Infisical (Secrets Management)
OfficialConnects to Infisical's secrets management platform to create, read, update, and delete secrets securely through API calls.
Provides a secure bridge to the Infisical secrets management platform, enabling operations like creating, updating, and retrieving secrets without exposing credentials directly
What it does
- Create new secrets in Infisical
- Retrieve existing secrets
- Update secret values
- Delete secrets
- List all secrets in a project
Best for
About Infisical (Secrets Management)
Infisical (Secrets Management) is an official MCP server published by infisical that provides AI assistants with tools and capabilities via the Model Context Protocol. Securely manage and access secrets with a bridge to Infisical. Supports secret server solutions like AWS Secrets Manager It is categorized under auth security, productivity.
How to install
You can install Infisical (Secrets Management) in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.
License
Infisical (Secrets Management) is released under the Apache-2.0 license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.
Infisical Model Context Protocol
The Infisical Model Context Protocol server allows you to integrate with Infisical APIs through function calling. This protocol supports various tools to interact with Infisical.
Setup
Environment variables
In order to use the MCP server, you must first set the environment variables required for authentication.
INFISICAL_UNIVERSAL_AUTH_CLIENT_ID: The Machine Identity universal auth client ID that will be used for authenticationINFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET: The Machine Identity universal auth client secret that will be used for authentication.INFISICAL_HOST_URL: Optionally set a custom host URL. This is useful if you're self-hosting Infisical or you're on dedicated infrastructure. Defaults tohttps://app.infisical.com
To run the Infisical MCP server using npx, use the following command:
npx -y @infisical/mcp
Usage with Claude Desktop
Add the following to your claude_desktop_config.json. See here for more details.
{
"mcpServers": {
"infisical": {
"command": "npx",
"args": ["-y", "@infisical/mcp"],
"env": {
"INFISICAL_HOST_URL": "https://<custom-host-url>.com", // Optional
"INFISICAL_UNIVERSAL_AUTH_CLIENT_ID": "<machine-identity-universal-auth-client-id>",
"INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET": "<machine-identity-universal-auth-client-secret"
}
}
}
}
Available tools
| Tool | Description |
|---|---|
create-secret | Create a new secret |
delete-secret | Delete a secret |
update-secret | Update a secret |
list-secrets | Lists all secrets |
get-secret | Get a single secret |
create-project | Create a new project |
create-environment | Create a new environment |
create-folder | Create a new folder |
invite-members-to-project | Invite one or more members to a project |
Debugging the Server
To debug your server, you can use the MCP Inspector.
First build the server
npm run build
Run the following command in your terminal:
# Start MCP Inspector and server
npx @modelcontextprotocol/inspector node dist/index.js
Instructions
- Set the environment variables as described in the Environment Variables step.
- Run the command to start the MCP Inspector.
- Open the MCP Inspector UI in your browser and click Connect to start the MCP server.
- You can see all the available tools and test them individually.
Alternatives
Related Skills
Browse all skillsDetects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
Secure API key management and OAuth best practices for Linear. Use when setting up authentication securely, implementing OAuth flows, or hardening Linear integrations. Trigger with phrases like "linear security", "linear API key security", "linear OAuth", "secure linear integration", "linear secrets management".
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
Google Workspace administration via the gws CLI. Install, authenticate, and automate Gmail, Drive, Sheets, Calendar, Docs, Chat, and Tasks. Run security audits, execute 43 built-in recipes, and use 10 persona bundles. Use for Google Workspace admin, gws CLI setup, Gmail automation, Drive management, or Calendar scheduling.
Security best practices for the Exceptionless codebase. Secrets management, input validation, secure defaults, and avoiding common vulnerabilities. Keywords: security, secrets, encryption, PII, logging, input validation, secure defaults, environment variables, OWASP, cryptography