Sync Command

Synchronizes selected keys from Keeper Vault to a secure cloud based key value store

Synchronization is one way only, using Keeper as a source of truth (read only) and updates only the remote key-value pairs in the cloud based key value store.

sync command

Description: Import and synchronize secrets from the Keeper Vault with external Secrets Management systems

ksm sync --credentials <UID> --type [aws|azure|gcp|json] [--dry-run] [--preserve-missing] --map <KEY NOTATION>...

Requires a Secrets Manager profile that has been initialized with: ksm profile init <TOKEN> See the Profile Documentation for more information


  • -t, --type Type of the target key/value storage. Available types are:

    • aws - AWS Secrets Manager

    • azure- Azure Key Vault

    • gcp - GCP Secret Manager

    • json - lists all pending sync operations including both source and destination values

  • -m, --map <KEY NOTATION>... Map destination key names to values using notation URI

  • -c, --credentials <uid> UID of Keeper record with credentials to access destination key/value storage. The specified record must be shared with the Keeper Secrets Manager Application

optional parameters:

  • -n, --dry-run Perform a trial run with no changes made.

  • -p, --preserve-missing Preserve destination value when source value is deleted.

Sync Types

Select a sync type below to learn more about them

pageAWS Secrets ManagerpageAzure Key VaultpageGCP Secret Manager

Last updated