From infisical-self-host
Deploys and operates self-hosted Infisical instances using Docker, Docker Compose, and Kubernetes. Covers ENCRYPTION_KEY management, PostgreSQL/Redis setup, production hardening, FIPS compliance, scaling, and high availability.
npx claudepluginhub infisical/ai-skills --plugin infisical-self-hostThis skill uses the workspace's default tool permissions.
This skill guides you through deploying, configuring, and operating Infisical in self-hosted environments. Whether you are running Infisical on Docker, Docker Compose, or Kubernetes, this resource covers essential setup, security hardening, scaling, and maintenance patterns.
Guides Infisical secret integration into local CLI dev, Docker (build/runtime), CI/CD (GitHub Actions, GitLab CI), Kubernetes Operator, and app SDKs (Node.js, Python, Go, Java, .NET, Ruby). Covers machine identity auth setup.
Guides designing secret storage, rotation, and credential management systems covering HashiCorp Vault patterns, AWS Secrets Manager, Azure Key Vault, and zero-knowledge architectures.
Guides secure secrets management using Vault, AWS Secrets Manager, Azure Key Vault, environment variables, rotation, scanning tools, and CI/CD security. For implementing storage, rotation, leak prevention, credentials review.
Share bugs, ideas, or general feedback.
This skill guides you through deploying, configuring, and operating Infisical in self-hosted environments. Whether you are running Infisical on Docker, Docker Compose, or Kubernetes, this resource covers essential setup, security hardening, scaling, and maintenance patterns.
ENCRYPTION_KEY is Critical: This key encrypts all secrets at rest. It is 16 bytes (32 hex characters), generated with openssl rand -hex 16, and cannot be recovered if lost. Back it up and rotate it carefully following Infisical's rotation procedures.
AUTH_SECRET is Required: This key is used for session and JWT signing. It is 32 bytes (base64), generated with openssl rand -base64 32, and must be stable across restarts.
Database Requirements: PostgreSQL 14+ is required. Always backup your database before upgrading Infisical. Schema migrations run automatically on boot (since v0.111.0-postgres).
Redis Configuration: Redis 6.2+ is required. Cluster mode is NOT supported; use standalone or Redis Sentinel for high availability. Standalone mode is simplest for development; use Sentinel for production HA.
Stateless Architecture: Infisical is stateless. Scale horizontally by adding more replicas. All state lives in PostgreSQL and Redis.
FIPS Compliance: FIPS 140-2 mode is available via the infisical/infisical:latest-fips image. Enable with FIPS_ENABLED=true and appropriate Node.js options.
infisical/infisical:<version>, set environment variables, run on port 8080.docker-compose.prod.yml from the repository with PostgreSQL and Redis services.infisical-standalone-postgres from Cloudsmith registry with optional managed databases.Complete reference for all configuration environment variables, including:
Docker and Docker Compose deployment patterns, including:
Kubernetes and Helm deployment guide, including:
Production scaling patterns and HA architecture, including: