Show HN: Infisical – open-source secret management platform (infisical.com)
Excited to show you all the progress that we’ve made in the past few months after our Launch HN in February (https://news.ycombinator.com/item?id=34955699) and Show HN in December (https://news.ycombinator.com/item?id=34055132).
During the previous Show HN and Launch HN, we received a ton of feedback which helped us improve Infisical. We’ve since released:
- Secret scanning: a new toolset to block commits with hardcoded secrets and continuously monitor your code.
- Folders: Deeper organizational structure within projects to accommodate for microservice architectures and storage of more secret types like user API keys and OAuth tokens.
- Node and Python SDKs, Webhooks: More ways to integrate and start syncing secrets with Infisical across your infrastructure.
- Integrations with Terraform, Supabase, Railway, Checkly, Cloudflare Pages, Azure Key Vault, Laravel Forge, and more.
- Secret Referencing and Importing: to create a proper single source of truth.
- 1-click deployments to AWS EC2, Digital Ocean, Render, Fly.io: More ways to self-host Infisical on your own infrastructure.
In addition, the platform has become more stable and undergone a full-coverage penetration test; we’ve also begun the SOC 2 (Type II) certification process.
Overall, we’re really lucky to have support of the developer community, and, in fact, Infisical has gathered over 7k GitHub stars, and now processes over 200 million secrets per month for everyone from solo developers to public enterprises.
Our repo is published under the MIT license so any developer can use Infisical. Again, the goal is to not charge individual developers. We make money by charging a license fee for some enterprise features as well as providing a hosted version and support.
Check out Infisical Cloud (https://infisical.com/) or self-host Infisical on your own infrastructure (https://github.com/Infisical/infisical). We’d love to hear what you think!
We’re excited to continue building Infisical, and keep shipping features for you. Please let us know if you have any thoughts, feedback, or feature suggestions!
57 comments
[ 3.3 ms ] story [ 124 ms ] threadOn top of that, we heard over and over again that HCP Vault is too complicated for developers to set up and maintain. One of the goals of Infisical is to provide similar levels of security at a reduced learning curve. Because of that, we invested a lot of effort in the developer experience in order to make everything more intuitive for developers when compared to Vault.
You should try and let me know what you think.
WOW! I'm shocked, it's a single go binary and it has been ridiculously easy (I've been running it in production for years now).
I've never tried your product, as I've been happily using vault for a long time now. If I ever have to move off of vault for some reason, I'll give your stuff a try though. If it's been designed to be easier than vault, it must do everything for me! :)
1. For the managed Cloud product, it'a typical freemium model, where we have a pretty generous free tier, and you can upgrade if you need more features or higher limits than the free tier.
2. For the open source version, almost all the features (especially the ones that are needed by individual developers and small teams) are completely free with the exceptions of some managerial/compliance features (e.g., audit logs, potentially certain types of 2FA). These managerial features require a license. Some of these paid features are still under development. Plus, for the open source version, we also sell support packages to help with redeployments/maintenance/emergency situations.
If 2fa is the only way you can differentiate in order to force enterprises to pay, it’s better to have a fee for security than to die because you can’t make money… but broadly, as a security company, you should aim for maximum security for every user.
If I were in your position, I’d start out by making security features available to everyone and then only if you feel you don’t have a choice would you put them behind a paywall — and at that point, you can grandfather existing customers in to these features for free.
Rust SDK is coming soon too.
SDKs are not the most popular way of using Infisical though. You should look into our CLI (which most of the folks use) and API
> The main goal is to create an all-in-one secret management platform that targets developers
Can we use Infisical without the SDK? How would that work in a Node project?
It's just a combination of tailwind and Next.js
Have you gotten feedback on the name, Infisical?
If a user is at a conference or on an online meeting and they mention your company to another user, they will likely have to spell the name out. Just hearing the name, it would be hard to know how to spell/search for it.
It is also not very memorable. A month later if I wanted to recall the name of your company I would likely have a bit of a hard time recalling the exact name.
In branding, simple is always better.
To make it easier to find us, we have purchased a number of other domains like http://inphysical.com/ and made them redirect to our main website.
Tony discussed the team’s background, how Infisical got started & joined Y Combinator, the open core business model, hiring, college students contributing to open source and lots more. 10min highlights: https://youtube.com/watch?v=T9oFAxu_jAM
- Five seems low for projects in the first tier
- Projects are unlimited in the second tier, but environments are not? Is that a technical limitation?
What is your use case for having more then 10 environments per project?
For the use case of having each environment per branch: yes, you would need to have more than 10 environments
Read this interesting blog by Sid from GitLab about this: https://opencoreventures.com/blog/2023-07-open-core-is-misun...
Read this interesting post by Richard Stallmann:
https://www.gnu.org/philosophy/open-source-misses-the-point....
Another org with a similar offering is Elastic, who offer Elasticsearch as a "Free and Open, Distributed, RESTful Search Engine" per the Github repo. No-one is going to be complaining that they don't offer their full platform under an open source license.
Offering a self-hosted version of your core product with an appropriate license is standard fare.
The fact is that the Open Core model is quite controversial, and people should be made aware that Infisical uses it. But the announcement uses “Open Source” as some of the very first words of the announcement, and “Open Core” is not mentioned even once.
The original post even explicitly explains what part of the offering is MIT licensed and what is commercial. So what is your point arguing semantics about open core?
This is absolutely ridiculous when it has been brought up in every past Show HN that you've done.
I really really hope nobody is reckless enough to use a completely untested platform to manage secrets.
/s
IMO this highlights further bad engineering culture.
Besides, a challenge with secrets is hardware. Storing them on ordinary EC2 instances or else is insecure. That's why AWS Secrets, for example, use specialized hardware that are hardened for this use case.
I'm curious what your source is for this claim. I presume when you say AWS Secrets that you're referring to AWS Secrets Manager?
[1] https://developer.1password.com/docs/connect/