OCI Vault Sync
Learn how to configure an Oracle Cloud Infrastructure Vault Sync for Infisical.
OCI Vault Sync is a paid feature.
If you’re using Infisical Cloud, then it is available under the Enterprise Tier. If you’re self-hosting Infisical, then you should contact [email protected] to purchase an enterprise license to use it.
Prerequisites:
- Create an OCI Connection with the required Secret Sync permissions
- Create or use an existing OCI Compartment (which the OCI Connection is authorized to access)
- Create or use an existing OCI Vault
Add Sync
Navigate to Project > Integrations and select the Secret Syncs tab. Click on the Add Sync button.
Select 'OCI Vault'
Configure source
Configure the Source from where secrets should be retrieved, then click Next.
- Environment: The project environment to retrieve secrets from.
- Secret Path: The folder path to retrieve secrets from.
If you need to sync secrets from multiple folder locations, check out secret imports.
Configure destination
Configure the Destination to where secrets should be deployed, then click Next.
- OCI Connection: The OCI Connection to authenticate with.
- Compartment: The compartment where the vault is located.
- Vault: The vault to sync secrets to.
- Encryption Key: The encryption key to use when creating secrets in the vault.
Configure sync options
Configure the Sync Options to specify how secrets should be synced, then click Next.
- Initial Sync Behavior: Determines how Infisical should resolve the initial sync.
- Overwrite Destination Secrets: Removes any secrets at the destination endpoint not present in Infisical.
- Import Secrets (Prioritize Infisical): Imports secrets from the destination endpoint before syncing, prioritizing values from Infisical over OCI Vault when keys conflict.
- Import Secrets (Prioritize OCI Vault): Imports secrets from the destination endpoint before syncing, prioritizing values from OCI Vault over Infisical when keys conflict.
- Key Schema: Template that determines how secret names are transformed when syncing, using
{{secretKey}}as a placeholder for the original secret name.
We highly recommend using a Key Schema to ensure that Infisical only manages the specific keys you intend, keeping everything else untouched.
- Auto-Sync Enabled: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
- Disable Secret Deletion: If enabled, Infisical will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Infisical.
Configure details
Configure the Details of your OCI Vault Sync, then click Next.
- Name: The name of your sync. Must be slug-friendly.
- Description: An optional description for your sync.
Review configuration
Review your OCI Vault Sync configuration, then click Create Sync.
Sync created
If enabled, your OCI Vault Sync will begin syncing your secrets to the destination endpoint.
Add Sync
Navigate to Project > Integrations and select the Secret Syncs tab. Click on the Add Sync button.
Select 'OCI Vault'
Configure source
Configure the Source from where secrets should be retrieved, then click Next.
- Environment: The project environment to retrieve secrets from.
- Secret Path: The folder path to retrieve secrets from.
If you need to sync secrets from multiple folder locations, check out secret imports.
Configure destination
Configure the Destination to where secrets should be deployed, then click Next.
- OCI Connection: The OCI Connection to authenticate with.
- Compartment: The compartment where the vault is located.
- Vault: The vault to sync secrets to.
- Encryption Key: The encryption key to use when creating secrets in the vault.
Configure sync options
Configure the Sync Options to specify how secrets should be synced, then click Next.
- Initial Sync Behavior: Determines how Infisical should resolve the initial sync.
- Overwrite Destination Secrets: Removes any secrets at the destination endpoint not present in Infisical.
- Import Secrets (Prioritize Infisical): Imports secrets from the destination endpoint before syncing, prioritizing values from Infisical over OCI Vault when keys conflict.
- Import Secrets (Prioritize OCI Vault): Imports secrets from the destination endpoint before syncing, prioritizing values from OCI Vault over Infisical when keys conflict.
- Key Schema: Template that determines how secret names are transformed when syncing, using
{{secretKey}}as a placeholder for the original secret name.
We highly recommend using a Key Schema to ensure that Infisical only manages the specific keys you intend, keeping everything else untouched.
- Auto-Sync Enabled: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
- Disable Secret Deletion: If enabled, Infisical will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Infisical.
Configure details
Configure the Details of your OCI Vault Sync, then click Next.
- Name: The name of your sync. Must be slug-friendly.
- Description: An optional description for your sync.
Review configuration
Review your OCI Vault Sync configuration, then click Create Sync.
Sync created
If enabled, your OCI Vault Sync will begin syncing your secrets to the destination endpoint.
To create an OCI Vault Sync, make an API request to the Create OCI Vault Sync API endpoint.