Run any Skill in Manus with one click

$pwd:

infisical-agent

Name: Infisical Agent
Author: Infisical

// Guide for configuring the Infisical Agent — a client daemon that manages token lifecycle and renders secrets via Go templates without modifying application code. Covers the full YAML config format, all 6 auth methods (Universal Auth, Kubernetes, AWS IAM, Azure, GCP ID Token, GCP IAM), sinks, template functions (listSecrets, listSecretsByProjectSlug, getSecretByName, dynamicSecret), polling, on-change commands, and caching. Use this skill when someone asks about: Infisical Agent, agent config file, agent templates, rendering secrets to files, sidecar secret injection, token renewal, infisical agent command, or 'how do I use the Infisical Agent to inject secrets'.

Run Skill in Manus

$ git log --oneline --stat

stars:11

forks:0

updated:April 14, 2026 at 14:27

File Explorer

4 files

SKILL.md

readonly

name

infisical-agent

description

Guide for configuring the Infisical Agent — a client daemon that manages token lifecycle and renders secrets via Go templates without modifying application code. Covers the full YAML config format, all 6 auth methods (Universal Auth, Kubernetes, AWS IAM, Azure, GCP ID Token, GCP IAM), sinks, template functions (listSecrets, listSecretsByProjectSlug, getSecretByName, dynamicSecret), polling, on-change commands, and caching. Use this skill when someone asks about: Infisical Agent, agent config file, agent templates, rendering secrets to files, sidecar secret injection, token renewal, infisical agent command, or 'how do I use the Infisical Agent to inject secrets'.

Infisical Agent Guide

You are a setup assistant helping users configure the Infisical Agent — a client daemon that simplifies secret management by automatically authenticating, renewing tokens, and rendering secrets to files via Go templates.

How to use this skill

Start by understanding the user's deployment context, then guide them through:

Auth method — Which authentication method fits their platform
Config file — The YAML config structure with auth, sinks, and templates
Templates — Go template syntax with the correct template functions
Deployment — Running the agent in their environment (Docker, K8s, ECS, etc.)

Read the relevant reference file(s), then walk them through building their config file step by step.

Reference files

File	When to read
`references/agent-config.md`	User needs the full config file format, field reference, auth methods, sinks, or caching
`references/template-functions.md`	User needs to write templates — all available functions with signatures, parameters, and examples
`references/deployment-examples.md`	User needs example configs for specific platforms (Docker Compose, ECS, Kubernetes, basic)

Guiding principles

Platform-native auth first. On AWS, recommend aws-iam. On Kubernetes, recommend kubernetes. On Azure, recommend azure. Only fall back to universal-auth (client ID/secret) when platform-native auth isn't available.
Templates over sinks for secrets. Sinks deposit access tokens. Templates render actual secrets. Most users want templates, not raw access tokens.
Use listSecrets or listSecretsByProjectSlug for .env files. These are the most common template functions — they render all secrets in an environment to a key=value file.
Use dynamicSecret for database credentials. This function creates and auto-renews dynamic secret leases directly in templates.
Polling interval matters. Default is 5 minutes. For latency-sensitive apps, reduce it. For stable configs, increase it to reduce API calls.
exit-after-auth: true for init containers. In Kubernetes init containers or one-shot setups, set this so the agent renders secrets once and exits.
On-change commands for reloads. Use execute.command to trigger application restarts or config reloads when secrets change.
Never log secret values. The agent writes to files — ensure the destination paths have correct permissions and aren't exposed.

related-skills.json

same repository

infisical-api.md

from "Infisical/ai-skills"

Interact with the Infisical REST API to manage secrets, projects, environments, machine identities, and more. Supports secret CRUD operations, machine identity authentication, pagination, and rate limiting on cloud deployments.

2026-04-1911

infisical-self-host.md

from "Infisical/ai-skills"

Deploy and operate Infisical self-hosted instances with Docker, Docker Compose, and Kubernetes. Covers architecture, environment variables, ENCRYPTION_KEY management, database setup, Redis configuration, production hardening, FIPS compliance, scaling, and high availability patterns.

2026-04-1911

infisical-terraform.md

from "Infisical/ai-skills"

Expert guidance for the Infisical Terraform Provider. Covers HCL resource configuration, ephemeral secrets management, data source patterns, project role permissions, and OIDC authentication for Terraform Cloud. Use for secret injection via IaC, Machine Identity setup, access approval policies, and cloud-native integration patterns.

2026-04-1911

infisical-dynamic-secrets.md

from "Infisical/ai-skills"

Guide for configuring Infisical Dynamic Secrets — on-demand, short-lived credentials for databases, cloud IAM, SSH, and Kubernetes. Covers 27 providers including PostgreSQL, MySQL, Redis, MongoDB, AWS IAM, GCP IAM, SSH certificates, Kubernetes service accounts, and more. Use this skill when someone asks about: dynamic secrets, ephemeral database credentials, short-lived tokens, rotating database users, dynamic PostgreSQL/MySQL/Redis credentials, SSH certificates, temporary AWS IAM users, or 'how do I generate temporary credentials with Infisical'.

2026-04-1411

infisical-secret-syncs.md

from "Infisical/ai-skills"

Guide for configuring Infisical Secret Syncs to push secrets from Infisical to third-party services. Covers 38+ sync destinations including AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, GitHub, Vercel, HashiCorp Vault, Cloudflare, and more. Use this skill when someone asks about: syncing secrets to AWS/GCP/Azure, pushing secrets to GitHub Actions, Vercel environment variables, secret sync setup, App Connections, mapping behavior, key schemas, or 'how do I get my Infisical secrets into [service]'.

2026-04-1411

infisical-user-setup-guide.md

from "Infisical/ai-skills"

Interactive setup guide for using Infisical as a secret management tool in your projects. Helps users integrate Infisical into local development (CLI), Docker containers (build-time and runtime secret injection), CI/CD pipelines (GitHub Actions, GitLab CI), Kubernetes (Operator + CRDs), and application code (Node.js, Python, Go, Java, .NET, Ruby SDKs). Also walks through choosing and configuring machine identity auth methods (Universal Auth, AWS Auth, Kubernetes Auth, OIDC, etc.). Use this skill whenever someone asks about: using Infisical, injecting secrets, infisical run, infisical init, connecting their app to Infisical, Docker secrets, Kubernetes secrets operator, machine identity setup, SDK initialization, CI/CD secret injection, or 'how do I get my secrets into my app'.

2026-04-1011

package.json

"author": "Infisical"

"repository": "Infisical/ai-skills"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Software DevelopersComputer and Mathematical Occupations15-1252L4

name

infisical-agent

description

Infisical Agent Guide

How to use this skill

Start by understanding the user's deployment context, then guide them through:

Auth method — Which authentication method fits their platform
Config file — The YAML config structure with auth, sinks, and templates
Templates — Go template syntax with the correct template functions
Deployment — Running the agent in their environment (Docker, K8s, ECS, etc.)

Read the relevant reference file(s), then walk them through building their config file step by step.

Reference files

File	When to read
`references/agent-config.md`	User needs the full config file format, field reference, auth methods, sinks, or caching
`references/template-functions.md`	User needs to write templates — all available functions with signatures, parameters, and examples
`references/deployment-examples.md`	User needs example configs for specific platforms (Docker Compose, ECS, Kubernetes, basic)

Guiding principles

Platform-native auth first. On AWS, recommend aws-iam. On Kubernetes, recommend kubernetes. On Azure, recommend azure. Only fall back to universal-auth (client ID/secret) when platform-native auth isn't available.
Templates over sinks for secrets. Sinks deposit access tokens. Templates render actual secrets. Most users want templates, not raw access tokens.
Use listSecrets or listSecretsByProjectSlug for .env files. These are the most common template functions — they render all secrets in an environment to a key=value file.
Use dynamicSecret for database credentials. This function creates and auto-renews dynamic secret leases directly in templates.
Polling interval matters. Default is 5 minutes. For latency-sensitive apps, reduce it. For stable configs, increase it to reduce API calls.
exit-after-auth: true for init containers. In Kubernetes init containers or one-shot setups, set this so the agent renders secrets once and exits.
On-change commands for reloads. Use execute.command to trigger application restarts or config reloads when secrets change.
Never log secret values. The agent writes to files — ensure the destination paths have correct permissions and aren't exposed.

infisical-agent

Infisical Agent Guide

How to use this skill

Reference files

Guiding principles

More from this repository

More from this repository

Infisical Agent Guide

How to use this skill

Reference files

Guiding principles