How Hugging Face Scaled Secrets Management for AI Infrastructure

Source: HuggingFace Date: 2025-03-31 URL: https://huggingface.co/blog/scaling-secrets-management

Summary

Case study documenting HuggingFace’s adoption of Infisical for secrets management across their multi-cloud AI infrastructure (AWS, Azure, GCP). Key choices: Infisical over HashiCorp Vault (developer ergonomics), Kubernetes operator for automatic secret sync (with manual deployment override at 10M+ requests/minute scale), Okta SSO + RBAC, OIDC-based GitHub Actions integration. Eliminates .env file development practices. No quantitative benchmarks — qualitative operational improvement story.

Implications

Thread: HF as open-source ML hub. HF’s infrastructure engineering posts serve a dual function: documenting their stack and signaling production maturity to enterprise customers. The choice to forgo automatic pod restarts despite Infisical’s capability (due to request volume) is an honest engineering tradeoff worth noting — scale constraints override convenience features. The Infisical endorsement over Vault reflects a broader shift toward developer-friendly secrets tooling in cloud-native environments. Relevant for teams building similar multi-cloud ML infrastructure.