Infisical MCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Infisical MCPrender .env file for project prod"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Infisical MCP
FastMCP server for managing a self-hosted Infisical instance from an agent.
Default base URL:
https://infisical-bfi.blueforceinnovations.comWhat It Exposes
Project list/get/create/update/delete tools.
Environment list/create/update/delete tools.
Folder list/create/update/delete tools.
Secret get/list/create/update/delete tools.
Organization machine identity list/get/create/update/delete tools.
Project-managed identity list/get/create/update/delete tools.
Project user and identity membership management tools.
Project role list/get/create/update/delete tools.
Organization audit log export tools.
Secret import list/create/update/delete tools.
.envand shell-export renderers for using Infisical secrets in projects.
The server uses Infisical's documented REST API directly:
Universal Auth:
POST /api/v1/auth/universal-auth/loginProjects:
/api/v1/projectsEnvironments:
/api/v1/projects/{projectId}/environmentsOrganization user memberships:
/api/v2/organizations/{orgId}/membershipsOrganization identities:
/api/v1/identitiesOrganization identity memberships:
/api/v2/organizations/{orgId}/identity-membershipsProject managed identities:
/api/v1/projects/{projectId}/identitiesProject user memberships:
/api/v1/projects/{projectId}/membershipsProject identity memberships:
/api/v1/projects/{projectId}/memberships/identitiesProject roles:
/api/v1/projects/{projectId}/rolesAudit logs:
/api/v1/organization/audit-logsFolders:
/api/v2/foldersStatic secrets:
/api/v4/secretsSecret imports:
/api/v2/secret-imports
Related MCP server: API Testing MCP
Configure
Create a local .env from the example:
cp .env.example .envUse one auth mode.
Token Auth / API-key-like Machine Identity token:
INFISICAL_TOKEN=Universal Auth:
INFISICAL_CLIENT_ID=
INFISICAL_CLIENT_SECRET=
INFISICAL_ORGANIZATION_SLUG=Optional defaults:
INFISICAL_PROJECT_ID=project_uuid
INFISICAL_ENVIRONMENT=dev
INFISICAL_SECRET_PATH=/Run Locally
pip install -e .
infisical-mcpBy default the server uses stdio, which is the normal transport for local MCP clients.
HTTP is also supported:
MCP_TRANSPORT=http MCP_HOST=0.0.0.0 MCP_PORT=8000 infisical-mcpRun With Docker Compose
Build:
docker compose buildRun as a stdio MCP server:
docker compose run --rm -T infisical-mcpRun as an HTTP MCP server:
MCP_TRANSPORT=http docker compose upThen connect to:
http://localhost:8000/mcpFor a stdio MCP client, configure the command as:
{
"command": "docker",
"args": ["compose", "run", "--rm", "-T", "infisical-mcp"]
}Project Secret Usage
Agents can call render_env_file to fetch Infisical secrets as .env content:
DATABASE_URL=...
OPENAI_API_KEY=...They can call render_shell_exports when a shell session needs exports:
export DATABASE_URL='...'
export OPENAI_API_KEY='...'The MCP server returns the text. The calling agent decides where, if anywhere, to write it based on the target project permissions.
Admin Capabilities
The server can manage Infisical administration surfaces when the configured identity has permission:
Organization machine identities through
list_identities,get_identity,create_identity,update_identity, anddelete_identity.Organization user memberships through
list_organization_user_memberships,update_organization_user_membership,remove_organization_user_membership, andremove_organization_user_memberships.Organization identity memberships through
list_organization_identity_memberships.Project-managed identities through
list_project_identities,get_project_identity,create_project_identity,update_project_identity, anddelete_project_identity.User memberships through
list_project_user_memberships,get_project_user_by_username,invite_project_users,update_project_user_membership, andremove_project_users.Identity memberships through
list_project_identity_memberships,create_project_identity_membership,update_project_identity_membership, anddelete_project_identity_membership.Project roles through
list_project_roles,get_project_role_by_slug,create_project_role,update_project_role, anddelete_project_role.Identity project privileges through
create_identity_project_additional_privilege,get_identity_project_additional_privilege,update_identity_project_additional_privilege, anddelete_identity_project_additional_privilege.Audit logs through
export_audit_logs.Secret imports through
list_secret_imports,create_secret_import,update_secret_import, anddelete_secret_import.
Role assignment tools accept Infisical role objects directly, including temporary role objects. Project role tools accept Infisical permission rule objects directly so agents can preserve the full permission grammar.
Test
pytestThis server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/plgonzalezrx8/InfisicalMCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server