Infisical MCP

59 tools. 36 can modify or destroy data without limits.

13 destructive tools with no built-in limits. Policy required.

Last updated:

36 can modify or destroy data
23 read-only
59 tools total

Community server · catalogue entry verified 02/07/2026

How to control Infisical MCP ↓

What Infisical MCP exposes to your agents

Read (23) Write / Execute (23) Destructive / Financial (13)
Critical Risk

The most dangerous Infisical MCP tools

36 of Infisical MCP's 59 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Infisical MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and Infisical MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_environment": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "create_environment": {
    "limits": [
      {
        "counter": "create_environment_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "export_audit_logs": {
    "limits": [
      {
        "counter": "export_audit_logs_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Infisical MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON INFISICAL →

Instant setup, no code required.

All 59 Infisical MCP tools

WRITE 23 tools
Write create_environment Create an environment in a project. Write create_folder Create an Infisical folder. Write create_identity Create an organization machine identity. Write create_identity_project_additional_privilege Create additional project-specific privileges for an identity. Write create_project Create an Infisical project. Write create_project_identity Create a machine identity scoped to a project. Write create_project_identity_membership Create a machine identity project membership with assigned roles. Write create_project_role Create a custom project role with Infisical permission rules. Write create_secret Create a static secret. Write create_secret_import Create a secret import from another environment/path. Write invite_project_users Invite organization users to a project and assign role slugs. Write update_environment Update an environment by ID. Write update_folder Update an Infisical folder by ID. Write update_identity Update an organization machine identity. Write update_identity_project_additional_privilege Update an identity's project-specific additional privilege. Write update_organization_user_membership Update an organization user membership. Write update_project Update basic Infisical project metadata. Write update_project_identity Update a project-managed machine identity. Write update_project_identity_membership Update a machine identity's project membership roles. Write update_project_role Update a custom project role. Write update_project_user_membership Update a project user membership's assigned roles. Write update_secret Update or rename a static secret. Write update_secret_import Update a configured secret import.
READ 23 tools
Read export_audit_logs Export organization audit logs with optional filters. Read get_identity Get a machine identity by ID. Read get_identity_project_additional_privilege Get an identity's project-specific additional privilege by ID. Read get_project Get a project by ID or slug. Read get_project_identity Get a project-managed identity by ID. Read get_project_role_by_slug Get a project role by slug. Read get_project_user_by_username Get a project user membership by username. Read get_secret Get one static secret by name. Read list_environments List environments from a project response. Read list_folders List Infisical folders in an environment and path. Read list_identities List organization machine identities. Read list_organization_identity_memberships List organization machine-identity memberships. Read list_organization_user_memberships List user memberships in an organization. Read list_project_identities List machine identities directly managed within a project. Read list_project_identity_memberships List machine-identity memberships and roles in a project. Read list_project_roles List custom project roles. Read list_project_user_memberships List user memberships in a project. Read list_projects List Infisical projects visible to the configured identity. Read list_secret_imports List configured secret imports for a project environment and path. Read list_secrets List static secrets in an Infisical project environment. Read render_env_file Render Infisical secrets as .env file content. Read render_shell_exports Render Infisical secrets as POSIX shell export statements. Read server_config Show non-secret runtime configuration for this Infisical MCP server.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Infisical MCP

Can an AI agent delete data through the Infisical MCP server? +

Yes. The Infisical MCP server exposes 13 destructive tools including delete_environment, delete_folder, delete_identity. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Infisical MCP? +

The Infisical MCP server has 23 write tools including create_environment, create_folder, create_identity. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Infisical MCP.

How many tools does the Infisical MCP server expose? +

59 tools across 3 categories: Destructive, Read, Write. 23 are read-only. 36 can modify, create, or delete data.

How do I enforce a policy on Infisical MCP? +

Register the Infisical MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Infisical MCP tool call.

Deterministic rules across all 59 Infisical MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

59 Infisical MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.