The Infisical API allows you to create programmatic integrations that connect with third-party secret managers to synchronize secrets from Infisical. This guide will primarily demonstrate the process using AWS Secret Store Manager (AWS SSM), but the steps are generally applicable to other secret management integrations.
For details on setting up AWS SSM synchronization and understanding its prerequisites, refer to the AWS SSM integration setup documentation.
1

Authenticate with AWS SSM

Authentication is required for all integrations. Use the Integration Auth API with the following parameters to authenticate.
integration
string
required
Set this parameter to aws-secret-manager.
workspaceId
string
required
The Infisical project ID for the integration.
accessId
string
required
The AWS IAM User Access ID.
accessToken
string
required
The AWS IAM User Access Secret Key.
Request
curl --request POST \
    --url https://app.infisical.com/api/v1/integration-auth/access-token \
    --header 'Authorization: <authorization>' \
    --header 'Content-Type: application/json' \
    --data '{
    "workspaceId": "<workspaceid>",
    "integration": "aws-secret-manager",
    "accessId": "<aws iam user access id>",
    "accessToken": "<aws iam user access secret key>"
}'
2

Configure the Synchronization Setup

Once authentication between AWS SSM and Infisical is established, you can configure the synchronization behavior. This involves specifying the source (environment and secret path in Infisical) and the destination in SSM to which the secrets will be synchronized.Use the integration API with the following parameters to configure the sync source and destination.
integrationAuthId
string
required
The ID of the integration authentication object used with AWS, obtained from the previous API response.
isActive
boolean
Indicates whether the integration should be active or inactive.
app
string
required
The secret name for saving in AWS SSM, which can be arbitrarily chosen.
region
string
required
The AWS region where the SSM is located, e.g., us-east-1.
sourceEnvironment
string
required
The Infisical environment slug from which secrets will be synchronized, e.g., dev.
secretPath
string
required
The Infisical folder path from which secrets will be synchronized, e.g., /some/path. The root path is /.
Request
curl --request POST \
    --url https://app.infisical.com/api/v1/integration \
    --header 'Authorization: <authorization>' \
    --header 'Content-Type: application/json' \
    --data '{
    "integrationAuthId": "<integrationauthid>",
    "sourceEnvironment": "<sourceenvironment>",
    "secretPath": "<secret-path, default is '/' >",
    "app": "<app>",
    "region": "<aws-ssm-region>"
}'
Congratulations! You have successfully set up an integration to synchronize secrets from Infisical with AWS SSM. For more information, view the integration API reference.