Infisical Secrets

Secret management is part of agent architecture. LLM keys, API tokens, database URLs, SMTP passwords, and observability credentials should not live in source control.

Public Pattern

Use a secret manager such as Infisical to separate:

Local development variables.
Staging or preview variables.
Production runtime variables.
Provider credentials.
Integration tokens.

Runtime Loading

Containers and services should load secrets at startup or runtime through a controlled identity. Build artifacts should not contain secret values.

Generic Variable Names

Public docs can mention generic names such as OPENAI_API_KEY, DATABASE_URL, or SMTP_PASSWORD when explaining categories. They should not include real values, private project identifiers, internal hostnames, personal contact details, or operational topology.

Transactional Email

SMTP providers such as ZeptoMail can be integrated through generic SMTP_* variables. Keep provider credentials in the secret manager and document operational validation only in internal runbooks.

Related pages: Deployment Patterns and Tools and Workflows.