Easier self-hosting

[sandstrom]

We're looking at Infisical. It's a nice tool! 🎉

Background

What we like about it is that:

1. We can run the paid (cloud) version for developers (dev and staging secrets), with SSO and other nice stuff. Developer secrets are a gray area, where they are somewhat secret, and need to be rolled now and then (nothing we want in source control), but also not super-secret, so using SaaS is fine.
2. We can self-host Infisical for our production secrets, 100% isolated from developer (dev, staging) secrets.

I know many open-source SaaS companies want to make deployment a hassle, to encourage paid cloud.

Wish

The current self-host story is somewhat complicated, and could be simplified further.

For example, is Redis really needed? When Postgres can hold everything in memory (which would be the case for most self-hosted scenarios), is Redis really needed? Maybe Redis could be optional, with fallback to Postgres.

---

Asides

• I'd consider the Business Source License. That way, you have fewer incentives to keep functionality out of the self-hosted version, but can still reasonably monetize.

• You should push the dual self-host + cloud for developers story more. I think that's a very compelling benefit with your offering, an area where several of your competitors will have a harder time (because they aren't open-source).

  Benefit with this is that we get dev/prod parity (CLI tools etc), without the security risks of using hosted SaaS for secrets.

• Several of your integrations requires dropping E2EE. I can see why, because it's easy. But I think you should have a higher bar. E.g. AWS param store. You could also sync the encrypted secrets, and we could read them using your CLI tool (decrypt on the client).

[maidul98]

Thanks for opening up this discussion. Infisical is a bit different from other self-hostable tools in that there is a real need for the product to be hosted easily. This is for a variety of reasons for wanting to self host Infisical, including meeting compliance. As a result, while it may seem a bit cumbersome to deploy Infisical, we are continuing to improve the self-hosting side of Infisical. In fact, just this week, we have released a highly optimized version of Infisical that can be deployed with just a single docker image. You can deploy Infisical on services like Google Cloud Run, Render, Fly.io, and many others within just 5-10 minutes.

S3 is a great idea, and the team is aware that expanding the persistent layer is a major factor in improving the self-hostable experience. We have plans to add PostgreSQL as a backend, and many more options will come in the future.

Check out this document to deploy Infisical with a single docker image: https://infisical.com/docs/self-hosting/deployment-options/standalone-infisical

[sandstrom]

Took another look at Infisical today. Great progress on this front, with the docker images and Postgresql! 🎉

I still think you should consider making Redis optional, with automatic fallback to Postgres when Redis is skipped. As long as Postgres can keep the dataset in memory, it's fairly quick.