> ## Documentation Index
> Fetch the complete documentation index at: https://infisical.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Infisical Connection

> Learn how to configure an Infisical Connection to sync secrets between Infisical instances.

Infisical supports connecting to a remote Infisical instance using a **Machine Identity** (Universal Auth).
This enables you to sync secrets from one Infisical project to another — for example, from your cloud instance to a self-hosted deployment.

## Setup Infisical Connection in Infisical

<Tabs>
  <Tab title="Infisical UI">
    <Steps>
      <Step title="Navigate to the remote Infisical instance">
        Open the **remote** Infisical instance (the one you want to sync secrets *to*) and navigate to **Organization** > **Access Control** > **Machine Identities**.

        <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/external-infisical/machine-identities-tab.png" alt="Machine Identities Tab" />
      </Step>

      <Step title="Create a Machine Identity">
        Create a new Machine Identity. Give it a descriptive name (e.g., `infisical-sync-identity`).

        <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/external-infisical/create-machine-identity.png" alt="Create Machine Identity" />
      </Step>

      <Step title="Configure Universal Auth">
        Select **Universal Auth** as the authentication method and create the identity.

        <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/external-infisical/configure-universal-auth.png" alt="Configure Universal Auth" />
      </Step>

      <Step title="Copy the Client ID and create a Client Secret">
        Copy the **Client ID**. Then click **Create Client Secret** and copy the generated secret. Store both values in a secure location — the secret will not be shown again.

        <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/external-infisical/copy-client-credentials.png" alt="Copy Client Credentials" />
      </Step>

      <Step title="Add the Machine Identity to the target project">
        Navigate to the project on the remote instance that you want to sync secrets to. Under **Project Settings** > **Access Control** > **Machine Identities**, add the Machine Identity you created and grant it a role with write permission on secrets (e.g. **Member** or a custom role with secret write access).

        <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/external-infisical/add-identity-to-project.png" alt="Add Identity to Project" />
      </Step>

      <Step title="Navigate to App Connections in Infisical">
        Switch back to your **source** Infisical instance. Navigate to **Organization** > **App Connections** and click **Add Connection**.

        <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/general/add-connection.png" alt="App Connections Tab" />
      </Step>

      <Step title="Select the Infisical Connection option">
        Choose the **Infisical** option from the connection list.

        <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/external-infisical/select-external-infisical-connection-option.png" alt="Select Infisical Connection" />
      </Step>

      <Step title="Fill in the connection form">
        Complete the connection form with the following details:

        * **Instance URL**: The base URL of the remote Infisical instance (e.g., `https://infisical.example.com`).
        * **Machine Identity Client ID**: The Client ID copied in a previous step.
        * **Machine Identity Client Secret**: The Client Secret copied in a previous step.

                  <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/external-infisical/external-infisical-connection-form.png" alt="Infisical Connection Form" />
      </Step>

      <Step title="Connection Created">
        Your **Infisical Connection** is now available for use in Secret Syncs.

        <img src="https://mintlify.s3.us-west-1.amazonaws.com/infisical/images/app-connections/external-infisical/external-infisical-connection-created.png" alt="Connection Created" />
      </Step>
    </Steps>
  </Tab>

  <Tab title="API">
    To create an Infisical Connection, make an API request to the [Create Infisical Connection](/api-reference/endpoints/app-connections/external-infisical/create) API endpoint.

    ### Sample request

    ```bash Request theme={"dark"}
    curl    --request POST \
            --url https://app.infisical.com/api/v1/app-connections/external-infisical \
            --header 'Content-Type: application/json' \
            --data '{
                "name": "my-infisical-connection",
                "method": "machine-identity-universal-auth",
                "credentials": {
                    "instanceUrl": "https://infisical.example.com",
                    "machineIdentityClientId": "<client-id>",
                    "machineIdentityClientSecret": "<client-secret>"
                }
            }'
    ```

    ### Sample response

    ```bash Response theme={"dark"}
    {
        "appConnection": {
            "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "name": "my-infisical-connection",
            "version": 1,
            "orgId": "6f03caa1-a5de-43ce-b127-95a145d3464c",
            "createdAt": "2025-04-01T05:31:56Z",
            "updatedAt": "2025-04-01T05:31:56Z",
            "app": "external-infisical",
            "method": "machine-identity-universal-auth",
            "credentials": {
                "instanceUrl": "https://infisical.example.com",
                "machineIdentityClientId": "<client-id>"
            }
        }
    }
    ```
  </Tab>
</Tabs>