Skip to main content

What are syncs?

Enkryptify syncs keep your secrets up to date across platforms by propagating them from Enkryptify to external providers. Syncs are currently one-way: changes in Enkryptify are pushed to the destination provider, never the other way around. This ensures a single source of truth and prevents accidental overwrites.
Only admins can create and manage syncs. Syncs always use shared secret values, personal overrides are not synced.

How do syncs work?

  1. You create a sync in the Enkryptify dashboard.
  2. You authenticate with the destination provider and select scope (different for each provider).
  3. You map Enkryptify environments (e.g., production, staging) to provider environments.
  4. Enkryptify pushes secrets on creation, update or manual re-run.

Environment mapping

When setting up a sync, you map each Enkryptify environment to a corresponding environment on the destination provider. For example, your Enkryptify “production” environment might map to Vercel’s “Production” environment or a specific GitHub Actions environment. Only mapped environments are synced, unmapped environments are ignored. If you need to sync multiple environments, you can create multiple syncs.

Re-running syncs

You can manually re-run a sync from the project’s syncs page to force-push all current secret values to the provider. This is useful after bulk changes or to recover from a provider-side issue.

Supported integrations

GitHub

Sync to GitHub Actions secrets and environments.

GitLab

Sync to GitLab CI/CD variables.

Vercel

Sync to Vercel project environment variables.

AWS Secrets Manager

Sync to AWS Secrets Manager.

AWS Amplify

Sync to AWS Amplify environment variables.

GCP Secret Manager

Sync to Google Cloud Secret Manager.

Framework guides

Enkryptify is framework- and language-agnostic, but we offer framework-specific guides for popular stacks. If you don’t see your stack here, you can still use the CLI to inject secrets into your application.