Security

How to implement local Infisical with Docker (and stop using .env)

If you still store your passwords in .env files, this post will help you improve that. Today I'll show you how to run Infisical locally with Docker and use it to manage your secrets more securely.

April 13, 20262 min readTawan Silva
How to implement local Infisical with Docker (and stop using .env)

Share this post

Send it to someone or save the link for later.

LinkedIn WhatsApp

The problem with .env files

.env files are simple, but have several problems:

  • Easy to leak (especially in repositories)

  • Difficult to manage across multiple environments

  • Doesn't scale well in teams

  • Secrets are scattered

Works at first, but quickly becomes a headache.

What is Infisical?

Infisical is a secrets manager.

It allows you to centralize things like:

  • API keys

  • Tokens

  • Database passwords

  • Environment variables

All outside of code, with control and security.

Important: the .env file doesn't disappear

One important thing:

Infisical doesn't completely eliminate the .env file.

It eliminates the .env file from your application.

You will still have a .env file to deploy the infrastructure (Docker, database, etc.), but you will no longer version secrets in your code.

Deploying Infisical with Docker

We'll deploy everything with Docker Compose.

Here's a basic example:

services:
  infisical-postgres:
    image: postgres:16-alpine
    restart: unless-stopped
    env_file:
      - ./.env
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - infisical_postgres_data:/var/lib/postgresql/data
    ports:
      - "${POSTGRES_PORT:-5432}:5432"

  infisical-redis:
    image: redis:7-alpine
    restart: unless-stopped
    ports:
      - "${REDIS_PORT:-6379}:6379"

  infisical:
    image: infisical/infisical:latest
    restart: unless-stopped
    depends_on:
      - infisical-postgres
      - infisical-redis
    env_file:
      - ./.env
    ports:
      - "${INFISICAL_PORT:-8080}:8080"

volumes:
  infisical_postgres_data:

Environment variables

Create a .env file with something like this:

INFISICAL_PORT=8080
POSTGRES_PORT=5432
REDIS_PORT=6379

SITE_URL=http://localhost:8080
PORT=8080
HOST=0.0.0.0
TELEMETRY_ENABLED=false

ENCRYPTION_KEY=GEN_WITH_OPENSSL
AUTH_SECRET=GEN_WITH_OPENSSL

POSTGRES_DB=infisical
POSTGRES_USER=infisical
POSTGRES_PASSWORD=infisical
DB_CONNECTION_URI=postgres://infisical:infisical@infisical-postgres:5432/infisical

REDIS_URL=redis://infisical-redis:6379

To generate the keys:

openssl rand -hex 16
openssl rand -base64 32

Setting up the environment

Now just run it:

docker compose up -d

Then, access:

http://localhost:8080

Setting up Infisical

  • Create your account

  • Create a project

  • Add your secrets

Example:

  • DATABASE_URL

  • API_KEY

  • JWT_SECRET

Benefits

  • Secrets outside of code

  • More security

  • Better organization

  • Easy to scale to multiple environments

  • Integration with CI/CD

Conclusion

The .env file works, but it's not enough when the project grows.

Infisical solves this problem by bringing control and security to your secrets.

If you want to start building more professional systems, this is a great next step.

Support the content

Enjoyed the post? Buy me a coffee.

If this helped you, you can support the content with a small PayPal contribution.

Support with PayPal
#vault#secrets-keys#infisical#security

Comments

Comments are moderated before they become visible.

Sign in to comment on this post.
Sign inCreate account

No comments yet. Be the first one!