From 539daf9316ae84f349fe24ccb41a9671b1d87871 Mon Sep 17 00:00:00 2001 From: Scott Wilson Date: Wed, 10 Dec 2025 10:25:39 -0800 Subject: [PATCH] improvement: refine and expand secret sync ovewrite destination initial sync behavior warnings --- .../SecretSyncOptionsFields.tsx | 36 +++++++++++++------ 1 file changed, 26 insertions(+), 10 deletions(-) diff --git a/frontend/src/components/secret-syncs/forms/SecretSyncOptionsFields/SecretSyncOptionsFields.tsx b/frontend/src/components/secret-syncs/forms/SecretSyncOptionsFields/SecretSyncOptionsFields.tsx index 506c81a212..a76f4cbbe3 100644 --- a/frontend/src/components/secret-syncs/forms/SecretSyncOptionsFields/SecretSyncOptionsFields.tsx +++ b/frontend/src/components/secret-syncs/forms/SecretSyncOptionsFields/SecretSyncOptionsFields.tsx @@ -9,7 +9,11 @@ import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; import { FormControl, Input, Select, SelectItem, Switch, Tooltip } from "@app/components/v2"; import { SECRET_SYNC_INITIAL_SYNC_BEHAVIOR_MAP, SECRET_SYNC_MAP } from "@app/helpers/secretSyncs"; -import { SecretSync, useSecretSyncOption } from "@app/hooks/api/secretSyncs"; +import { + SecretSync, + SecretSyncInitialSyncBehavior, + useSecretSyncOption +} from "@app/hooks/api/secretSyncs"; import { TSecretSyncForm } from "../schemas"; import { AwsParameterStoreSyncOptionsFields } from "./AwsParameterStoreSyncOptionsFields"; @@ -139,13 +143,25 @@ export const SecretSyncOptionsFields = ({ hideInitialSync }: Props) => { )} /> - {!syncOption?.canImportSecrets && ( + {!syncOption?.canImportSecrets ? (

{destinationName} only supports overwriting destination secrets.{" "} {!currentSyncOption.disableSecretDeletion && - "Secrets not present in Infisical will be removed from the destination."} + `Secrets not present in Infisical will be removed from the destination. Consider adding a key schema or disabling secret deletion if you do not want existing secrets to be removed from ${destinationName}.`}

+ ) : ( + currentSyncOption.initialSyncBehavior === + SecretSyncInitialSyncBehavior.OverwriteDestination && + !currentSyncOption.disableSecretDeletion && ( +

+ + Secrets not present in Infisical will be removed from the destination. If you have + secrets in {destinationName} that you do not want deleted, consider setting initial + sync behavior to import destination secrets. Alternatively, configure a key schema + or disable secret deletion below to have Infisical ignore these secrets. +

+ ) )} )} @@ -183,26 +199,26 @@ export const SecretSyncOptionsFields = ({ hideInitialSync }: Props) => { className="max-w-md" content={ - We highly recommend using a{" "} + We highly recommend configuring a{" "} - Key Schema + key schema {" "} - to ensure that Infisical only manages the specific keys you intend, keeping - everything else untouched. + to ensure that Infisical only manages secrets in {destinationName} that match + the key pattern.

Destination secrets that do not match the schema will not be deleted or updated. } > -
- Infisical strongly advises setting a Key Schema{" "} - +
+ Infisical strongly advises configuring a key schema{" "} +
}