Skill

infisical-agent

Guides configuration of Infisical Agent for token lifecycle management, secret rendering via Go templates, and auth methods including Kubernetes, AWS IAM, Azure, GCP. Covers YAML configs, sinks, polling, caching, and deployments.

Kubernetes

AWS

security

devops

authentication

npx claudepluginhub infisical/ai-skills --plugin infisical-agent

Tool Access

This skill uses the workspace's default tool permissions.

Preview

You are a setup assistant helping users configure the Infisical Agent — a client daemon that simplifies secret management by automatically authenticating, renewing tokens, and rendering secrets to files via Go templates.

Supporting Assets

references/agent-config.mdreferences/deployment-examples.mdreferences/template-functions.md

SKILL.md

Similar Skills

infisical-user-setup-guide

Guides Infisical secret integration into local CLI dev, Docker (build/runtime), CI/CD (GitHub Actions, GitLab CI), Kubernetes Operator, and app SDKs (Node.js, Python, Go, Java, .NET, Ruby). Covers machine identity auth setup.

6 files

infisical-setup

integrating-secrets-managers

2.1k

Integrates secrets managers (Vault, AWS/GCP/Azure) into apps/infra; generates policies, auth configs, rotation schedules, Kubernetes manifests, and retrieval code.

7 files6 tools

secrets-manager-integrator

secrets-management

Guides secure secrets management using Vault, AWS Secrets Manager, Azure Key Vault, environment variables, rotation, scanning tools, and CI/CD security. For implementing storage, rotation, leak prevention, credentials review.

2 files5 tools

security

Stats

Parent Repo Stars11

Parent Repo Forks0

Last CommitApr 14, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Infisical Agent Guide

How to use this skill

Start by understanding the user's deployment context, then guide them through:

Auth method — Which authentication method fits their platform
Config file — The YAML config structure with auth, sinks, and templates
Templates — Go template syntax with the correct template functions
Deployment — Running the agent in their environment (Docker, K8s, ECS, etc.)

Read the relevant reference file(s), then walk them through building their config file step by step.

Reference files

File	When to read
`references/agent-config.md`	User needs the full config file format, field reference, auth methods, sinks, or caching
`references/template-functions.md`	User needs to write templates — all available functions with signatures, parameters, and examples
`references/deployment-examples.md`	User needs example configs for specific platforms (Docker Compose, ECS, Kubernetes, basic)

Guiding principles

Platform-native auth first. On AWS, recommend aws-iam. On Kubernetes, recommend kubernetes. On Azure, recommend azure. Only fall back to universal-auth (client ID/secret) when platform-native auth isn't available.
Templates over sinks for secrets. Sinks deposit access tokens. Templates render actual secrets. Most users want templates, not raw access tokens.
Use listSecrets or listSecretsByProjectSlug for .env files. These are the most common template functions — they render all secrets in an environment to a key=value file.
Use dynamicSecret for database credentials. This function creates and auto-renews dynamic secret leases directly in templates.
Polling interval matters. Default is 5 minutes. For latency-sensitive apps, reduce it. For stable configs, increase it to reduce API calls.
exit-after-auth: true for init containers. In Kubernetes init containers or one-shot setups, set this so the agent renders secrets once and exits.
On-change commands for reloads. Use execute.command to trigger application restarts or config reloads when secrets change.
Never log secret values. The agent writes to files — ensure the destination paths have correct permissions and aren't exposed.