Sync Command

Synchronizes selected keys from Keeper Vault to an external secrets manager

Synchronization is one way only, using Keeper as a source of truth (read only) and updates only the remote key-value pairs in the external secrets manager.

sync command

Description: Import and synchronize secrets from the Keeper Vault with external secrets management systems

ksm sync --credentials <UID> --type [aws|azure|gcp|json] [--dry-run] [--preserve-missing] --map <KEY NOTATION>...

Requires a Secrets Manager profile that has been initialized with: ksm profile init <TOKEN> See the Profile Documentation for more information

parameters:

  • -t, --type Type of the target key/value storage. Available types are:

    • aws - AWS Secrets Manager

    • azure- Azure Key Vault

    • gcp - GCP Secret Manager

    • json - lists all pending sync operations including both source and destination values

  • -m, --map <KEY NOTATION>... Map destination key names to values using notation URI

  • -c, --credentials <uid> UID of Keeper record with credentials to access destination key/value storage. The specified record must be shared with the Keeper Secrets Manager Application

optional parameters:

  • -n, --dry-run Perform a trial run with no changes made.

  • -p, --preserve-missing Preserve destination value when source value is deleted.

Sync Types

Select an external provider below to learn more about the integration.

AWS Secrets ManagerAzure Key VaultGCP Secret Manager

Last updated