Infisical Sync

- Set up and add secrets to [Infisical Cloud](https://app.infisical.com) or a self hosted instance
- Create an [Infisical Connection](/integrations/app-connections/external-infisical)

    2. Select the **Infisical** option.
    ![Select Infisical](/images/secret-syncs/external-infisical/select-external-infisical-option.png)

    3. Configure the **Source** from where secrets should be retrieved, then click **Next**.
    ![Configure Source](/images/secret-syncs/external-infisical/external-infisical-source.png)

        - **Environment**: The project environment to retrieve secrets from.
        - **Secret Path**: The folder path to retrieve secrets from.


    4. Configure the **Destination** on the remote Infisical instance, then click **Next**.
    ![Configure Destination](/images/secret-syncs/external-infisical/external-infisical-destination.png)

        - **Infisical Connection**: The Infisical Connection to authenticate with.
        - **Project**: The Secret Manager project on the remote Infisical instance to sync secrets to.
        - **Environment**: The environment inside the selected remote project.
        - **Secret Path**: The folder path inside the selected environment.
    <Note>
        The Machine Identity used in the connection must have at least **Member** role on the target project in the remote instance.
    </Note>

    5. Configure the **Sync Options** to specify how secrets should be synced, then click **Next**.
    ![Configure Options](/images/secret-syncs/external-infisical/external-infisical-options.png)

        - **Initial Sync Behavior**: Determines how Infisical should resolve the initial sync.
            - **Overwrite Destination Secrets**: Removes any secrets at the destination not present in Infisical.
            - **Import Secrets (Prioritize Infisical)**: Imports secrets from the destination; conflicts are resolved in favor of the source Infisical instance.
            - **Import Secrets (Prioritize Destination)**: Imports secrets from the destination; conflicts are resolved in favor of the remote instance.
        - **Auto-Sync Enabled**: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
        - **Disable Secret Deletion**: If enabled, Infisical will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Infisical.

    6. Configure the **Details** of your Infisical Sync, then click **Next**.
    ![Configure Details](/images/secret-syncs/external-infisical/external-infisical-details.png)

        - **Name**: The name of your sync. Must be slug-friendly.
        - **Description**: An optional description for your sync.

    7. Review your Infisical Sync configuration, then click **Create Sync**.
    ![Confirm Configuration](/images/secret-syncs/external-infisical/external-infisical-review.png)

    8. If enabled, your Infisical Sync will begin syncing your secrets to the destination endpoint.
    ![Sync Created](/images/secret-syncs/external-infisical/external-infisical-created.png)

</Tab>
<Tab title="API">
    To create an **Infisical Sync**, make an API request to the [Create Infisical Sync](/api-reference/endpoints/secret-syncs/infisical/create) API endpoint.

    ### Sample request

    ```bash Request
    curl --request POST \
    --url https://app.infisical.com/api/v1/secret-syncs/external-infisical \
    --header 'Content-Type: application/json' \
    --data '{
        "name": "my-infisical-sync",
        "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "description": "an example sync",
        "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "environment": "dev",
        "secretPath": "/my-secrets",
        "isEnabled": true,
        "syncOptions": {
            "initialSyncBehavior": "overwrite-destination"
        },
        "destinationConfig": {
            "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "environment": "prod",
            "secretPath": "/"
        }
    }'
    ```

    ### Sample response

    ```bash Response
    {
        "secretSync": {
            "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "name": "my-infisical-sync",
            "description": "an example sync",
            "isEnabled": true,
            "version": 1,
            "folderId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "createdAt": "2023-11-07T05:31:56Z",
            "updatedAt": "2023-11-07T05:31:56Z",
            "syncStatus": "succeeded",
            "lastSyncJobId": "123",
            "lastSyncMessage": null,
            "lastSyncedAt": "2023-11-07T05:31:56Z",
            "importStatus": null,
            "lastImportJobId": null,
            "lastImportMessage": null,
            "lastImportedAt": null,
            "removeStatus": null,
            "lastRemoveJobId": null,
            "lastRemoveMessage": null,
            "lastRemovedAt": null,
            "syncOptions": {
                "initialSyncBehavior": "overwrite-destination"
            },
            "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "connection": {
                "app": "external-infisical",
                "name": "my-infisical-connection",
                "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
            },
            "environment": {
                "slug": "dev",
                "name": "Development",
                "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
            },
            "folder": {
                "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "path": "/my-secrets"
            },
            "destination": "external-infisical",
            "destinationConfig": {
                "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "environment": "prod",
                "secretPath": "/"
            }
        }
    }
    ```
</Tab>