infisical

v0.161.0 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 21h Secrets & Credentials

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

acme certificate-management cli environment-variables go node-js

+9 more

pki postgresql private-ca secrets-management secret-manager secret-scanning security security-tools typescript

Affected surfaces

auth rbac

ReleasePort's take

Light signal

editorial:auto 19h

Release v0.161.0 adds multiple GitHub Apps per organization and dynamic secret rotation in validation rules while tightening cert‑manager role defaults.

Why it matters: Enables richer integration workflows for orgs managing many apps; introduces automated secret lifecycle management affecting validation rule configurations.

Summary

AI summary

Broad release touches feat, fix, improvement, and telemetry.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	Allow multiple GitHub Apps per organization Allow multiple GitHub Apps per organization Source: llm_adapter@2026-06-12 Confidence: high	—
Feature	Medium	Add dynamic secrets and rotations support in validation rules Add dynamic secrets and rotations support in validation rules Source: llm_adapter@2026-06-12 Confidence: high	—
Feature	Medium	Introduce Convex secret rotation capability Introduce Convex secret rotation capability Source: llm_adapter@2026-06-12 Confidence: high	—
Feature	Low	Add Infisical OAuth 2.0 support Add Infisical OAuth 2.0 support Source: granite4.1:30b@2026-06-12-audit Confidence: low	—
Feature	Low	Detect duplicate secret values in secrets insight Detect duplicate secret values in secrets insight Source: granite4.1:30b@2026-06-12-audit Confidence: low	—
Feature	Low	Add license-client SDK for License Server v2 Add license-client SDK for License Server v2 Source: granite4.1:30b@2026-06-12-audit Confidence: low	—
Feature	Low	Add KMIP client CSR signing capability Add KMIP client CSR signing capability Source: granite4.1:30b@2026-06-12-audit Confidence: low	—
Feature	Low	Add STS endpoint support on AWS app connection Add STS endpoint support on AWS app connection Source: granite4.1:30b@2026-06-12-audit Confidence: low	—
Performance
Performance	Low	Group PKI Sync telemetry aggregation by destination for cleaner PostHog breakdowns Group PKI Sync telemetry aggregation by destination for cleaner PostHog breakdowns Source: llm_adapter@2026-06-12 Confidence: high	—
Performance	Low	Change route creation to avoid memory stack exceeded errors Change route creation to avoid memory stack exceeded errors Source: llm_adapter@2026-06-12 Confidence: high	—
Performance	Low	Allow gateway usage in Azure Key Vault secret sync Allow gateway usage in Azure Key Vault secret sync Source: granite4.1:30b@2026-06-12-audit Confidence: low	—
Bugfix
Bugfix	Medium	Clean up app permissions when entities are removed Clean up app permissions when entities are removed Source: llm_adapter@2026-06-12 Confidence: high	—
Bugfix	Medium	Seed standing admin in gamma e2e organization for tests Seed standing admin in gamma e2e organization for tests Source: llm_adapter@2026-06-12 Confidence: high	—
Bugfix	Medium	Default cert-manager role to member and enforce admin/member-only access Default cert-manager role to member and enforce admin/member-only access Source: llm_adapter@2026-06-12 Confidence: low	—
Bugfix	Medium	Require PKI application members to be product users before adding to an app Require PKI application members to be product users before adding to an app Source: llm_adapter@2026-06-12 Confidence: low	—
Bugfix	Medium	Support additional privileges for group members Support additional privileges for group members Source: granite4.1:30b@2026-06-12-audit Confidence: low	—
Bugfix	Low	Use gateway for private GitHub Enterprise servers Use gateway for private GitHub Enterprise servers Source: granite4.1:30b@2026-06-12-audit Confidence: low	—
Bugfix	Low	Limit application list display to 20 entries Limit application list display to 20 entries Source: granite4.1:30b@2026-06-12-audit Confidence: low	—
Refactor
Refactor	Low	Migrate general, product, and security settings tabs to v3 UI and update org settings title based on tab Migrate general, product, and security settings tabs to v3 UI and update org settings title based on tab Source: llm_adapter@2026-06-12 Confidence: high	—
Refactor	Low	Migrate toast component to v3, improve behavior, and add stories Migrate toast component to v3, improve behavior, and add stories Source: granite4.1:30b@2026-06-12-audit Confidence: low	—
Refactor	Low	Migrate create service token modal to v3 components and sheet UI Migrate create service token modal to v3 components and sheet UI Source: granite4.1:30b@2026-06-12-audit Confidence: low	—
Refactor	Low	Update invite modal product and project selection flow Update invite modal product and project selection flow Source: granite4.1:30b@2026-06-12-audit Confidence: low	—

Full changelog

What's Changed

feat: allow multiple git hub apps per organization by @Thiago-AS in https://github.com/Infisical/infisical/pull/6490
feat(validation-rules): dynamic secrets and rotations support by @varonix0 in https://github.com/Infisical/infisical/pull/6773
fix(cert-manager): default to member role and enforce admin/member-only by @saifsmailbox98 in https://github.com/Infisical/infisical/pull/6761
fix: clean up app permissions when entities are removed by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6744
fix(telemetry): group PKI Sync aggregation by destination for clean PostHog breakdowns by @devin-ai-integration[bot] in https://github.com/Infisical/infisical/pull/6786
docs(ansible): add warning for token visibility in login task by @victorvhs017 in https://github.com/Infisical/infisical/pull/6789
fix(e2e): seed standing admin in gamma e2e org by @PrestigePvP in https://github.com/Infisical/infisical/pull/6785
improvement(router): change route creation to avoid memory stack exceeded error by @adilsitos in https://github.com/Infisical/infisical/pull/6784
fix: pki application members have to be product users to be added to an app by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6750
feat: convex secret rotation by @mathnogueira in https://github.com/Infisical/infisical/pull/6730
feat: migrate general, product and security settings tabs to v3 and update org settings title based on tab by @scott-ray-wilson in https://github.com/Infisical/infisical/pull/6753
improvement: migrate toast to v3, improve behavior, add stories and u… by @scott-ray-wilson in https://github.com/Infisical/infisical/pull/6760
feat: add Infisical OAuth 2.0 support by @Thiago-AS in https://github.com/Infisical/infisical/pull/6772
ci: disable preview environment workflow by @devin-ai-integration[bot] in https://github.com/Infisical/infisical/pull/6799
fix(telemetry): attach orgId as flat property on aggregated events by @devin-ai-integration[bot] in https://github.com/Infisical/infisical/pull/6800
docs(eng-5200): document domain in .infisical.json and INFISICAL_DOMAIN by @PrestigePvP in https://github.com/Infisical/infisical/pull/6797
improvement: improve toast validation/forbid modal handling and update forbid modal UI by @scott-ray-wilson in https://github.com/Infisical/infisical/pull/6801
feat(kmip): remove machine identities from KMIP server registration by @bernie-g in https://github.com/Infisical/infisical/pull/6740
feat(frontend): hide all-projects view from users without request-access permission by @PrestigePvP in https://github.com/Infisical/infisical/pull/6774
feat(secrets-insight): detect duplicate secret values by @mathnogueira in https://github.com/Infisical/infisical/pull/6747
fix: use gateway in case of private GHE server by @Thiago-AS in https://github.com/Infisical/infisical/pull/6803
improvement: migrate create service token modal to v3 components and sheet by @scott-ray-wilson in https://github.com/Infisical/infisical/pull/6804
fix: application list shows not more than 20 entries by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6792
feat(platfor-414): add license-client SDK for License Server v2 by @PrestigePvP in https://github.com/Infisical/infisical/pull/6782
improvement(secret-sync): allow gateway on azure key vault by @adilsitos in https://github.com/Infisical/infisical/pull/6775
chore: batch audit log stream for external providers and make it more resilient by @Thiago-AS in https://github.com/Infisical/infisical/pull/6592
feat: update invite modal product and project selection flow by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6820
fix: additional privileges support for group members by @varonix0 in https://github.com/Infisical/infisical/pull/6822
chore: add sso.md and update makefile for full oidc/ldap/saml/scim local dev + seeding / bootstrap scripts to quickly launch a fully configured org with verified email domain and sso config by @scott-ray-wilson in https://github.com/Infisical/infisical/pull/6821
feat: add kmip client csr signing by @sheensantoscapadngan in https://github.com/Infisical/infisical/pull/6825
improvement(app-connection): add sts endpoint on AWS app connection by @adilsitos in https://github.com/Infisical/infisical/pull/6791

Full Changelog: https://github.com/Infisical/infisical/compare/v0.160.12...v0.161.0

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track infisical

Get notified when new releases ship.

About infisical

Infisical is the open-source platform for secrets, certificates, and privileged access management.

All releases →

Related context

Related tools

Earlier breaking changes

v1.0.0 Shared GitHub App host now bound to INF_APP_CONNECTION_GITHUB_APP_HOST environment variable.