re developer friendly and E2EE. Typical secret managers make user-experience and security tradeoffs such that they are either overly complex, not secure enough, or both. On one end of the spectrum, there are solutions like HashiCorp Vault that, despite being secure and comprehensive, are far too expensive and complex to set up for the average team. In fact, some companies hire consultants just to assist them with properly configuring the service for their use-case. On the other side of the spectrum, we have solutions that are simpler to set up but not entirely as secure as they rely on master keys to symmetrically encrypt and store secrets; one might wonder what happens if these platforms get compromised by a bad actor — could he/she leak everyone’s secrets?

Across the spectrum, we see a common trade-off between user experience and security but it doesn’t have to be this way. With Infisical, syncing secrets is as storing them with us and then pulling/injecting them back into your local processes with 1 line of code. It also supports working with .env files by pushing and pulling with 2 commands akin to git; our service can be set up in minutes for developers of any skill-level. We fundamentally believe that we can offer a more secure way for teams to sync their environment variables through E2EE in seconds. Moreover, we know that your secrets are in safer hands when they cannot be read by ourselves — even if our service is compromised then your secrets would still be safe because you are the only ones who can decrypt them locally and any potential workspace breaches are isolated to those workspaces resulting in a smaller blast radius.

With 26M dotenv package downloads per week, helping developers integrate secrets (environment variables) in .env files into their apps, on node package manager, we believe that now more than ever the world needs a dedicated secret manager that is both nimble and secure. With that, we’re excited to have you use Infisical to easily and securely store and share environment variables!