Skip to main content
Prerequisites:
  • Create an AWS Connection
  • Ensure your network security policies allow incoming requests from Infisical to this certificate sync provider, if network restrictions apply.
The AWS Secrets Manager Certificate Sync requires the following permissions to be set on the AWS IAM user for Infisical to sync certificates to AWS Secrets Manager: secretsmanager:CreateSecret, secretsmanager:UpdateSecret, secretsmanager:GetSecretValue, secretsmanager:DeleteSecret, secretsmanager:ListSecrets.Any role with these permissions would work such as a custom policy with SecretsManager permissions.
Certificates synced to AWS Secrets Manager will be stored as JSON secrets, preserving both the certificate and private key components as separate fields within the secret value.
  • Infisical UI
  • API
  1. Navigate to Project > Integrations > Certificate Syncs and press Add Sync. Certificate Syncs Tab
  2. Select the AWS Secrets Manager option. Select AWS Secrets Manager
  3. Configure the Destination to where certificates should be deployed, then click Next. Configure Destination
    • AWS Connection: The AWS Connection to authenticate with.
    • Region: The AWS region where secrets will be stored.
  4. Configure the Sync Options to specify how certificates should be synced, then click Next. Configure Options
    • Enable Removal of Expired/Revoked Certificates: If enabled, Infisical will remove certificates from the destination if they are no longer active in Infisical.
    • Preserve Secret on Renewal: Only applies to certificate renewals. When a certificate is renewed in Infisical, this option controls how the renewed certificate is handled. If enabled, the renewed certificate will update the existing secret, preserving the same secret name. If disabled, the renewed certificate will be created as a new secret with a new name.
    • Include Root CA: If enabled, the Root CA certificate will be included in the certificate chain when syncing to AWS Secrets Manager. If disabled, only intermediate certificates will be included.
    • Certificate Name Schema (Optional): Customize how secret names are generated in AWS Secrets Manager. Use {{certificateId}} as a placeholder for the certificate ID.
    • Auto-Sync Enabled: If enabled, certificates will automatically be synced when changes occur. Disable to enforce manual syncing only.
  5. Configure the Field Mappings to customize how certificate data is stored in AWS Secrets Manager secrets, then click Next. Configure Field Mappings
    • Certificate Field: The field name where the certificate will be stored in the secret value (default: certificate)
    • Private Key Field: The field name where the private key will be stored in the secret value (default: private_key)
    • Certificate Chain Field: The field name where the full certificate chain excluding the root CA certificate will be stored (default: certificate_chain)
    • CA Certificate Field: The field name where the root CA certificate will be stored (default: ca_certificate)
AWS Secrets Manager Secret Structure: Certificates are stored in AWS Secrets Manager as JSON secrets with the following structure (field names can be customized via field mappings):
{
  "certificate": "-----BEGIN CERTIFICATE-----\n...",
  "private_key": "-----BEGIN PRIVATE KEY-----\n...",
  "certificate_chain": "-----BEGIN CERTIFICATE-----\n...",
  "ca_certificate": "-----BEGIN CERTIFICATE-----\n..."
}
Example with Custom Field Mappings:
{
  "ssl_cert": "-----BEGIN CERTIFICATE-----\n...",
  "ssl_key": "-----BEGIN PRIVATE KEY-----\n...",
  "ssl_chain": "-----BEGIN CERTIFICATE-----\n...",
  "ssl_ca": "-----BEGIN CERTIFICATE-----\n..."
}
  1. Configure the Details of your AWS Secrets Manager Certificate Sync, then click Next. Configure Details
    • Name: The name of your sync. Must be slug-friendly.
    • Description: An optional description for your sync.
  2. Select which certificates should be synced to AWS Secrets Manager. Select Certificates
  3. Review your AWS Secrets Manager Certificate Sync configuration, then click Create Sync. Confirm Configuration
  4. If enabled, your AWS Secrets Manager Certificate Sync will begin syncing your certificates to the destination endpoint. Sync Certificates

Certificate Management

Your AWS Secrets Manager Certificate Sync will:
  • Automatic Deployment: Deploy certificates in Infisical to AWS Secrets Manager as JSON secrets with customizable field names
  • Certificate Updates: Update certificates in AWS Secrets Manager when renewals occur
  • Expiration Handling: Optionally remove expired certificates from AWS Secrets Manager (if enabled)
  • Format Preservation: Maintain certificate format during sync operations
  • Field Customization: Map certificate data to custom field names that match your application requirements
  • CA Certificate Support: Include CA certificates in secrets for complete certificate chain management
  • KMS Encryption: Optionally use custom KMS keys for secret encryption
  • Regional Deployment: Deploy secrets to specific AWS regions
AWS Secrets Manager Certificate Syncs support both automatic and manual synchronization modes. When auto-sync is enabled, certificates are automatically deployed as they are issued or renewed.

Manual Certificate Sync

You can manually trigger certificate synchronization to AWS Secrets Manager using the sync certificates functionality. This is useful for:
  • Initial setup when you have existing certificates to deploy
  • One-time sync of specific certificates
  • Testing certificate sync configurations
  • Force sync after making changes
To manually sync certificates, use the Sync Certificates API endpoint or the manual sync option in the Infisical UI.
AWS Secrets Manager does not support importing certificates back into Infisical due to the nature of AWS Secrets Manager where certificates are stored as JSON secrets rather than managed certificate objects.

Secret Naming Constraints

AWS Secrets Manager has specific naming requirements for secrets:
  • Allowed Characters: Letters, numbers, hyphens (-), and underscores (_) only
  • Length: 1-512 characters