Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.porter.run/llms.txt

Use this file to discover all available pages before exploring further.

Porter integrates with Infisical so you can manage secrets in Infisical and have them automatically synced into your Porter applications. Each Infisical environment is exposed in Porter as a read-only environment group that can be attached to any application in the cluster. Under the hood, Porter installs the Infisical Kubernetes operator on your cluster, which uses a machine identity to pull secrets directly from Infisical. Secret values never persist in Porter’s infrastructure.

Enabling the Infisical integration

The Infisical integration is enabled per cluster.
  1. From the Porter dashboard, navigate to the Integrations tab.
  2. Find Infisical in the list and toggle it on.
Porter installs the Infisical operator on the selected cluster. Once enabled, you can begin adding Infisical environment groups.

Adding an Infisical environment group

Each environment group corresponds to a path within a specific environment of an Infisical project.

Create a machine identity in Infisical

Porter authenticates with Infisical using a machine identity. In your Infisical project:
  1. Create a machine identity and assign it the Viewer role on the project.
  2. Generate a Client ID and Client Secret for the identity.
Keep both values handy — you’ll paste them into Porter in the next step.

Create the environment group in Porter

  1. On the Infisical integration page in Porter, click Add Infisical env group.
  2. Fill in the form:
    • Name (for Porter environment group) — the name you’ll use to reference this environment group inside Porter (e.g. production-infisical).
    • Project slug — the slug of the Infisical project to sync from.
    • Env slug — the environment to pull from (e.g. dev, staging, prod).
    • Env path — the secret path within the environment. Defaults to /.
    • Service URL — the Infisical API URL. Defaults to https://app.infisical.com/api. Set this to your self-hosted Infisical URL if you’re not using Infisical Cloud.
    • Client ID — the client ID of the machine identity you created.
    • Client Secret — the client secret of the machine identity.
  3. Click Add Infisical env group.
Add a new Infisical integration modal in the Porter dashboard
The new environment group will appear alongside your other environment groups in the Env Groups tab.

Syncing to an application

Infisical environment groups work like any other Porter environment group. You can sync them to an application:
  • From the dashboard, on the application’s Env Groups tab, add the Infisical group and click Update app.
  • From porter.yaml, add the group’s name to the envGroups field:
version: v2
name: my-app

envGroups:
  - production-infisical

services:
  - name: web
    type: web
    run: npm start
    port: 3000
For more on syncing, see Environment groups.
Infisical environment groups are read-only in Porter. Values are fetched from Infisical and cannot be edited from the Porter dashboard. To change a secret’s value, update it in Infisical — the change will propagate to your cluster automatically.

Deleting an Infisical environment group

To stop syncing an Infisical environment:
  1. Open the environment group in Porter.
  2. Go to the Settings tab and click Delete.
You cannot delete an environment group that is synced to an application. Remove it from all synced applications first.
Deleting the environment group removes the synced Kubernetes resources from your cluster. It does not delete the underlying secrets in Infisical.