ZeroStarter

Infisical

Secrets Management on Autopilot.

Overview

All-in-one platform to securely manage application configuration and secrets across your team and infrastructure. Used by Fortune 500 enterprises, international governments, and fastest-growing startups. Save time and boost security.

How ZeroStarter uses Infisical

The repo ships a committed .infisical.json at the root that records the workspaceId linking this checkout to an Infisical project. With it in place, infisical export can write the root .env (or stage-specific .env.<stage>) files that the @packages/env/* modules then validate at runtime. Infisical is the source of secrets; the .env files are the local artifact those secrets land in.

infisical export --env=dev --output-file=./.env

This is optional: if you populate the .env files another way, ZeroStarter runs the same. The sections below cover installing and using the CLI.

Self-Hosting

Deploy on Railway

CLI Reference

Installation

bun add -g @infisical/cli

Login

Login into Infisical from the CLI

  • Interactive
infisical login
  • Non-interactive
    • --plain: When used with direct user login or machine identity authentication, outputs only the JWT access token without any additional formatting. This is useful for scripting and CI/CD pipelines where you need to capture the token.
    • --silent: Use it alongside the --plain flag to disable all messages in the console except from the access token.
infisical login \
  --domain "<YOUR_DOMAIN>" \
  --email "<YOUR_EMAIL>" \
  --password "<YOUR_PASSWORD>" \
  --organization-id "<YOUR_ORGANIZATION_ID>" \
  --plain \
  --silent

Init

Switch between Infisical projects within CLI

infisical init

Link a local project to your Infisical project. Once connected, you can then access the secrets locally from the connected Infisical project.

This command creates a .infisical.json file containing your workspaceId.

Export

Export Infisical secrets from CLI into different file formats

infisical export --env=dev --output-file=./.env.development
  • --env: The environment to export secrets for, defaults to dev. Can be one of: dev, staging, prod.
  • --projectId: By default the project (the workspaceId) is retrieved from the .infisical.json located at the root of your local project. This flag allows you to override this behavior by explicitly defining the project to fetch your secrets from.

Read more

IDE Setup

Recommended IDE configuration for ZeroStarter.

Contributing

Guidelines for contributing to ZeroStarter.

On this page

OverviewHow ZeroStarter uses InfisicalSelf-HostingCLI ReferenceInstallationLoginInitExportRead more