Secret Syncs enable you to sync secrets from Infisical to third-party services using App Connections.

Secret Syncs will gradually replace Native Integrations as they become available. Native Integrations will be deprecated in the future, so opt for configuring a Secret Sync when available.

Concept

Secret Syncs are a project-level resource used to sync secrets, via an App Connection, from a particular project environment and folder path (source) to a third-party service (destination). Changes to the source will automatically be propagated to the destination, ensuring your secrets are always up-to-date.


Workflow

Configuring a Secret Sync requires three components: a source location to retrieve secrets from, a destination endpoint to deploy secrets to, and configuration options to determine how your secrets should be synced. Follow these steps to start syncing:

For step-by-step guides on syncing to a particular third-party service, refer to the Secret Syncs section in the Navigation Bar.

  1. Create App Connection: If you have not already done so, create an App Connection via the UI or API for the third-party service you intend to sync secrets to.

  2. Create Secret Sync: Configure a Secret Sync in the desired project by specifying the following parameters via the UI or API:

    • Source: The project environment and folder path you wish to retrieve secrets from.
    • Destination: The App Connection to utilize and the destination endpoint to deploy secrets to. These can vary between services.
    • Options: Customize how secrets should be synced. Examples include adding a suffix or prefix to your secrets, or importing secrets from the destination on the initial sync.

Secret Syncs are the source of truth for connected third-party services. Any secret, including associated data, not present or imported in Infisical before syncing will be overwritten, and changes made directly in the connected service outside of infisical may also be overwritten by future syncs.

Some third-party services do not support importing secrets.

  1. Utilize Sync: Any changes to the source location will now automatically be propagated to the destination endpoint.

Infisical is continuously expanding it’s Secret Sync third-party service support. If the service you need isn’t available, you can still use our Native Integrations in the interim, or contact us at [email protected] to make a request .

Was this page helpful?

Suggest editsRaise issue
GitHub ConnectionAWS Parameter Store Sync