Skip to main content

Infisical Bootstrap

Infisical cannot be the only source for the secrets required to start Infisical itself.

Bootstrap Rules

  1. Keep database, encryption, auth, Redis, SMTP, and initial service settings recoverable outside Infisical.
  2. Store bootstrap values in GitHub Actions secrets or protected server environment files as appropriate.
  3. Do not print values in logs while migrating.
  4. After the service is healthy, move application runtime secrets into Infisical projects and paths.

Validation

  • UI/API loads through the intended hostname.
  • Database connection is stable.
  • SMTP test succeeds if transactional email is enabled.
  • Machine identities can read only their intended paths.

Related page: Infisical Runtime.