mirror of
https://github.com/Infisical/infisical.git
synced 2026-01-10 16:08:20 -05:00
19 lines
1.1 KiB
Plaintext
19 lines
1.1 KiB
Plaintext
---
|
|
title: "Usage"
|
|
---
|
|
|
|
Prerequisites:
|
|
|
|
- Set up and add envars to [Infisical Cloud](https://app.infisical.com) or your self-hosted instance.
|
|
- Obtain an API Key in your user settings to be included in requests to the Infisical API.
|
|
|
|
Using Infisical's API to manage secrets requires a basic understanding of the system and its underlying cryptography detailed [here](/security/overview).
|
|
|
|
## Concepts
|
|
|
|
- Each user has a public/private key pair that is stored with the platform; private keys are encrypted locally by the user's password before being sent off to the server during the account signup process.
|
|
- Each (encrypted) secret belongs to a project and environment.
|
|
- Each project has an (encrypted) project key used to encrypt the secrets within that project; Infisical stores copies of the project key, for each member of that project, encrypted under each member's public key.
|
|
- Secrets are encrypted symmetrically by your copy of the project key belonging to the project containing.
|
|
- Infisical uses AES256-GCM and [TweetNaCl.js](https://tweetnacl.js.org/#/) for symmetric and asymmetric encryption/decryption operations.
|