How to organize secrets for a small self-hosted server
Infisical is being used with Komodo and Terraform to move away from `.env` files completely. The main question is how to organize passwords, API keys, database logins, and other secrets inside Infisical. One option is to create a separate folder for each and store everything that app needs in its own place.
This makes ownership clear and makes easier, but it can create duplicate copies when several apps need the same API key or shared service setting. Another option is to group secrets by provider or shared service, such as Cloudflare, Postgres, or GitHub, and let apps read the paths they need. This reduces duplication and makes reuse easier, but can become broader than intended, so an app may be able to see secrets it does not really need.
The practical choice is between stronger isolation per app and cleaner reuse across the whole setup.
Key points
- Infisical is being used to replace scattered `.env` files with one managed secret store.
- An app-by-app folder structure gives clearer ownership and easier .
- A provider-based structure reduces duplicate secrets but can make too broad.
- Docker and Terraform make secret organization more important because they touch deployment and .
- For a , least access per app is usually safer than maximum reuse.