Projects

A project defines a specific scope of work for a given product line in Infisical. Projects are created within an organization, and an organization can contain multiple projects across different product types.

Project Types

Infisical supports project types, each representing a different security product with its own dashboard, workflows, and capabilities. project types The supported project types are:
  • Secrets Management: Securely store, access, and distribute secrets across environments with fine-grained controls, automatic rotation, and audit logging.
  • Secrets Scanning: Detect hardcoded secrets in code, CI pipelines, and infrastructure—integrated with GitHub, GitLab, Bitbucket, and more.
  • Infisical PKI: Issue and manage X.509 certificates using protocols like EST, with support for internal and external CAs.
  • Infisical SSH: Provide short-lived SSH access to servers using certificate-based authentication, replacing static keys with policy-driven, time-bound control.
  • Infisical KMS: Encrypt and decrypt data using centrally managed keys with enforced access policies and full audit visibility.

Roles and Access Control

Users and machine identities must be added to a project to access its resources. Each identity is assigned a project-level role that defines what they can manage—such as secrets, certificates, or SSH access. These roles apply to both individuals and user groups, enabling scalable access across teams and environments. Project access is strictly scoped: only members of a project can view or manage its resources. If someone needs access but isn’t part of the project, they can submit an access request. Each project in Infisical has its own access control model, distinct from organization-level access control. While organization roles govern broader administrative access, project-level roles control what users, groups, and machine identities can do within the boundaries of a specific project—such as managing secrets, issuing certificates, or configuring SSH access. Depending on the project type (e.g. Secrets Management, PKI, SSH), project-level access control supports advanced features like temporary access, access requests, and additional privileges. project roles To learn more about how permissions work in detail, refer to the access control documentation.

Audit Logs

Infisical provides audit logging at the project level to help teams monitor activity and maintain accountability within a specific project. These logs capture all relevant events—such as secret access, certificate issuance, and SSH activity—that occur within the boundaries of that project. Unlike the organization-level audit view, which aggregates logs across all projects in one centralized interface, the project-level audit view is scoped to a single project. This enables relevant project admins and contributors to review activity relevant to their work without having broader access to audit logs in other projects that they are not part of.

Project Settings

Each project has its own settings panel, with options that vary depending on the selected product type. These may include setup and configuration for environments, tags, behaviors, encryption strategies, and other options. Project settings are fully independent and reflect the capabilities of the associated product.