OCI Vault Sync is a paid feature.If you’re using Infisical Cloud, then it is available under the Enterprise Tier. If you’re self-hosting Infisical, then you should contact [email protected] to purchase an enterprise license to use it.
Prerequisites:
  • Create an OCI Connection with the required Secret Sync permissions
  • Create or use an existing OCI Compartment (which the OCI Connection is authorized to access)
  • Create or use an existing OCI Vault
1

Add Sync

Navigate to Project > Integrations and select the Secret Syncs tab. Click on the Add Sync button.Secret Syncs Tab
2

Select 'OCI Vault'

Select OCI Vault
3

Configure source

Configure the Source from where secrets should be retrieved, then click Next.Configure Source
  • Environment: The project environment to retrieve secrets from.
  • Secret Path: The folder path to retrieve secrets from.
If you need to sync secrets from multiple folder locations, check out secret imports.
4

Configure destination

Configure the Destination to where secrets should be deployed, then click Next.Configure Destination
  • OCI Connection: The OCI Connection to authenticate with.
  • Compartment: The compartment where the vault is located.
  • Vault: The vault to sync secrets to.
  • Encryption Key: The encryption key to use when creating secrets in the vault.
5

Configure sync options

Configure the Sync Options to specify how secrets should be synced, then click Next.Configure Sync Options
  • Initial Sync Behavior: Determines how Infisical should resolve the initial sync.
    • Overwrite Destination Secrets: Removes any secrets at the destination endpoint not present in Infisical.
    • Import Secrets (Prioritize Infisical): Imports secrets from the destination endpoint before syncing, prioritizing values from Infisical over OCI Vault when keys conflict.
    • Import Secrets (Prioritize OCI Vault): Imports secrets from the destination endpoint before syncing, prioritizing values from OCI Vault over Infisical when keys conflict.
  • Key Schema: Template that determines how secret names are transformed when syncing, using {{secretKey}} as a placeholder for the original secret name and {{environment}} for the environment.
We highly recommend using a Key Schema to ensure that Infisical only manages the specific keys you intend, keeping everything else untouched.
  • Auto-Sync Enabled: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
  • Disable Secret Deletion: If enabled, Infisical will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Infisical.
6

Configure details

Configure the Details of your OCI Vault Sync, then click Next.Configure Details
  • Name: The name of your sync. Must be slug-friendly.
  • Description: An optional description for your sync.
7

Review configuration

Review your OCI Vault Sync configuration, then click Create Sync.Review Configuration
8

Sync created

If enabled, your OCI Vault Sync will begin syncing your secrets to the destination endpoint.Sync Created

FAQ