Skip to main content
Prerequisites
1

Install Infisical Helm repository 

helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/' 

helm repo update
2

Add Helm values

Create a values.yaml file. This will be used to configure settings for the Infisical Helm chart. To explore all configurable properties for your values file, visit this page.
3

Select Infisical version

By default, the Infisical version set in your helm chart will likely be outdated. Choose the latest Infisical docker image tag from here here.
values.yaml
infisical:
  image:
    repository: infisical/infisical
    tag: "v0.46.2-postgres" #<-- update
    pullPolicy: IfNotPresent
Do you not use the latest docker image tag in production deployments as they can introduce unexpected changes
4

Configure environment variables

To deploy this Helm chart, a Kubernetes secret named infisical-secrets must be present in the same namespace where the chart is being deployed.For a minimal installation of Infisical, you need to configure ENCRYPTION_KEY, AUTH_SECRET, DB_CONNECTION_URI, and REDIS_URL. Learn more about configuration settings.
  • Proof of concept deployment
  • Production deployment
For test or proof-of-concept purposes, you may omit DB_CONNECTION_URI and REDIS_URL from infisical-secrets. This is because the Helm chart will automatically provision and connect to the in-cluster instances of Postgres and Redis by default.
simple-values-example.yaml
apiVersion: v1
kind: Secret
metadata:
  name: infisical-secrets
type: Opaque
stringData:
  AUTH_SECRET: <>
  ENCRYPTION_KEY: <>
5

Database schema migration

Infisical relies a relational database, which means that database schemas need to be migrated before the instance can become operational.To automate this process, the chart includes a option named infisical.autoDatabaseSchemaMigration. When this option is enabled, a deployment/upgrade will only occur after a successful schema migration.
If you are using in-cluster Postgres, you may notice the migration job failing initially. This is expected as it is waiting for the database to be in ready state.
6

Routing traffic to Infisical

By default, this chart uses Nginx as its Ingress controller to direct traffic to Infisical services.
values.yaml
ingress:
  nginx:
    enabled: true
7

Install the Helm chart

Once you are done configuring your values.yaml file, run the command below.
helm upgrade --install infisical infisical-helm-charts/infisical-standalone --values /path/to/values.yaml
values.yaml

nameOverride: "infisical"
fullnameOverride: "infisical"

infisical:
  enabled: true
  name: infisical
  autoDatabaseSchemaMigration: true
  fullnameOverride: ""
  podAnnotations: {}
  deploymentAnnotations: {}
  replicaCount: 6

  image:
    repository: infisical/infisical
    tag: "v0.46.2-postgres"
    pullPolicy: IfNotPresent

  affinity: {}
  kubeSecretRef: "infisical-secrets"
  service:
    annotations: {}
    type: ClusterIP
    nodePort: ""

  resources:
    limits:
      memory: 210Mi
    requests:
      cpu: 200m

ingress:
  enabled: true
  hostName: ""
  ingressClassName: nginx
  nginx:
    enabled: true
  annotations: {}
  tls: []

postgresql:
  enabled: true
  name: "postgresql"
  fullnameOverride: "postgresql"
  auth:
    username: infisical
    password: root
    database: infisicalDB

redis:
  enabled: true
  name: "redis"
  fullnameOverride: "redis"
  cluster:
    enabled: false
  usePassword: true
  auth:
    password: "mysecretpassword"
  architecture: standalone
8

Access Infisical

After deployment, please wait for 2-5 minutes for all pods to reach a running state. Once a significant number of pods are operational, access the IP address revealed through Ingress by your load balancer. You can find the IP address/hostname by executing the command kubectl get ingress.
infisical-selfhost
9

Upgrade your instance

To upgrade your instance of Infisical simply update the docker image tag in your Halm values and rerun the command below.
helm upgrade --install infisical infisical-helm-charts/infisical-standalone --values /path/to/values.yaml
Always back up your database before each upgrade, especially in a production environment.