Infisical · saifsmailbox98 · May 18, 2026 · May 12, 2026 · May 16, 2026
diff --git a/packages/gateway-v2/connection.go b/packages/gateway-v2/connection.go
@@ -273,3 +273,9 @@ func handlePing(ctx context.Context, conn *tls.Conn, reader *bufio.Reader) error
 	conn.Write([]byte("PONG\n"))
 	return nil
 }
+
+func handleHealth(ctx context.Context, conn *tls.Conn, reader *bufio.Reader, heartbeatTTL int) error {
+	response := fmt.Sprintf(`{"status":"ok","heartbeatTTL":%d}`, heartbeatTTL)
+	conn.Write([]byte(response + "\n"))
+	return nil
+}
diff --git a/packages/gateway-v2/gateway.go b/packages/gateway-v2/gateway.go
@@ -38,6 +38,7 @@
 	ForwardModePAMCancellation ForwardMode = "PAM_CANCELLATION"
 	ForwardModePAMCapabilities ForwardMode = "PAM_CAPABILITIES"
 	ForwardModePing            ForwardMode = "PING"
+	ForwardModeHealth          ForwardMode = "HEALTH"
 )
 
 type ActorType string
@@ -47,6 +48,8 @@
 	ActorTypeUser     ActorType = "user"
 )
 
+const heartbeatInterval = 3 * time.Minute
+
 const GATEWAY_ROUTING_INFO_OID = "1.3.6.1.4.1.12345.100.1"
 const GATEWAY_ACTOR_OID = "1.3.6.1.4.1.12345.100.2"
 const PAM_INFO_OID = "1.3.6.1.4.1.12345.100.3"
@@ -362,14 +365,14 @@
 						return
 					}
 				}
 			}
 		}()
 
-		// Phase 2: Regular heartbeat every 30 minutes
-		regularTicker := time.NewTicker(30 * time.Minute)
+		// Phase 2: Regular heartbeat
+		regularTicker := time.NewTicker(heartbeatInterval)
 		defer regularTicker.Stop()
 
 		for {
 			select {
 			case <-ctx.Done():
 				return
@@ -669,7 +672,7 @@
 		ClientCAs:  clientCAPool,
 		ClientAuth: tls.RequireAndVerifyClientCert,
 		MinVersion: tls.VersionTLS12,
-		NextProtos: []string{"infisical-http-proxy", "infisical-tcp-proxy", "infisical-ping", "infisical-pam-proxy", "infisical-pam-session-cancellation", "infisical-pam-capabilities"},
+		NextProtos: []string{"infisical-http-proxy", "infisical-tcp-proxy", "infisical-health", "infisical-ping", "infisical-pam-proxy", "infisical-pam-session-cancellation", "infisical-pam-capabilities"},
 	}
 
 	return nil
@@ -873,6 +876,14 @@
 			log.Info().Msg("Ping handler completed")
 		}
 		return
+	} else if forwardConfig.Mode == ForwardModeHealth {
+		log.Info().Msg("Starting health handler")
+		if err := handleHealth(g.ctx, tlsConn, reader, int(heartbeatInterval.Seconds())); err != nil {
+			log.Error().Err(err).Msg("Health handler ended with error")
+		} else {
+			log.Info().Msg("Health handler completed")
+		}
+		return
 	}
 }
 
@@ -919,6 +930,10 @@
 		config.Mode = ForwardModePing
 		return config, nil
 
+	case "infisical-health":
+		config.Mode = ForwardModeHealth
+		return config, nil
+
 	default:
 		return nil, fmt.Errorf("unsupported ALPN protocol: %s", negotiatedProtocol)
 	}