Breaking: Infisical secures $16M Series A led by Elad Gil 10+ billion secrets managed monthly 40M+ downloads · 100,000+ developers Hugging Face, LG & Lucid run on Infisical MIT-licensed. Self-hostable. Open source. Y Combinator W23 · Backed by Google's Gradient Ventures Breaking: Infisical secures $16M Series A led by Elad Gil 10+ billion secrets managed monthly 40M+ downloads · 100,000+ developers Hugging Face, LG & Lucid run on Infisical MIT-licensed. Self-hostable. Open source. Y Combinator W23 · Backed by Google's Gradient Ventures
Infisical logo
The Infisical mark - a fox that has seen one too many API keys hardcoded into a public repo and decided to do something about it.
Company Profile · Developer Tools

Infisical

The open-source security platform for secrets, certificates, and the machine identities running your software.

Founded 2022 San Francisco, CA Open Source · MIT Series A

Somewhere right now, a developer is about to paste a database password into a Slack message. They know they shouldn't. They'll do it anyway, because the alternative has always been worse. Infisical exists to make sure that the alternative is no longer worse.

The company sits in San Francisco, but its real address is a GitHub repository with more than 27,000 stars and 40 million downloads. Infisical builds the unglamorous plumbing that keeps software secrets - API keys, certificates, database credentials, SSH access - out of the places they should never be: plaintext files, chat logs, and the public internet. It is the kind of problem nobody puts on a poster, and exactly the kind of problem that takes down companies when it goes wrong.

Pictured: a category of software so necessary that everyone forgets it exists until the day it doesn't.
"Secrets management has evolved from something esoteric into something any team can use with ease."- Vlad Matsiiako, Co-Founder & CEO
10B+
Secrets / month
40M+
Downloads
100k+
Developers
$18.9M
Total raised
The Problem They Saw

Secret sprawl is a quiet disaster

Every application needs secrets to function. A web app needs the key to its database. A CI pipeline needs a token to deploy. An AI agent needs credentials to call an API. For years, the default way to manage these was the .env file - a humble text document of passwords, copied between laptops, emailed around, occasionally committed to git by accident. The polite industry term is "secret sprawl." The honest term is a mess.

The enterprise answer was HashiCorp Vault: powerful, comprehensive, and famously difficult to operate. It solved the problem for teams who could afford a dedicated platform engineer to babysit it. Everyone else kept pasting passwords into Slack. There was a gap in the middle - between a sticky note and a fortress - and that gap was where most of the world's software actually lived.

A password in a .env file is a secret. A password in a public GitHub repo is a press release.- The case for existing, more or less

In 2024, HashiCorp moved Vault to a more restrictive BSL license, then was acquired by IBM. The open-source middle got even emptier. That vacuum is the tension Infisical was built around, and it has not let go of it since.

The Founders' Bet

Bet on developers, and keep it open

Infisical was founded in 2022 and went through Y Combinator's Winter 2023 batch. The wager was specific: build secrets management that a developer could adopt in an afternoon, keep the core MIT-licensed so anyone could self-host it, and refuse to make security a luxury good. Where Vault drifted toward restriction, Infisical leaned the other way.

Vlad Matsiiako
Co-Founder & CEO

Cornell-trained in operations research and econometrics; earlier stints at Figma and Dutch neobank bunq. An unusual route to running a security-infra company.

Maidul Islam
Co-Founder & CTO

Previously a software engineer at AWS. Builds the engine room. Had shipped side projects with Tony long before Infisical had a name.

Tony Dang
Co-Founder

Maidul's longtime collaborator on React and Laravel projects. Part of the founding trio that turned a .env annoyance into a company.

Three founders, one shared conviction that security tooling does not have to feel like a punishment.

The bet attracted believers quickly. Elad Gil showed up as a seed angel in 2023, alongside Google's Gradient Ventures and Y Combinator. Two years later, the same Elad Gil came back to lead the Series A. Investors who write a second, much larger check tend to have seen something work.

The Product

One stack, not one feature

Infisical started as secrets management and kept building outward. Today it is a full security stack - the parts of infrastructure security that used to require four different vendors, glued together with hope.

Secrets Management

Store, sync, and inject secrets across teams, CI/CD, and cloud with encryption, versioning, point-in-time recovery, and audit logs.

Dynamic Secrets

Generate ephemeral, on-demand credentials for databases and cloud services that expire on their own.

Secret Rotation

Automatically rotate credentials on a schedule, shrinking the blast radius of any single leak.

Secret Scanning

Catch hardcoded secrets before they reach git, with hooks into GitHub, GitLab, Bitbucket, and CI.

PKI & Certificates

Run private certificate authorities, issue and monitor X.509 certs, and automate renewals - including a Kubernetes issuer.

KMS & SSH

Centralized key management plus short-lived signed SSH certificates that replace static keys.

Privileged Access

Just-in-time, SSO-brokered access to databases, servers, and clusters - with session recording and replay.

Agent Vault

An open-source proxy that lets AI agents make authenticated requests without ever seeing the underlying secret.

"The platform scales effortlessly from an organization's first deployment to tens of thousands of microservices."- Vlad Matsiiako

One detail amuses the engineers who notice it: a security-infrastructure company wrote roughly 97% of its codebase in TypeScript. Security purists expect Rust or Go and a great deal of solemnity. Infisical chose the language of the web developers it wants to serve. The medium is part of the message.

The short, fast history

// Milestones, plotted
2022
Founded. Three founders set out to fix secret sprawl for the rest of us.
W23
Y Combinator. Winter 2023 batch; the project starts climbing GitHub's charts.
Jul 2023
$2.8M seed led by Google's Gradient Ventures, with Elad Gil and Y Combinator.
2024-25
Stack expands. PKI, KMS, and SSH access management ship. Reaches cash-flow positive.
Jun 2025
$16M Series A led by Elad Gil, joined by Gradient, Y Combinator, and Dynamic Fund.
2026
Agent Vault. Open-source credential proxy lets teams ship AI agents without exposing keys.
The Proof

Numbers, customers, and a second check

The skeptic's question is fair: does anyone actually run this in production? The customer list answers it - Hugging Face, LG, Lucid Software, Writer, OpenRouter, and Excalidraw among them. These are teams with real consequences for getting secrets wrong, and they chose the open-source option.

Funding, round by round

// USD raised per round - the line goes up and to the right, as lines in pitch decks must
Pre-seed (YC)
~$0.5M
Seed (2023)
$2.8M
Series A (2025)
$16M
Total to date
$18.9M
Note the gap between seed and Series A. That space is filled with roughly 20x revenue growth and one very convinced lead investor.

In the year before the Series A, Infisical reported around 20x revenue growth and reached cash-flow positive - rare enough in developer infrastructure to be worth saying twice. The platform claims 99.99% availability and secures secrets at a scale measured in billions per month. The repository, meanwhile, keeps doing the quiet work of recruiting: every star is a developer who tried it and stayed.

A customer list is marketing. A second check from the same investor is a verdict.- On why the Elad Gil detail matters
The Mission

Make security enjoyable, of all things

Infisical's stated mission is to make security "more accessible and enjoyable for every developer." Enjoyable is a strange word for a field that usually trades in fear, audits, and the cold sweat of a 3 a.m. incident. That word choice is the whole point. Security that developers dread is security that developers route around, and routed-around security is how secrets end up in Slack in the first place.

The company's wager is that the best way to make systems secure is to make the secure path the easy path. Open source keeps it honest - if the tool were bad, 100,000 developers would simply leave. They haven't.

Why It Matters Tomorrow

The machines need secrets too

Here is the part that changes the stakes. Software used to be written by people and run by people. Increasingly it is run by AI agents - autonomous programs that call APIs, query databases, and act on their own. Every one of those actions needs a credential, and an agent that holds a credential is an agent that can leak one.

Infisical's 2026 launch of Agent Vault aims directly at this: a proxy that lets an agent make authenticated requests without ever seeing the secret behind them. The machine acts; the key stays hidden. If the last decade was about giving humans a safe place to keep secrets, the next is about doing the same for the software that increasingly outnumbers them.

Give a developer a safe place to keep a secret, and they'll secure one app. Give every AI agent one, and you've secured the next decade of software.- The bet, restated

Which brings us back to that developer, the one about to paste a password into Slack. The difference now is that the easy thing and the safe thing have finally become the same thing. A single command pulls the secret in at runtime. Nothing gets copied. Nothing gets pasted. The chat stays boring, which is the highest compliment you can pay a security tool. Infisical did not make secrets disappear. It made them stop showing up where they were never supposed to be.

Find Infisical

Website GitHub LinkedIn X / Twitter Docs Slack Community Series A Announcement Customers
// Watch & listen
Vlad Matsiiako Interview The Open Source Security Stack Scaling DevTools Podcast Code Story: Vlad Matsiiako