General frontend structure for 2FA - done

2025-03-19 21:06:42 +00:00 · 2023-02-09 15:49:47 -08:00
179 changed files with 1839 additions and 7962 deletions
--- a/.github/workflows/release_build.yml
+++ b/.github/workflows/release_build.yml
@ -4,7 +4,7 @@ on:
  push:
    # run only against tags
    tags:
-      - "v*"
+      - 'v*'

 permissions:
  contents: write
@ -18,16 +18,11 @@ jobs:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
-      - name: 🐋 Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - run: git fetch --force --tags
      - run: echo "Ref name ${{github.ref_name}}"
      - uses: actions/setup-go@v3
        with:
-          go-version: ">=1.19.3"
+          go-version: '>=1.19.3'
          cache: true
          cache-dependency-path: cli/go.sum
      - name: libssl1.1 => libssl1.0-dev for OSXCross
@ -50,7 +45,8 @@ jobs:
          AUR_KEY: ${{ secrets.AUR_KEY }}
      - uses: actions/setup-python@v4
      - run: pip install --upgrade cloudsmith-cli
-      - name: Publish to CloudSmith
+      - name: Publish to CloudSmith 
        run: sh cli/upload_to_cloudsmith.sh
        env:
          CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
+      
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@ -68,10 +68,10 @@ archives:

 release:
  replace_existing_draft: true
-  mode: "replace"
+  mode: 'replace'

 checksum:
-  name_template: "checksums.txt"
+  name_template: 'checksums.txt'

 snapshot:
  name_template: "{{ incpatch .Version }}-devel"
@ -80,8 +80,8 @@ changelog:
  sort: asc
  filters:
    exclude:
-      - "^docs:"
-      - "^test:"
+      - '^docs:'
+      - '^test:'

 # publishers:
 #   - name: fury.io
@ -109,30 +109,30 @@ brews:
      man1.install "manpages/infisical.1.gz"

 nfpms:
-  - id: infisical
-    package_name: infisical
-    builds:
-      - all-other-builds
-    vendor: Infisical, Inc
-    homepage: https://infisical.com/
-    maintainer: Infisical, Inc
-    description: The offical Infisical CLI
-    license: MIT
-    formats:
-      - rpm
-      - deb
-      - apk
-      - archlinux
-    bindir: /usr/bin
-    contents:
-      - src: ./completions/infisical.bash
-        dst: /etc/bash_completion.d/infisical
-      - src: ./completions/infisical.fish
-        dst: /usr/share/fish/vendor_completions.d/infisical.fish
-      - src: ./completions/infisical.zsh
-        dst: /usr/share/zsh/site-functions/_infisical
-      - src: ./manpages/infisical.1.gz
-        dst: /usr/share/man/man1/infisical.1.gz
+- id: infisical
+  package_name: infisical
+  builds:
+    - all-other-builds
+  vendor: Infisical, Inc
+  homepage: https://infisical.com/
+  maintainer: Infisical, Inc
+  description: The offical Infisical CLI
+  license: MIT
+  formats:
+  - rpm
+  - deb
+  - apk
+  - archlinux
+  bindir: /usr/bin
+  contents:
+    - src: ./completions/infisical.bash
+      dst: /etc/bash_completion.d/infisical
+    - src: ./completions/infisical.fish
+      dst: /usr/share/fish/vendor_completions.d/infisical.fish
+    - src: ./completions/infisical.zsh
+      dst: /usr/share/zsh/site-functions/_infisical
+    - src: ./manpages/infisical.1.gz
+      dst: /usr/share/man/man1/infisical.1.gz

 scoop:
  bucket:
@ -146,14 +146,15 @@ scoop:
  license: MIT

 aurs:
-  - name: infisical-bin
+  -
+    name: infisical-bin
    homepage: "https://infisical.com"
    description: "The official Infisical CLI"
    maintainers:
      - Infisical, Inc <support@infisical.com>
    license: MIT
-    private_key: "{{ .Env.AUR_KEY }}"
-    git_url: "ssh://aur@aur.archlinux.org/infisical-bin.git"
+    private_key: '{{ .Env.AUR_KEY }}'
+    git_url: 'ssh://aur@aur.archlinux.org/infisical-bin.git'
    package: |-
      # bin
      install -Dm755 "./infisical" "${pkgdir}/usr/bin/infisical"
@ -168,13 +169,19 @@ aurs:
      install -Dm644 "./completions/infisical.fish" "${pkgdir}/usr/share/fish/vendor_completions.d/infisical.fish"
      # man pages
      install -Dm644 "./manpages/infisical.1.gz" "${pkgdir}/usr/share/man/man1/infisical.1.gz"
-
 # dockers:
-#   - dockerfile: cli/docker/Dockerfile
+#   - dockerfile: goreleaser.dockerfile
 #     goos: linux
 #     goarch: amd64
 #     ids:
 #       - infisical
 #     image_templates:
-#       - "infisical/cli:{{ .Version }}"
+#       - "infisical/cli:{{ .Version }}"             
+#       - "infisical/cli:{{ .Major }}.{{ .Minor }}"  
+#       - "infisical/cli:{{ .Major }}"               
 #       - "infisical/cli:latest"
+#     build_flag_templates:
+#       - "--label=org.label-schema.schema-version=1.0"
+#       - "--label=org.label-schema.version={{.Version}}"
+#       - "--label=org.label-schema.name={{.ProjectName}}"
+#       - "--platform=linux/amd64"
--- a/README.md
+++ b/README.md
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
--- a/backend/package.json
+++ b/backend/package.json
@ -1,18 +1,11 @@
 {
  "dependencies": {
-    "@aws-sdk/client-secrets-manager": "^3.267.0",
    "@godaddy/terminus": "^4.11.2",
-    "@octokit/rest": "^19.0.5",
-    "@sentry/node": "^7.14.0",
-    "@sentry/tracing": "^7.19.0",
+    "@sentry/node": "^7.21.1",
+    "@sentry/tracing": "^7.21.1",
    "@types/crypto-js": "^4.1.1",
-    "@types/libsodium-wrappers": "^0.7.10",
-    "await-to-js": "^3.0.0",
-    "aws-sdk": "^2.1311.0",
-    "axios": "^1.1.3",
-    "bcrypt": "^5.1.0",
+    "axios": "^1.2.0",
    "bigint-conversion": "^2.2.2",
-    "builder-pattern": "^2.2.0",
    "cookie-parser": "^1.4.6",
    "cors": "^2.8.5",
    "crypto-js": "^4.1.1",
@ -22,26 +15,17 @@
    "express-validator": "^6.14.2",
    "handlebars": "^4.7.7",
    "helmet": "^5.1.1",
-    "js-yaml": "^4.1.0",
-    "jsonwebtoken": "^9.0.0",
+    "jsonwebtoken": "^8.5.1",
    "jsrp": "^0.2.4",
-    "libsodium-wrappers": "^0.7.10",
-    "lodash": "^4.17.21",
-    "mongoose": "^6.7.2",
+    "mongoose": "^6.7.3",
    "nodemailer": "^6.8.0",
-    "posthog-node": "^2.2.2",
+    "posthog-node": "^2.1.0",
    "query-string": "^7.1.3",
-    "request-ip": "^3.3.0",
    "rimraf": "^3.0.2",
    "stripe": "^10.7.0",
-    "swagger-autogen": "^2.22.0",
-    "swagger-ui-express": "^4.6.0",
    "tweetnacl": "^1.0.3",
    "tweetnacl-util": "^0.15.1",
-    "typescript": "^4.9.3",
-    "utility-types": "^3.10.0",
-    "winston": "^3.8.2",
-    "winston-loki": "^6.0.6"
+    "typescript": "^4.9.3"
  },
  "name": "infisical-api",
  "version": "1.0.0",
@ -118,5 +102,47 @@
    "suiteNameTemplate": "{filepath}",
    "classNameTemplate": "{classname}",
    "titleTemplate": "{title}"
+  },
+  "dependencies": {
+    "@godaddy/terminus": "^4.11.2",
+    "@octokit/rest": "^19.0.5",
+    "@sentry/node": "^7.14.0",
+    "@sentry/tracing": "^7.19.0",
+    "@types/crypto-js": "^4.1.1",
+    "@types/libsodium-wrappers": "^0.7.10",
+    "await-to-js": "^3.0.0",
+    "axios": "^1.1.3",
+    "bcrypt": "^5.1.0",
+    "bigint-conversion": "^2.2.2",
+    "builder-pattern": "^2.2.0",
+    "cookie-parser": "^1.4.6",
+    "cors": "^2.8.5",
+    "crypto-js": "^4.1.1",
+    "dotenv": "^16.0.1",
+    "express": "^4.18.1",
+    "express-rate-limit": "^6.7.0",
+    "express-validator": "^6.14.2",
+    "handlebars": "^4.7.7",
+    "helmet": "^5.1.1",
+    "js-yaml": "^4.1.0",
+    "jsonwebtoken": "^9.0.0",
+    "jsrp": "^0.2.4",
+    "libsodium-wrappers": "^0.7.10",
+    "lodash": "^4.17.21",
+    "mongoose": "^6.7.2",
+    "nodemailer": "^6.8.0",
+    "posthog-node": "^2.2.2",
+    "query-string": "^7.1.3",
+    "request-ip": "^3.3.0",
+    "rimraf": "^3.0.2",
+    "stripe": "^10.7.0",
+    "swagger-autogen": "^2.22.0",
+    "swagger-ui-express": "^4.6.0",
+    "tweetnacl": "^1.0.3",
+    "tweetnacl-util": "^0.15.1",
+    "typescript": "^4.9.3",
+    "utility-types": "^3.10.0",
+    "winston": "^3.8.2",
+    "winston-loki": "^6.0.6"
  }
 }
--- a/backend/src/config/index.ts
+++ b/backend/src/config/index.ts
@ -1,6 +1,5 @@
 const PORT = process.env.PORT || 4000;
-const EMAIL_TOKEN_LIFETIME = parseInt(process.env.EMAIL_TOKEN_LIFETIME! || '86400');
-const INVITE_ONLY_SIGNUP = process.env.INVITE_ONLY_SIGNUP == undefined ? false : process.env.INVITE_ONLY_SIGNUP
+const EMAIL_TOKEN_LIFETIME = process.env.EMAIL_TOKEN_LIFETIME! || '86400';
 const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY!;
 const SALT_ROUNDS = parseInt(process.env.SALT_ROUNDS!) || 10;
 const JWT_AUTH_LIFETIME = process.env.JWT_AUTH_LIFETIME! || '10d';
@ -25,7 +24,7 @@ const CLIENT_SECRET_HEROKU = process.env.CLIENT_SECRET_HEROKU!;
 const CLIENT_SECRET_VERCEL = process.env.CLIENT_SECRET_VERCEL!;
 const CLIENT_SECRET_NETLIFY = process.env.CLIENT_SECRET_NETLIFY!;
 const CLIENT_SECRET_GITHUB = process.env.CLIENT_SECRET_GITHUB!;
-const CLIENT_SLUG_VERCEL = process.env.CLIENT_SLUG_VERCEL!;
+const CLIENT_SLUG_VERCEL= process.env.CLIENT_SLUG_VERCEL!;
 const POSTHOG_HOST = process.env.POSTHOG_HOST! || 'https://app.posthog.com';
 const POSTHOG_PROJECT_API_KEY =
  process.env.POSTHOG_PROJECT_API_KEY! ||
@ -51,7 +50,6 @@ const LICENSE_KEY = process.env.LICENSE_KEY!;
 export {
  PORT,
  EMAIL_TOKEN_LIFETIME,
-  INVITE_ONLY_SIGNUP,
  ENCRYPTION_KEY,
  SALT_ROUNDS,
  JWT_AUTH_LIFETIME,
--- a/backend/src/controllers/v1/integrationAuthController.ts
+++ b/backend/src/controllers/v1/integrationAuthController.ts
@ -35,11 +35,14 @@ export const getIntegrationAuth = async (req: Request, res: Response) => {
 	});
 }

-export const getIntegrationOptions = async (req: Request, res: Response) => {
-  return res.status(200).send({
-    integrationOptions: INTEGRATION_OPTIONS,
-  });
-};
+export const getIntegrationOptions = async (
+	req: Request,
+	res: Response
+) => {
+	return res.status(200).send({
+		integrationOptions: INTEGRATION_OPTIONS
+	});
+}

 /**
 * Perform OAuth2 code-token exchange as part of integration [integration] for workspace with id [workspaceId]
@ -81,28 +84,23 @@ export const oAuthExchange = async (
 };

 /**
- * Save integration access token and (optionally) access id as part of integration
- * [integration] for workspace with id [workspaceId]
+ * Save integration access token as part of integration [integration] for workspace with id [workspaceId]
 * @param req 
 * @param res 
 */
 export const saveIntegrationAccessToken = async (
-  req: Request,
-  res: Response
+	req: Request,
+	res: Response
 ) => {
 	// TODO: refactor
-	// TODO: check if access token is valid for each integration
-
 	let integrationAuth;
 	try {
 		const {
 			workspaceId,
-			accessId,
 			accessToken,
 			integration
 		}: {
 			workspaceId: string;
-			accessId: string | null;
 			accessToken: string;
 			integration: string;
 		} = req.body;
@ -125,10 +123,9 @@ export const saveIntegrationAccessToken = async (
            upsert: true
        });
 		
-		// encrypt and save integration access details
+		// encrypt and save integration access token
 		integrationAuth = await IntegrationService.setIntegrationAuthAccess({
 			integrationAuthId: integrationAuth._id.toString(),
-			accessId,
 			accessToken,
 			accessExpiresAt: undefined
 		});
@ -154,23 +151,23 @@ export const saveIntegrationAccessToken = async (
 * @returns
 */
 export const getIntegrationAuthApps = async (req: Request, res: Response) => {
-  let apps;
-  try {
-    apps = await getApps({
-      integrationAuth: req.integrationAuth,
-      accessToken: req.accessToken,
-    });
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to get integration authorization applications",
-    });
-  }
+	let apps;
+	try {
+		apps = await getApps({
+			integrationAuth: req.integrationAuth,
+			accessToken: req.accessToken
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+        Sentry.captureException(err);	
+		return res.status(400).send({
+			message: 'Failed to get integration authorization applications'
+		});
+	}

-  return res.status(200).send({
-    apps,
-  });
+	return res.status(200).send({
+		apps
+	});
 };

 /**
@ -180,21 +177,21 @@ export const getIntegrationAuthApps = async (req: Request, res: Response) => {
 * @returns
 */
 export const deleteIntegrationAuth = async (req: Request, res: Response) => {
-  let integrationAuth;
-  try {
-    integrationAuth = await revokeAccess({
-      integrationAuth: req.integrationAuth,
-      accessToken: req.accessToken,
-    });
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to delete integration authorization",
-    });
-  }
-
-  return res.status(200).send({
-    integrationAuth,
-  });
-};
+	let integrationAuth;
+	try {
+		integrationAuth = await revokeAccess({
+			integrationAuth: req.integrationAuth,
+			accessToken: req.accessToken
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+        Sentry.captureException(err);	
+		return res.status(400).send({
+			message: 'Failed to delete integration authorization'
+		});
+	}
+	
+	return res.status(200).send({
+		integrationAuth
+	});
+}
--- a/backend/src/controllers/v1/integrationController.ts
+++ b/backend/src/controllers/v1/integrationController.ts
@ -12,9 +12,9 @@ import { eventPushSecrets } from '../../events';

 /**
 * Create/initialize an (empty) integration for integration authorization
- * @param req
- * @param res
- * @returns
+ * @param req 
+ * @param res 
+ * @returns 
 */
 export const createIntegration = async (req: Request, res: Response) => {
 	let integration;
@ -26,9 +26,7 @@ export const createIntegration = async (req: Request, res: Response) => {
 			isActive,
 			sourceEnvironment,
 			targetEnvironment,
-			owner,
-			path,
-			region
+			owner
 		} = req.body;
 		
 		// TODO: validate [sourceEnvironment] and [targetEnvironment]
@ -42,8 +40,6 @@ export const createIntegration = async (req: Request, res: Response) => {
 			appId,
 			targetEnvironment,
 			owner,
-			path,
-			region,
            integration: req.integrationAuth.integration,
            integrationAuth: new Types.ObjectId(integrationAuthId)
        }).save();
@ -65,10 +61,10 @@ export const createIntegration = async (req: Request, res: Response) => {
 		});
 	}

-  return res.status(200).send({
-    integration,
-  });
-};
+	return res.status(200).send({
+		integration
+	});
+}

 /**
 * Change environment or name of integration with id [integrationId]
@ -77,57 +73,57 @@ export const createIntegration = async (req: Request, res: Response) => {
 * @returns
 */
 export const updateIntegration = async (req: Request, res: Response) => {
-  let integration;
+	let integration;
+	
+	// TODO: add integration-specific validation to ensure that each
+	// integration has the correct fields populated in [Integration]
+	
+	try {
+		const { 
+			environment, 
+			isActive, 
+			app, 
+			appId,
+			targetEnvironment,
+			owner, // github-specific integration param
+		} = req.body;
+		
+		integration = await Integration.findOneAndUpdate(
+			{
+				_id: req.integration._id
+			},
+			{
+				environment,
+				isActive,
+				app,
+				appId,
+				targetEnvironment,
+				owner
+			},
+			{
+				new: true
+			}
+		);
+		
+		if (integration) {
+			// trigger event - push secrets
+			EventService.handleEvent({
+				event: eventPushSecrets({
+					workspaceId: integration.workspace.toString()
+				})
+			});
+		}
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to update integration'
+		});
+	}

-  // TODO: add integration-specific validation to ensure that each
-  // integration has the correct fields populated in [Integration]
-
-  try {
-    const {
-      environment,
-      isActive,
-      app,
-      appId,
-      targetEnvironment,
-      owner, // github-specific integration param
-    } = req.body;
-
-    integration = await Integration.findOneAndUpdate(
-      {
-        _id: req.integration._id,
-      },
-      {
-        environment,
-        isActive,
-        app,
-        appId,
-        targetEnvironment,
-        owner,
-      },
-      {
-        new: true,
-      }
-    );
-
-    if (integration) {
-      // trigger event - push secrets
-      EventService.handleEvent({
-        event: eventPushSecrets({
-          workspaceId: integration.workspace.toString(),
-        }),
-      });
-    }
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to update integration",
-    });
-  }
-
-  return res.status(200).send({
-    integration,
-  });
+	return res.status(200).send({
+		integration
+	});
 };

 /**
@ -138,24 +134,24 @@ export const updateIntegration = async (req: Request, res: Response) => {
 * @returns
 */
 export const deleteIntegration = async (req: Request, res: Response) => {
-  let integration;
-  try {
-    const { integrationId } = req.params;
+	let integration;
+	try {
+		const { integrationId } = req.params;

-    integration = await Integration.findOneAndDelete({
-      _id: integrationId,
-    });
-
-    if (!integration) throw new Error("Failed to find integration");
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to delete integration",
-    });
-  }
-
-  return res.status(200).send({
-    integration,
-  });
+		integration = await Integration.findOneAndDelete({
+			_id: integrationId
+		});
+		
+		if (!integration) throw new Error('Failed to find integration');
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to delete integration'
+		});
+	}
+	
+	return res.status(200).send({
+		integration
+	});
 };
--- a/backend/src/controllers/v1/membershipOrgController.ts
+++ b/backend/src/controllers/v1/membershipOrgController.ts
@ -1,7 +1,7 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import crypto from 'crypto';
-import { SITE_URL, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET, EMAIL_TOKEN_LIFETIME } from '../../config';
+import { SITE_URL, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../../config';
 import { MembershipOrg, Organization, User, Token } from '../../models';
 import { deleteMembershipOrg as deleteMemberFromOrg } from '../../helpers/membershipOrg';
 import { checkEmailVerification } from '../../helpers/signup';
@ -113,14 +113,14 @@ export const inviteUserToOrganization = async (req: Request, res: Response) => {
 		if (!membershipOrg) {
 			throw new Error('Failed to validate organization membership');
 		}
-
+		
 		invitee = await User.findOne({
 			email: inviteeEmail
 		}).select('+publicKey');

 		if (invitee) {
 			// case: invitee is an existing user
-
+			
 			inviteeMembershipOrg = await MembershipOrg.findOne({
 				user: invitee._id,
 				organization: organizationId
@ -170,8 +170,7 @@ export const inviteUserToOrganization = async (req: Request, res: Response) => {
 				{
 					email: inviteeEmail,
 					token,
-					createdAt: new Date(),
-					ttl: Math.floor(+new Date() / 1000) + EMAIL_TOKEN_LIFETIME // time in seconds, i.e unix
+					createdAt: new Date()
 				},
 				{ upsert: true, new: true }
 			);
@ -242,7 +241,7 @@ export const verifyUserToOrganization = async (req: Request, res: Response) => {
 				message: 'Successfully verified email',
 				user,
 			});
-		}
+        }

 		if (!user) {
 			// initialize user account
--- a/backend/src/controllers/v1/organizationController.ts
+++ b/backend/src/controllers/v1/organizationController.ts
@ -14,13 +14,11 @@ import {
 	MembershipOrg,
 	Organization,
 	Workspace,
-	IncidentContactOrg,
-	IMembershipOrg
+	IncidentContactOrg
 } from '../../models';
 import { createOrganization as create } from '../../helpers/organization';
 import { addMembershipsOrg } from '../../helpers/membershipOrg';
 import { OWNER, ACCEPTED } from '../../variables';
-import _ from 'lodash';

 export const getOrganizations = async (req: Request, res: Response) => {
 	let organizations;
@ -384,44 +382,3 @@ export const getOrganizationSubscriptions = async (
 		subscriptions
 	});
 };
-
-
-/**
- * Given a org id, return the projects each member of the org belongs to
- * @param req
- * @param res
- * @returns
- */
-export const getOrganizationMembersAndTheirWorkspaces = async (
-	req: Request,
-	res: Response
-) => {
-	const { organizationId } = req.params;
-
-	const workspacesSet = (
-			await Workspace.find(
-				{
-					organization: organizationId
-				},
-				'_id'
-			)
-		).map((w) => w._id.toString());
-
-	const memberships = (
-		await Membership.find({
-			workspace: { $in: workspacesSet }
-		}).populate('workspace')
-	);
-	const userToWorkspaceIds: any = {};
-
-	memberships.forEach(membership => {
-		const user = membership.user.toString();
-		if (userToWorkspaceIds[user]) {
-			userToWorkspaceIds[user].push(membership.workspace);
-		} else {
-			userToWorkspaceIds[user] = [membership.workspace];
-		}
-	});
-
-	return res.json(userToWorkspaceIds);
-};
--- a/backend/src/controllers/v1/passwordController.ts
+++ b/backend/src/controllers/v1/passwordController.ts
@ -8,7 +8,7 @@ import { User, Token, BackupPrivateKey, LoginSRPDetail } from '../../models';
 import { checkEmailVerification } from '../../helpers/signup';
 import { createToken } from '../../helpers/auth';
 import { sendMail } from '../../helpers/nodemailer';
-import { EMAIL_TOKEN_LIFETIME, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET, SITE_URL } from '../../config';
+import { JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET, SITE_URL } from '../../config';
 import { BadRequestError } from '../../utils/errors';

 /**
@ -39,8 +39,7 @@ export const emailPasswordReset = async (req: Request, res: Response) => {
 			{
 				email,
 				token,
-				createdAt: new Date(),
-				ttl: Math.floor(+new Date() / 1000) + EMAIL_TOKEN_LIFETIME // time in seconds, i.e unix
+				createdAt: new Date()
 			},
 			{ upsert: true, new: true }
 		);
--- a/backend/src/controllers/v1/signupController.ts
+++ b/backend/src/controllers/v1/signupController.ts
@ -1,6 +1,6 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
-import { NODE_ENV, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET, INVITE_ONLY_SIGNUP } from '../../config';
+import { NODE_ENV, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../../config';
 import { User, MembershipOrg } from '../../models';
 import { completeAccount } from '../../helpers/user';
 import {
@ -11,7 +11,6 @@ import {
 import { issueTokens, createToken } from '../../helpers/auth';
 import { INVITED, ACCEPTED } from '../../variables';
 import axios from 'axios';
-import { BadRequestError } from '../../utils/errors';

 /**
 * Signup step 1: Initialize account for user under email [email] and send a verification code
@ -25,14 +24,6 @@ export const beginEmailSignup = async (req: Request, res: Response) => {
 	try {
 		email = req.body.email;

-		if (INVITE_ONLY_SIGNUP) {
-			// Only one user can create an account without being invited. The rest need to be invited in order to make an account
-			const userCount = await User.countDocuments({})
-			if (userCount != 0) {
-				throw BadRequestError({ message: "New user sign ups are not allowed at this time. You must be invited to sign up." })
-			}
-		}
-
 		const user = await User.findOne({ email }).select('+publicKey');
 		if (user && user?.publicKey) {
 			// case: user has already completed account
@ -138,7 +129,7 @@ export const completeAccountSignup = async (req: Request, res: Response) => {

 		// get user
 		user = await User.findOne({ email });
-
+		
 		if (!user || (user && user?.publicKey)) {
 			// case 1: user doesn't exist.
 			// case 2: user has already completed account
--- a/backend/src/controllers/v1/workspaceController.ts
+++ b/backend/src/controllers/v1/workspaceController.ts
@ -1,21 +1,21 @@
-import { Request, Response } from "express";
-import * as Sentry from "@sentry/node";
+import { Request, Response } from 'express';
+import * as Sentry from '@sentry/node';
 import {
-  Workspace,
-  Membership,
-  MembershipOrg,
-  Integration,
-  IntegrationAuth,
-  IUser,
-  ServiceToken,
-  ServiceTokenData,
-} from "../../models";
+	Workspace,
+	Membership,
+	MembershipOrg,
+	Integration,
+	IntegrationAuth,
+	IUser,
+	ServiceToken,
+	ServiceTokenData
+} from '../../models';
 import {
-  createWorkspace as create,
-  deleteWorkspace as deleteWork,
-} from "../../helpers/workspace";
-import { addMemberships } from "../../helpers/membership";
-import { ADMIN } from "../../variables";
+	createWorkspace as create,
+	deleteWorkspace as deleteWork
+} from '../../helpers/workspace';
+import { addMemberships } from '../../helpers/membership';
+import { ADMIN } from '../../variables';

 /**
 * Return public keys of members of workspace with id [workspaceId]
@ -24,31 +24,32 @@ import { ADMIN } from "../../variables";
 * @returns
 */
 export const getWorkspacePublicKeys = async (req: Request, res: Response) => {
-  let publicKeys;
-  try {
-    const { workspaceId } = req.params;
+	let publicKeys;
+	try {
+		const { workspaceId } = req.params;

-    publicKeys = (
-      await Membership.find({
-        workspace: workspaceId,
-      }).populate<{ user: IUser }>("user", "publicKey")
-    ).map((member) => {
-      return {
-        publicKey: member.user.publicKey,
-        userId: member.user._id,
-      };
-    });
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to get workspace member public keys",
-    });
-  }
+		publicKeys = (
+			await Membership.find({
+				workspace: workspaceId
+			}).populate<{ user: IUser }>('user', 'publicKey')
+		)
+		.map((member) => {
+			return {
+				publicKey: member.user.publicKey,
+				userId: member.user._id
+			};
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get workspace member public keys'
+		});
+	}

-  return res.status(200).send({
-    publicKeys,
-  });
+	return res.status(200).send({
+		publicKeys
+	});
 };

 /**
@ -58,24 +59,24 @@ export const getWorkspacePublicKeys = async (req: Request, res: Response) => {
 * @returns
 */
 export const getWorkspaceMemberships = async (req: Request, res: Response) => {
-  let users;
-  try {
-    const { workspaceId } = req.params;
+	let users;
+	try {
+		const { workspaceId } = req.params;

-    users = await Membership.find({
-      workspace: workspaceId,
-    }).populate("user", "+publicKey");
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to get workspace members",
-    });
-  }
+		users = await Membership.find({
+			workspace: workspaceId
+		}).populate('user', '+publicKey');
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get workspace members'
+		});
+	}

-  return res.status(200).send({
-    users,
-  });
+	return res.status(200).send({
+		users
+	});
 };

 /**
@ -85,24 +86,24 @@ export const getWorkspaceMemberships = async (req: Request, res: Response) => {
 * @returns
 */
 export const getWorkspaces = async (req: Request, res: Response) => {
-  let workspaces;
-  try {
-    workspaces = (
-      await Membership.find({
-        user: req.user._id,
-      }).populate("workspace")
-    ).map((m) => m.workspace);
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to get workspaces",
-    });
-  }
+	let workspaces;
+	try {
+		workspaces = (
+			await Membership.find({
+				user: req.user._id
+			}).populate('workspace')
+		).map((m) => m.workspace);
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get workspaces'
+		});
+	}

-  return res.status(200).send({
-    workspaces,
-  });
+	return res.status(200).send({
+		workspaces
+	});
 };

 /**
@ -112,24 +113,24 @@ export const getWorkspaces = async (req: Request, res: Response) => {
 * @returns
 */
 export const getWorkspace = async (req: Request, res: Response) => {
-  let workspace;
-  try {
-    const { workspaceId } = req.params;
+	let workspace;
+	try {
+		const { workspaceId } = req.params;

-    workspace = await Workspace.findOne({
-      _id: workspaceId,
-    });
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to get workspace",
-    });
-  }
+		workspace = await Workspace.findOne({
+			_id: workspaceId
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get workspace'
+		});
+	}

-  return res.status(200).send({
-    workspace,
-  });
+	return res.status(200).send({
+		workspace
+	});
 };

 /**
@ -140,46 +141,46 @@ export const getWorkspace = async (req: Request, res: Response) => {
 * @returns
 */
 export const createWorkspace = async (req: Request, res: Response) => {
-  let workspace;
-  try {
-    const { workspaceName, organizationId } = req.body;
+	let workspace;
+	try {
+		const { workspaceName, organizationId } = req.body;

-    // validate organization membership
-    const membershipOrg = await MembershipOrg.findOne({
-      user: req.user._id,
-      organization: organizationId,
-    });
+		// validate organization membership
+		const membershipOrg = await MembershipOrg.findOne({
+			user: req.user._id,
+			organization: organizationId
+		});

-    if (!membershipOrg) {
-      throw new Error("Failed to validate organization membership");
-    }
+		if (!membershipOrg) {
+			throw new Error('Failed to validate organization membership');
+		}

-    if (workspaceName.length < 1) {
-      throw new Error("Workspace names must be at least 1-character long");
-    }
+		if (workspaceName.length < 1) {
+			throw new Error('Workspace names must be at least 1-character long');
+		}

-    // create workspace and add user as member
-    workspace = await create({
-      name: workspaceName,
-      organizationId,
-    });
+		// create workspace and add user as member
+		workspace = await create({
+			name: workspaceName,
+			organizationId
+		});

-    await addMemberships({
-      userIds: [req.user._id],
-      workspaceId: workspace._id.toString(),
-      roles: [ADMIN],
-    });
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to create workspace",
-    });
-  }
+		await addMemberships({
+			userIds: [req.user._id],
+			workspaceId: workspace._id.toString(),
+			roles: [ADMIN]
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to create workspace'
+		});
+	}

-  return res.status(200).send({
-    workspace,
-  });
+	return res.status(200).send({
+		workspace
+	});
 };

 /**
@ -189,24 +190,24 @@ export const createWorkspace = async (req: Request, res: Response) => {
 * @returns
 */
 export const deleteWorkspace = async (req: Request, res: Response) => {
-  try {
-    const { workspaceId } = req.params;
+	try {
+		const { workspaceId } = req.params;

-    // delete workspace
-    await deleteWork({
-      id: workspaceId,
-    });
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to delete workspace",
-    });
-  }
+		// delete workspace
+		await deleteWork({
+			id: workspaceId
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to delete workspace'
+		});
+	}

-  return res.status(200).send({
-    message: "Successfully deleted workspace",
-  });
+	return res.status(200).send({
+		message: 'Successfully deleted workspace'
+	});
 };

 /**
@ -216,34 +217,34 @@ export const deleteWorkspace = async (req: Request, res: Response) => {
 * @returns
 */
 export const changeWorkspaceName = async (req: Request, res: Response) => {
-  let workspace;
-  try {
-    const { workspaceId } = req.params;
-    const { name } = req.body;
+	let workspace;
+	try {
+		const { workspaceId } = req.params;
+		const { name } = req.body;

-    workspace = await Workspace.findOneAndUpdate(
-      {
-        _id: workspaceId,
-      },
-      {
-        name,
-      },
-      {
-        new: true,
-      }
-    );
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to change workspace name",
-    });
-  }
+		workspace = await Workspace.findOneAndUpdate(
+			{
+				_id: workspaceId
+			},
+			{
+				name
+			},
+			{
+				new: true
+			}
+		);
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to change workspace name'
+		});
+	}

-  return res.status(200).send({
-    message: "Successfully changed workspace name",
-    workspace,
-  });
+	return res.status(200).send({
+		message: 'Successfully changed workspace name',
+		workspace
+	});
 };

 /**
@ -253,24 +254,24 @@ export const changeWorkspaceName = async (req: Request, res: Response) => {
 * @returns
 */
 export const getWorkspaceIntegrations = async (req: Request, res: Response) => {
-  let integrations;
-  try {
-    const { workspaceId } = req.params;
+	let integrations;
+	try {
+		const { workspaceId } = req.params;

-    integrations = await Integration.find({
-      workspace: workspaceId,
-    });
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to get workspace integrations",
-    });
-  }
+		integrations = await Integration.find({
+			workspace: workspaceId
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get workspace integrations'
+		});
+	}

-  return res.status(200).send({
-    integrations,
-  });
+	return res.status(200).send({
+		integrations
+	});
 };

 /**
@ -280,56 +281,56 @@ export const getWorkspaceIntegrations = async (req: Request, res: Response) => {
 * @returns
 */
 export const getWorkspaceIntegrationAuthorizations = async (
-  req: Request,
-  res: Response
+	req: Request,
+	res: Response
 ) => {
-  let authorizations;
-  try {
-    const { workspaceId } = req.params;
+	let authorizations;
+	try {
+		const { workspaceId } = req.params;

-    authorizations = await IntegrationAuth.find({
-      workspace: workspaceId,
-    });
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to get workspace integration authorizations",
-    });
-  }
+		authorizations = await IntegrationAuth.find({
+			workspace: workspaceId
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get workspace integration authorizations'
+		});
+	}

-  return res.status(200).send({
-    authorizations,
-  });
+	return res.status(200).send({
+		authorizations
+	});
 };

 /**
 * Return service service tokens for workspace [workspaceId] belonging to user
- * @param req
- * @param res
- * @returns
+ * @param req 
+ * @param res 
+ * @returns 
 */
 export const getWorkspaceServiceTokens = async (
-  req: Request,
-  res: Response
+	req: Request,
+	res: Response
 ) => {
-  let serviceTokens;
-  try {
-    const { workspaceId } = req.params;
-    // ?? FIX.
-    serviceTokens = await ServiceToken.find({
-      user: req.user._id,
-      workspace: workspaceId,
-    });
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: "Failed to get workspace service tokens",
-    });
-  }
-
-  return res.status(200).send({
-    serviceTokens,
-  });
-};
+	let serviceTokens;
+	try {
+		const { workspaceId } = req.params;
+		// ?? FIX.
+		serviceTokens = await ServiceToken.find({
+			user: req.user._id,
+			workspace: workspaceId
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get workspace service tokens'
+		});
+	}
+	
+	return res.status(200).send({
+		serviceTokens
+	});
+}
--- a/backend/src/controllers/v2/environmentController.ts
+++ b/backend/src/controllers/v2/environmentController.ts
@ -246,14 +246,13 @@ export const getAllAccessibleEnvironmentsOfWorkspace = async (
  relatedWorkspace.environments.forEach(environment => {
    const isReadBlocked = _.some(deniedPermission, { environmentSlug: environment.slug, ability: ABILITY_READ })
    const isWriteBlocked = _.some(deniedPermission, { environmentSlug: environment.slug, ability: ABILITY_WRITE })
-    if (isReadBlocked && isWriteBlocked) {
+    if (isReadBlocked) {
      return
    } else {
      accessibleEnvironments.push({
        name: environment.name,
        slug: environment.slug,
-        isWriteDenied: isWriteBlocked,
-        isReadDenied: isReadBlocked
+        isWriteDenied: isWriteBlocked
      })
    }
  })
--- a/backend/src/controllers/v2/secretsController.ts
+++ b/backend/src/controllers/v2/secretsController.ts
@ -17,9 +17,7 @@ import { EESecretService, EELogService } from '../../ee/services';
 import { postHogClient } from '../../services';
 import { getChannelFromUserAgent } from '../../utils/posthog';
 import { ABILITY_READ, ABILITY_WRITE } from '../../variables/organization';
-import { userHasNoAbility, userHasWorkspaceAccess, userHasWriteOnlyAbility } from '../../ee/helpers/checkMembershipPermissions';
-import Tag from '../../models/tag';
-import _ from 'lodash';
+import { userHasWorkspaceAccess } from '../../ee/helpers/checkMembershipPermissions';

 /**
 * Create secret(s) for workspace with id [workspaceId] and environment [environment]
@ -286,10 +284,8 @@ export const getSecrets = async (req: Request, res: Response) => {
        }
    }   
    */
+    const { workspaceId, environment } = req.query;

-
-    const { workspaceId, environment, tagSlugs } = req.query;
-    const tagNamesList = typeof tagSlugs === 'string' && tagSlugs !== '' ? tagSlugs.split(',') : [];
    let userId = "" // used for getting personal secrets for user
    let userEmail = "" // used for posthog 
    if (req.user) {
@ -302,38 +298,16 @@ export const getSecrets = async (req: Request, res: Response) => {
        userEmail = req.serviceTokenData.user.email;
    }

-    // none service token case as service tokens are already scoped to env and project
-    let hasWriteOnlyAccess
+    // none service token case as service tokens are already scoped
    if (!req.serviceTokenData) {
-        hasWriteOnlyAccess = await userHasWriteOnlyAbility(userId, workspaceId, environment)
-        const hasNoAccess = await userHasNoAbility(userId, workspaceId, environment)
-        if (hasNoAccess) {
+        const hasAccess = await userHasWorkspaceAccess(userId, workspaceId, environment, ABILITY_READ)
+        if (!hasAccess) {
            throw UnauthorizedRequestError({ message: "You do not have the necessary permission(s) perform this action" })
        }
    }
-    let secrets: any
-    let secretQuery: any

-    if (tagNamesList != undefined && tagNamesList.length != 0) {
-        const workspaceFromDB = await Tag.find({ workspace: workspaceId })
-
-        const tagIds = _.map(tagNamesList, (tagName) => {
-            const tag = _.find(workspaceFromDB, { slug: tagName });
-            return tag ? tag.id : null;
-        });
-
-        secretQuery = {
-            workspace: workspaceId,
-            environment,
-            $or: [
-                { user: userId },
-                { user: { $exists: false } }
-            ],
-            tags: { $in: tagIds },
-            type: { $in: [SECRET_SHARED, SECRET_PERSONAL] }
-        }
-    } else {
-        secretQuery = {
+    const [err, secrets] = await to(Secret.find(
+        {
            workspace: workspaceId,
            environment,
            $or: [
@ -342,13 +316,9 @@ export const getSecrets = async (req: Request, res: Response) => {
            ],
            type: { $in: [SECRET_SHARED, SECRET_PERSONAL] }
        }
-    }
+    ).populate("tags").then())

-    if (hasWriteOnlyAccess) {
-        secrets = await Secret.find(secretQuery).select("secretKeyCiphertext secretKeyIV secretKeyTag")
-    } else {
-        secrets = await Secret.find(secretQuery).populate("tags")
-    }
+    if (err) throw ValidationError({ message: 'Failed to get secrets', stack: err.stack });

    const channel = getChannelFromUserAgent(req.headers['user-agent'])

@ -386,59 +356,6 @@ export const getSecrets = async (req: Request, res: Response) => {
    });
 }

-
-export const getOnlySecretKeys = async (req: Request, res: Response) => {
-    const { workspaceId, environment } = req.query;
-
-    let userId = "" // used for getting personal secrets for user
-    let userEmail = "" // used for posthog 
-    if (req.user) {
-        userId = req.user._id;
-        userEmail = req.user.email;
-    }
-
-    if (req.serviceTokenData) {
-        userId = req.serviceTokenData.user._id
-        userEmail = req.serviceTokenData.user.email;
-    }
-
-    // none service token case as service tokens are already scoped
-    if (!req.serviceTokenData) {
-        const hasAccess = await userHasWorkspaceAccess(userId, workspaceId, environment, ABILITY_READ)
-        if (!hasAccess) {
-            throw UnauthorizedRequestError({ message: "You do not have the necessary permission(s) perform this action" })
-        }
-    }
-
-    const [err, secretKeys] = await to(Secret.find(
-        {
-            workspace: workspaceId,
-            environment,
-            $or: [
-                { user: userId },
-                { user: { $exists: false } }
-            ],
-            type: { $in: [SECRET_SHARED, SECRET_PERSONAL] }
-        }
-    )
-        .select("secretKeyIV secretKeyTag secretKeyCiphertext")
-        .then())
-
-    if (err) throw ValidationError({ message: 'Failed to get secrets', stack: err.stack });
-
-    // readAction && await EELogService.createLog({
-    //     userId: new Types.ObjectId(userId),
-    //     workspaceId: new Types.ObjectId(workspaceId as string),
-    //     actions: [readAction],
-    //     channel,
-    //     ipAddress: req.ip
-    // });
-
-    return res.status(200).send({
-        secretKeys
-    });
-}
-
 /**
 * Update secret(s)
 * @param req 
--- a/backend/src/controllers/v2/tagController.ts
+++ b/backend/src/controllers/v2/tagController.ts
@ -2,7 +2,7 @@ import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import { Types } from 'mongoose';
 import {
-	Membership, Secret,
+	Membership,
 } from '../../models';
 import Tag, { ITag } from '../../models/tag';
 import { Builder } from "builder-pattern"
@ -54,12 +54,6 @@ export const deleteWorkspaceTag = async (req: Request, res: Response) => {

 	const result = await Tag.findByIdAndDelete(tagId);

-	// remove the tag from secrets
-	await Secret.updateMany(
-		{ tags: { $in: [tagId] } },
-		{ $pull: { tags: tagId } }
-	);
-
 	res.json(result);
 }

--- a/backend/src/ee/helpers/checkMembershipPermissions.ts
+++ b/backend/src/ee/helpers/checkMembershipPermissions.ts
@ -1,6 +1,5 @@
 import _ from "lodash";
 import { Membership } from "../../models";
-import { ABILITY_READ, ABILITY_WRITE } from "../../variables/organization";

 export const userHasWorkspaceAccess = async (userId: any, workspaceId: any, environment: any, action: any) => {
  const membershipForWorkspace = await Membership.findOne({ workspace: workspaceId, user: userId })
@ -16,39 +15,4 @@ export const userHasWorkspaceAccess = async (userId: any, workspaceId: any, envi
  }

  return true
-}
-
-export const userHasWriteOnlyAbility = async (userId: any, workspaceId: any, environment: any) => {
-  const membershipForWorkspace = await Membership.findOne({ workspace: workspaceId, user: userId })
-  if (!membershipForWorkspace) {
-    return false
-  }
-
-  const deniedMembershipPermissions = membershipForWorkspace.deniedPermissions;
-  const isWriteDisallowed = _.some(deniedMembershipPermissions, { environmentSlug: environment, ability: ABILITY_WRITE });
-  const isReadDisallowed = _.some(deniedMembershipPermissions, { environmentSlug: environment, ability: ABILITY_READ });
-
-  // case: you have write only if read is blocked and write is not
-  if (isReadDisallowed && !isWriteDisallowed) {
-    return true
-  }
-
-  return false
-}
-
-export const userHasNoAbility = async (userId: any, workspaceId: any, environment: any) => {
-  const membershipForWorkspace = await Membership.findOne({ workspace: workspaceId, user: userId })
-  if (!membershipForWorkspace) {
-    return true
-  }
-
-  const deniedMembershipPermissions = membershipForWorkspace.deniedPermissions;
-  const isWriteDisallowed = _.some(deniedMembershipPermissions, { environmentSlug: environment, ability: ABILITY_WRITE });
-  const isReadBlocked = _.some(deniedMembershipPermissions, { environmentSlug: environment, ability: ABILITY_READ });
-
-  if (isReadBlocked && isWriteDisallowed) {
-    return true
-  }
-
-  return false
 }
--- a/backend/src/helpers/integration.ts
+++ b/backend/src/helpers/integration.ts
@ -94,7 +94,6 @@ const handleOAuthExchangeHelper = async ({
            // set integration auth access token
            await setIntegrationAuthAccessHelper({
                integrationAuthId: integrationAuth._id.toString(),
-                accessId: null,
                accessToken: res.accessToken,
                accessExpiresAt: res.accessExpiresAt
            });
@ -139,7 +138,7 @@ const syncIntegrationsHelper = async ({
            if (!integrationAuth) throw new Error('Failed to find integration auth');
            
            // get integration auth access token
-            const access = await getIntegrationAuthAccessHelper({
+            const accessToken = await getIntegrationAuthAccessHelper({
                integrationAuthId: integration.integrationAuth.toString()
            });

@ -148,8 +147,7 @@ const syncIntegrationsHelper = async ({
                integration,
                integrationAuth,
                secrets,
-                accessId: access.accessId,
-                accessToken: access.accessToken
+                accessToken
            });
        }
    } catch (err) {
@ -205,12 +203,12 @@ const syncIntegrationsHelper = async ({
 * @returns {String} accessToken - decrypted access token
 */
 const getIntegrationAuthAccessHelper = async ({ integrationAuthId }: { integrationAuthId: string }) => {
-    let accessId;
    let accessToken;
+	
    try {
        const integrationAuth = await IntegrationAuth
            .findById(integrationAuthId)
-            .select('workspace integration +accessCiphertext +accessIV +accessTag +accessExpiresAt + refreshCiphertext +accessIdCiphertext +accessIdIV +accessIdTag');
+            .select('workspace integration +accessCiphertext +accessIV +accessTag +accessExpiresAt + refreshCiphertext');

        if (!integrationAuth) throw UnauthorizedRequestError({message: 'Failed to locate Integration Authentication credentials'});

@ -234,15 +232,6 @@ const getIntegrationAuthAccessHelper = async ({ integrationAuthId }: { integrati
                });
            }
        }
-        
-        if (integrationAuth?.accessIdCiphertext && integrationAuth?.accessIdIV && integrationAuth?.accessIdTag) {
-            accessId = await BotService.decryptSymmetric({
-                workspaceId: integrationAuth.workspace.toString(),
-                ciphertext: integrationAuth.accessIdCiphertext as string,
-                iv: integrationAuth.accessIdIV as string,
-                tag: integrationAuth.accessIdTag as string
-            });
-        }

    } catch (err) {
        Sentry.setUser(null);
@ -253,10 +242,7 @@ const getIntegrationAuthAccessHelper = async ({ integrationAuthId }: { integrati
            throw new Error('Failed to get integration access token');
    }
    
-    return ({
-        accessId,
-        accessToken
-    });
+    return accessToken;
 }

 /**
@ -306,9 +292,9 @@ const setIntegrationAuthRefreshHelper = async ({
 }

 /**
- * Encrypt access token [accessToken] and (optionally) access id [accessId]
- * using the bot's copy of the workspace key for workspace belonging to 
- * integration auth with id [integrationAuthId] and store it along with [accessExpiresAt]
+ * Encrypt access token [accessToken] using the bot's copy
+ * of the workspace key for workspace belonging to integration auth
+ * with id [integrationAuthId] and store it along with [accessExpiresAt]
 * @param {Object} obj
 * @param {String} obj.integrationAuthId - id of integration auth
 * @param {String} obj.accessToken - access token
@ -316,12 +302,10 @@ const setIntegrationAuthRefreshHelper = async ({
 */
 const setIntegrationAuthAccessHelper = async ({
    integrationAuthId,
-    accessId,
    accessToken,
    accessExpiresAt
 }: {
    integrationAuthId: string;
-    accessId: string | null;
    accessToken: string;
    accessExpiresAt: Date | undefined;
 }) => {
@ -331,28 +315,17 @@ const setIntegrationAuthAccessHelper = async ({
        
        if (!integrationAuth) throw new Error('Failed to find integration auth');
        
-        const encryptedAccessTokenObj = await BotService.encryptSymmetric({
+        const obj = await BotService.encryptSymmetric({
            workspaceId: integrationAuth.workspace.toString(),
            plaintext: accessToken
        });
        
-        let encryptedAccessIdObj;
-        if (accessId) {
-            encryptedAccessIdObj = await BotService.encryptSymmetric({
-                workspaceId: integrationAuth.workspace.toString(),
-                plaintext: accessId
-            }); 
-        }
-        
        integrationAuth = await IntegrationAuth.findOneAndUpdate({
            _id: integrationAuthId
        }, {
-            accessIdCiphertext: encryptedAccessIdObj?.ciphertext ?? undefined,
-            accessIdIV: encryptedAccessIdObj?.iv ?? undefined,
-            accessIdTag: encryptedAccessIdObj?.tag ?? undefined,
-            accessCiphertext: encryptedAccessTokenObj.ciphertext,
-            accessIV: encryptedAccessTokenObj.iv,
-            accessTag: encryptedAccessTokenObj.tag,
+            accessCiphertext: obj.ciphertext,
+            accessIV: obj.iv,
+            accessTag: obj.tag,
            accessExpiresAt
        }, {
            new: true
--- a/backend/src/helpers/signup.ts
+++ b/backend/src/helpers/signup.ts
@ -7,7 +7,6 @@ import { createWorkspace } from './workspace';
 import { addMemberships } from './membership';
 import { OWNER, ADMIN, ACCEPTED } from '../variables';
 import { sendMail } from '../helpers/nodemailer';
-import { EMAIL_TOKEN_LIFETIME } from '../config';

 /**
 * Send magic link to verify email to [email]
@ -26,8 +25,7 @@ const sendEmailVerification = async ({ email }: { email: string }) => {
 			{
 				email,
 				token,
-				createdAt: new Date(),
-				ttl: Math.floor(+new Date() / 1000) + EMAIL_TOKEN_LIFETIME // time in seconds, i.e unix
+				createdAt: new Date()
 			},
 			{ upsert: true, new: true }
 		);
@ -64,20 +62,11 @@ const checkEmailVerification = async ({
 	code: string;
 }) => {
 	try {
-		const token = await Token.findOne({
+		const token = await Token.findOneAndDelete({
 			email,
 			token: code
 		});

-		if (token && Math.floor(Date.now() / 1000) > token.ttl) {
-			await Token.deleteOne({
-				email,
-				token: code
-			});
-
-			throw new Error('Verification token has expired')
-		}
-
 		if (!token) throw new Error('Failed to find email verification token');
 	} catch (err) {
 		Sentry.setUser(null);
--- a/backend/src/integrations/apps.ts
+++ b/backend/src/integrations/apps.ts
@ -1,25 +1,21 @@
-import axios from "axios";
-import * as Sentry from "@sentry/node";
-import { Octokit } from "@octokit/rest";
-import { IIntegrationAuth } from "../models";
+import axios from 'axios';
+import * as Sentry from '@sentry/node';
+import { Octokit } from '@octokit/rest';
+import { IIntegrationAuth } from '../models';
 import {
  INTEGRATION_AZURE_KEY_VAULT,
-  INTEGRATION_AWS_PARAMETER_STORE,
-  INTEGRATION_AWS_SECRET_MANAGER,
  INTEGRATION_HEROKU,
  INTEGRATION_VERCEL,
  INTEGRATION_NETLIFY,
  INTEGRATION_GITHUB,
  INTEGRATION_RENDER,
  INTEGRATION_FLYIO,
-  INTEGRATION_CIRCLECI,
  INTEGRATION_HEROKU_API_URL,
  INTEGRATION_VERCEL_API_URL,
  INTEGRATION_NETLIFY_API_URL,
  INTEGRATION_RENDER_API_URL,
-  INTEGRATION_FLYIO_API_URL,
-  INTEGRATION_CIRCLECI_API_URL,
-} from "../variables";
+  INTEGRATION_FLYIO_API_URL
+} from '../variables';

 /**
 * Return list of names of apps for integration named [integration]
@ -31,7 +27,7 @@ import {
 */
 const getApps = async ({
  integrationAuth,
-  accessToken,
+  accessToken
 }: {
  integrationAuth: IIntegrationAuth;
  accessToken: string;
@ -46,60 +42,60 @@ const getApps = async ({
  try {
    switch (integrationAuth.integration) {
      case INTEGRATION_AZURE_KEY_VAULT:
-        apps = [];
-        break;
-      case INTEGRATION_AWS_PARAMETER_STORE:
-        apps = [];
-        break;
-      case INTEGRATION_AWS_SECRET_MANAGER:
-        apps = [];
-        break;
+        apps = await getAppsAzureKeyVault({
+          accessToken
+        });
+      break;
      case INTEGRATION_HEROKU:
        apps = await getAppsHeroku({
-          accessToken,
+          accessToken
        });
        break;
      case INTEGRATION_VERCEL:
        apps = await getAppsVercel({
          integrationAuth,
-          accessToken,
+          accessToken
        });
        break;
      case INTEGRATION_NETLIFY:
        apps = await getAppsNetlify({
-          accessToken,
+          accessToken
        });
        break;
      case INTEGRATION_GITHUB:
        apps = await getAppsGithub({
-          accessToken,
+          accessToken
        });
        break;
      case INTEGRATION_RENDER:
        apps = await getAppsRender({
-          accessToken,
+          accessToken
        });
        break;
      case INTEGRATION_FLYIO:
        apps = await getAppsFlyio({
-          accessToken,
-        });
-        break;
-      case INTEGRATION_CIRCLECI:
-        apps = await getAppsCircleCI({
-          accessToken,
+          accessToken
        });
        break;
    }
  } catch (err) {
    Sentry.setUser(null);
    Sentry.captureException(err);
-    throw new Error("Failed to get integration apps");
+    throw new Error('Failed to get integration apps');
  }

  return apps;
 };

+const getAppsAzureKeyVault = async ({
+  accessToken
+}: {
+  accessToken: string;
+}) => {
+  // TODO
+  return [];
+}
+
 /**
 * Return list of apps for Heroku integration
 * @param {Object} obj
@ -113,19 +109,19 @@ const getAppsHeroku = async ({ accessToken }: { accessToken: string }) => {
    const res = (
      await axios.get(`${INTEGRATION_HEROKU_API_URL}/apps`, {
        headers: {
-          Accept: "application/vnd.heroku+json; version=3",
-          Authorization: `Bearer ${accessToken}`,
-        },
+          Accept: 'application/vnd.heroku+json; version=3',
+          Authorization: `Bearer ${accessToken}`
+        }
      })
    ).data;

    apps = res.map((a: any) => ({
-      name: a.name,
+      name: a.name
    }));
  } catch (err) {
    Sentry.setUser(null);
    Sentry.captureException(err);
-    throw new Error("Failed to get Heroku integration apps");
+    throw new Error('Failed to get Heroku integration apps');
  }

  return apps;
@ -138,10 +134,10 @@ const getAppsHeroku = async ({ accessToken }: { accessToken: string }) => {
 * @returns {Object[]} apps - names of Vercel apps
 * @returns {String} apps.name - name of Vercel app
 */
-const getAppsVercel = async ({
+const getAppsVercel = async ({ 
  integrationAuth,
-  accessToken,
-}: {
+  accessToken 
+}: { 
  integrationAuth: IIntegrationAuth;
  accessToken: string;
 }) => {
@ -153,23 +149,21 @@ const getAppsVercel = async ({
          Authorization: `Bearer ${accessToken}`,
          'Accept-Encoding': 'application/json'
        },
-        ...(integrationAuth?.teamId
-          ? {
-              params: {
-                teamId: integrationAuth.teamId,
-              },
-            }
-          : {}),
+       ...( integrationAuth?.teamId ? { 
+        params: {
+          teamId: integrationAuth.teamId
+        }
+      } : {}) 
      })
    ).data;

    apps = res.projects.map((a: any) => ({
-      name: a.name,
+      name: a.name
    }));
  } catch (err) {
    Sentry.setUser(null);
    Sentry.captureException(err);
-    throw new Error("Failed to get Vercel integration apps");
+    throw new Error('Failed to get Vercel integration apps');
  }

  return apps;
@ -182,7 +176,11 @@ const getAppsVercel = async ({
 * @returns {Object[]} apps - names of Netlify sites
 * @returns {String} apps.name - name of Netlify site
 */
-const getAppsNetlify = async ({ accessToken }: { accessToken: string }) => {
+const getAppsNetlify = async ({
+  accessToken
+}: {
+  accessToken: string;
+}) => {
  let apps;
  try {
    const res = (
@ -196,12 +194,12 @@ const getAppsNetlify = async ({ accessToken }: { accessToken: string }) => {

    apps = res.map((a: any) => ({
      name: a.name,
-      appId: a.site_id,
+      appId: a.site_id
    }));
  } catch (err) {
    Sentry.setUser(null);
    Sentry.captureException(err);
-    throw new Error("Failed to get Netlify integration apps");
+    throw new Error('Failed to get Netlify integration apps');
  }

  return apps;
@ -214,32 +212,35 @@ const getAppsNetlify = async ({ accessToken }: { accessToken: string }) => {
 * @returns {Object[]} apps - names of Netlify sites
 * @returns {String} apps.name - name of Netlify site
 */
-const getAppsGithub = async ({ accessToken }: { accessToken: string }) => {
+const getAppsGithub = async ({
+  accessToken
+}: {
+  accessToken: string;
+}) => {
  let apps;
  try {
    const octokit = new Octokit({
-      auth: accessToken,
+      auth: accessToken
    });

-    const repos = (
-      await octokit.request(
-        "GET /user/repos{?visibility,affiliation,type,sort,direction,per_page,page,since,before}",
-        {
-          per_page: 100,
-        }
-      )
-    ).data;
+    const repos = (await octokit.request(
+      'GET /user/repos{?visibility,affiliation,type,sort,direction,per_page,page,since,before}',
+      {
+        per_page: 100
+      }
+    )).data;

    apps = repos
-      .filter((a: any) => a.permissions.admin === true)
+      .filter((a:any) => a.permissions.admin === true)
      .map((a: any) => ({
-        name: a.name,
-        owner: a.owner.login,
-      }));
+          name: a.name,
+          owner: a.owner.login
+        })
+      );
  } catch (err) {
    Sentry.setUser(null);
    Sentry.captureException(err);
-    throw new Error("Failed to get Github repos");
+    throw new Error('Failed to get Github repos');
  }

  return apps;
@ -253,7 +254,11 @@ const getAppsGithub = async ({ accessToken }: { accessToken: string }) => {
 * @returns {String} apps.name - name of Render service
 * @returns {String} apps.appId - id of Render service
 */
-const getAppsRender = async ({ accessToken }: { accessToken: string }) => {
+const getAppsRender = async ({
+  accessToken
+}: {
+  accessToken: string;
+}) => {
  let apps: any;
  try {
    const res = (
@ -261,8 +266,8 @@ const getAppsRender = async ({ accessToken }: { accessToken: string }) => {
        headers: {
          Authorization: `Bearer ${accessToken}`,
          Accept: 'application/json',
-          'Accept-Encoding': 'application/json',
-        },
+          'Accept-Encoding': 'application/json'
+        }
      })
    ).data;
    
@ -275,11 +280,11 @@ const getAppsRender = async ({ accessToken }: { accessToken: string }) => {
  } catch (err) {
    Sentry.setUser(null);
    Sentry.captureException(err);
-    throw new Error("Failed to get Render services");
+    throw new Error('Failed to get Render services');
  }
-
+  
  return apps;
-};
+}

 /**
 * Return list of apps for Fly.io integration
@ -288,7 +293,11 @@ const getAppsRender = async ({ accessToken }: { accessToken: string }) => {
 * @returns {Object[]} apps - names and ids of Fly.io apps
 * @returns {String} apps.name - name of Fly.io apps
 */
-const getAppsFlyio = async ({ accessToken }: { accessToken: string }) => {
+const getAppsFlyio = async ({
+  accessToken
+}: {
+  accessToken: string;
+}) => {
  let apps;
  try {
    const query = `
@ -302,71 +311,34 @@ const getAppsFlyio = async ({ accessToken }: { accessToken: string }) => {
        }
      }
    `;
-
-    const res = (
-      await axios({
-        url: INTEGRATION_FLYIO_API_URL,
-        method: "post",
-        headers: {
-          Authorization: "Bearer " + accessToken,
+    
+    const res = (await axios({
+      url: INTEGRATION_FLYIO_API_URL,
+      method: 'post',
+      headers: {
+        'Authorization': 'Bearer ' + accessToken,
        'Accept': 'application/json',
-        'Accept-Encoding': 'application/json',
-        },
-        data: {
-          query,
-          variables: {
-            role: null,
-          },
-        },
-      })
-    ).data.data.apps.nodes;
-
-    apps = res.map((a: any) => ({
-      name: a.name,
-    }));
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    throw new Error("Failed to get Fly.io apps");
-  }
-
-  return apps;
-};
-
-/**
- * Return list of projects for CircleCI integration
- * @param {Object} obj
- * @param {String} obj.accessToken - access token for CircleCI API
- * @returns {Object[]} apps -
- * @returns {String} apps.name - name of CircleCI apps
- */
-const getAppsCircleCI = async ({ accessToken }: { accessToken: string }) => {
-  let apps: any;
-  try {    
-    const res = (
-      await axios.get(
-        `${INTEGRATION_CIRCLECI_API_URL}/v1.1/projects`,
-        {
-          headers: {
-            "Circle-Token": accessToken,
-            "Accept-Encoding": "application/json",
-          },
+        'Accept-Encoding': 'application/json'
+      },
+      data: {
+        query,
+        variables: {
+          role: null
        }
-      )
-    ).data
-
-    apps = res?.map((a: any) => {
-      return {
-        name: a?.reponame
      }
-    });
+    })).data.data.apps.nodes;
+    
+    apps = res
+      .map((a: any) => ({
+        name: a.name
+      })); 
  } catch (err) {
    Sentry.setUser(null);
    Sentry.captureException(err);
-    throw new Error("Failed to get CircleCI projects");
+    throw new Error('Failed to get Fly.io apps');
  }
  
  return apps;
-};
+}

 export { getApps };
--- a/backend/src/integrations/sync.ts
+++ b/backend/src/integrations/sync.ts
--- a/backend/src/middleware/requireIntegrationAuthorizationAuth.ts
+++ b/backend/src/middleware/requireIntegrationAuthorizationAuth.ts
@ -45,10 +45,9 @@ const requireIntegrationAuthorizationAuth = ({

 		req.integrationAuth = integrationAuth;
 		if (attachAccessToken) {
-			const access = await IntegrationService.getIntegrationAuthAccess({
+			req.accessToken = await IntegrationService.getIntegrationAuthAccess({
 				integrationAuthId: integrationAuth._id.toString()
 			});
-			req.accessToken = access.accessToken;
 		}
 		
 		return next();
--- a/backend/src/models/integration.ts
+++ b/backend/src/models/integration.ts
@ -1,16 +1,13 @@
-import { Schema, model, Types } from "mongoose";
+import { Schema, model, Types } from 'mongoose';
 import {
  INTEGRATION_AZURE_KEY_VAULT,
-  INTEGRATION_AWS_PARAMETER_STORE,
-  INTEGRATION_AWS_SECRET_MANAGER,
  INTEGRATION_HEROKU,
  INTEGRATION_VERCEL,
  INTEGRATION_NETLIFY,
  INTEGRATION_GITHUB,
  INTEGRATION_RENDER,
-  INTEGRATION_FLYIO,
-  INTEGRATION_CIRCLECI,
-} from "../variables";
+  INTEGRATION_FLYIO
+} from '../variables';

 export interface IIntegration {
  _id: Types.ObjectId;
@ -21,66 +18,42 @@ export interface IIntegration {
  owner: string;
  targetEnvironment: string;
  appId: string;
-  path: string;
-  region: string;
-  integration:
-    | 'azure-key-vault' 
-    | 'aws-parameter-store'
-    | 'aws-secret-manager'
-    | 'heroku' 
-    | 'vercel' 
-    | 'netlify' 
-    | 'github' 
-    | 'render' 
-    | 'flyio'
-    | 'circleci';
+  integration: 'heroku' | 'vercel' | 'netlify' | 'github' | 'render' | 'flyio' | 'azure-key-vault';
  integrationAuth: Types.ObjectId;
 }

 const integrationSchema = new Schema<IIntegration>(
  {
    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
+        type: Schema.Types.ObjectId,
+        ref: 'Workspace',
+        required: true
    },
    environment: {
      type: String,
-      required: true,
+      required: true
    },
    isActive: {
      type: Boolean,
-      required: true,
+      required: true
    },
    app: {
      // name of app in provider
      type: String,
-      default: null,
+      default: null
    },
-    appId: {
-      // (new)
+    appId: { // (new)
      // id of app in provider
      type: String,
-      default: null,
-    },
-    targetEnvironment: {
-      // (new)
-      // target environment
-      type: String,
-      default: null,
-    },
-    owner: {
-      // github-specific repo owner-login
-      type: String,
-      default: null,
-    },
-    path: {
-      // aws-parameter-store-specific path
-      type: String,
      default: null
    },
-    region: {
-      // aws-parameter-store-specific path
+    targetEnvironment: { // (new)
+      // target environment 
+      type: String,
+      default: null
+    },
+    owner: {
+      // github-specific repo owner-login
      type: String,
      default: null
    },
@ -88,29 +61,26 @@ const integrationSchema = new Schema<IIntegration>(
      type: String,
      enum: [
        INTEGRATION_AZURE_KEY_VAULT,
-        INTEGRATION_AWS_PARAMETER_STORE,
-        INTEGRATION_AWS_SECRET_MANAGER,
        INTEGRATION_HEROKU,
        INTEGRATION_VERCEL,
        INTEGRATION_NETLIFY,
        INTEGRATION_GITHUB,
        INTEGRATION_RENDER,
-        INTEGRATION_FLYIO,
-        INTEGRATION_CIRCLECI,
+        INTEGRATION_FLYIO
      ],
-      required: true,
+      required: true
    },
    integrationAuth: {
      type: Schema.Types.ObjectId,
-      ref: "IntegrationAuth",
-      required: true,
-    },
+      ref: 'IntegrationAuth',
+      required: true
+    }
  },
  {
-    timestamps: true,
+    timestamps: true
  }
 );

-const Integration = model<IIntegration>("Integration", integrationSchema);
+const Integration = model<IIntegration>('Integration', integrationSchema);

 export default Integration;
--- a/backend/src/models/integrationAuth.ts
+++ b/backend/src/models/integrationAuth.ts
@ -1,29 +1,21 @@
-import { Schema, model, Types } from "mongoose";
+import { Schema, model, Types } from 'mongoose';
 import {
  INTEGRATION_AZURE_KEY_VAULT,
-  INTEGRATION_AWS_PARAMETER_STORE,
-  INTEGRATION_AWS_SECRET_MANAGER,
  INTEGRATION_HEROKU,
  INTEGRATION_VERCEL,
  INTEGRATION_NETLIFY,
-  INTEGRATION_GITHUB,
-  INTEGRATION_RENDER,
-  INTEGRATION_FLYIO,
-  INTEGRATION_CIRCLECI,
-} from "../variables";
+  INTEGRATION_GITHUB
+} from '../variables';

 export interface IIntegrationAuth {
  _id: Types.ObjectId;
  workspace: Types.ObjectId;
-  integration: 'heroku' | 'vercel' | 'netlify' | 'github' | 'render' | 'flyio' | 'azure-key-vault' | 'circleci' | 'aws-parameter-store' | 'aws-secret-manager';
+  integration: 'heroku' | 'vercel' | 'netlify' | 'github' | 'render' | 'flyio' | 'azure-key-vault';
  teamId: string;
  accountId: string;
  refreshCiphertext?: string;
  refreshIV?: string;
  refreshTag?: string;
-  accessIdCiphertext?: string; // new
-  accessIdIV?: string; // new
-  accessIdTag?: string; // new
  accessCiphertext?: string;
  accessIV?: string;
  accessTag?: string;
@ -33,82 +25,65 @@ export interface IIntegrationAuth {
 const integrationAuthSchema = new Schema<IIntegrationAuth>(
  {
    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
+        type: Schema.Types.ObjectId,
+        ref: 'Workspace',
+        required: true
    },
    integration: {
      type: String,
      enum: [
        INTEGRATION_AZURE_KEY_VAULT,
-        INTEGRATION_AWS_PARAMETER_STORE,
-        INTEGRATION_AWS_SECRET_MANAGER,
        INTEGRATION_HEROKU,
        INTEGRATION_VERCEL,
        INTEGRATION_NETLIFY,
-        INTEGRATION_GITHUB,
-        INTEGRATION_RENDER,
-        INTEGRATION_FLYIO,
-        INTEGRATION_CIRCLECI,
+        INTEGRATION_GITHUB
      ],
-      required: true,
+      required: true
    },
    teamId: {
      // vercel-specific integration param
-      type: String,
+      type: String
    },
    accountId: {
      // netlify-specific integration param
-      type: String,
+      type: String
    },
    refreshCiphertext: {
      type: String,
-      select: false,
+      select: false
    },
    refreshIV: {
      type: String,
-      select: false,
+      select: false
    },
    refreshTag: {
-      type: String,
-      select: false,
-    },
-    accessIdCiphertext: {
-      type: String,
-      select: false
-    },
-    accessIdIV: {
-      type: String,
-      select: false
-    },
-    accessIdTag: {
      type: String,
      select: false
    },
    accessCiphertext: {
      type: String,
-      select: false,
+      select: false
    },
    accessIV: {
      type: String,
-      select: false,
+      select: false
    },
    accessTag: {
      type: String,
-      select: false,
+      select: false
    },
    accessExpiresAt: {
      type: Date,
-      select: false,
-    },
+      select: false
+    }
  },
  {
-    timestamps: true,
+    timestamps: true
  }
 );

 const IntegrationAuth = model<IIntegrationAuth>(
-  "IntegrationAuth",
+  'IntegrationAuth',
  integrationAuthSchema
 );

--- a/backend/src/models/secret.ts
+++ b/backend/src/models/secret.ts
@ -109,9 +109,6 @@ const secretSchema = new Schema<ISecret>(
 	}
 );

-
-secretSchema.index({ tags: 1 }, { background: true })
-
 const Secret = model<ISecret>('Secret', secretSchema);

 export default Secret;
--- a/backend/src/models/secretApprovalRequest.ts
+++ b/backend/src/models/secretApprovalRequest.ts
@ -1,83 +0,0 @@
-import mongoose, { Schema, model } from 'mongoose';
-import Secret, { ISecret } from './secret';
-
-interface ISecretApprovalRequest {
-	secret: mongoose.Types.ObjectId;
-	requestedChanges: ISecret;
-	requestedBy: mongoose.Types.ObjectId;
-	approvers: IApprover[];
-	status: ApprovalStatus;
-	timestamp: Date;
-	requestType: RequestType;
-	requestId: string;
-}
-
-interface IApprover {
-	userId: mongoose.Types.ObjectId;
-	status: ApprovalStatus;
-}
-
-export enum ApprovalStatus {
-	PENDING = 'pending',
-	APPROVED = 'approved',
-	REJECTED = 'rejected'
-}
-
-export enum RequestType {
-	UPDATE = 'update',
-	DELETE = 'delete',
-	CREATE = 'create'
-}
-
-const approverSchema = new mongoose.Schema({
-	user: {
-		type: mongoose.Schema.Types.ObjectId,
-		ref: 'User',
-		required: true
-	},
-	status: {
-		type: String,
-		enum: [ApprovalStatus],
-		default: ApprovalStatus.PENDING
-	}
-});
-
-const secretApprovalRequestSchema = new Schema<ISecretApprovalRequest>(
-	{
-		secret: {
-			type: mongoose.Schema.Types.ObjectId,
-			ref: 'Secret'
-		},
-		requestedChanges: Secret,
-		requestedBy: {
-			type: mongoose.Schema.Types.ObjectId,
-			ref: 'User'
-		},
-		approvers: [approverSchema],
-		status: {
-			type: String,
-			enum: ApprovalStatus,
-			default: ApprovalStatus.PENDING
-		},
-		timestamp: {
-			type: Date,
-			default: Date.now
-		},
-		requestType: {
-			type: String,
-			enum: RequestType,
-			required: true
-		},
-		requestId: {
-			type: String,
-			required: false
-		}
-	},
-	{
-		timestamps: true
-	}
-);
-
-const SecretApprovalRequest = model<ISecretApprovalRequest>('SecretApprovalRequest', secretApprovalRequestSchema);
-
-export default SecretApprovalRequest;
--- a/backend/src/models/token.ts
+++ b/backend/src/models/token.ts
@ -5,7 +5,6 @@ export interface IToken {
  email: string;
  token: string;
  createdAt: Date;
-  ttl: Number;
 }

 const tokenSchema = new Schema<IToken>({
@ -20,13 +19,14 @@ const tokenSchema = new Schema<IToken>({
  createdAt: {
    type: Date,
    default: Date.now
-  },
-  ttl: {
-    type: Number,
  }
 });

-tokenSchema.index({ email: 1 });
+tokenSchema.index({ 
+  createdAt: 1 
+}, { 
+  expireAfterSeconds: parseInt(EMAIL_TOKEN_LIFETIME) 
+});

 const Token = model<IToken>('Token', tokenSchema);

--- a/backend/src/routes/v1/integration.ts
+++ b/backend/src/routes/v1/integration.ts
@ -20,14 +20,12 @@ router.post( // new: add new integration for integration auth
 		location: 'body'
 	}),
 	body('integrationAuthId').exists().isString().trim(),
-	body('app').trim(),
+	body('app').isString().trim(),
 	body('isActive').exists().isBoolean(),
 	body('appId').trim(),
 	body('sourceEnvironment').trim(),
 	body('targetEnvironment').trim(),
 	body('owner').trim(),
-	body('path').trim(),
-	body('region').trim(),
 	validateRequest,
 	integrationController.createIntegration
 );
--- a/backend/src/routes/v1/integrationAuth.ts
+++ b/backend/src/routes/v1/integrationAuth.ts
@ -57,7 +57,6 @@ router.post(
 		location: 'body'
 	}),
 	body('workspaceId').exists().trim().notEmpty(),
-	body('accessId').trim(),
 	body('accessToken').exists().trim().notEmpty(),
 	body('integration').exists().trim().notEmpty(),
 	validateRequest,
--- a/backend/src/routes/v1/organization.ts
+++ b/backend/src/routes/v1/organization.ts
@ -156,19 +156,4 @@ router.get(
 	organizationController.getOrganizationSubscriptions
 );

-router.get(
-	'/:organizationId/workspace-memberships',
-	requireAuth({
-		acceptedAuthModes: ['jwt']
-	}),
-	requireOrganizationAuth({
-		acceptedRoles: [OWNER, ADMIN, MEMBER],
-		acceptedStatuses: [ACCEPTED]
-	}),
-	param('organizationId').exists().trim(),
-	validateRequest,
-	organizationController.getOrganizationMembersAndTheirWorkspaces
-);
-
-
 export default router;
--- a/backend/src/routes/v2/secrets.ts
+++ b/backend/src/routes/v2/secrets.ts
@ -74,7 +74,6 @@ router.get(
    '/',
    query('workspaceId').exists().trim(),
    query('environment').exists().trim(),
-    query('tagSlugs'),
    validateRequest,
    requireAuth({
        acceptedAuthModes: ['jwt', 'apiKey', 'serviceToken']
--- a/backend/src/services/IntegrationService.ts
+++ b/backend/src/services/IntegrationService.ts
@ -112,30 +112,26 @@ class IntegrationService {
    }

    /**
-     * Encrypt access token [accessToken] and (optionally) access id using the 
-     * bot's copy of the workspace key for workspace belonging to integration auth
+     * Encrypt access token [accessToken] using the bot's copy
+     * of the workspace key for workspace belonging to integration auth
     * with id [integrationAuthId]
     * @param {Object} obj
     * @param {String} obj.integrationAuthId - id of integration auth
-     * @param {String} obj.accessId - access id
     * @param {String} obj.accessToken - access token
     * @param {Date} obj.accessExpiresAt - expiration date of access token
     * @returns {IntegrationAuth} - updated integration auth
     */
    static async setIntegrationAuthAccess({ 
        integrationAuthId,
-        accessId,
        accessToken,
        accessExpiresAt
    }: { 
        integrationAuthId: string;
-        accessId: string | null;
        accessToken: string;
        accessExpiresAt: Date | undefined;
    }) {
        return await setIntegrationAuthAccessHelper({
            integrationAuthId,
-            accessId,
            accessToken,
            accessExpiresAt
        });
--- a/backend/src/templates/emailVerification.handlebars
+++ b/backend/src/templates/emailVerification.handlebars
@ -6,9 +6,10 @@
    <title>Email Verification</title>
 </head>
 <body>
+    <h2>Infisical</h2>
    <h2>Confirm your email address</h2>
    <p>Your confirmation code is below — enter it in the browser window where you've started signing up for Infisical.</p>
-    <h1>{{code}}</h1>
+    <h2>{{code}}</h2>
    <p>Questions about setting up Infisical? Email us at support@infisical.com</p>
 </body>
 </html>
--- a/backend/src/templates/organizationInvitation.handlebars
+++ b/backend/src/templates/organizationInvitation.handlebars
@ -7,8 +7,9 @@
    <title>Organization Invitation</title>
 </head>
 <body>
-    <h2>Join your organization on Infisical</h2>
-    <p>{{inviterFirstName}} ({{inviterEmail}}) has invited you to their Infisical organization — {{organizationName}}</p>
+    <h2>Infisical</h2>
+    <h2>Join your team on Infisical</h2>
+    <p>{{inviterFirstName}}({{inviterEmail}}) has invited you to their Infisical organization — {{organizationName}}</p>
    <a href="{{callback_url}}?token={{token}}&to={{email}}">Join now</a>
    <h3>What is Infisical?</h3>
    <p>Infisical is an easy-to-use end-to-end encrypted tool that enables developers to sync and manage their secrets and configs.</p>
--- a/backend/src/templates/passwordReset.handlebars
+++ b/backend/src/templates/passwordReset.handlebars
@ -6,6 +6,7 @@
    <title>Account Recovery</title>
 </head>
 <body>
+    <h2>Infisical</h2>
    <h2>Reset your password</h2>
    <p>Someone requested a password reset.</p>
    <a href="{{callback_url}}?token={{token}}&to={{email}}">Reset password</a>
--- a/backend/src/templates/workspaceInvitation.handlebars
+++ b/backend/src/templates/workspaceInvitation.handlebars
@ -6,8 +6,9 @@
    <title>Project Invitation</title>
 </head>
 <body>
+    <h2>Infisical</h2>
    <h2>Join your team on Infisical</h2>
-    <p>{{inviterFirstName}} ({{inviterEmail}}) has invited you to their Infisical project — {{workspaceName}}</p>
+    <p>{{inviterFirstName}}({{inviterEmail}}) has invited you to their Infisical project — {{workspaceName}}</p>
    <a href="{{callback_url}}">Join now</a>
    <h3>What is Infisical?</h3>
    <p>Infisical is an easy-to-use end-to-end encrypted tool that enables developers to sync and manage their secrets and configs.</p>
--- a/backend/src/variables/index.ts
+++ b/backend/src/variables/index.ts
@ -3,19 +3,16 @@ import {
  ENV_TESTING,
  ENV_STAGING,
  ENV_PROD,
-  ENV_SET,
-} from "./environment";
+  ENV_SET
+} from './environment';
 import {
  INTEGRATION_AZURE_KEY_VAULT,
-  INTEGRATION_AWS_PARAMETER_STORE,
-  INTEGRATION_AWS_SECRET_MANAGER,
  INTEGRATION_HEROKU,
  INTEGRATION_VERCEL,
  INTEGRATION_NETLIFY,
  INTEGRATION_GITHUB,
  INTEGRATION_RENDER,
  INTEGRATION_FLYIO,
-  INTEGRATION_CIRCLECI,
  INTEGRATION_SET,
  INTEGRATION_OAUTH2,
  INTEGRATION_AZURE_TOKEN_URL,
@ -28,22 +25,27 @@ import {
  INTEGRATION_NETLIFY_API_URL,
  INTEGRATION_RENDER_API_URL,
  INTEGRATION_FLYIO_API_URL,
-  INTEGRATION_CIRCLECI_API_URL,
-  INTEGRATION_OPTIONS,
-} from "./integration";
-import { OWNER, ADMIN, MEMBER, INVITED, ACCEPTED } from "./organization";
-import { SECRET_SHARED, SECRET_PERSONAL } from "./secret";
-import { EVENT_PUSH_SECRETS, EVENT_PULL_SECRETS } from "./event";
+  INTEGRATION_OPTIONS
+} from './integration';
+import {
+  OWNER,
+  ADMIN,
+  MEMBER,
+  INVITED,
+  ACCEPTED,
+} from './organization';
+import { SECRET_SHARED, SECRET_PERSONAL } from './secret';
+import { EVENT_PUSH_SECRETS, EVENT_PULL_SECRETS } from './event';
 import {
  ACTION_LOGIN,
  ACTION_LOGOUT,
  ACTION_ADD_SECRETS,
  ACTION_UPDATE_SECRETS,
  ACTION_DELETE_SECRETS,
-  ACTION_READ_SECRETS,
-} from "./action";
-import { SMTP_HOST_SENDGRID, SMTP_HOST_MAILGUN } from "./smtp";
-import { PLAN_STARTER, PLAN_PRO } from "./stripe";
+  ACTION_READ_SECRETS
+} from './action';
+import { SMTP_HOST_SENDGRID, SMTP_HOST_MAILGUN } from './smtp';
+import { PLAN_STARTER, PLAN_PRO } from './stripe';

 export {
  OWNER,
@ -59,15 +61,12 @@ export {
  ENV_PROD,
  ENV_SET,
  INTEGRATION_AZURE_KEY_VAULT,
-  INTEGRATION_AWS_PARAMETER_STORE,
-  INTEGRATION_AWS_SECRET_MANAGER,
  INTEGRATION_HEROKU,
  INTEGRATION_VERCEL,
  INTEGRATION_NETLIFY,
  INTEGRATION_GITHUB,
  INTEGRATION_RENDER,
  INTEGRATION_FLYIO,
-  INTEGRATION_CIRCLECI,
  INTEGRATION_SET,
  INTEGRATION_OAUTH2,
  INTEGRATION_AZURE_TOKEN_URL,
@ -80,7 +79,6 @@ export {
  INTEGRATION_NETLIFY_API_URL,
  INTEGRATION_RENDER_API_URL,
  INTEGRATION_FLYIO_API_URL,
-  INTEGRATION_CIRCLECI_API_URL,
  EVENT_PUSH_SECRETS,
  EVENT_PULL_SECRETS,
  ACTION_LOGIN,
--- a/backend/src/variables/integration.ts
+++ b/backend/src/variables/integration.ts
@ -3,55 +3,60 @@ import {
    TENANT_ID_AZURE
 } from '../config';
 import {
-  CLIENT_ID_HEROKU,
-  CLIENT_ID_NETLIFY,
-  CLIENT_ID_GITHUB,
-  CLIENT_SLUG_VERCEL,
-} from "../config";
+    CLIENT_ID_HEROKU,
+    CLIENT_ID_NETLIFY,
+    CLIENT_ID_GITHUB,
+    CLIENT_SLUG_VERCEL
+} from '../config';

 // integrations
 const INTEGRATION_AZURE_KEY_VAULT = 'azure-key-vault';
-const INTEGRATION_AWS_PARAMETER_STORE = 'aws-parameter-store';
-const INTEGRATION_AWS_SECRET_MANAGER = 'aws-secret-manager';
-const INTEGRATION_HEROKU = "heroku";
-const INTEGRATION_VERCEL = "vercel";
-const INTEGRATION_NETLIFY = "netlify";
-const INTEGRATION_GITHUB = "github";
-const INTEGRATION_RENDER = "render";
-const INTEGRATION_FLYIO = "flyio";
-const INTEGRATION_CIRCLECI = "circleci";
+const INTEGRATION_HEROKU = 'heroku';
+const INTEGRATION_VERCEL = 'vercel';
+const INTEGRATION_NETLIFY = 'netlify';
+const INTEGRATION_GITHUB = 'github';
+const INTEGRATION_RENDER = 'render';
+const INTEGRATION_FLYIO = 'flyio';
 const INTEGRATION_SET = new Set([
    INTEGRATION_AZURE_KEY_VAULT,
-  INTEGRATION_HEROKU,
-  INTEGRATION_VERCEL,
-  INTEGRATION_NETLIFY,
-  INTEGRATION_GITHUB,
-  INTEGRATION_RENDER,
-  INTEGRATION_FLYIO,
-  INTEGRATION_CIRCLECI,
+    INTEGRATION_HEROKU,
+    INTEGRATION_VERCEL,
+    INTEGRATION_NETLIFY,
+    INTEGRATION_GITHUB,
+    INTEGRATION_RENDER,
+    INTEGRATION_FLYIO
 ]);

 // integration types
-const INTEGRATION_OAUTH2 = "oauth2";
+const INTEGRATION_OAUTH2 = 'oauth2';

 // integration oauth endpoints
 const INTEGRATION_AZURE_TOKEN_URL = `https://login.microsoftonline.com/${TENANT_ID_AZURE}/oauth2/v2.0/token`;
 const INTEGRATION_HEROKU_TOKEN_URL = 'https://id.heroku.com/oauth/token';
 const INTEGRATION_VERCEL_TOKEN_URL =
-  "https://api.vercel.com/v2/oauth/access_token";
-const INTEGRATION_NETLIFY_TOKEN_URL = "https://api.netlify.com/oauth/token";
+    'https://api.vercel.com/v2/oauth/access_token';
+const INTEGRATION_NETLIFY_TOKEN_URL = 'https://api.netlify.com/oauth/token';
 const INTEGRATION_GITHUB_TOKEN_URL =
-  "https://github.com/login/oauth/access_token";
+    'https://github.com/login/oauth/access_token';

 // integration apps endpoints
-const INTEGRATION_HEROKU_API_URL = "https://api.heroku.com";
-const INTEGRATION_VERCEL_API_URL = "https://api.vercel.com";
-const INTEGRATION_NETLIFY_API_URL = "https://api.netlify.com";
-const INTEGRATION_RENDER_API_URL = "https://api.render.com";
-const INTEGRATION_FLYIO_API_URL = "https://api.fly.io/graphql";
-const INTEGRATION_CIRCLECI_API_URL = "https://circleci.com/api";
+const INTEGRATION_HEROKU_API_URL = 'https://api.heroku.com';
+const INTEGRATION_VERCEL_API_URL = 'https://api.vercel.com';
+const INTEGRATION_NETLIFY_API_URL = 'https://api.netlify.com';
+const INTEGRATION_RENDER_API_URL = 'https://api.render.com';
+const INTEGRATION_FLYIO_API_URL = 'https://api.fly.io/graphql';

 const INTEGRATION_OPTIONS = [
+    {
+        name: 'Azure Key Vault',
+        slug: 'azure-key-vault',
+        image: 'Microsoft Azure.png',
+        isAvailable: false,
+        type: 'oauth',
+        clientId: CLIENT_ID_AZURE,
+        tenantId: TENANT_ID_AZURE,
+        docsLink: ''
+    },
    {
        name: 'Heroku',
        slug: 'heroku',
@ -107,43 +112,6 @@ const INTEGRATION_OPTIONS = [
        clientId: '',
        docsLink: ''
    },
-    {
-        name: 'AWS Parameter Store',
-        slug: 'aws-parameter-store',
-        image: 'Amazon Web Services.png',
-        isAvailable: true,
-        type: 'custom',
-        clientId: '',
-        docsLink: ''
-    },
-    {
-        name: 'AWS Secret Manager',
-        slug: 'aws-secret-manager',
-        image: 'Amazon Web Services.png',
-        isAvailable: true,
-        type: 'custom',
-        clientId: '',
-        docsLink: ''
-    },
-    {
-        name: 'Circle CI',
-        slug: 'circleci',
-        image: 'Circle CI.png',
-        isAvailable: true,
-        type: 'pat',
-        clientId: '',
-        docsLink: ''
-    },
-    {
-        name: 'Azure Key Vault',
-        slug: 'azure-key-vault',
-        image: 'Microsoft Azure.png',
-        isAvailable: false,
-        type: 'oauth',
-        clientId: CLIENT_ID_AZURE,
-        tenantId: TENANT_ID_AZURE,
-        docsLink: ''
-    },
    {
        name: 'Google Cloud Platform',
        slug: 'gcp',
@ -153,6 +121,24 @@ const INTEGRATION_OPTIONS = [
        clientId: '',
        docsLink: ''
    },
+    {
+        name: 'Amazon Web Services',
+        slug: 'aws',
+        image: 'Amazon Web Services.png',
+        isAvailable: false,
+        type: '',
+        clientId: '',
+        docsLink: ''
+    },
+    {
+        name: 'Microsoft Azure',
+        slug: 'azure',
+        image: 'Microsoft Azure.png',
+        isAvailable: false,
+        type: '',
+        clientId: '',
+        docsLink: ''
+    },
    {
        name: 'Travis CI',
        slug: 'travisci',
@ -161,32 +147,37 @@ const INTEGRATION_OPTIONS = [
        type: '',
        clientId: '',
        docsLink: ''
+    },
+    {
+        name: 'Circle CI',
+        slug: 'circleci',
+        image: 'Circle CI.png',
+        isAvailable: false,
+        type: '',
+        clientId: '',
+        docsLink: ''
    }
 ]

 export {
    INTEGRATION_AZURE_KEY_VAULT,
-    INTEGRATION_AWS_PARAMETER_STORE,
-    INTEGRATION_AWS_SECRET_MANAGER,
-  INTEGRATION_HEROKU,
-  INTEGRATION_VERCEL,
-  INTEGRATION_NETLIFY,
-  INTEGRATION_GITHUB,
-  INTEGRATION_RENDER,
-  INTEGRATION_FLYIO,
-  INTEGRATION_CIRCLECI,
-  INTEGRATION_SET,
-  INTEGRATION_OAUTH2,
+    INTEGRATION_HEROKU,
+    INTEGRATION_VERCEL,
+    INTEGRATION_NETLIFY,
+    INTEGRATION_GITHUB,
+    INTEGRATION_RENDER,
+    INTEGRATION_FLYIO,
+    INTEGRATION_SET,
+    INTEGRATION_OAUTH2,
    INTEGRATION_AZURE_TOKEN_URL,
-  INTEGRATION_HEROKU_TOKEN_URL,
-  INTEGRATION_VERCEL_TOKEN_URL,
-  INTEGRATION_NETLIFY_TOKEN_URL,
-  INTEGRATION_GITHUB_TOKEN_URL,
-  INTEGRATION_HEROKU_API_URL,
-  INTEGRATION_VERCEL_API_URL,
-  INTEGRATION_NETLIFY_API_URL,
-  INTEGRATION_RENDER_API_URL,
-  INTEGRATION_FLYIO_API_URL,
-  INTEGRATION_CIRCLECI_API_URL,
-  INTEGRATION_OPTIONS,
+    INTEGRATION_HEROKU_TOKEN_URL,
+    INTEGRATION_VERCEL_TOKEN_URL,
+    INTEGRATION_NETLIFY_TOKEN_URL,
+    INTEGRATION_GITHUB_TOKEN_URL,
+    INTEGRATION_HEROKU_API_URL,
+    INTEGRATION_VERCEL_API_URL,
+    INTEGRATION_NETLIFY_API_URL,
+    INTEGRATION_RENDER_API_URL,
+    INTEGRATION_FLYIO_API_URL,
+    INTEGRATION_OPTIONS
 };
--- a/backend/src/variables/organization.ts
+++ b/backend/src/variables/organization.ts
@ -1,16 +1,24 @@
 // membership roles
-const OWNER = "owner";
-const ADMIN = "admin";
-const MEMBER = "member";
+const OWNER = 'owner';
+const ADMIN = 'admin';
+const MEMBER = 'member';

 // membership statuses
-const INVITED = "invited";
+const INVITED = 'invited';

 // membership permissions ability
-const ABILITY_READ = "read";
-const ABILITY_WRITE = "write";
+const ABILITY_READ = 'read';
+const ABILITY_WRITE = 'write';

 // -- organization
-const ACCEPTED = "accepted";
+const ACCEPTED = 'accepted';

-export { OWNER, ADMIN, MEMBER, INVITED, ACCEPTED, ABILITY_READ, ABILITY_WRITE };
+export {
+    OWNER,
+    ADMIN,
+    MEMBER,
+    INVITED,
+    ACCEPTED,
+    ABILITY_READ,
+    ABILITY_WRITE
+}
--- a/cli/docker/Dockerfile
+++ b/cli/docker/Dockerfile
@ -1,4 +0,0 @@
-FROM alpine
-RUN apk add --no-cache tini
-COPY infisical /bin/infisical
-ENTRYPOINT ["/sbin/tini", "--", "/bin/infisical"]
--- a/cli/packages/api/api.go
+++ b/cli/packages/api/api.go
@ -114,7 +114,6 @@ func CallGetSecretsV2(httpClient *resty.Client, request GetEncryptedSecretsV2Req
 		SetHeader("User-Agent", USER_AGENT).
 		SetQueryParam("environment", request.Environment).
 		SetQueryParam("workspaceId", request.WorkspaceId).
-		SetQueryParam("tagSlugs", request.TagSlugs).
 		Get(fmt.Sprintf("%v/v2/secrets", config.INFISICAL_URL))

 	if err != nil {
@ -155,33 +154,15 @@ func CallIsAuthenticated(httpClient *resty.Client) bool {
 		SetHeader("User-Agent", USER_AGENT).
 		Post(fmt.Sprintf("%v/v1/auth/checkAuth", config.INFISICAL_URL))

+	log.Debugln(fmt.Errorf("CallIsAuthenticated: Unsuccessful response:  [response=%v]", response))
+
 	if err != nil {
 		return false
 	}

 	if response.IsError() {
-		log.Debugln(fmt.Errorf("CallIsAuthenticated: Unsuccessful response:  [response=%v]", response))
 		return false
 	}

 	return true
 }
-
-func CallGetAccessibleEnvironments(httpClient *resty.Client, request GetAccessibleEnvironmentsRequest) (GetAccessibleEnvironmentsResponse, error) {
-	var accessibleEnvironmentsResponse GetAccessibleEnvironmentsResponse
-	response, err := httpClient.
-		R().
-		SetResult(&accessibleEnvironmentsResponse).
-		SetHeader("User-Agent", USER_AGENT).
-		Get(fmt.Sprintf("%v/v2/workspace/%s/environments", config.INFISICAL_URL, request.WorkspaceId))
-
-	if err != nil {
-		return GetAccessibleEnvironmentsResponse{}, err
-	}
-
-	if response.IsError() {
-		return GetAccessibleEnvironmentsResponse{}, fmt.Errorf("CallGetAccessibleEnvironments: Unsuccessful response:  [response=%v]", response)
-	}
-
-	return accessibleEnvironmentsResponse, nil
-}
--- a/cli/packages/api/model.go
+++ b/cli/packages/api/model.go
@ -197,7 +197,6 @@ type GetSecretsByWorkspaceIdAndEnvironmentRequest struct {
 type GetEncryptedSecretsV2Request struct {
 	Environment string `json:"environment"`
 	WorkspaceId string `json:"workspaceId"`
-	TagSlugs    string `json:"tagSlugs"`
 }

 type GetEncryptedSecretsV2Response struct {
@ -251,15 +250,3 @@ type GetServiceTokenDetailsResponse struct {
 	UpdatedAt    time.Time `json:"updatedAt"`
 	V            int       `json:"__v"`
 }
-
-type GetAccessibleEnvironmentsRequest struct {
-	WorkspaceId string `json:"workspaceId"`
-}
-
-type GetAccessibleEnvironmentsResponse struct {
-	AccessibleEnvironments []struct {
-		Name          string `json:"name"`
-		Slug          string `json:"slug"`
-		IsWriteDenied bool   `json:"isWriteDenied"`
-	} `json:"accessibleEnvironments"`
-}
--- a/cli/packages/cmd/export.go
+++ b/cli/packages/cmd/export.go
@ -61,12 +61,7 @@ var exportCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}

-		tagSlugs, err := cmd.Flags().GetString("tags")
-		if err != nil {
-			util.HandleError(err, "Unable to parse flag")
-		}
-
-		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: envName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs})
+		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: envName, InfisicalToken: infisicalToken})
 		if err != nil {
 			util.HandleError(err, "Unable to fetch secrets")
 		}
@ -102,7 +97,6 @@ func init() {
 	exportCmd.Flags().StringP("format", "f", "dotenv", "Set the format of the output file (dotenv, json, csv)")
 	exportCmd.Flags().Bool("secret-overriding", true, "Prioritizes personal secrets, if any, with the same name over shared secrets")
 	exportCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
-	exportCmd.Flags().StringP("tags", "t", "", "filter secrets by tag slugs")
 }

 // Format according to the format flag
--- a/cli/packages/cmd/init.go
+++ b/cli/packages/cmd/init.go
@ -56,7 +56,7 @@ var initCmd = &cobra.Command{
 		workspaces := workspaceResponse.Workspaces
 		if len(workspaces) == 0 {
 			message := fmt.Sprintf("You don't have any projects created in Infisical. You must first create a project at %s", util.INFISICAL_TOKEN_NAME)
-			util.PrintErrorMessageAndExit(message)
+			util.PrintMessageAndExit(message)
 		}

 		var workspaceNames []string
--- a/cli/packages/cmd/reset.go
+++ b/cli/packages/cmd/reset.go
@ -1,45 +0,0 @@
-/*
-Copyright (c) 2023 Infisical Inc.
-*/
-package cmd
-
-import (
-	"os"
-
-	"github.com/Infisical/infisical-merge/packages/util"
-	"github.com/spf13/cobra"
-)
-
-var resetCmd = &cobra.Command{
-	Use:                   "reset",
-	Short:                 "Used delete all Infisical related data on your machine",
-	DisableFlagsInUseLine: true,
-	Example:               "infisical reset",
-	Args:                  cobra.NoArgs,
-	PreRun: func(cmd *cobra.Command, args []string) {
-		toggleDebug(cmd, args)
-	},
-	Run: func(cmd *cobra.Command, args []string) {
-		// delete config
-		_, pathToDir, err := util.GetFullConfigFilePath()
-		if err != nil {
-			util.HandleError(err)
-		}
-
-		os.RemoveAll(pathToDir)
-
-		// delete keyring
-		keyringInstance, err := util.GetKeyRing()
-		if err != nil {
-			util.HandleError(err)
-		}
-
-		keyringInstance.Remove(util.KEYRING_SERVICE_NAME)
-
-		util.PrintSuccessMessage("Reset successful")
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(resetCmd)
-}
--- a/cli/packages/cmd/run.go
+++ b/cli/packages/cmd/run.go
@ -64,6 +64,10 @@ var runCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}

+		// if !util.IsSecretEnvironmentValid(envName) {
+		// 	util.PrintMessageAndExit("Invalid environment name passed. Environment names can only be prod, dev, test or staging")
+		// }
+
 		secretOverriding, err := cmd.Flags().GetBool("secret-overriding")
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
@ -74,12 +78,7 @@ var runCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}

-		tagSlugs, err := cmd.Flags().GetString("tags")
-		if err != nil {
-			util.HandleError(err, "Unable to parse flag")
-		}
-
-		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: envName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs})
+		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: envName, InfisicalToken: infisicalToken})

 		if err != nil {
 			util.HandleError(err, "Could not fetch secrets", "If you are using a service token to fetch secrets, please ensure it is valid")
@ -153,7 +152,6 @@ func init() {
 	runCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	runCmd.Flags().Bool("secret-overriding", true, "Prioritizes personal secrets, if any, with the same name over shared secrets")
 	runCmd.Flags().StringP("command", "c", "", "chained commands to execute (e.g. \"npm install && npm run dev; echo ...\")")
-	runCmd.Flags().StringP("tags", "t", "", "filter secrets by tag slugs ")
 }

 // Will execute a single command and pass in the given secrets into the process
--- a/cli/packages/cmd/secrets.go
+++ b/cli/packages/cmd/secrets.go
@ -46,12 +46,7 @@ var secretsCmd = &cobra.Command{
 			util.HandleError(err)
 		}

-		tagSlugs, err := cmd.Flags().GetString("tags")
-		if err != nil {
-			util.HandleError(err, "Unable to parse flag")
-		}
-
-		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs})
+		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken})
 		if err != nil {
 			util.HandleError(err)
 		}
@ -92,22 +87,20 @@ var secretsSetCmd = &cobra.Command{
 	PreRun:                toggleDebug,
 	Args:                  cobra.MinimumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
-		util.RequireLocalWorkspaceFile()
-
 		environmentName, err := cmd.Flags().GetString("env")
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}

+		if !util.IsSecretEnvironmentValid(environmentName) {
+			util.PrintMessageAndExit("You have entered a invalid environment name", "Environment names can only be prod, dev, test or staging")
+		}
+
 		workspaceFile, err := util.GetWorkSpaceFromFile()
 		if err != nil {
 			util.HandleError(err, "Unable to get your local config details")
 		}

-		if environmentName == '' {
-			environmentName := workspaceFile.environment
-		}
-
 		loggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
 		if err != nil {
 			util.HandleError(err, "Unable to authenticate")
@ -155,11 +148,11 @@ var secretsSetCmd = &cobra.Command{
 		for _, arg := range args {
 			splitKeyValueFromArg := strings.SplitN(arg, "=", 2)
 			if splitKeyValueFromArg[0] == "" || splitKeyValueFromArg[1] == "" {
-				util.PrintErrorMessageAndExit("ensure that each secret has a none empty key and value. Modify the input and try again")
+				util.PrintMessageAndExit("ensure that each secret has a none empty key and value. Modify the input and try again")
 			}

 			if unicode.IsNumber(rune(splitKeyValueFromArg[0][0])) {
-				util.PrintErrorMessageAndExit("keys of secrets cannot start with a number. Modify the key name(s) and try again")
+				util.PrintMessageAndExit("keys of secrets cannot start with a number. Modify the key name(s) and try again")
 			}

 			// Key and value from argument
@ -310,7 +303,7 @@ var secretsDeleteCmd = &cobra.Command{

 		if len(invalidSecretNamesThatDoNotExist) != 0 {
 			message := fmt.Sprintf("secret name(s) [%v] does not exist in your project. To see which secrets exist run [infisical secrets]", strings.Join(invalidSecretNamesThatDoNotExist, ", "))
-			util.PrintErrorMessageAndExit(message)
+			util.PrintMessageAndExit(message)
 		}

 		request := api.BatchDeleteSecretsBySecretIdsRequest{
@ -339,17 +332,17 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
 		util.HandleError(err, "Unable to parse flag")
 	}

+	workspaceFileExists := util.WorkspaceConfigFileExistsInCurrentPath()
+	if !workspaceFileExists {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
 	infisicalToken, err := cmd.Flags().GetString("token")
 	if err != nil {
 		util.HandleError(err, "Unable to parse flag")
 	}

-	tagSlugs, err := cmd.Flags().GetString("tags")
-	if err != nil {
-		util.HandleError(err, "Unable to parse flag")
-	}
-
-	secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs})
+	secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken})
 	if err != nil {
 		util.HandleError(err, "To fetch all secrets")
 	}
@ -382,17 +375,17 @@ func generateExampleEnv(cmd *cobra.Command, args []string) {
 		util.HandleError(err, "Unable to parse flag")
 	}

+	workspaceFileExists := util.WorkspaceConfigFileExistsInCurrentPath()
+	if !workspaceFileExists {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
 	infisicalToken, err := cmd.Flags().GetString("token")
 	if err != nil {
 		util.HandleError(err, "Unable to parse flag")
 	}

-	tagSlugs, err := cmd.Flags().GetString("tags")
-	if err != nil {
-		util.HandleError(err, "Unable to parse flag")
-	}
-
-	secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs})
+	secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken})
 	if err != nil {
 		util.HandleError(err, "To fetch all secrets")
 	}
@ -519,7 +512,7 @@ func generateExampleEnv(cmd *cobra.Command, args []string) {
 		if len(listOfTagNames) == 0 {
 			fmt.Printf("\n%s \n", strings.Join(listOfKeyValue, "\n \n"))
 		} else {
-			fmt.Printf("\n\n\n%s \n%s \n", heading, strings.Join(listOfKeyValue, "\n \n"))
+			fmt.Printf("\n\n\n%s\n \n%s \n", heading, strings.Join(listOfKeyValue, "\n \n"))
 		}
 	}
 }
@ -574,6 +567,5 @@ func init() {
 	secretsCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
 	secretsCmd.PersistentFlags().String("env", "dev", "Used to select the environment name on which actions should be taken on")
 	secretsCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
-	secretsCmd.PersistentFlags().StringP("tags", "t", "", "filter secrets by tag slugs")
 	rootCmd.AddCommand(secretsCmd)
 }
--- a/cli/packages/models/cli.go
+++ b/cli/packages/models/cli.go
@ -40,7 +40,6 @@ type Workspace struct {

 type WorkspaceConfigFile struct {
 	WorkspaceId string `json:"workspaceId"`
-	Environment string `json:"environment"`
 }

 type SymmetricEncryptionResult struct {
@ -52,5 +51,4 @@ type SymmetricEncryptionResult struct {
 type GetAllSecretsParameters struct {
 	Environment    string
 	InfisicalToken string
-	TagSlugs       string
 }
--- a/cli/packages/util/helper.go
+++ b/cli/packages/util/helper.go
@ -65,29 +65,29 @@ func RequireLogin() {
 	}

 	if !currentUserDetails.IsUserLoggedIn {
-		PrintErrorMessageAndExit("You must be logged in to run this command. To login, run [infisical login]")
+		PrintMessageAndExit("You must be logged in to run this command. To login, run [infisical login]")
 	}

 	if currentUserDetails.LoginExpired {
-		PrintErrorMessageAndExit("Your login expired, please login in again. To login, run [infisical login]")
+		PrintMessageAndExit("Your login expired, please login in again. To login, run [infisical login]")
 	}

 	if currentUserDetails.UserCredentials.Email == "" && currentUserDetails.UserCredentials.JTWToken == "" && currentUserDetails.UserCredentials.PrivateKey == "" {
-		PrintErrorMessageAndExit("One or more of your login details is empty. Please try logging in again via by running [infisical login]")
+		PrintMessageAndExit("One or more of your login details is empty. Please try logging in again via by running [infisical login]")
 	}
 }

 func RequireServiceToken() {
 	serviceToken := os.Getenv(INFISICAL_TOKEN_NAME)
 	if serviceToken == "" {
-		PrintErrorMessageAndExit("No service token is found in your terminal")
+		PrintMessageAndExit("No service token is found in your terminal")
 	}
 }

 func RequireLocalWorkspaceFile() {
 	workspaceFileExists := WorkspaceConfigFileExistsInCurrentPath()
 	if !workspaceFileExists {
-		PrintErrorMessageAndExit("It looks you have not yet connected this project to Infisical", "To do so, run [infisical init] then run your command again")
+		PrintMessageAndExit("It looks you have not yet connected this project to Infisical", "To do so, run [infisical init] then run your command again")
 	}

 	workspaceFile, err := GetWorkSpaceFromFile()
@ -96,7 +96,7 @@ func RequireLocalWorkspaceFile() {
 	}

 	if workspaceFile.WorkspaceId == "" {
-		PrintErrorMessageAndExit("Your project id is missing in your local config file. Please add it or run again [infisical init]")
+		PrintMessageAndExit("Your project id is missing in your local config file. Please add it or run again [infisical init]")
 	}
 }

--- a/cli/packages/util/log.go
+++ b/cli/packages/util/log.go
@ -27,14 +27,10 @@ func PrintWarning(message string) {
 	color.New(color.FgYellow).Fprintf(os.Stderr, "Warning: %v \n", message)
 }

-func PrintSuccessMessage(message string) {
-	color.New(color.FgGreen).Println(message)
-}
-
-func PrintErrorMessageAndExit(messages ...string) {
+func PrintMessageAndExit(messages ...string) {
 	if len(messages) > 0 {
 		for _, message := range messages {
-			fmt.Fprintln(os.Stderr, message)
+			fmt.Println(message)
 		}
 	}

@ -42,5 +38,5 @@ func PrintErrorMessageAndExit(messages ...string) {
 }

 func printError(e error) {
-	color.New(color.FgRed).Fprintf(os.Stderr, "Hmm, we ran into an error: %v", e)
+	color.Red("Hmm, we ran into an error: %v", e)
 }
--- a/cli/packages/util/secrets.go
+++ b/cli/packages/util/secrets.go
@ -62,7 +62,7 @@ func GetPlainTextSecretsViaServiceToken(fullServiceToken string) ([]models.Singl
 	return plainTextSecrets, nil
 }

-func GetPlainTextSecretsViaJTW(JTWToken string, receiversPrivateKey string, workspaceId string, environmentName string, tagSlugs string) ([]models.SingleEnvironmentVariable, error) {
+func GetPlainTextSecretsViaJTW(JTWToken string, receiversPrivateKey string, workspaceId string, environmentName string) ([]models.SingleEnvironmentVariable, error) {
 	httpClient := resty.New()
 	httpClient.SetAuthToken(JTWToken).
 		SetHeader("Accept", "application/json")
@ -85,7 +85,6 @@ func GetPlainTextSecretsViaJTW(JTWToken string, receiversPrivateKey string, work
 	encryptedSecrets, err := api.CallGetSecretsV2(httpClient, api.GetEncryptedSecretsV2Request{
 		WorkspaceId: workspaceId,
 		Environment: environmentName,
-		TagSlugs:    tagSlugs,
 	})

 	if err != nil {
@ -131,13 +130,7 @@ func GetAllEnvironmentVariables(params models.GetAllSecretsParameters) ([]models
 			return nil, err
 		}

-		// Verify environment
-		err = ValidateEnvironmentName(params.Environment, workspaceFile.WorkspaceId, loggedInUserDetails.UserCredentials)
-		if err != nil {
-			return nil, fmt.Errorf("unable to validate environment name because [err=%s]", err)
-		}
-
-		secretsToReturn, errorToReturn = GetPlainTextSecretsViaJTW(loggedInUserDetails.UserCredentials.JTWToken, loggedInUserDetails.UserCredentials.PrivateKey, workspaceFile.WorkspaceId, params.Environment, params.TagSlugs)
+		secretsToReturn, errorToReturn = GetPlainTextSecretsViaJTW(loggedInUserDetails.UserCredentials.JTWToken, loggedInUserDetails.UserCredentials.PrivateKey, workspaceFile.WorkspaceId, params.Environment)
 		log.Debugf("GetAllEnvironmentVariables: Trying to fetch secrets JTW token [err=%s]", errorToReturn)

 		backupSecretsEncryptionKey := []byte(loggedInUserDetails.UserCredentials.PrivateKey)[0:32]
@ -163,33 +156,6 @@ func GetAllEnvironmentVariables(params models.GetAllSecretsParameters) ([]models
 	return secretsToReturn, errorToReturn
 }

-func ValidateEnvironmentName(environmentName string, workspaceId string, userLoggedInDetails models.UserCredentials) error {
-	httpClient := resty.New()
-	httpClient.SetAuthToken(userLoggedInDetails.JTWToken).
-		SetHeader("Accept", "application/json")
-
-	response, err := api.CallGetAccessibleEnvironments(httpClient, api.GetAccessibleEnvironmentsRequest{WorkspaceId: workspaceId})
-	if err != nil {
-		return err
-	}
-
-	listOfEnvSlugs := []string{}
-	mapOfEnvSlugs := make(map[string]interface{})
-
-	for _, environment := range response.AccessibleEnvironments {
-		listOfEnvSlugs = append(listOfEnvSlugs, environment.Slug)
-		mapOfEnvSlugs[environment.Slug] = environment
-	}
-
-	_, exists := mapOfEnvSlugs[environmentName]
-	if !exists {
-		HandleError(fmt.Errorf("the environment [%s] does not exist in project with [id=%s]. Only [%s] are available", environmentName, workspaceId, strings.Join(listOfEnvSlugs, ",")))
-	}
-
-	return nil
-
-}
-
 func getExpandedEnvVariable(secrets []models.SingleEnvironmentVariable, variableWeAreLookingFor string, hashMapOfCompleteVariables map[string]string, hashMapOfSelfRefs map[string]string) string {
 	if value, found := hashMapOfCompleteVariables[variableWeAreLookingFor]; found {
 		return value
--- a/docs/cli/commands/reset.mdx
+++ b/docs/cli/commands/reset.mdx
@ -1,11 +0,0 @@
---
-title: "infisical reset"
-description: "Reset Infisical"
---
-
-```bash
-infisical reset
-```
-
-## Description
-This command provides a way to clear all Infisical-generated configuration data, effectively resetting the software to its default settings. This can be an effective way to address any persistent issues that arise while using the CLI.
--- a/docs/cli/commands/secrets.mdx
+++ b/docs/cli/commands/secrets.mdx
@ -87,25 +87,4 @@ $ infisical secrets set STRIPE_API_KEY=sjdgwkeudyjwe DOMAIN=example.com HASH=jeb

    Default value: `dev`
  </Accordion>
-</Accordion>
-
-<Accordion title="infisical secrets generate-example-env">
-This command allows you to generate an example .env file from your secrets and with their associated comments and tags. This is useful when you would like to let 
- others who work on the project but do not use Infisical become aware of the required environment variables and their intended values.
-
-To place default values in your example .env file, you can simply include the syntax `DEFAULT:<value>` within your secret's comment in Infisical. This will result in the specified value being extracted and utilized as the default.
-
-```bash
-$ infisical secrets generate-example-env
-
-## Example 
-$ infisical secrets generate-example-env > .example-env
-```
-
-  ### Flags 
-  <Accordion title="--env">
-    Used to select the environment name on which actions should be taken on
-
-    Default value: `dev`
-  </Accordion>
-</Accordion>
+</Accordion>
--- a/docs/images/integrations-aws-access-key-1.png
+++ b/docs/images/integrations-aws-access-key-1.png
--- a/docs/images/integrations-aws-access-key-2.png
+++ b/docs/images/integrations-aws-access-key-2.png
--- a/docs/images/integrations-aws-access-key-3.png
+++ b/docs/images/integrations-aws-access-key-3.png
--- a/docs/images/integrations-aws-iam-1.png
+++ b/docs/images/integrations-aws-iam-1.png
--- a/docs/images/integrations-aws-parameter-store-auth.png
+++ b/docs/images/integrations-aws-parameter-store-auth.png
--- a/docs/images/integrations-aws-parameter-store-create.png
+++ b/docs/images/integrations-aws-parameter-store-create.png
--- a/docs/images/integrations-aws-parameter-store-iam-2.png
+++ b/docs/images/integrations-aws-parameter-store-iam-2.png
--- a/docs/images/integrations-aws-parameter-store-iam-3.png
+++ b/docs/images/integrations-aws-parameter-store-iam-3.png
--- a/docs/images/integrations-aws-parameter-store.png
+++ b/docs/images/integrations-aws-parameter-store.png
--- a/docs/images/integrations-aws-secret-manager-auth.png
+++ b/docs/images/integrations-aws-secret-manager-auth.png
--- a/docs/images/integrations-aws-secret-manager-create.png
+++ b/docs/images/integrations-aws-secret-manager-create.png
--- a/docs/images/integrations-aws-secret-manager-iam-2.png
+++ b/docs/images/integrations-aws-secret-manager-iam-2.png
--- a/docs/images/integrations-aws-secret-manager-iam-3.png
+++ b/docs/images/integrations-aws-secret-manager-iam-3.png
--- a/docs/images/integrations-aws-secret-manager.png
+++ b/docs/images/integrations-aws-secret-manager.png
--- a/docs/images/integrations-flyio-auth.png
+++ b/docs/images/integrations-flyio-auth.png
--- a/docs/images/integrations-flyio-create.png
+++ b/docs/images/integrations-flyio-create.png
--- a/docs/images/integrations-flyio.png
+++ b/docs/images/integrations-flyio.png
--- a/docs/images/integrations-heroku-create.png
+++ b/docs/images/integrations-heroku-create.png
--- a/docs/images/integrations-heroku.png
+++ b/docs/images/integrations-heroku.png
--- a/docs/images/integrations-netlify-create.png
+++ b/docs/images/integrations-netlify-create.png
--- a/docs/images/integrations-netlify.png
+++ b/docs/images/integrations-netlify.png
--- a/docs/images/integrations-render-auth.png
+++ b/docs/images/integrations-render-auth.png
--- a/docs/images/integrations-render-create.png
+++ b/docs/images/integrations-render-create.png
--- a/docs/images/integrations-render.png
+++ b/docs/images/integrations-render.png
--- a/docs/images/integrations-vercel-create.png
+++ b/docs/images/integrations-vercel-create.png
--- a/docs/images/integrations-vercel.png
+++ b/docs/images/integrations-vercel.png
--- a/docs/images/integrations.png
+++ b/docs/images/integrations.png
--- a/docs/integrations/cloud/aws-parameter-store.mdx
+++ b/docs/integrations/cloud/aws-parameter-store.mdx
@ -1,75 +0,0 @@
---
-title: "AWS Parameter Store"
-description: "How to automatically sync secrets from Infisical to your AWS Parameter Store."
---
-
-Prerequisites:
-
- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
- Set up AWS and have/create an IAM user
-
-## Grant the IAM user permissions to access AWS Parameter Store
-
-Navigate to your IAM user permissions and add a permission policy to grant access to AWS Parameter Store.
-
-![integration IAM 1](../../images/integrations-aws-iam-1.png)
-![integration IAM 2](../../images/integrations-aws-parameter-store-iam-2.png)
-![integrations IAM 3](../../images/integrations-aws-parameter-store-iam-3.png)
-
-For better security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Parameter Store for the IAM user that you can use:
-
-```json
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Sid": "AllowSSMAccess",
-      "Effect": "Allow",
-      "Action": [
-        "ssm:PutParameter",
-        "ssm:DeleteParameter",
-        "ssm:GetParametersByPath",
-        "ssm:DeleteParameters"
-      ],
-      "Resource": "*"
-    }
-  ]
-}
-```
-
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Authorize Infisical for AWS Parameter store
-
-Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys
-
-![access key 1](../../images/integrations-aws-access-key-1.png)
-![access key 2](../../images/integrations-aws-access-key-2.png)
-![access key 3](../../images/integrations-aws-access-key-3.png)
-
-Press on the AWS Parameter Store tile and input your AWS access key ID and secret access key from the previous step.
-
-![integration auth](../../images/integrations-aws-parameter-store-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which AWS Parameter Store region and indicate the path for your secrets. Then, press create integration to start syncing secrets to AWS Parameter Store.
-
-![integration create](../../images/integrations-aws-parameter-store-create.png)
-
-<Tip>
-  Infisical requires you to add a path for your secrets to be stored in AWS
-  Parameter Store and recommends setting the path structure to
-  `/[project_name]/[environment]/` according to best practices. This enables a
-  secret like `TEST` to be stored as `/[project_name]/[environment]/TEST` in AWS
-  Parameter Store.
-</Tip>
--- a/docs/integrations/cloud/aws-secret-manager.mdx
+++ b/docs/integrations/cloud/aws-secret-manager.mdx
@ -1,73 +0,0 @@
---
-title: "AWS Secret Manager"
-description: "How to automatically sync secrets from Infisical to your AWS Secret Manager."
---
-
-Prerequisites:
-
- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
- Set up AWS and have/create an IAM user
-
-## Grant the IAM user permissions to access AWS Secret Manager
-
-Navigate to your IAM user permissions and add a permission policy to grant access to AWS Secret Manager.
-
-![integration IAM 1](../../images/integrations-aws-iam-1.png)
-![integration IAM 2](../../images/integrations-aws-secret-manager-iam-2.png)
-![integrations IAM 3](../../images/integrations-aws-secret-manager-iam-3.png)
-
-For better security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Secret Manager for the IAM user that you can use:
-
-```json
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Sid": "AllowSecretsManagerAccess",
-      "Effect": "Allow",
-      "Action": [
-        "secretsmanager:GetSecretValue",
-        "secretsmanager:CreateSecret",
-        "secretsmanager:UpdateSecret"
-      ],
-      "Resource": "*"
-    }
-  ]
-}
-```
-
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Authorize Infisical for AWS Secret Manager
-
-Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys
-
-![access key 1](../../images/integrations-aws-access-key-1.png)
-![access key 2](../../images/integrations-aws-access-key-2.png)
-![access key 3](../../images/integrations-aws-access-key-3.png)
-
-Press on the AWS Secret Manager tile and input your AWS access key ID and secret access key from the previous step.
-
-![integration auth](../../images/integrations-aws-secret-manager-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which AWS Secret Manager region and under which secret name. Then, press create integration to start syncing secrets to AWS Secret Manager.
-
-![integration create](../../images/integrations-aws-secret-manager-create.png)
-
-<Info>
-  Infisical currently syncs environment variables to AWS Secret Manager as
-  key-value pairs under one secret. We're actively exploring ways to help users
-  group environment variable key-pairs under multiple secrets for greater
-  control.
-</Info>
--- a/docs/integrations/cloud/flyio.mdx
+++ b/docs/integrations/cloud/flyio.mdx
@ -31,7 +31,6 @@ Press on the Fly.io tile and input your Fly.io access token to grant Infisical a

 ## Start integration

-Select which Infisical environment secrets you want to sync to which Fly.io app and press create integration to start syncing secrets to Fly.io.
+Select which Infisical environment secrets you want to sync to which Fly.io app and press start integration to start syncing secrets to Fly.io.

-![integrations fly](../../images/integrations-flyio-create.png)
 ![integrations fly](../../images/integrations-flyio.png)
--- a/docs/integrations/cloud/heroku.mdx
+++ b/docs/integrations/cloud/heroku.mdx
@ -18,15 +18,13 @@ Press on the Heroku tile and grant Infisical access to your Heroku account.
 ![integrations heroku authorization](../../images/integrations-heroku-auth.png)

 <Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
+  If this is your project's first cloud integration, then you'll have to grant Infisical access to your project's environment variables.
+  Although this step breaks E2EE, it's necessary for Infisical to sync the environment variables to the cloud platform.
 </Info>

 ## Start integration

-Select which Infisical environment secrets you want to sync to which Heroku app and press create integration to start syncing secrets to Heroku.
+Select which Infisical environment secrets you want to sync to which Heroku app and press start integration to start syncing secrets to Heroku.

-![integrations heroku](../../images/integrations-heroku-create.png)
 ![integrations heroku](../../images/integrations-heroku.png)
+
--- a/docs/integrations/cloud/netlify.mdx
+++ b/docs/integrations/cloud/netlify.mdx
@ -4,9 +4,7 @@ description: "How to automatically sync secrets from Infisical into your Netlify
 ---

 <Warning>
-  Infisical integrates with Netlify's new environment variable experience. If
-  your site uses Netlify's old environment variable experience, you'll have to
-  upgrade it to the new one to use this integration.
+    Infisical integrates with Netlify's new environment variable experience. If your site uses Netlify's old environment variable experience, you'll have to upgrade it to the new one to use this integration.
 </Warning>

 Prerequisites:
@ -24,15 +22,12 @@ Press on the Netlify tile and grant Infisical access to your Netlify account.
 ![integrations netlify authorization](../../images/integrations-netlify-auth.png)

 <Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
+  If this is your project's first cloud integration, then you'll have to grant Infisical access to your project's environment variables.
+  Although this step breaks E2EE, it's necessary for Infisical to sync the environment variables to the cloud platform.
 </Info>

 ## Start integration

-Select which Infisical environment secrets you want to sync to which Netlify app and context. Lastly, press create integration to start syncing secrets to Netlify.
+Select which Infisical environment secrets you want to sync to which Netlify app and context. Lastly, press start integration to start syncing secrets to Netlify.

-![integrations netlify](../../images/integrations-netlify-create.png)
-![integrations netlify](../../images/integrations-netlify.png)
+![integrations netlify](../../images/integrations-netlify.png)
--- a/docs/integrations/cloud/render.mdx
+++ b/docs/integrations/cloud/render.mdx
@ -31,7 +31,6 @@ Press on the Render tile and input your Render API Key to grant Infisical access

 ## Start integration

-Select which Infisical environment secrets you want to sync to which Render service and press create integration to start syncing secrets to Render.
+Select which Infisical environment secrets you want to sync to which Render service and press start integration to start syncing secrets to Render.

-![integrations render](../../images/integrations-render-create.png)
-![integrations render](../../images/integrations-render.png)
+![integrations heroku](../../images/integrations-render.png)
--- a/docs/integrations/cloud/vercel.mdx
+++ b/docs/integrations/cloud/vercel.mdx
@ -17,16 +17,8 @@ Press on the Vercel tile and grant Infisical access to your Vercel account.

 ![integrations vercel authorization](../../images/integrations-vercel-auth.png)

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
 ## Start integration

-Select which Infisical environment secrets you want to sync to which Vercel app and environment. Lastly, press create integration to start syncing secrets to Vercel.
+Select which Infisical environment secrets you want to sync to which Vercel app and environment. Lastly, press start integration to start syncing secrets to Vercel.

-![integrations vercel](../../images/integrations-vercel-create.png)
 ![integrations vercel](../../images/integrations-vercel.png)
--- a/docs/integrations/overview.mdx
+++ b/docs/integrations/overview.mdx
@ -7,40 +7,38 @@ Integrations allow environment variables to be synced from Infisical into your l

 Missing an integration? Throw in a [request](https://github.com/Infisical/infisical/issues).

-| Integration                                                    | Type      | Status      |
-| -------------------------------------------------------------- | --------- | ----------- |
-| [Docker](/integrations/platforms/docker)                       | Platform  | Available   |
-| [Docker-Compose](/integrations/platforms/docker-compose)       | Platform  | Available   |
-| [Kubernetes](/integrations/platforms/kubernetes)               | Platform  | Available   |
-| [PM2](/integrations/platforms/pm2)                             | Platform  | Available   |
-| [Heroku](/integrations/cloud/heroku)                           | Cloud     | Available   |
-| [Vercel](/integrations/cloud/vercel)                           | Cloud     | Available   |
-| [Netlify](/integrations/cloud/netlify)                         | Cloud     | Available   |
-| [Render](/integrations/cloud/render)                           | Cloud     | Available   |
-| [Fly.io](/integrations/cloud/flyio)                            | Cloud     | Available   |
-| [AWS Parameter Store](/integrations/cloud/aws-parameter-store) | Cloud     | Available   |
-| [AWS Secret Manager](/integrations/cloud/aws-secret-manager)   | Cloud     | Available   |
-| [GitHub Actions](/integrations/cicd/githubactions)             | CI/CD     | Available   |
-| [React](/integrations/frameworks/react)                        | Framework | Available   |
-| [Vue](/integrations/frameworks/vue)                            | Framework | Available   |
-| [Express](/integrations/frameworks/express)                    | Framework | Available   |
-| [Next.js](/integrations/frameworks/nextjs)                     | Framework | Available   |
-| [NestJS](/integrations/frameworks/nestjs)                      | Framework | Available   |
-| [Nuxt](/integrations/frameworks/nuxt)                          | Framework | Available   |
-| [Gatsby](/integrations/frameworks/gatsby)                      | Framework | Available   |
-| [Remix](/integrations/frameworks/remix)                        | Framework | Available   |
-| [Vite](/integrations/frameworks/vite)                          | Framework | Available   |
-| [Fiber](/integrations/frameworks/fiber)                        | Framework | Available   |
-| [Django](/integrations/frameworks/django)                      | Framework | Available   |
-| [Flask](/integrations/frameworks/flask)                        | Framework | Available   |
-| [Laravel](/integrations/frameworks/laravel)                    | Framework | Available   |
-| [Ruby on Rails](/integrations/frameworks/rails)                | Framework | Available   |
-| AWS                                                            | Cloud     | Coming soon |
-| GCP                                                            | Cloud     | Coming soon |
-| Azure                                                          | Cloud     | Coming soon |
-| DigitalOcean                                                   | Cloud     | Coming soon |
-| [GitLab Pipeline](/integrations/cicd/gitlab)                   | CI/CD     | Available   |
-| [CircleCI](/integrations/cicd/circleci)                        | CI/CD     | Coming soon |
-| TravisCI                                                       | CI/CD     | Coming soon |
-| GitHub Actions                                                 | CI/CD     | Coming soon |
-| Jenkins                                                        | CI/CD     | Coming soon |
+| Integration                                              | Type      | Status      |
+| -------------------------------------------------------- | --------- | ----------- |
+| [Docker](/integrations/platforms/docker)                 | Platform  | Available   |
+| [Docker-Compose](/integrations/platforms/docker-compose) | Platform  | Available   |
+| [Kubernetes](/integrations/platforms/kubernetes)         | Platform  | Available   |
+| [PM2](/integrations/platforms/pm2)                       | Platform  | Available   |
+| [Heroku](/integrations/cloud/heroku)                     | Cloud     | Available   |
+| [Vercel](/integrations/cloud/vercel)                     | Cloud     | Available   |
+| [Netlify](/integrations/cloud/netlify)                   | Cloud     | Available   |
+| [Render](/integrations/cloud/render)                     | Cloud     | Available   |
+| [Fly.io](/integrations/cloud/flyio)                      | Cloud     | Available   |
+| [GitHub Actions](/integrations/cicd/githubactions)       | CI/CD     | Available   |
+| [React](/integrations/frameworks/react)                  | Framework | Available   |
+| [Vue](/integrations/frameworks/vue)                      | Framework | Available   |
+| [Express](/integrations/frameworks/express)              | Framework | Available   |
+| [Next.js](/integrations/frameworks/nextjs)               | Framework | Available   |
+| [NestJS](/integrations/frameworks/nestjs)                | Framework | Available   |
+| [Nuxt](/integrations/frameworks/nuxt)                    | Framework | Available   |
+| [Gatsby](/integrations/frameworks/gatsby)                | Framework | Available   |
+| [Remix](/integrations/frameworks/remix)                  | Framework | Available   |
+| [Vite](/integrations/frameworks/vite)                    | Framework | Available   |
+| [Fiber](/integrations/frameworks/fiber)                  | Framework | Available   |
+| [Django](/integrations/frameworks/django)                | Framework | Available   |
+| [Flask](/integrations/frameworks/flask)                  | Framework | Available   |
+| [Laravel](/integrations/frameworks/laravel)              | Framework | Available   |
+| [Ruby on Rails](/integrations/frameworks/rails)          | Framework | Available   |
+| AWS                                                      | Cloud     | Coming soon |
+| GCP                                                      | Cloud     | Coming soon |
+| Azure                                                    | Cloud     | Coming soon |
+| DigitalOcean                                             | Cloud     | Coming soon |
+| [GitLab Pipeline](/integrations/cicd/gitlab)             | CI/CD     | Available   |
+| [CircleCI](/integrations/cicd/circleci)                  | CI/CD     | Coming soon |
+| TravisCI                                                 | CI/CD     | Coming soon |
+| GitHub Actions                                           | CI/CD     | Coming soon |
+| Jenkins                                                  | CI/CD     | Coming soon |
--- a/docs/mint.json
+++ b/docs/mint.json
@ -114,8 +114,7 @@
            "cli/commands/run",
            "cli/commands/secrets",
            "cli/commands/export",
-            "cli/commands/vault",
-            "cli/commands/reset"
+            "cli/commands/vault"
          ]
        },
        "cli/faq"
@ -221,9 +220,7 @@
        "integrations/cloud/vercel",
        "integrations/cloud/netlify",
        "integrations/cloud/render",
-        "integrations/cloud/flyio",
-        "integrations/cloud/aws-parameter-store",
-        "integrations/cloud/aws-secret-manager"
+        "integrations/cloud/flyio"
      ]
    },
    {
--- a/docs/self-hosting/configuration/envars.mdx
+++ b/docs/self-hosting/configuration/envars.mdx
@ -37,6 +37,5 @@ Configuring Infisical requires setting some environment variables. There is a fi
 | `CLIENT_SECRET_VERCEL`       | OAuth2 client secret for Vercel integration                                                                  | `None`           |
 | `CLIENT_SECRET_NETLIFY`      | OAuth2 client secret for Netlify integration                                                                 | `None`           |
 | `CLIENT_SECRET_GITHUB`       | OAuth2 client secret for GitHub integration                                                                 | `None`           |
-| `CLIENT_SLUG_VERCEL`         | OAuth2 slug for Netlify integration                                                                         | `None`           |
+| `CLIENT_SLUG_VERCEL`         | OAuth2 slug for Netlify integration                                                                 | `None`           |
 | `SENTRY_DSN`                 | DSN for error-monitoring with Sentry                                                                        | `None`           |
-| `INVITE_ONLY_SIGNUP`         | If true, users can only sign up if they are invited                                                         | `false`           |
--- a/frontend/public/data/frequentConstants.ts
+++ b/frontend/public/data/frequentConstants.ts
@ -4,15 +4,12 @@ interface Mapping {

 const integrationSlugNameMapping: Mapping = {
  'azure-key-vault': 'Azure Key Vault',
-  'aws-parameter-store': 'AWS Parameter Store',
-  'aws-secret-manager': 'AWS Secret Manager',
  'heroku': 'Heroku',
  'vercel': 'Vercel',
  'netlify': 'Netlify',
  'github': 'GitHub',
  'render': 'Render',
-  'flyio': 'Fly.io',
-  "circleci": 'CircleCI'
+  'flyio': 'Fly.io'
 }

 const envMapping: Mapping = {
--- a/frontend/public/data/frequentInterfaces.ts
+++ b/frontend/public/data/frequentInterfaces.ts
@ -10,7 +10,7 @@ export interface Tag {
 export interface SecretDataProps {
  pos: number;
  key: string;
-  value: string | undefined;
+  value: string;
  valueOverride: string | undefined;
  id: string;
  comment: string;
--- a/frontend/public/locales/en/nav.json
+++ b/frontend/public/locales/en/nav.json
@ -1,6 +1,6 @@
 {
  "support": {
-    "slack": "Join Slack Forum",
+    "slack": "[NEW] Join Slack Forum",
    "docs": "Read Docs",
    "issue": "Open a Github Issue",
    "email": "Send us an Email"
--- a/frontend/src/components/basic/table/ProjectUsersTable.tsx
+++ b/frontend/src/components/basic/table/ProjectUsersTable.tsx
@ -1,6 +1,6 @@
 import { useEffect, useState } from 'react';
 import { useRouter } from 'next/router';
-import { faEye, faEyeSlash, faPenToSquare, faPlus, faX } from '@fortawesome/free-solid-svg-icons';
+import { faX } from '@fortawesome/free-solid-svg-icons';
 import { plans } from 'public/data/frequentConstants';

 import { useNotificationContext } from '@app/components/context/Notifications/NotificationProvider';
@ -106,11 +106,6 @@ const ProjectUsersTable = ({ userData, changeData, myUser, filter }: Props) => {
        ability: "read",
        environmentSlug: slug
      }];
-    } else if (val === "Add Only") {
-      denials = [{
-        ability: "read",
-        environmentSlug: slug
-      }];
    } else {
      denials = [];
    }
@ -190,21 +185,21 @@ const ProjectUsersTable = ({ userData, changeData, myUser, filter }: Props) => {

  return (
    <div className="table-container bg-bunker rounded-md mb-6 border border-mineshaft-700 relative mt-1 min-w-max">
-      <div className="absolute rounded-t-md w-full h-[3.1rem] bg-white/5" />
+      <div className="absolute rounded-t-md w-full h-[3.25rem] bg-white/5" />
      <UpgradePlanModal
        isOpen={isUpgradeModalOpen}
        onClose={closeUpgradeModal}
        text="You can change user permissions if you switch to Infisical's Professional plan."
      />
      <table className="w-full my-0.5">
-        <thead className="text-gray-400 text-xs font-light">
+        <thead className="text-gray-400 text-sm font-light">
          <tr>
            <th className="text-left pl-4 py-3.5">NAME</th>
            <th className="text-left pl-4 py-3.5">EMAIL</th>
            <th className="text-left pl-6 pr-10 py-3.5">ROLE</th>
            {workspaceEnvs.map(env => (
-              <th key={guidGenerator()} className="text-left pl-2 py-1 max-w-min break-normal">
-                <span>{env.slug.toUpperCase()}<br/></span> 
+              <th key={guidGenerator()} className="text-left pl-8 py-1 max-w-min break-normal">
+                <span>{env.name.toUpperCase()}<br/></span> 
                {/* <span>PERMISSION</span> */}
              </th>
            ))}
@ -226,7 +221,7 @@ const ProjectUsersTable = ({ userData, changeData, myUser, filter }: Props) => {
                  user.email?.toLowerCase().includes(filter)
              )
              .map((row, index) => (
-                <tr key={guidGenerator()} className="bg-bunker-600 text-sm hover:bg-bunker-500">
+                <tr key={guidGenerator()} className="bg-bunker-800 hover:bg-bunker-700">
                  <td className="pl-4 py-2 border-mineshaft-700 border-t text-gray-300">
                    {row.firstName} {row.lastName}
                  </td>
@ -236,8 +231,7 @@ const ProjectUsersTable = ({ userData, changeData, myUser, filter }: Props) => {
                  <td className="pl-6 pr-10 py-2 border-mineshaft-700 border-t text-gray-300">
                    <div className="justify-start h-full flex flex-row items-center">
                      <Select 
-                        className="w-36 bg-mineshaft-700"
-                        dropdownContainerClassName="bg-mineshaft-700"
+                        className="w-36"
                        // open={isOpen}
                        onValueChange={(e) => handleRoleUpdate(index, e)}
                        value={row.role}
@ -259,36 +253,23 @@ const ProjectUsersTable = ({ userData, changeData, myUser, filter }: Props) => {
                      )}
                    </div>
                  </td>
-                  {workspaceEnvs.map((env) => <td key={guidGenerator()} className="pl-2 py-2 border-mineshaft-700 border-t text-gray-300">
+                  {workspaceEnvs.map((env) => <td key={guidGenerator()} className="pl-8 py-2 border-mineshaft-700 border-t text-gray-300">
                    <Select 
-                      className="w-16 bg-mineshaft-700"
-                      dropdownContainerClassName="bg-mineshaft-700"
-                      position="item-aligned"
+                      className="w-36"
                      // open={isOpen}
                      onValueChange={(val) => handlePermissionUpdate(index, val, row.membershipId, env.slug)}
                      value={
                        // eslint-disable-next-line no-nested-ternary
                        (row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("write") && row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("read"))
                        ? "No Access"
-                        // eslint-disable-next-line no-nested-ternary
-                        : (row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("write") && !row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("read") ? "Read Only" 
-                        : !row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("write") && row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("read") ? "Add Only" : "Read & Write")
-                      }
-                      icon={
-                        // eslint-disable-next-line no-nested-ternary
-                        (row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("write") && row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("read"))
-                        ? faEyeSlash
-                        // eslint-disable-next-line no-nested-ternary
-                        : (row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("write") && !row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("read") ? faEye 
-                        : !row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("write") && row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("read") ? faPlus : faPenToSquare)
+                        : (row.deniedPermissions.filter((perm: any) => perm.environmentSlug === env.slug).map((perm: {ability: string}) => perm.ability).includes("write") ? "Read Only" : "Read & Write")
                      }
                      disabled={myRole !== 'admin'}
                      // onOpenChange={(open) => setIsOpen(open)}
                    >
-                      <SelectItem value="No Access" customIcon={faEyeSlash}>No Access</SelectItem>
-                      <SelectItem value="Read Only" customIcon={faEye}>Read Only</SelectItem>
-                      <SelectItem value="Add Only"  customIcon={faPlus}>Add Only</SelectItem>
-                      <SelectItem value="Read & Write" customIcon={faPenToSquare}>Read & Write</SelectItem>
+                      <SelectItem value="No Access">No Access</SelectItem>
+                      <SelectItem value="Read Only">Read Only</SelectItem>
+                      <SelectItem value="Read & Write">Read & Write</SelectItem>
                    </Select>
                  </td>)}
                  <td className="flex flex-row justify-end pl-8 pr-8 py-2 border-t border-0.5 border-mineshaft-700">
--- a/frontend/src/components/basic/table/UserTable.tsx
+++ b/frontend/src/components/basic/table/UserTable.tsx
@ -4,7 +4,6 @@ import { faX } from '@fortawesome/free-solid-svg-icons';

 import changeUserRoleInOrganization from '@app/pages/api/organization/changeUserRoleInOrganization';
 import deleteUserFromOrganization from '@app/pages/api/organization/deleteUserFromOrganization';
-import getOrganizationProjectMemberships from '@app/pages/api/organization/GetOrgProjectMemberships';
 import deleteUserFromWorkspace from '@app/pages/api/workspace/deleteUserFromWorkspace';
 import getLatestFileKey from '@app/pages/api/workspace/getLatestFileKey';
 import uploadKeys from '@app/pages/api/workspace/uploadKeys';
@ -37,7 +36,6 @@ const UserTable = ({ userData, changeData, myUser, filter, resendInvite, isOrg }
  );
  const router = useRouter();
  const [myRole, setMyRole] = useState('member');
-  const [userProjectMemberships, setUserProjectMemberships] = useState<any[]>([]);

  const workspaceId = router.query.id as string;
  // Delete the row in the table (e.g. a user)
@ -81,10 +79,6 @@ const UserTable = ({ userData, changeData, myUser, filter, resendInvite, isOrg }

  useEffect(() => {
    setMyRole(userData.filter((user) => user.email === myUser)[0]?.role);
-    (async () => {
-      const result = await getOrganizationProjectMemberships({ orgId: String(localStorage.getItem("orgData.id"))})
-      setUserProjectMemberships(result);
-    })();
  }, [userData, myUser]);

  const grantAccess = async (id: string, publicKey: string) => {
@ -116,7 +110,7 @@ const UserTable = ({ userData, changeData, myUser, filter, resendInvite, isOrg }
  };

  return (
-    <div className="table-container bg-bunker rounded-md mb-6 border border-mineshaft-700 relative mt-1 min-w-max w-full">
+    <div className="table-container bg-bunker rounded-md mb-6 border border-mineshaft-700 relative mt-1 min-w-max">
      <div className="absolute rounded-t-md w-full h-[3.25rem] bg-white/5" />
      <table className="w-full my-0.5">
        <thead className="text-gray-400 text-sm font-light">
@ -124,7 +118,6 @@ const UserTable = ({ userData, changeData, myUser, filter, resendInvite, isOrg }
            <th className="text-left pl-4 py-3.5">NAME</th>
            <th className="text-left pl-4 py-3.5">EMAIL</th>
            <th className="text-left pl-6 pr-10 py-3.5">ROLE</th>
-            <th className="text-left pl-6 pr-10 py-3.5">PROJECTS</th>
            <th aria-label="buttons" />
          </tr>
        </thead>
@ -196,17 +189,6 @@ const UserTable = ({ userData, changeData, myUser, filter, resendInvite, isOrg }
                      )}
                    </div>
                  </td>
-                  <td className="pl-4 py-2 border-mineshaft-700 border-t text-gray-300">
-                    <div className="flex items-center max-h-16 overflow-x-auto w-full max-w-xl break-all">
-                      {userProjectMemberships[row.userId] 
-                      ? userProjectMemberships[row.userId]?.map((project: any) => (
-                        <div key={project._id} className='mx-1 min-w-max px-1.5 bg-mineshaft-500 rounded-sm text-sm text-bunker-200 flex items-center'>
-                          <span className='mb-0.5 cursor-default'>{project.name}</span>
-                        </div>
-                      ))
-                      : <span className='ml-1 text-bunker-100 rounded-sm px-1 py-0.5 text-sm bg-red/80'>This user isn&apos;t part of any projects yet.</span>}
-                    </div>
-                  </td>
                  <td className="flex flex-row justify-end pl-8 pr-8 py-2 border-t border-0.5 border-mineshaft-700">
                    {myUser !== row.email &&
                    // row.role !== "admin" &&
--- a/frontend/src/components/context/Notifications/Notification.tsx
+++ b/frontend/src/components/context/Notifications/Notification.tsx
@ -1,5 +1,5 @@
 import { useEffect, useRef } from 'react';
-import { faXmark } from '@fortawesome/free-solid-svg-icons';
+import { faX } from '@fortawesome/free-solid-svg-icons';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';

 type NotificationType = 'success' | 'error' | 'info';
@ -36,7 +36,7 @@ const Notification = ({ notification, clearNotification }: NotificationProps) =>

  return (
    <div
-      className="relative w-full flex items-center justify-between px-6 py-6 rounded-md border border-bunker-500 pointer-events-auto bg-mineshaft-700 mb-3 right-3"
+      className="relative w-full flex items-center justify-between px-4 py-4 rounded-md border border-bunker-500 pointer-events-auto bg-bunker-500"
      role="alert"
    >
      {notification.type === 'error' && (
@ -48,13 +48,13 @@ const Notification = ({ notification, clearNotification }: NotificationProps) =>
      {notification.type === 'info' && (
        <div className="absolute w-full h-1 bg-yellow top-0 left-0 rounded-t-md" />
      )}
-      <p className="text-bunker-200 text-md font-base mt-0.5">{notification.text}</p>
+      <p className="text-bunker-200 text-sm font-semibold mt-0.5">{notification.text}</p>
      <button
        type="button"
        className="rounded-lg"
        onClick={() => clearNotification(notification.text)}
      >
-        <FontAwesomeIcon className="absolute right-2 top-3 text-bunker-300 pl-2 w-4 h-4 hover:text-white" icon={faXmark} />
+        <FontAwesomeIcon className="text-white pl-2 w-4 h-3 hover:text-red" icon={faX} />
      </button>
    </div>
  );
--- a/frontend/src/components/dashboard/DashboardInputField.tsx
+++ b/frontend/src/components/dashboard/DashboardInputField.tsx
@ -1,10 +1,9 @@
 import { memo, SyntheticEvent, useRef } from 'react';
-import { faCircle, faCodeBranch, faExclamationCircle, faEye } from '@fortawesome/free-solid-svg-icons';
+import { faCircle, faExclamationCircle, faEye, faLayerGroup } from '@fortawesome/free-solid-svg-icons';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';

 import guidGenerator from '../utilities/randomId';
 import { HoverObject } from '../v2/HoverCard';
-import { PopoverObject } from '../v2/Popover/Popover';

 const REGEX = /([$]{.*?})/g;

@ -113,7 +112,7 @@ const DashboardInputField = ({
          }}>
            <HoverObject 
              text={overrideEnabled ? 'This secret is overriden with your personal value' : 'You can override this secret with a personal value'}
-              icon={faCodeBranch}
+              icon={faLayerGroup}
              color={overrideEnabled ? 'primary' : 'bunker-400'}
            />
          </button>
@ -126,24 +125,24 @@ const DashboardInputField = ({
    const error = startsWithNumber || isDuplicate;

    return (
-      <PopoverObject text={value || ''} onChangeHandler={onChangeHandler} position={position}>
-        <div title={value} className={`relative flex-col w-full h-10 overflow-hidden ${
-          isSideBarOpen && 'bg-mineshaft-700 duration-200'
-        }`}>
-          <div
-            className={`group relative flex flex-col justify-center items-center h-full ${
-              error ? 'w-max' : 'w-full'
-            }`}
-          >
-            {value?.split("\n")[0] ? <span className='ph-no-capture truncate break-all bg-transparent leading-tight text-xs px-2 w-full min-w-16 outline-none text-bunker-300 focus:text-bunker-100 placeholder:text-bunker-400 placeholder:focus:text-transparent placeholder duration-200'>
-              {value?.split("\n")[0]}
-            </span> : <span className='text-bunker-400'>-</span> }
-            {value?.split("\n")[1] && <span className='ph-no-capture truncate break-all bg-transparent leading-tight text-xs px-2 w-full min-w-16 outline-none text-bunker-300 focus:text-bunker-100 placeholder:text-bunker-400 placeholder:focus:text-transparent placeholder duration-200'>
-              {value?.split("\n")[1]}
-            </span>}
-          </div>
+      <div title={value} className={`relative flex-col w-full h-10 ${
+        isSideBarOpen && 'bg-mineshaft-700 duration-200'
+      }`}>
+        <div
+          className={`group relative flex flex-col justify-center items-center ${
+            error ? 'w-max' : 'w-full'
+          }`}
+        >
+          <input
+            onChange={(e) => onChangeHandler(e.target.value, position)}
+            type={type}
+            value={value}
+            className='z-10 peer ph-no-capture bg-transparent py-2.5 caret-bunker-200 text-sm px-2 w-full min-w-16 outline-none text-bunker-300 focus:text-bunker-100 placeholder:text-bunker-400 placeholder:focus:text-transparent placeholder duration-200'
+            spellCheck="false"
+            placeholder='–'
+          />
        </div>
-      </PopoverObject>
+      </div>
    );
  }
  if (type === 'value') {
@ -216,7 +215,7 @@ const DashboardInputField = ({
                ))}
                {value?.split('').length === 0 && <span className='text-bunker-400/80'>EMPTY</span>}
              </div>
-              <div className='invisible group-hover:visible cursor-default z-[100]'><FontAwesomeIcon icon={faEye} /></div>
+              <div className='invisible group-hover:visible cursor-pointer'><FontAwesomeIcon icon={faEye} /></div>
            </div>
          )}
        </div>
--- a/frontend/src/components/dashboard/KeyPair.tsx
+++ b/frontend/src/components/dashboard/KeyPair.tsx
@ -132,7 +132,7 @@ const KeyPair = ({
          />
        </div>
      </div>
-      <div className="w-[calc(10%)] border-r border-mineshaft-600">
+      <div className="w-2/12 border-r border-mineshaft-600">
        <div className="flex items-center max-h-16">
          <DashboardInputField
            onChangeHandler={modifyComment}
@ -171,26 +171,12 @@ const KeyPair = ({
        <FontAwesomeIcon className="text-bunker-300 hover:text-primary text-lg" icon={faEllipsis} />
      </div>
      <div className={`group-hover:bg-mineshaft-700 z-50 ${isSnapshot ?? 'invisible'}`}>
-        {keyPair.key || keyPair.value 
-        ? <DeleteActionButton
+        <DeleteActionButton
          onSubmit={() => { if (deleteRow) {
            deleteRow({ ids: [keyPair.id], secretName: keyPair?.key })
          }}}
          isPlain
        />
-      :  <div className='cursor-pointer w-[1.5rem] h-[2.35rem] mr-2 flex items-center justfy-center'>
-        <div
-          onKeyDown={() => null}
-          role="button"
-          tabIndex={0}
-          onClick={() => { if (deleteRow) {
-            deleteRow({ ids: [keyPair.id], secretName: keyPair?.key })
-          }}}
-          className="invisible group-hover:visible"
-        >
-          <FontAwesomeIcon className="text-bunker-300 hover:text-red pl-2 pr-6 text-lg mt-0.5" icon={faXmark} />
-        </div>
-      </div>}
      </div>
    </div>
  </div>
--- a/frontend/src/components/dashboard/SideBar.tsx
+++ b/frontend/src/components/dashboard/SideBar.tsx
@ -18,7 +18,7 @@ import GenerateSecretMenu from './GenerateSecretMenu';

 interface SecretProps {
  key: string;
-  value: string | undefined;
+  value: string;
  valueOverride: string | undefined;
  pos: number;
  id: string;
@ -80,9 +80,9 @@ const SideBar = ({
  const { t } = useTranslation();

  return (
-    <div className="absolute border-l border-mineshaft-500 bg-bunker h-full w-full min-w-sm max-w-sm sticky top-0 right-0 z-[70] shadow-xl flex flex-col justify-between">
+    <div className="absolute border-l border-mineshaft-500 bg-bunker h-full w-[28rem] sticky top-0 right-0 z-[70] shadow-xl flex flex-col justify-between">
      {isLoading ? (
-        <div className="flex items-center justify-center h-full w-full">
+        <div className="flex items-center justify-center h-full">
          <Image
            src="/images/loading/loading.gif"
            height={60}
@ -91,7 +91,7 @@ const SideBar = ({
          />
        </div>
      ) : (
-        <div className="h-min overflow-y-auto w-full">
+        <div className="h-min overflow-y-auto">
          <div className="flex flex-row px-4 py-3 border-b border-mineshaft-500 justify-between items-center">
            <p className="font-semibold text-lg text-bunker-200">{t('dashboard:sidebar.secret')}</p>
            <div
@ -186,7 +186,7 @@ const SideBar = ({
          />
        </div>
      )}
-      <div className="mt-full w-96 mt-4 mb-4 flex max-w-sm flex-col justify-start space-y-2 px-4">
+      <div className="mt-full mt-4 mb-4 flex max-w-sm flex-col justify-start space-y-2 px-4">
        <div>
          <Button
            text="Compare secret across environments"
@ -197,7 +197,7 @@ const SideBar = ({
          <CompareSecretsModal
            compareModal={compareModal}
            setCompareModal={setCompareModal}
-            currentSecret={{ key: data[0]?.key, value: data[0]?.value ?? '' }}
+            currentSecret={{ key: data[0]?.key, value: data[0]?.value }}
            workspaceEnvs={workspaceEnvs}
            selectedEnv={selectedEnv}
            workspaceId={workspaceId}
--- a/frontend/src/components/integrations/CloudIntegration.tsx
+++ b/frontend/src/components/integrations/CloudIntegration.tsx
@ -44,9 +44,9 @@ const CloudIntegration = ({
      tabIndex={0}
      className={`relative ${
        cloudIntegrationOption.isAvailable
-          ? 'cursor-pointer duration-200 hover:bg-white/10'
+          ? 'hover:bg-white/10 duration-200 cursor-pointer'
          : 'opacity-50'
-      } flex h-32 flex-row items-center rounded-md bg-white/5 p-4`}
+      } flex flex-row bg-white/5 h-32 rounded-md p-4 items-center`}
      onClick={() => {
        if (!cloudIntegrationOption.isAvailable) return;
        setSelectedIntegrationOption(cloudIntegrationOption);
@ -61,22 +61,22 @@ const CloudIntegration = ({
        alt="integration logo"
      />
      {cloudIntegrationOption.name.split(' ').length > 2 ? (
-        <div className="ml-4 max-w-xs text-3xl font-semibold text-gray-300 duration-200 group-hover:text-gray-200">
+        <div className="font-semibold text-gray-300 group-hover:text-gray-200 duration-200 text-3xl ml-4 max-w-xs">
          <div>{cloudIntegrationOption.name.split(' ')[0]}</div>
          <div className="text-base">
            {cloudIntegrationOption.name.split(' ')[1]} {cloudIntegrationOption.name.split(' ')[2]}
          </div>
        </div>
      ) : (
-        <div className="ml-4 max-w-xs text-xl font-semibold text-gray-300 duration-200 group-hover:text-gray-200">
+        <div className="font-semibold text-gray-300 group-hover:text-gray-200 duration-200 text-xl ml-4 max-w-xs">
          {cloudIntegrationOption.name}
        </div>
      )}
      {cloudIntegrationOption.isAvailable &&
        integrationAuths
-          .map((authorization) => authorization?.integration)
+          .map((authorization) => authorization.integration)
          .includes(cloudIntegrationOption.slug) && (
-          <div className="group absolute top-0 right-0 z-40 flex flex-row">
+          <div className="absolute group z-40 top-0 right-0 flex flex-row">
            <div
              onKeyDown={() => null}
              role="button"
@ -86,7 +86,8 @@ const CloudIntegration = ({
                const deletedIntegrationAuth = await deleteIntegrationAuth({
                  integrationAuthId: integrationAuths
                    .filter(
-                      (authorization) => authorization.integration === cloudIntegrationOption.slug
+                      (authorization) =>
+                        authorization.integration === cloudIntegrationOption.slug
                    )
                    .map((authorization) => authorization._id)[0]
                });
@ -95,20 +96,20 @@ const CloudIntegration = ({
                  integrationAuth: deletedIntegrationAuth
                });
              }}
-              className="flex w-max cursor-pointer flex-row items-center rounded-b-md bg-red py-0.5 px-2 text-xs opacity-0 duration-200 group-hover:opacity-100"
+              className="cursor-pointer w-max bg-red py-0.5 px-2 rounded-b-md text-xs flex flex-row items-center opacity-0 group-hover:opacity-100 duration-200"
            >
-              <FontAwesomeIcon icon={faX} className="mr-2 py-px text-xs" />
+              <FontAwesomeIcon icon={faX} className="text-xs mr-2 py-px" />
              Revoke
            </div>
-            <div className="flex w-max flex-row items-center rounded-bl-md rounded-tr-md bg-primary py-0.5 px-2 text-xs text-black opacity-90 duration-200 group-hover:opacity-100">
-              <FontAwesomeIcon icon={faCheck} className="mr-2 text-xs" />
+            <div className="w-max bg-primary py-0.5 px-2 rounded-bl-md rounded-tr-md text-xs flex flex-row items-center text-black opacity-90 group-hover:opacity-100 duration-200">
+              <FontAwesomeIcon icon={faCheck} className="text-xs mr-2" />
              Authorized
            </div>
          </div>
        )}
      {!cloudIntegrationOption.isAvailable && (
-        <div className="group absolute top-0 right-0 z-50 flex flex-row">
-          <div className="flex w-max flex-row items-center rounded-bl-md rounded-tr-md bg-yellow py-0.5 px-2 text-xs text-black opacity-90">
+        <div className="absolute group z-50 top-0 right-0 flex flex-row">
+          <div className="w-max bg-yellow py-0.5 px-2 rounded-bl-md rounded-tr-md text-xs flex flex-row items-center text-black opacity-90">
            Coming Soon
          </div>
        </div>
--- a/Show More
+++ b/Show More