> ## Documentation Index > Fetch the complete documentation index at: https://infisical.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # AWS Secrets Manager Sync > Learn how to configure an AWS Secrets Manager Sync for Infisical. **Prerequisites:** * Set up and add secrets to [Infisical Cloud](https://app.infisical.com) * Create an [AWS Connection](/integrations/app-connections/aws) with the required **Secret Sync** permissions * Ensure your network security policies allow incoming requests from Infisical to this secret sync provider, if network restrictions apply. 1. Navigate to **Project** > **Integrations** and select the **Secret Syncs** tab. Click on the **Add Sync** button. Secret Syncs Tab

2. Select the **AWS Secrets Manager** option. Select AWS Secrets Manager

3. Configure the **Source** from where secrets should be retrieved, then click **Next**. Configure Source

* **Environment**: The project environment to retrieve secrets from. * **Secret Path**: The folder path to retrieve secrets from. If you need to sync secrets from multiple folder locations, check out [secret imports](/documentation/platform/secret-reference#secret-imports). 4. Configure the **Destination** to where secrets should be deployed, then click **Next**. Configure Destination

* **AWS Connection**: The AWS Connection to authenticate with. * **Region**: The AWS region to deploy secrets to. * **Mapping Behavior**: Specify how Infisical should map secrets to AWS Secrets Manager: * **One-To-One**: Each Infisical secret will be mapped to a separate AWS Secrets Manager secret. * **Many-To-One**: All Infisical secrets will be mapped to a single AWS Secrets Manager secret. * **Secret Name**: Specifies the name of the AWS Secret to map secrets to if **Many-To-One** mapping behavior is selected. 5. Configure the **Sync Options** to specify how secrets should be synced, then click **Next**. Configure Options

* **Initial Sync Behavior**: Determines how Infisical should resolve the initial sync. * **Overwrite Destination Secrets**: Removes any secrets at the destination endpoint not present in Infisical. * **Import Secrets (Prioritize Infisical)**: Imports secrets from the destination endpoint before syncing, prioritizing values from Infisical over Secrets Manager when keys conflict. * **Import Secrets (Prioritize AWS Secrets Manager)**: Imports secrets from the destination endpoint before syncing, prioritizing values from Secrets Manager over Infisical when keys conflict. * **Key Schema**: Template that determines how secret names are transformed when syncing, using `{{secretKey}}` as a placeholder for the original secret name and `{{environment}}` for the environment. We highly recommend using a Key Schema to ensure that Infisical only manages the specific keys you intend, keeping everything else untouched. * **KMS Key**: The AWS KMS key ID or alias to encrypt secrets with. * **Tags**: Optional tags to add to secrets synced by Infisical. * **Sync Secret Metadata as Tags**: If enabled, metadata attached to secrets will be added as tags to secrets synced by Infisical. Manually configured tags from the **Tags** field will take precedence over secret metadata when tag keys conflict. * **Auto-Sync Enabled**: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only. * **Disable Secret Deletion**: If enabled, Infisical will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Infisical. 6. Configure the **Details** of your Secrets Manager Sync, then click **Next**. Configure Details

* **Name**: The name of your sync. Must be slug-friendly. * **Description**: An optional description for your sync. 7. Review your Secrets Manager Sync configuration, then click **Create Sync**. Confirm Configuration

8. If enabled, your Secrets Manager Sync will begin syncing your secrets to the destination endpoint. Sync Secrets

To create an **AWS Secrets Manager Sync**, make an API request to the [Create AWS Secrets Manager Sync](/api-reference/endpoints/secret-syncs/aws-secrets-manager/create) API endpoint. ### Sample request ```bash Request theme={"dark"} curl --request POST \ --url https://app.infisical.com/api/v1/secret-syncs/aws-secrets-manager \ --header 'Content-Type: application/json' \ --data '{ "name": "my-secrets-manager-sync", "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a", "description": "an example sync", "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a", "environment": "dev", "secretPath": "/my-secrets", "isEnabled": true, "syncOptions": { "initialSyncBehavior": "overwrite-destination" }, "destinationConfig": { "region": "us-east-1", "mappingBehavior": "one-to-one" } }' ``` ### Sample response ```bash Response theme={"dark"} { "secretSync": { "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a", "name": "my-secrets-manager-sync", "description": "an example sync", "isEnabled": true, "version": 1, "folderId": "3c90c3cc-0d44-4b50-8888-8dd25736052a", "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a", "createdAt": "2023-11-07T05:31:56Z", "updatedAt": "2023-11-07T05:31:56Z", "syncStatus": "succeeded", "lastSyncJobId": "123", "lastSyncMessage": null, "lastSyncedAt": "2023-11-07T05:31:56Z", "importStatus": null, "lastImportJobId": null, "lastImportMessage": null, "lastImportedAt": null, "removeStatus": null, "lastRemoveJobId": null, "lastRemoveMessage": null, "lastRemovedAt": null, "syncOptions": { "initialSyncBehavior": "overwrite-destination" }, "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a", "connection": { "app": "aws", "name": "my-aws-connection", "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a" }, "environment": { "slug": "dev", "name": "Development", "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a" }, "folder": { "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a", "path": "/my-secrets" }, "destination": "aws-secrets-manager", "destinationConfig": { "region": "us-east-1", "mappingBehavior": "one-to-one" } } } ```