Skip to content

Secrets Sync#

Secrets Sync Disabled

Due to the licensing of Secret Sync (each secret synced counts as a client), it has not been enabled in the UMN instance. If your team has a use case (i.e. very small number of secrets synced to many destinations) that would seem appropriate, please open a ticket with SECM to discuss by emailing secrets-team@umn.edu

In certain circumstances, fetching secrets directly from Vault is impossible or impractical. To help with this challenge, Vault can maintain a one-way sync for KVv2 secrets into various destinations that are easier to access for some clients. With this, Vault remains the system of records but can cache a subset of secrets on various external systems acting as trusted last-mile delivery systems.

For more information, visit Hashicorp's Developer Documentation

Destinations#

  • AWS Secrets Manager
  • Azure Key Vault
  • GCP Secret Manager
  • GitHub Repository Actions
  • Vercel Projects