Rest in peace, .env. You served us well but you gotta go. Infisical fetches secrets at runtime so they never touch disk. CLI works with any language + SDKs and infra integrations. Docs below.
i'm the one who built this. it's been live since monday this week and i've been surprised by the usage
there are a small fraction of people who actually do want to call websites
it still mostly a meme and on track to get killed tho. call some docs while you still can
Getting a DigiCert code-signing cert usually means wrangling HSM requirements yourself.
Infisical now handles that flow: HSM-backed key, CSR to DigiCert, signer goes active once DigiCert approves the order.
Then sign your exes, JARs, and container images.
Every now and then, customers ask us how @infisical compares to other alternatives on the market.
So we did the research and compiled the most serious, enterprise-ready alternatives into one blog post.
Some of them might surprise you!
๐งตMore in the thread:
Every forward-thinking company, startup or not, should be investing time into building out internal agents capabilities and the infrastructure needed for it.
We run an equivalent solution to what Clay describes as an MCP gateway called Agent Vault that weโve actually open
Super interesting hearing @claybavor talk about the internal AI tool (called 'Pinecone'), that Sierra has built for all it's employees.
And it must be working because they hit $100M ARR in their first 7 quarters, and are now worth north of $15B.
'Pinecone' does two main
It's the day before a long weekend. Let's be real about where your focus is.
Leak Hunt is 8 levels of spotting leaked secrets against a timer. It looks a lot like work. You can make the argument that it's technically security training.
See where you land on the leaderboard:
i'm a huge fan of @dakshgup and the whole @greptile team
we love and use greptile at @infisical, so I'm incredibly bullish on what they are building and glad to help them with security along the way. here is a quick story about it:
When @greptile scaled its engineering team after a Series A, its secrets setup did not.
Secrets lived in .env handoffs and password shares. One rename broke everyone's setup.
So they centralized on Infisical.
Onboarding is now one grant. Rotation is swap-and-deploy.
See the
Our old Kubernetes operator made every secret resource hold its own auth and connection.
At scale, that meant OOM crashes and a thundering herd of auth calls on every restart.
So we rebuilt it.
Another day, another Infisical update. Today: Product Settings.
Secrets Management settings were previously scattered across the organization. With Product Settings, features like honey tokens, project templates, and secret sync controls are now easier to discover and manage in
If you do code-signing on Windows, signtool is the tool you already live in.
Infisical PKI now works with the Windows KSP signtool. We shipped a dedicated KSP library and tightened up PKCS#11 so both flows are more intuitive.
Plus: you can now sign with a user's token directly,
10 GITHUB REPOS THAT LET ONE PERSON RUN A STARTUP LIKE A TEAM
Bookmark every single one. Each one replaces a painful part of running a company, the kind of boring backend work startups usually hire operators, engineers, analysts, support people, and growth teams to manage.
1.
How fast can you find a leaked API key?
Leak Hunt is a game about catching it before an attacker does.
8 levels, and the clock gets shorter every round.
See if you can get to the top of the leaderboard: hunt.infisical.com
Drop your score below ๐