infisical/docs/integrations/secret-syncs/azure-key-vault.mdx

---
title: "Azure Key Vault Sync"
description: "Learn how to configure a Azure Key Vault Sync for Infisical."
---

**Prerequisites:**

        - Set up and add secrets to [Infisical Cloud](https://app.infisical.com)
        - Create a [Azure Connection](/integrations/app-connections/azure), configured for Azure Key Vault.

<Tabs>
    <Tab title="Infisical UI">
        1. Navigate to **Project** > **Integrations** and select the **Secret Syncs** tab. Click on the **Add Sync** button.
        ![Secret Syncs Tab](/images/secret-syncs/general/secret-sync-tab.png)

        2. Select the **Azure Key Vault** option.
        ![Select Key Vault](/images/secret-syncs/azure-key-vault/select-key-vault-option.png)

        3. Configure the **Source** from where secrets should be retrieved, then click **Next**.
        ![Configure Source](/images/secret-syncs/azure-key-vault/vault-source.png)

            - **Environment**: The project environment to retrieve secrets from.
            - **Secret Path**: The folder path to retrieve secrets from.

        <Tip>
            If you need to sync secrets from multiple folder locations, check out [secret imports](/documentation/platform/secret-reference#secret-imports).
        </Tip>

        4. Configure the **Destination** to where secrets should be deployed, then click **Next**.
        ![Configure Destination](/images/secret-syncs/azure-key-vault/vault-destination.png)

            - **Azure Connection**: The Azure Connection to authenticate with.
            - **Vault Base URL**: The URL of your Azure Key Vault.
            <p class="height:1px"  />

        5. Configure the **Sync Options** to specify how secrets should be synced, then click **Next**.
        ![Configure Options](/images/secret-syncs/azure-key-vault/vault-options.png)

            - **Initial Sync Behavior**: Determines how Infisical should resolve the initial sync.
                - **Overwrite Destination Secrets**: Removes any secrets at the destination endpoint not present in Infisical.
                <Note>
                    Azure Key Vault does not support importing secrets.
                </Note>
            - **Auto-Sync Enabled**: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.

        6. Configure the **Details** of your Azure Key Vault Sync, then click **Next**.
        ![Configure Details](/images/secret-syncs/azure-key-vault/vault-details.png)

            - **Name**: The name of your sync. Must be slug-friendly.
            - **Description**: An optional description for your sync.

        7. Review your Azure Key Vault Sync configuration, then click **Create Sync**.
        ![Confirm Configuration](/images/secret-syncs/azure-key-vault/vault-review.png)

        8. If enabled, your Azure Key Vault Sync will begin syncing your secrets to the destination endpoint.
        ![Sync Secrets](/images/secret-syncs/azure-key-vault/vault-synced.png)

    </Tab>
    <Tab title="API">
        To create a **Azure Key Vault Sync**, make an API request to the [Create Key Vault Sync](/api-reference/endpoints/secret-syncs/azure-key-vault/create) API endpoint.

        ### Sample request

        ```bash Request
        curl --request POST \
        --url https://app.infisical.com/api/v1/secret-syncs/azure-key-vault \
        --header 'Content-Type: application/json' \
        --data '{
            "name": "my-key-vault-sync",
            "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "description": "an example sync",
            "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "environment": "dev",
            "secretPath": "/my-secrets",
            "isEnabled": true,
            "syncOptions": {
                "initialSyncBehavior": "overwrite-destination"
            },
            "destinationConfig": {
                "vaultBaseUrl: "https://my-key-vault.vault.azure.net"
            }
        }'
        ```

        ### Sample response

        ```json Response
        {
            "secretSync": {
                "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "name": "my-key-vault-sync",
                "description": "an example sync",
                "isEnabled": true,
                "version": 1,
                "folderId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "createdAt": "2023-11-07T05:31:56Z",
                "updatedAt": "2023-11-07T05:31:56Z",
                "syncStatus": "succeeded",
                "lastSyncJobId": "123",
                "lastSyncMessage": null,
                "lastSyncedAt": "2023-11-07T05:31:56Z",
                "importStatus": null,
                "lastImportJobId": null,
                "lastImportMessage": null,
                "lastImportedAt": null,
                "removeStatus": null,
                "lastRemoveJobId": null,
                "lastRemoveMessage": null,
                "lastRemovedAt": null,
                "syncOptions": {
                    "initialSyncBehavior": "overwrite-destination"
                },
                "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "connection": {
                    "app": "azure",
                    "name": "my-azure-key-vault-connection",
                    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
                },
                "environment": {
                    "slug": "dev",
                    "name": "Development",
                    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
                },
                "folder": {
                    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                    "path": "/my-secrets"
                },
                "destination": "azure-key-vault",
                "destinationConfig": {
                  "vaultBaseUrl": "https://my-key-vault.vault.azure.net"
                }
            }
        }
        ```
    </Tab>
</Tabs>