infisical-dynamic-secrets

Infisical AI Skills

Give your AI coding agent accurate knowledge about Infisical — the open-source secret management platform.

Recommended: Connect our Docs MCP

The fastest way to stop your AI from hallucinating about Infisical is to connect our docs MCP server. It works with any MCP-compatible agent, auto-updates when our docs change, and requires zero maintenance.

URL: https://infisical.com/docs/mcp

Claude Code:

claude mcp add --transport http infisical-docs https://infisical.com/docs/mcp

Cursor / Windsurf: Add to your MCP settings:

{
  "mcpServers": {
    "infisical-docs": {
      "url": "https://infisical.com/docs/mcp"
    }
  }
}

VS Code / Copilot: Add to .vscode/mcp.json:

{
  "servers": {
    "infisical-docs": {
      "url": "https://infisical.com/docs/mcp"
    }
  }
}

Any MCP-compatible client can connect with that URL.

Alternative: Agent Skills

If your tool doesn't support MCP, or you want offline/local context, you can install these skills instead. They follow the Agent Skills open standard and work across 45+ AI tools.

Universal install

npx skills add Infisical/ai-skills

Claude Code (plugin marketplace)

/plugin marketplace add Infisical/ai-skills

Manual

Copy skill folders from skills/ into your project's agent skills directory:

Agent	Location
Claude Code	.claude/skills/
Codex	~/.codex/skills/
Cursor	.cursor/skills/ or .agents/skills/
GitHub Copilot	.github/skills/

What's included

infisical-setup

Interactive setup guide for integrating Infisical into your projects. Covers:

• CLI — infisical run, infisical init, local development workflow
• SDKs — Node.js, Python, Go, Java, .NET, Ruby (correct package names, imports, and class names)
• Docker — Build-time and runtime secret injection, infisical run entrypoint pattern
• Kubernetes — Operator installation, InfisicalSecret CRD, Kubernetes Auth setup
• CI/CD — GitHub Actions (OIDC Auth), GitLab CI (id_tokens)
• Auth methods — All 12 machine identity auth methods with a decision tree for choosing the right one

infisical-secret-syncs

Guide for pushing secrets from Infisical to 38+ third-party services. Covers:

• Cloud — AWS Secrets Manager, GCP Secret Manager, Azure Key Vault
• DevOps — GitHub (org/repo/env), Vercel, Cloudflare Workers, GitLab, Bitbucket
• Infrastructure — HashiCorp Vault, AWS Parameter Store, Terraform Cloud
• Platforms — Railway, Render, Fly.io, Heroku, Netlify, Supabase, and more
• Configuration — App Connections, key schemas, mapping behavior, initial sync options

infisical-dynamic-secrets

Guide for on-demand, short-lived credentials across 27 providers. Covers:

• SQL databases — PostgreSQL, MySQL, MSSQL, Oracle, Cassandra, Snowflake (custom creation statements)
• NoSQL & cache — Redis (ACL), MongoDB, MongoDB Atlas, Elasticsearch, RabbitMQ
• Cloud IAM — AWS IAM Users, AWS STS, GCP service account impersonation
• SSH & Kubernetes — CA-signed SSH certificates, K8s service account tokens
• Lease lifecycle — Generate, renew, and revoke with TTL management

infisical-agent

Guide for the Infisical Agent client daemon. Covers:

• Config format — Full YAML reference with auth, sinks, and templates sections
• Auth methods — Universal Auth, Kubernetes, AWS IAM, Azure, GCP ID Token, GCP IAM
• Template functions — listSecrets, listSecretsByProjectSlug, getSecretByName, dynamicSecret
• Deployment patterns — Docker Compose sidecar, AWS ECS sidecar, K8s init container, K8s sidecar
• Advanced — Polling intervals, on-change commands, exit-after-auth, caching

infisical-terraform

Guide for the Infisical Terraform Provider. Covers:

• Ephemeral resources — Terraform 1.10+ secrets that never land in state files
• Provider setup — infisical/infisical source, Universal Auth and OIDC authentication
• Data sources — Traditional approach for older Terraform versions (with state storage caveats)
• Project roles — permissions_v2 format with subject/action structure
• Terraform Cloud — OIDC integration for zero-credential CI/CD pipelines

infisical-api

Guide for the Infisical REST API. Covers:

• Authentication — Universal Auth login, Bearer token usage, all machine identity auth methods
• Secrets CRUD — /api/v4/secrets endpoints (v1/v2/v3 are deprecated)
• Projects & identities — Project management, environments, members, groups, folders
• Pagination — offset/limit (default 20, max 100)
• Rate limits — Cloud-only limits by plan tier; self-hosted has no limits

infisical-self-host

Guide for self-hosting Infisical. Covers: