Infisical Runtime
Application containers should load runtime secrets from Infisical where possible.
Runtime Pattern
- Configure project, environment, and secret path in Infisical.
- Provision machine identity or another supported non-human access method.
- Inject only the minimum bootstrap identity into the container environment.
- Start the app through the Infisical runtime wrapper or SDK.
- Confirm the app starts without printing secret values.
Failure Modes
- Missing machine identity permissions.
- Wrong environment or path.
- Expired token.
- Infisical unavailable during service startup.
- Shell quoting errors when values contain
$.
Related pages: Infisical and Rotation Checklist.