Syncs
GitHub Sync
Learn how to configure a GitHub Sync for Infisical.
Prerequisites:
- Set up and add secrets to Infisical Cloud
- Create a GitHub Connection
- Ensure your network security policies allow incoming requests from Infisical to this secret sync provider, if network restrictions apply.
-
Navigate to Project > Integrations and select the Secret Syncs tab. Click on the Add Sync button.
-
Select the GitHub option.
-
Configure the Source from where secrets should be retrieved, then click Next.
- Environment: The project environment to retrieve secrets from.
- Secret Path: The folder path to retrieve secrets from.
If you need to sync secrets from multiple folder locations, check out secret imports.
-
Configure the Destination to where secrets should be deployed, then click Next.
- GitHub Connection: The GitHub Connection to authenticate with.
- Scope: The GitHub secret scope to sync secrets to.
- Organization: Sync secrets to a specific organization.
- Repository: Sync secrets to a specific repository.
- Repository Environment: Sync secrets to a specific repository’s environment.
Organization
- Organization: The organization to deploy secrets to.
- Visibility: Determines which organization repositories can access deployed secrets.
- All Repositories: All repositories of the organization. (Public repositories if not a Pro/Team account)
- Private Repositories: All private repositories of the organization. (Requires Pro/Team account)
- Selected Repositories: Only the selected Repositories.
- Selected Repositories: The selected repositories if Visibility is set to Selected Repositories.
Repository
- Repository: The repository to deploy secrets to.
Repository Environment
- Repository: The repository to deploy secrets to.
- Environment: The repository’s environment to deploy secrets to.
-
Configure the Sync Options to specify how secrets should be synced, then click Next.
- Initial Sync Behavior: Determines how Infisical should resolve the initial sync.
- Overwrite Destination Secrets: Removes any secrets at the destination endpoint not present in Infisical.
GitHub does not support importing secrets. - Key Schema: Template that determines how secret names are transformed when syncing, using
{{secretKey}}as a placeholder for the original secret name and{{environment}}for the environment.
We highly recommend using a Key Schema to ensure that Infisical only manages the specific keys you intend, keeping everything else untouched.- Auto-Sync Enabled: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
- Disable Secret Deletion: If enabled, Infisical will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Infisical.
- Initial Sync Behavior: Determines how Infisical should resolve the initial sync.
-
Configure the Details of your GitHub Sync, then click Next.
- Name: The name of your sync. Must be slug-friendly.
- Description: An optional description for your sync.
-
Review your GitHub Sync configuration, then click Create Sync.
-
If enabled, your GitHub Sync will begin syncing your secrets to the destination endpoint.
