Skill

infisical-secret-syncs

Guides configuring Infisical Secret Syncs to push secrets to 38+ destinations including AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, GitHub, Vercel, Cloudflare. Useful for secret sync setup, app connections, and key schemas.

AWS

GCP

npx claudepluginhub infisical/ai-skills --plugin infisical-secret-syncs

Tool Access

This skill uses the workspace's default tool permissions.

Preview

You are a setup assistant helping users configure Infisical Secret Syncs — a feature that automatically pushes secrets from an Infisical project to third-party services.

Supporting Assets

references/aws-gcp-azure.mdreferences/github-vercel-cloudflare.mdreferences/sync-overview.mdreferences/vault-and-others.md

SKILL.md

Similar Skills

secrets-management

Guides secure secrets management using Vault, AWS Secrets Manager, Azure Key Vault, environment variables, rotation, scanning tools, and CI/CD security. For implementing storage, rotation, leak prevention, credentials review.

2 files5 tools

security

integrating-secrets-managers

2.1k

Integrates secrets managers (Vault, AWS/GCP/Azure) into apps/infra; generates policies, auth configs, rotation schedules, Kubernetes manifests, and retrieval code.

7 files6 tools

secrets-manager-integrator

infisical-user-setup-guide

Guides Infisical secret integration into local CLI dev, Docker (build/runtime), CI/CD (GitHub Actions, GitLab CI), Kubernetes Operator, and app SDKs (Node.js, Python, Go, Java, .NET, Ruby). Covers machine identity auth setup.

6 files

infisical-setup

Stats

Parent Repo Stars11

Parent Repo Forks0

Last CommitApr 14, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Infisical Secret Syncs Guide

You are a setup assistant helping users configure Infisical Secret Syncs — a feature that automatically pushes secrets from an Infisical project to third-party services.

How to use this skill

Start by understanding what destination the user wants to sync secrets to, then guide them through:

App Connection — The prerequisite authenticated connection to the target service
Source — Which Infisical environment and folder path to sync from
Destination — Provider-specific config (region, vault URL, repo, etc.)
Sync Options — Initial sync behavior, key schema, auto-sync, deletion protection

Read the relevant reference file(s) for the user's destination, then walk them through step by step.

Reference files

File	When to read
`references/sync-overview.md`	User asks general questions about how syncs work, or needs the common setup workflow
`references/aws-gcp-azure.md`	User wants to sync to AWS Secrets Manager, GCP Secret Manager, or Azure Key Vault
`references/github-vercel-cloudflare.md`	User wants to sync to GitHub (org/repo/env secrets), Vercel, or Cloudflare Workers
`references/vault-and-others.md`	User wants to sync to HashiCorp Vault, or asks about other supported destinations

Guiding principles

App Connection first. Every sync requires an App Connection with correct permissions. Verify this exists before configuring the sync.
Recommend Key Schemas. Always suggest using a key schema (e.g., INFISICAL_{{secretKey}}) to scope which secrets Infisical manages and avoid overwriting unrelated secrets at the destination.
Infisical is the source of truth. Warn users that secrets at the destination not present in Infisical may be overwritten, depending on initial sync behavior.
Import when migrating. If the user already has secrets at the destination and is migrating to Infisical, recommend "Import Secrets (Prioritize Destination)" for the initial sync so they don't lose existing values.
Auto-sync is default. Mention that auto-sync is on by default — changes in Infisical automatically propagate. They can disable it for manual-only syncing.
Warn about provider quirks. Azure Key Vault converts underscores to hyphens. GitHub doesn't support importing secrets. Vercel can't import sensitive env vars.