惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
Check Point Blog
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
N
Netflix TechBlog - Medium
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 叶小钗
Cisco Talos Blog
Cisco Talos Blog
S
Schneier on Security
T
Threat Research - Cisco Blogs
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
Microsoft Security Blog
Microsoft Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
T
Tenable Blog
S
Secure Thoughts
T
Threatpost
V2EX - 技术
V2EX - 技术
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
罗磊的独立博客
P
Privacy & Cybersecurity Law Blog
Engineering at Meta
Engineering at Meta
小众软件
小众软件
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
Y
Y Combinator Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
P
Privacy International News Feed
H
Heimdal Security Blog
量子位
B
Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Infisical Pricing Teardown 2026
Vlad Nadymov · 2026-05-27 · via DEV Community

TL;DR

Infisical is the open-source secrets manager going after HashiCorp Vault from below — 25,700+ GitHub stars, MIT-licensed core, with enterprise features under a proprietary license inside backend/src/ee/. Pricing is identity-based at $18/month per identity, where an "identity" counts both humans and machines.

  • Free tier covers 5 identities, 3 projects, all integrations, and self-hosting — genuinely usable for solo devs
  • Pro at $18/month per identity unlocks SAML SSO, RBAC, secret versioning, IP allowlisting, and 90-day audit logs
  • Enterprise (custom pricing) gates dynamic secrets, SCIM, LDAP, approval workflows, KMIP, and HSM support
  • Identity-based billing scales faster than seat-based — 10 devs + 20 machine identities = $540/month
  • Self-hosting is real on the MIT core, but enterprise features still need a license key that phones home

Hey, it's Vlad, founder of Beton.

Infisical is the open-source secrets manager that's been eating into HashiCorp Vault's territory from below. The pitch is simple: Vault is powerful but painful. Infisical is Vault for teams that don't want to hire a dedicated Vault engineer.

25,700+ GitHub stars, founded in 2022, growing fast in the DevOps/platform engineering space. Let's look at how they make money.

How Infisical pricing scales

Infisical bills per identity — and an identity is any human OR machine (a CI pipeline, a service account, an agent). Machine identities usually outnumber people, so the bill scales faster than headcount suggests.

Monthly cost as Infisical scales by identity (humans + machines all count).
Monthly cost as Infisical scales by identity (humans + machines all count).

This post is a part of series on commercial open source software pricing.

What is Infisical

Infisical is an open-source platform for secrets management, certificate management (PKI), SSH key management, and privileged access management (PAM).

Think of it as the layer that stores your API keys, database passwords, certificates, and environment variables — then distributes them to your apps, CI/CD pipelines, and infrastructure through integrations with AWS, Kubernetes, Terraform, GitHub Actions, GitLab CI/CD, Docker, Jenkins, Ansible, and dozens more.

They also handle secret rotation, dynamic secrets (short-lived credentials generated on demand), secret scanning and leak prevention, and audit logging. It's a full platform, not just a key-value store.

They've raised venture capital and are positioning themselves as the modern alternative to HashiCorp Vault for teams that want something operational without a PhD in HCL configuration.

The licensing play

This one is a textbook open-core split, executed cleanly.

The core platform is MIT

The main codebase — the API server, CLI, SDKs, Kubernetes operator, agent, dashboard UI, all integrations — is MIT licensed. Do whatever you want with it. Fork it, embed it, sell it. No strings.

This is generous. More generous than AGPL (which Plane and many others use), and more generous than the various "sustainable use" or "source available" licenses. MIT is real open source, no asterisks.

Enterprise features live under a proprietary license

Everything inside the backend/src/ee/ directory (over 800 files) is covered by the Infisical Enterprise License. You can read the code on GitHub, but you can't run it in production without purchasing a license key.

The enterprise license is straightforward: you can modify the code and publish patches, but Infisical retains all rights to those modifications, and you can only use them with a valid subscription for the correct number of user seats. You can copy and modify for development and testing without a subscription.

The enterprise-gated features include:

  • SAML SSO (Okta, Azure AD, JumpCloud) and OIDC — this is on Pro, not Enterprise
  • SCIM provisioning
  • LDAP authentication
  • Dynamic secrets
  • Secret approval workflows and access requests
  • Audit log streaming and custom retention
  • User groups and custom roles
  • Sub-organizations
  • KMIP and HSM support
  • Gateways for private network access
  • IP allowlisting
  • Secret rotation

Here's the interesting part: SAML SSO and RBAC are gated at the Pro tier, not Enterprise. This means even mid-size teams hit a paywall the moment they need anything beyond Google/GitHub SSO or basic role assignment. That's a smart trigger — SSO is usually the first enterprise requirement any growing team runs into.

Google SSO and GitHub SSO are free across both cloud and self-hosted. So the free tier isn't crippled for small teams that standardize on one of those providers.

Pricing structure

Infisical uses identity-based pricing. An "identity" is either a human user or a machine identity (a service, CI/CD pipeline, Kubernetes service account, or agent that authenticates to Infisical). This is the key detail.

Free — $0/month

  • Up to 5 identities
  • Up to 3 projects
  • Up to 3 environments per project
  • Up to 10 integrations
  • Dashboard UI, API, CLI, SDKs
  • Kubernetes Operator, Infisical Agent
  • All third-party integrations (AWS, Vercel, GitHub Actions, GitLab CI/CD, Jenkins, Ansible, etc.)
  • Webhooks, 2FA
  • Secret referencing and overrides
  • Secret scanning and leak prevention
  • Secret sharing
  • Self-hosting or Infisical Cloud
  • Community Slack support

Pro — $18/month per identity

  • Everything in Free, plus:
  • Unlimited projects, environments, and integrations
  • Secret versioning
  • Point-in-time recovery
  • Role-based access controls
  • Secret rotation
  • Temporary access provisioning
  • SAML SSO
  • IP allowlisting
  • 90-day audit log retention
  • Higher rate limits
  • Priority support
  • Free trial available

Enterprise — custom pricing (contact sales)

  • Everything in Pro, plus:
  • Dedicated infrastructure
  • Enterprise SCIM
  • LDAP authentication
  • Dynamic secrets
  • AI Security Advisor
  • Approval workflows
  • Access requests
  • Gateways
  • Sub-organizations
  • KMIP
  • KMS & HSM support
  • Audit log streaming
  • Custom audit log retention
  • Custom rate limits
  • User groups and custom roles
  • 99.99% SLA
  • SOC2 & PenTest reports
  • Dedicated support engineer

The Pro tier slider goes from 1 to 50 identities on the pricing page. Beyond that, you're in Enterprise territory.

The identity pricing model

This is where Infisical gets clever — and potentially expensive.

Most secrets managers charge per user (human). Infisical charges per identity, which includes both humans and machines.

If you have 10 developers and 20 machine identities (production apps, CI/CD pipelines, staging environments, Kubernetes service accounts), you're paying for 30 identities at $18/month each. That's $540/month, or $6,480/year.

The free tier gives you 5 identities total. For a solo developer with a couple of apps and a CI pipeline, that's workable. For a team of 5 engineers? You've already used all your identities on humans alone, with zero machine identities.

The upgrade trigger is effectively: "the moment you have more than 5 things talking to Infisical." That's early. Very early.

Their FAQ even includes: "If I upgrade to Pro, do I keep the 5 free identities from the Free plan?" — which tells you this is a common friction point users hit.

Does it make sense to pay?

For small teams (under 5 people, a few services): the free tier is legitimately usable. MIT-licensed self-hosting means you can run it on your own infrastructure with no licensing cost and no catch. All integrations are included. If you only need Google or GitHub SSO, you're covered. This is a real free tier, not a demo.

For growing teams (10-30 engineers): yes, paying makes sense. The alternative is HashiCorp Vault, which requires significant operational expertise. A team of 15 engineers with 25 machine identities would pay $720/month for Pro. That's less than the salary cost of the fractional DevOps time you'd spend wrestling with Vault policies, token renewal, and seal/unseal ceremonies.

The real question is whether you need Pro or Enterprise. The Enterprise tier gates some features that many teams consider essential once they hit a certain maturity: dynamic secrets, approval workflows, SCIM provisioning, LDAP. If your organization uses Okta or Azure AD for everything, you'll need at least Pro for SAML SSO.

For self-hosting: this is where it gets nuanced. The MIT-licensed core is genuinely complete for basic secrets management. You can self-host it, use all integrations, and pay nothing. But the moment you need RBAC, secret versioning, or SSO beyond Google/GitHub, you need a Pro license. And for dynamic secrets, SCIM, or LDAP, you need an Enterprise license — even on your own infrastructure.

Self-hosting Infisical isn't like self-hosting Vault where you get everything for free. The enterprise features require a license key that phones home to Infisical's license server (or an offline key for air-gapped environments). This is the standard open-core playbook: the deployment is yours, but the premium features are still paywalled.

Bottom line: the identity-based pricing model is elegant but it scales faster than pure seat-based pricing. Every new microservice, every new CI/CD pipeline, every new Kubernetes namespace that needs its own credentials — they all count. For organizations with many services and few humans, this can add up quickly. For small teams with a handful of services, it's straightforward and reasonably priced.

The MIT license on the core is the most permissive in this series so far. If you just need a secrets store with good integrations and don't need the enterprise security features, you genuinely get a complete product for free. That's the real wedge against Vault.

FAQ

Is Infisical open source?

Yes — the core platform (API server, CLI, SDKs, Kubernetes operator, agent, dashboard UI, all integrations) is MIT-licensed. Everything under backend/src/ee/ (800+ files) is covered by the proprietary Infisical Enterprise License and requires a paid subscription to run in production.

What counts as an 'identity' in Infisical pricing?

Both humans and machines. A user, a service, a CI/CD pipeline, a Kubernetes service account, or an agent that authenticates to Infisical each counts as one identity at $18/month on the Pro tier.

What's the cheapest paid Infisical plan?

Pro at $18/month per identity. The pricing-page slider runs from 1 to 50 identities; beyond that you're in Enterprise territory with custom pricing.

Can I self-host Infisical for free?

Yes for the MIT core — full secrets management, all third-party integrations, Google and GitHub SSO, no licensing cost. But RBAC, SAML SSO, secret versioning, dynamic secrets, SCIM, and LDAP all require a Pro or Enterprise license key, even on your own infrastructure.

When does Infisical make sense vs. HashiCorp Vault?

For growing teams (10–30 engineers) that don't want to hire a Vault specialist. A 15-engineer team with 25 machine identities pays $720/month for Pro — less than the fractional DevOps cost of operating Vault policies, token renewal, and seal/unseal ceremonies.