Prerequisites:
The Azure App Configuration Secret Sync requires the following permissions to be set on the user / service principal for Infisical to sync secrets to Azure App Configuration: Read Key-Value, Write Key-Value, Delete Key-Value.Any role with these permissions would work such as the App Configuration Data Owner role. Alternatively, you can use the App Configuration Data Contributor role for read/write access.
  1. Navigate to Project > Integrations and select the Secret Syncs tab. Click on the Add Sync button. Secret Syncs Tab
  2. Select the Azure App Configuration option. Select Azure App Configuration
  3. Configure the Source from where secrets should be retrieved, then click Next. Configure Source
    • Environment: The project environment to retrieve secrets from.
    • Secret Path: The folder path to retrieve secrets from.
If you need to sync secrets from multiple folder locations, check out secret imports.
  1. Configure the Destination to where secrets should be deployed, then click Next. Configure Destination
    • Azure Connection: The Azure Connection to authenticate with.
    • Configuration URL: The URL of your Azure App Configuration.
    • Label: An optional label to attach to all secrets created by Infisical inside your Azure App Configuration.
  2. Configure the Sync Options to specify how secrets should be synced, then click Next. Configure Options
    • Initial Sync Behavior: Determines how Infisical should resolve the initial sync.
      • Overwrite Destination Secrets: Removes any secrets at the destination endpoint not present in Infisical.
      • Import Secrets (Prioritize Infisical): Imports secrets from the destination endpoint before syncing, prioritizing values from Infisical over Secrets Manager when keys conflict.
      • Import Secrets (Prioritize Azure App Configuration): Imports secrets from the destination endpoint before syncing, prioritizing values from Secrets Manager over Infisical when keys conflict.
    • Key Schema: Template that determines how secret names are transformed when syncing, using {{secretKey}} as a placeholder for the original secret name and {{environment}} for the environment.
    We highly recommend using a Key Schema to ensure that Infisical only manages the specific keys you intend, keeping everything else untouched.
    • Auto-Sync Enabled: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
    • Disable Secret Deletion: If enabled, Infisical will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Infisical.
  3. Configure the Details of your Azure App Configuration Sync, then click Next. Configure Details
    • Name: The name of your sync. Must be slug-friendly.
    • Description: An optional description for your sync.
  4. Review your Azure App Configuration Sync configuration, then click Create Sync. Confirm Configuration
  5. If enabled, your Azure App Configuration Sync will begin syncing your secrets to the destination endpoint. Sync Secrets