For the complete documentation index, see llms.txt. This page is also available as Markdown.
Universal Secrets Sync using the Vault
Running USS using the Keeper Vault user interface
Overview
This guide covers how to trigger and confirm a USS sync operation from the Keeper Vault user interface.
Before proceeding, review the Universal Secrets Sync Basics documentation to ensure your PAM Configuration and Keeper Gateway are set up correctly.
Automatic Sync
When Dry-run is not enabled on the PAM configuration, USS runs automatically whenever a Keeper record in a linked folder is created or updated. No manual action is required from the Vault UI.
To monitor sync activity, check the events in the Reporting and Alerts section of Admin Console.
Manual Sync - Dry Run Mode
When Dry-run is selected, changes are not pushed to the cloud provider until you explicitly approve them.
Step 1 - Open the linked folder
Navigate to one of the linked folders of the USS configuration and select “Push Updates”.
Step 2 - Review the secrets
A preview of every secret that would be created or updated in the cloud provider is displayed. Review the list carefully before proceeding.
Step 3 - Confirm or cancel
Click Sync Now to confirm and push the changes to the cloud provider. To cancel without making any changes, close the dialog without clicking Sync Now.
Step 4 — Confirm the result
After clicking Sync Now, the Vault displays a confirmation of the sync result. Check the last sync timestamp and status in the application or folder view to verify the operation completed successfully.
Related Pages
USS Overview - Feature summary, architecture, and key capabilities
USS Basics - Prerequisites and PAM Configuration setup
Migration Guide - Import existing cloud secrets and configure USS in one workflow
