Infisical Connection

Setup Infisical Connection in Infisical

Infisical supports connecting to a remote Infisical instance using a Machine Identity (Universal Auth). This enables you to sync secrets from one Infisical project to another — for example, from your cloud instance to a self-hosted deployment.

Setup Infisical Connection in Infisical

Infisical UI
API

Navigate to the remote Infisical instance

Open the remote Infisical instance (the one you want to sync secrets to) and navigate to Organization > Access Control > Machine Identities. Machine Identities Tab

Create a Machine Identity

Create a new Machine Identity. Give it a descriptive name (e.g., infisical-sync-identity). Create Machine Identity

Configure Universal Auth

Select Universal Auth as the authentication method and create the identity. Configure Universal Auth

Copy the Client ID and create a Client Secret

Copy the Client ID. Then click Create Client Secret and copy the generated secret. Store both values in a secure location — the secret will not be shown again. Copy Client Credentials

Add the Machine Identity to the target project

Navigate to the project on the remote instance that you want to sync secrets to. Under Project Settings > Access Control > Machine Identities, add the Machine Identity you created and grant it a role with write permission on secrets (e.g. Member or a custom role with secret write access). Add Identity to Project

Navigate to App Connections in Infisical

Switch back to your source Infisical instance. Navigate to Organization > App Connections and click Add Connection. App Connections Tab

Select the Infisical Connection option

Choose the Infisical option from the connection list. Select Infisical Connection

Fill in the connection form

Complete the connection form with the following details:

Instance URL: The base URL of the remote Infisical instance (e.g., https://infisical.example.com).
Machine Identity Client ID: The Client ID copied in a previous step.
Machine Identity Client Secret: The Client Secret copied in a previous step.

Connection Created

Your Infisical Connection is now available for use in Secret Syncs. Connection Created

To create an Infisical Connection, make an API request to the Create Infisical Connection API endpoint.

Sample request

Request

curl    --request POST \
        --url https://app.infisical.com/api/v1/app-connections/external-infisical \
        --header 'Content-Type: application/json' \
        --data '{
            "name": "my-infisical-connection",
            "method": "machine-identity-universal-auth",
            "credentials": {
                "instanceUrl": "https://infisical.example.com",
                "machineIdentityClientId": "<client-id>",
                "machineIdentityClientSecret": "<client-secret>"
            }
        }'

Sample response

Response

{
    "appConnection": {
        "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "name": "my-infisical-connection",
        "version": 1,
        "orgId": "6f03caa1-a5de-43ce-b127-95a145d3464c",
        "createdAt": "2025-04-01T05:31:56Z",
        "updatedAt": "2025-04-01T05:31:56Z",
        "app": "external-infisical",
        "method": "machine-identity-universal-auth",
        "credentials": {
            "instanceUrl": "https://infisical.example.com",
            "machineIdentityClientId": "<client-id>"
        }
    }
}

Humanitec Connection Laravel Forge Connection

⌘I

Getting Started

Platform Reference

Connectivity

Authentication Methods

Self-host Infisical

Internals

Contributing

Infisical Connection

Setup Infisical Connection in Infisical

Sample request

Sample response

Getting Started

Platform Reference

Connectivity

Authentication Methods

Self-host Infisical

Internals

Contributing

Documentation Index

​Setup Infisical Connection in Infisical

​Sample request

​Sample response

Setup Infisical Connection in Infisical

Sample request

Sample response