How to Self-Host Infisical (with Monitoring)

#devops #selfhost #docker #monitoring

Infisical is a modern, open-source secret manager for developers — think self-hosted Doppler or Vault, but simpler and actually enjoyable to use.

In this guide, I’ll show you how to deploy Infisical using Docker on any Linux server (Ubuntu, Debian, etc.), configure your environment, and keep your setup online and secure with uptime monitoring.

Let’s go 👇

🧰 What You’ll Need

A Linux server (Debian/Ubuntu preferred)
Docker & Docker Compose installed
A domain + SSL (optional but recommended)
10 minutes

🚀 Step 1: Clone the Infisical Repo

git clone https://github.com/infisical/infisical.git  
cd infisical/self-host

⚙️ Step 2: Configure the .env File

Copy the example file:

cp .env.template .env

Edit values in .env to match your setup. At minimum, update:

NODE_ENV=production  
ENCRYPTION_KEY=generate-strong-key  
DATABASE_URL=postgresql://infisical:password@db:5432/infisical

You can generate a strong encryption key with:

openssl rand -hex 32

🛢️ Step 3: Set Up Docker Compose

Infisical includes a ready-to-use docker-compose.yml. Just run:

docker compose up -d

This launches:

The Infisical server
A PostgreSQL database
A Redis cache

After a few seconds, your instance should be available at:

http://your-server-ip:8080 or your custom domain.

🌐 Step 4: Add HTTPS and a Domain (Optional)

Use a reverse proxy (Caddy, Nginx, Traefik) to expose Infisical securely:

Point secrets.yourdomain.com to your VPS
Use Let’s Encrypt for SSL
Proxy port 8080 to HTTPS

🧪 Step 5: Login & Create Your First Project

Head to the web UI → sign up → create your first workspace.

Infisical lets you securely store .env variables, share secrets between team members, and integrate into CI/CD pipelines.