Skip to main content

Why Infisical

Decision

Use Infisical as the primary secret-management system for application runtime secrets.

Context

AI systems accumulate provider keys, database URLs, API tokens, observability credentials, and SMTP secrets. Keeping these in .env files or source control is unsafe and hard to rotate.

Consequences

  • Runtime services should load secrets through Infisical when practical.
  • Bootstrap values still need a protected recovery path.
  • Secret names and ownership may be documented; secret values must not be.