Synchronizes selected keys from Keeper Vault to an external secrets manager
Synchronization is one way only, using Keeper as a source of truth (read only) and updates only the remote key-value pairs in the external secrets manager.
sync
commandDescription: Import and synchronize secrets from the Keeper Vault with external secrets management systems
ksm sync --credentials <UID> --type [aws|azure|gcp|json] [--dry-run] [--preserve-missing] --map <KEY NOTATION>...
Requires a Secrets Manager profile that has been initialized with:
ksm profile init <TOKEN>
See
the Profile Documentation for more information
parameters:
-t, --type
Type of the target key/value storage. Available types are:
aws
- AWS Secrets Manager
azure
- Azure Key Vault
gcp
- GCP Secret Manager
json
- lists all pending sync operations including both source and destination values
-m, --map
<KEY NOTATION>...
Map destination key names to values using notation URI
-c, --credentials <uid>
UID of Keeper record with credentials to access destination key/value storage. The specified record must be shared with the Keeper Secrets Manager Application
optional parameters:
-n, --dry-run
Perform a trial run with no changes made.
-p, --preserve-missing
Preserve destination value when source value is deleted.
Select an external provider below to learn more about the integration.
AWS Secrets ManagerAzure Key VaultGCP Secret Manager