docs: add podman compose docs

add index for referencing columns in identity access token

backend/src/db/knexfile.ts

@@ -4,6 +4,7 @@ import "ts-node/register";
 import dotenv from "dotenv";
 import type { Knex } from "knex";
 import path from "path";
+import { initLogger } from "@app/lib/logger";
 
 // Update with your config settings. .
 dotenv.config({
@@ -13,6 +14,8 @@ dotenv.config({
   path: path.join(__dirname, "../../../.env")
 });
 
+initLogger();
+
 export default {
   development: {
     client: "postgres",

backend/src/db/migrations/20250710022434_add-index-for-access-token.ts

@@ -0,0 +1,48 @@
+import { Knex } from "knex";
+
+import { TableName } from "../schemas";
+
+const MIGRATION_TIMEOUT = 30 * 60 * 1000; // 30 minutes
+
+export async function up(knex: Knex): Promise<void> {
+  const result = await knex.raw("SHOW statement_timeout");
+  const originalTimeout = result.rows[0].statement_timeout;
+
+  try {
+    await knex.raw(`SET statement_timeout = ${MIGRATION_TIMEOUT}`);
+
+    // iat means IdentityAccessToken
+    await knex.raw(`
+          CREATE INDEX CONCURRENTLY IF NOT EXISTS idx_iat_identity_id 
+          ON ${TableName.IdentityAccessToken} ("identityId")
+        `);
+
+    await knex.raw(`
+          CREATE INDEX CONCURRENTLY IF NOT EXISTS idx_iat_ua_client_secret_id 
+          ON ${TableName.IdentityAccessToken} ("identityUAClientSecretId")
+        `);
+  } finally {
+    await knex.raw(`SET statement_timeout = '${originalTimeout}'`);
+  }
+}
+
+export async function down(knex: Knex): Promise<void> {
+  const result = await knex.raw("SHOW statement_timeout");
+  const originalTimeout = result.rows[0].statement_timeout;
+
+  try {
+    await knex.raw(`SET statement_timeout = ${MIGRATION_TIMEOUT}`);
+
+    await knex.raw(`
+          DROP INDEX IF EXISTS idx_iat_identity_id
+        `);
+
+    await knex.raw(`
+          DROP INDEX IF EXISTS idx_iat_ua_client_secret_id
+        `);
+  } finally {
+    await knex.raw(`SET statement_timeout = '${originalTimeout}'`);
+  }
+}
+
+export const config = { transaction: false };

backend/src/services/org-membership/org-membership-dal.ts

@@ -108,16 +108,16 @@ export const orgMembershipDALFactory = (db: TDbClient) => {
       const now = new Date();
       const oneWeekAgo = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000);
       const oneMonthAgo = new Date(now.getTime() - 30 * 24 * 60 * 60 * 1000);
-      const threeMonthsAgo = new Date(now.getTime() - 90 * 24 * 60 * 60 * 1000);
+      const twelveMonthsAgo = new Date(now.getTime() - 360 * 24 * 60 * 60 * 1000);
 
       const memberships = await db
         .replicaNode()(TableName.OrgMembership)
         .where("status", "invited")
         .where((qb) => {
-          // lastInvitedAt is null AND createdAt is between 1 week and 3 months ago
+          // lastInvitedAt is null AND createdAt is between 1 week and 12 months ago
           void qb
             .whereNull(`${TableName.OrgMembership}.lastInvitedAt`)
-            .whereBetween(`${TableName.OrgMembership}.createdAt`, [threeMonthsAgo, oneWeekAgo]);
+            .whereBetween(`${TableName.OrgMembership}.createdAt`, [twelveMonthsAgo, oneWeekAgo]);
         })
         .orWhere((qb) => {
           // lastInvitedAt is older than 1 week ago AND createdAt is younger than 1 month ago

backend/src/services/org/org-service.ts

@@ -36,6 +36,8 @@ import { getConfig } from "@app/lib/config/env";
 import { generateAsymmetricKeyPair } from "@app/lib/crypto";
 import { generateSymmetricKey, infisicalSymmetricDecrypt, infisicalSymmetricEncypt } from "@app/lib/crypto/encryption";
 import { generateUserSrpKeys } from "@app/lib/crypto/srp";
+import { applyJitter } from "@app/lib/dates";
+import { delay as delayMs } from "@app/lib/delay";
 import {
   BadRequestError,
   ForbiddenRequestError,
@@ -44,9 +46,10 @@ import {
   UnauthorizedError
 } from "@app/lib/errors";
 import { groupBy } from "@app/lib/fn";
+import { logger } from "@app/lib/logger";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 import { isDisposableEmail } from "@app/lib/validator";
-import { TQueueServiceFactory } from "@app/queue";
+import { QueueName, TQueueServiceFactory } from "@app/queue";
 import { getDefaultOrgMembershipRoleForUpdateOrg } from "@app/services/org/org-role-fns";
 import { TOrgMembershipDALFactory } from "@app/services/org-membership/org-membership-dal";
 import { TUserAliasDALFactory } from "@app/services/user-alias/user-alias-dal";
@@ -1438,6 +1441,8 @@ export const orgServiceFactory = ({
    * Re-send emails to users who haven't accepted an invite yet
    */
   const notifyInvitedUsers = async () => {
+    logger.info(`${QueueName.DailyResourceCleanUp}: notify invited users started`);
+
     const invitedUsers = await orgMembershipDAL.findRecentInvitedMemberships();
     const appCfg = getConfig();
 
@@ -1461,24 +1466,32 @@ export const orgServiceFactory = ({
         });
 
         if (invitedUser.inviteEmail) {
-          await smtpService.sendMail({
+          await delayMs(Math.max(0, applyJitter(0, 2000)));
-            template: SmtpTemplates.OrgInvite,
+
-            subjectLine: `Reminder: You have been invited to ${org.name} on Infisical`,
+          try {
-            recipients: [invitedUser.inviteEmail],
+            await smtpService.sendMail({
-            substitutions: {
+              template: SmtpTemplates.OrgInvite,
-              organizationName: org.name,
+              subjectLine: `Reminder: You have been invited to ${org.name} on Infisical`,
-              email: invitedUser.inviteEmail,
+              recipients: [invitedUser.inviteEmail],
-              organizationId: org.id.toString(),
+              substitutions: {
-              token,
+                organizationName: org.name,
-              callback_url: `${appCfg.SITE_URL}/signupinvite`
+                email: invitedUser.inviteEmail,
-            }
+                organizationId: org.id.toString(),
-          });
+                token,
-          notifiedUsers.push(invitedUser.id);
+                callback_url: `${appCfg.SITE_URL}/signupinvite`
+              }
+            });
+            notifiedUsers.push(invitedUser.id);
+          } catch (err) {
+            logger.error(err, `${QueueName.DailyResourceCleanUp}: notify invited users failed to send email`);
+          }
         }
       })
     );
 
     await orgMembershipDAL.updateLastInvitedAtByIds(notifiedUsers);
+
+    logger.info(`${QueueName.DailyResourceCleanUp}: notify invited users completed`);
   };
 
   return {

docs/Dockerfile

@@ -0,0 +1,6 @@
+FROM node:20-alpine
+WORKDIR /app
+RUN npm install -g mint
+COPY . .
+EXPOSE 3000
+CMD ["mint", "dev"]

docs/self-hosting/deployment-options/docker-compose.mdx

@@ -4,17 +4,20 @@ description: "Read how to run Infisical with Docker Compose template."
 ---
 This self-hosting guide will walk you through the steps to self-host Infisical using Docker Compose.
 
-## Prerequisites
-- [Docker](https://docs.docker.com/engine/install/)
-- [Docker compose](https://docs.docker.com/compose/install/)
 
-<Warning>
+<Tabs>
-This Docker Compose configuration is not designed for high-availability production scenarios. 
+  <Tab title="Docker Compose">
-It includes just the essential components needed to set up an Infisical proof of concept (POC). 
+    ## Prerequisites
-To run Infisical in a highly available manner, give the [Docker Swarm guide](/self-hosting/deployment-options/docker-swarm).
+    - [Docker](https://docs.docker.com/engine/install/)
-</Warning>
+    - [Docker compose](https://docs.docker.com/compose/install/)
 
-## Verify prerequisites
+    <Warning>
+      This Docker Compose configuration is not designed for high-availability production scenarios. 
+      It includes just the essential components needed to set up an Infisical proof of concept (POC). 
+      To run Infisical in a highly available manner, give the [Docker Swarm guide](/self-hosting/deployment-options/docker-swarm).
+    </Warning>
+
+    ## Verify prerequisites
     To verify that Docker compose and Docker are installed on the machine where you plan to install Infisical, run the following commands.
 
     Check for docker installation
@@ -27,55 +30,145 @@ To run Infisical in a highly available manner, give the [Docker Swarm guide](/se
     docker-compose 
     ```
 
-## Download docker compose file
+    ## Download docker compose file
-You can obtain the Infisical docker compose file by using a command-line downloader such as `wget` or `curl`.
+    You can obtain the Infisical docker compose file by using a command-line downloader such as `wget` or `curl`.
-If your system doesn't have either of these, you can use a equivalent command that works with your machine.
+    If your system doesn't have either of these, you can use a equivalent command that works with your machine.
+
+    <Tabs>
+      <Tab title="curl">
+        ```bash
+        curl -o docker-compose.prod.yml https://raw.githubusercontent.com/Infisical/infisical/main/docker-compose.prod.yml
+        ```
+      </Tab>
+      <Tab title="wget">
+        ```bash 
+        wget -O docker-compose.prod.yml https://raw.githubusercontent.com/Infisical/infisical/main/docker-compose.prod.yml
+        ```
+      </Tab>
+    </Tabs>
+
+    ## Configure instance credentials
+    Infisical requires a set of credentials used for connecting to dependent services such as Postgres, Redis, etc.
+    The default credentials can be downloaded using the one of the commands listed below. 
+
+    <Tabs>
+      <Tab title="curl">
+        ```bash
+          curl -o .env https://raw.githubusercontent.com/Infisical/infisical/main/.env.example
+        ```
+      </Tab>
+      <Tab title="wget">
+        ```bash 
+          wget -O .env https://raw.githubusercontent.com/Infisical/infisical/main/.env.example
+        ```
+      </Tab>
+    </Tabs>
+
+    Once downloaded, the credentials file will be saved to your working directly as `.env` file.
+    View all available configurations [here](/self-hosting/configuration/envars).
+
+    <Warning>
+      The default .env file contains credentials that are intended solely for testing purposes.
+      Please generate a new `ENCRYPTION_KEY` and `AUTH_SECRET` for use outside of testing. 
+      Instructions to do so, can be found [here](/self-hosting/configuration/envars).
+    </Warning>
+
+    ## Start Infisical
+    Run the command below to start Infisical and all related services. 
 
-<Tabs>
-  <Tab title="curl">
     ```bash
-    curl -o docker-compose.prod.yml https://raw.githubusercontent.com/Infisical/infisical/main/docker-compose.prod.yml
+    docker-compose -f docker-compose.prod.yml up
     ```
+
   </Tab>
-  <Tab title="wget">
+  <Tab title="Podman Compose">
-    ```bash 
+  Podman Compose is an alternative way to run Infisical using Podman as a replacement for Docker. Podman is backwards compatible with Docker Compose files.
-    wget -O docker-compose.prod.yml https://raw.githubusercontent.com/Infisical/infisical/main/docker-compose.prod.yml
+
+      ## Prerequisites
+    - [Podman](https://podman-desktop.io/docs/installation)
+    - [Podman Compose](https://podman-desktop.io/docs/compose)
+
+    <Warning>
+      This Docker Compose configuration is not designed for high-availability production scenarios. 
+      It includes just the essential components needed to set up an Infisical proof of concept (POC). 
+      To run Infisical in a highly available manner, give the [Docker Swarm guide](/self-hosting/deployment-options/docker-swarm).
+    </Warning>
+
+
+    ## Verify prerequisites
+    To verify that Podman compose and Podman are installed on the machine where you plan to install Infisical, run the following commands.
+
+    Check for podman installation
+    ```bash
+    podman version 
+    ```
+
+    Check for podman compose installation
+    ```bash
+    podman-compose version
+    ```
+
+    ## Download Docker Compose file
+    You can obtain the Infisical docker compose file by using a command-line downloader such as `wget` or `curl`.
+    If your system doesn't have either of these, you can use a equivalent command that works with your machine.
+
+    <Tabs>
+      <Tab title="curl">
+        ```bash
+        curl -o docker-compose.prod.yml https://raw.githubusercontent.com/Infisical/infisical/main/docker-compose.prod.yml
+        ```
+      </Tab>
+      <Tab title="wget">
+        ```bash 
+        wget -O docker-compose.prod.yml https://raw.githubusercontent.com/Infisical/infisical/main/docker-compose.prod.yml
+        ```
+      </Tab>
+    </Tabs>
+
+    ## Configure instance credentials
+    Infisical requires a set of credentials used for connecting to dependent services such as Postgres, Redis, etc.
+    The default credentials can be downloaded using the one of the commands listed below. 
+
+    <Tabs>
+      <Tab title="curl">
+        ```bash
+          curl -o .env https://raw.githubusercontent.com/Infisical/infisical/main/.env.example
+        ```
+      </Tab>
+      <Tab title="wget">
+        ```bash 
+          wget -O .env https://raw.githubusercontent.com/Infisical/infisical/main/.env.example
+        ```
+      </Tab>
+    </Tabs>
+
+    <Note>
+      Make sure to rename the `.env.example` file to `.env` before starting Infisical. Additionally it's important that the `.env` file is in the same directory as the `docker-compose.prod.yml` file.
+    </Note>
+
+    ## Setup Podman
+    Run the commands below to setup Podman for first time use.
+    ```bash
+    podman machine init --now
+    podman machine set --rootful
+    podman machine start
+    ``` 
+
+    <Note>
+      If you are using a rootless podman installation, you can skip the `podman machine set --rootful` command.
+    </Note>
+
+    ## Start Infisical
+    Run the command below to start Infisical and all related services. 
+
+    ```bash
+    podman-compose -f docker-compose.prod.yml up
     ```
   </Tab>
 </Tabs>
 
-## Configure instance credentials
-Infisical requires a set of credentials used for connecting to dependent services such as Postgres, Redis, etc.
-The default credentials can be downloaded using the one of the commands listed below. 
 
-<Tabs>
-  <Tab title="curl">
-    ```bash
-      curl -o .env https://raw.githubusercontent.com/Infisical/infisical/main/.env.example
-    ```
-  </Tab>
-  <Tab title="wget">
-    ```bash 
-      wget -O .env https://raw.githubusercontent.com/Infisical/infisical/main/.env.example
-    ```
-  </Tab>
-</Tabs>
 
-Once downloaded, the credentials file will be saved to your working directly as `.env` file.
-View all available configurations [here](/self-hosting/configuration/envars).
-
-<Warning>
-  The default .env file contains credentials that are intended solely for testing purposes.
-  Please generate a new `ENCRYPTION_KEY` and `AUTH_SECRET` for use outside of testing. 
-  Instructions to do so, can be found [here](/self-hosting/configuration/envars).
-</Warning>
-
-## Start Infisical
-Run the command below to start Infisical and all related services. 
-
-```bash
-docker-compose -f docker-compose.prod.yml up
-```
 
 Your Infisical instance should now be running on port `80`. To access your instance, visit `http://localhost:80`.
 

frontend/src/components/utilities/parseSecrets.ts

@@ -77,3 +77,91 @@ export const parseJson = (src: ArrayBuffer | string) => {
   });
   return env;
 };
+
+/**
+ * Parses simple flat YAML with support for multiline strings using |, |-, and >.
+ * @param {ArrayBuffer | string} src
+ * @returns {Record<string, { value: string, comments: string[] }>}
+ */
+export function parseYaml(src: ArrayBuffer | string) {
+  const result: Record<string, { value: string; comments: string[] }> = {};
+
+  const content = src.toString().replace(/\r\n?/g, "\n");
+  const lines = content.split("\n");
+
+  let i = 0;
+  let comments: string[] = [];
+
+  while (i < lines.length) {
+    const line = lines[i].trim();
+
+    // Collect comment
+    if (line.startsWith("#")) {
+      comments.push(line.slice(1).trim());
+      i += 1; // move to next line
+    } else {
+      // Match key: value or key: |, key: >, etc.
+      const keyMatch = lines[i].match(/^([\w.-]+)\s*:\s*(.*)$/);
+      if (keyMatch) {
+        const [, key, rawValue] = keyMatch;
+        let value = rawValue.trim();
+
+        // Multiline string handling
+        if (value === "|-" || value === "|" || value === ">") {
+          const isFolded = value === ">";
+
+          const baseIndent = lines[i + 1]?.match(/^(\s*)/)?.[1]?.length ?? 0;
+          const collectedLines: string[] = [];
+
+          i += 1; // move to first content line
+
+          while (i < lines.length) {
+            const current = lines[i];
+            const currentIndent = current.match(/^(\s*)/)?.[1]?.length ?? 0;
+
+            if (current.trim() === "" || currentIndent >= baseIndent) {
+              collectedLines.push(current.slice(baseIndent));
+              i += 1; // move to next line
+            } else {
+              break;
+            }
+          }
+
+          if (isFolded) {
+            // Join lines with space for `>` folded style
+            value = collectedLines.map((l) => l.trim()).join(" ");
+          } else {
+            // Keep lines with newlines for `|` and `|-`
+            value = collectedLines.join("\n");
+          }
+        } else {
+          // Inline value — strip quotes and inline comment
+          const commentIndex = value.indexOf(" #");
+          if (commentIndex !== -1) {
+            value = value.slice(0, commentIndex).trim();
+          }
+
+          // Remove surrounding quotes
+          if (
+            (value.startsWith('"') && value.endsWith('"')) ||
+            (value.startsWith("'") && value.endsWith("'"))
+          ) {
+            value = value.slice(1, -1);
+          }
+
+          i += 1; // advance to next line
+        }
+
+        result[key] = {
+          value,
+          comments: [...comments]
+        };
+        comments = []; // reset
+      } else {
+        i += 1; // skip unknown line
+      }
+    }
+  }
+
+  return result;
+}

frontend/src/layouts/OrganizationLayout/components/NavBar/Navbar.tsx

@@ -54,33 +54,55 @@ const getPlan = (subscription: SubscriptionPlan) => {
   return "Free";
 };
 
+const getFormattedSupportEmailLink = (variables: { org_id: string; domain: string }) => {
+  const email = "support@infisical.com";
+
+  const body = `Hello Infisical Support Team,
+
+Issue Details:
+[What you did]
+[What you expected to happen]
+[What actually happened]
+[Any error request IDs]
+[Any supporting screenshots or video recording of the issue/request at hand]
+
+Account Info:
+- Organization ID: ${variables.org_id}
+- Domain: ${variables.domain}
+
+Thank you,
+[Your Name]`;
+
+  return `mailto:${email}?body=${encodeURIComponent(body)}`;
+};
+
 export const INFISICAL_SUPPORT_OPTIONS = [
   [
     <FontAwesomeIcon key={1} className="pr-4 text-sm" icon={faSlack} />,
     "Support Forum",
-    "https://infisical.com/slack"
+    () => "https://infisical.com/slack"
   ],
   [
     <FontAwesomeIcon key={2} className="pr-4 text-sm" icon={faBook} />,
     "Read Docs",
-    "https://infisical.com/docs/documentation/getting-started/introduction"
+    () => "https://infisical.com/docs/documentation/getting-started/introduction"
   ],
   [
     <FontAwesomeIcon key={3} className="pr-4 text-sm" icon={faGithub} />,
     "GitHub Issues",
-    "https://github.com/Infisical/infisical/issues"
+    () => "https://github.com/Infisical/infisical/issues"
   ],
   [
     <FontAwesomeIcon key={4} className="pr-4 text-sm" icon={faEnvelope} />,
     "Email Support",
-    "mailto:support@infisical.com"
+    getFormattedSupportEmailLink
   ],
   [
     <FontAwesomeIcon key={5} className="pr-4 text-sm" icon={faUsers} />,
     "Instance Admins",
-    "server-admins"
+    () => "server-admins"
   ]
-];
+] as const;
 
 export const Navbar = () => {
   const { user } = useUser();
@@ -258,7 +280,15 @@ export const Navbar = () => {
           </div>
         </DropdownMenuTrigger>
         <DropdownMenuContent align="end" side="bottom" className="mt-3 p-1">
-          {INFISICAL_SUPPORT_OPTIONS.map(([icon, text, url]) => {
+          {INFISICAL_SUPPORT_OPTIONS.map(([icon, text, getUrl]) => {
+            const url =
+              text === "Email Support"
+                ? getUrl({
+                    org_id: currentOrg.id,
+                    domain: window.location.origin
+                  })
+                : getUrl();
+
             if (url === "server-admins" && isInfisicalCloud()) {
               return null;
             }

frontend/src/layouts/PersonalSettingsLayout/PersonalSettingsLayout.tsx

@@ -1,19 +1,11 @@
 import { useTranslation } from "react-i18next";
-import { faArrowLeft, faInfo, faMobile, faQuestion } from "@fortawesome/free-solid-svg-icons";
+import { faArrowLeft, faMobile } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { Link, Outlet } from "@tanstack/react-router";
 
 import { WishForm } from "@app/components/features/WishForm";
-import {
-  DropdownMenu,
-  DropdownMenuContent,
-  DropdownMenuItem,
-  DropdownMenuTrigger
-} from "@app/components/v2";
-import { envConfig } from "@app/config/env";
 
 import { InsecureConnectionBanner } from "../OrganizationLayout/components/InsecureConnectionBanner";
-import { INFISICAL_SUPPORT_OPTIONS } from "../OrganizationLayout/components/NavBar/Navbar";
 
 export const PersonalSettingsLayout = () => {
   const { t } = useTranslation();
@@ -36,37 +28,6 @@ export const PersonalSettingsLayout = () => {
               <div className="relative mt-10 flex w-full cursor-default flex-col items-center px-3 text-sm text-mineshaft-400">
                 {(window.location.origin.includes("https://app.infisical.com") ||
                   window.location.origin.includes("https://gamma.infisical.com")) && <WishForm />}
-                <DropdownMenu>
-                  <DropdownMenuTrigger asChild>
-                    <div className="mb-2 w-full pl-5 duration-200 hover:text-mineshaft-200">
-                      <FontAwesomeIcon icon={faQuestion} className="mr-3 px-[0.1rem]" />
-                      Help & Support
-                    </div>
-                  </DropdownMenuTrigger>
-                  <DropdownMenuContent align="start" className="p-1">
-                    {INFISICAL_SUPPORT_OPTIONS.map(([icon, text, url]) => (
-                      <DropdownMenuItem key={url as string}>
-                        <a
-                          target="_blank"
-                          rel="noopener noreferrer"
-                          href={String(url)}
-                          className="flex w-full items-center rounded-md font-normal text-mineshaft-300 duration-200"
-                        >
-                          <div className="relative flex w-full cursor-pointer select-none items-center justify-start rounded-md">
-                            {icon}
-                            <div className="text-sm">{text}</div>
-                          </div>
-                        </a>
-                      </DropdownMenuItem>
-                    ))}
-                    {envConfig.PLATFORM_VERSION && (
-                      <div className="mb-2 mt-2 w-full cursor-default pl-5 text-sm duration-200 hover:text-mineshaft-200">
-                        <FontAwesomeIcon icon={faInfo} className="mr-4 px-[0.1rem]" />
-                        Version: {envConfig.PLATFORM_VERSION}
-                      </div>
-                    )}
-                  </DropdownMenuContent>
-                </DropdownMenu>
               </div>
               )
             </nav>

frontend/src/pages/organization/AuditLogsPage/components/LogFilterItem.tsx

@@ -1,5 +1,3 @@
-import { faInfoCircle } from "@fortawesome/free-solid-svg-icons";
-import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { twMerge } from "tailwind-merge";
 
 import { Button, Tooltip } from "@app/components/v2";
@@ -10,41 +8,25 @@ type Props = {
   label: string;
   onClear: () => void;
   children: React.ReactNode;
-  tooltipText?: string;
 };
 
-export const LogFilterItem = ({
+export const LogFilterItem = ({ label, onClear, hoverTooltip, children, className }: Props) => {
-  label,
-  onClear,
-  hoverTooltip,
-  children,
-  className,
-  tooltipText
-}: Props) => {
   return (
-    <div className={twMerge("flex flex-col justify-between", className)}>
+    <Tooltip className="relative top-4" content={hoverTooltip} isDisabled={!hoverTooltip}>
-      <div className="flex items-center pr-1">
+      <div className={twMerge("flex flex-col justify-between", className)}>
-        <p className="text-xs opacity-60">{label}</p>
+        <div className="flex items-center justify-between pr-1">
-        {tooltipText && (
+          <p className="text-xs opacity-60">{label}</p>
-          <Tooltip content={tooltipText} className="max-w-sm">
+          <Button
-            <FontAwesomeIcon
+            onClick={() => onClear()}
-              icon={faInfoCircle}
+            variant="link"
-              className="-mt-[0.05rem] ml-1 text-[11px] text-mineshaft-400"
+            className="font-normal text-mineshaft-400 transition-all duration-75 hover:text-mineshaft-300"
-            />
+            size="xs"
-          </Tooltip>
+          >
-        )}
+            Clear
-        <Button
+          </Button>
-          onClick={() => onClear()}
+        </div>
-          variant="link"
+        {children}
-          className="ml-auto font-normal text-mineshaft-400 transition-all duration-75 hover:text-mineshaft-300"
-          size="xs"
-        >
-          Clear
-        </Button>
       </div>
-      <Tooltip className="relative top-4" content={hoverTooltip} isDisabled={!hoverTooltip}>
+    </Tooltip>
-        <div>{children}</div>
-      </Tooltip>
-    </div>
   );
 };

frontend/src/pages/organization/AuditLogsPage/components/LogsFilter.tsx

@@ -366,7 +366,6 @@ export const LogsFilter = ({ presets, setFilter, filter }: Props) => {
                     </LogFilterItem>
                     <LogFilterItem
                       label="Secret Path"
-                      tooltipText="Enter the exact secret path (wildcards like * are not supported)"
                       hoverTooltip={
                         !selectedProject
                           ? "Select a project before filtering by secret path."
@@ -381,7 +380,10 @@ export const LogsFilter = ({ presets, setFilter, filter }: Props) => {
                         control={control}
                         name="secretPath"
                         render={({ field: { onChange, value, ...field } }) => (
-                          <FormControl className="w-full">
+                          <FormControl
+                            tooltipText="Filter audit logs related to events that occurred on a specific secret path."
+                            className="w-full"
+                          >
                             <Input
                               placeholder="Enter secret path"
                               className="disabled:cursor-not-allowed"
@@ -401,7 +403,6 @@ export const LogsFilter = ({ presets, setFilter, filter }: Props) => {
                           ? "Select a project before filtering by secret key."
                           : undefined
                       }
-                      tooltipText="Enter the exact secret key name (wildcards like * are not supported)"
                       className={twMerge(!selectedProject && "opacity-50")}
                       label="Secret Key"
                       onClear={() => {
@@ -412,7 +413,10 @@ export const LogsFilter = ({ presets, setFilter, filter }: Props) => {
                         control={control}
                         name="secretKey"
                         render={({ field: { onChange, value, ...field } }) => (
-                          <FormControl className="w-full">
+                          <FormControl
+                            tooltipText="Filter audit logs related to a specific secret."
+                            className="w-full"
+                          >
                             <Input
                               isDisabled={!selectedProject}
                               {...field}

frontend/src/pages/secret-manager/IntegrationsDetailsByIDPage/components/IntegrationAuditLogsSection.tsx

@@ -70,7 +70,7 @@ export const IntegrationAuditLogsSection = ({ integration }: Props) => {
                     upgrade your subscription
                   </a>
                 </a>
-              )}
+              )}{" "}
               to view integration logs
             </p>
           </div>

frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretDropzone/SecretDropzone.tsx

@@ -9,7 +9,7 @@ import { twMerge } from "tailwind-merge";
 import { createNotification } from "@app/components/notifications";
 import { ProjectPermissionCan } from "@app/components/permissions";
 // TODO:(akhilmhdh) convert all the util functions like this into a lib folder grouped by functionality
-import { parseDotEnv, parseJson } from "@app/components/utilities/parseSecrets";
+import { parseDotEnv, parseJson, parseYaml } from "@app/components/utilities/parseSecrets";
 import { Button, Lottie, Modal, ModalContent } from "@app/components/v2";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/context";
 import { usePopUp, useToggle } from "@app/hooks";
@@ -127,7 +127,7 @@ export const SecretDropzone = ({
     }
   };
 
-  const parseFile = (file?: File, isJson?: boolean) => {
+  const parseFile = (file?: File) => {
     const reader = new FileReader();
     if (!file) {
       createNotification({
@@ -140,10 +140,25 @@ export const SecretDropzone = ({
     setIsLoading.on();
     reader.onload = (event) => {
       if (!event?.target?.result) return;
-      // parse function's argument looks like to be ArrayBuffer
+
-      const env = isJson
+      let env: TParsedEnv;
-        ? parseJson(event.target.result as ArrayBuffer)
+
-        : parseDotEnv(event.target.result as ArrayBuffer);
+      const src = event.target.result as ArrayBuffer;
+
+      switch (file.type) {
+        case "application/json":
+          env = parseJson(src);
+          break;
+        case "text/yaml":
+        case "application/x-yaml":
+        case "application/yaml":
+          env = parseYaml(src);
+          break;
+
+        default:
+          env = parseDotEnv(src);
+          break;
+      }
       setIsLoading.off();
       handleParsedEnv(env);
     };
@@ -165,12 +180,12 @@ export const SecretDropzone = ({
 
     e.dataTransfer.dropEffect = "copy";
     setDragActive.off();
-    parseFile(e.dataTransfer.files[0], e.dataTransfer.files[0].type === "application/json");
+    parseFile(e.dataTransfer.files[0]);
   };
 
   const handleFileUpload = (e: ChangeEvent<HTMLInputElement>) => {
     e.preventDefault();
-    parseFile(e.target?.files?.[0], e.target?.files?.[0]?.type === "application/json");
+    parseFile(e.target?.files?.[0]);
   };
 
   const handleSaveSecrets = async () => {

helm-charts/secrets-operator/Chart.yaml

@@ -13,9 +13,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: v0.9.3
+version: v0.9.4
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.9.3"
+appVersion: "v0.9.4"

helm-charts/secrets-operator/values.yaml

@@ -32,7 +32,7 @@ controllerManager:
         - ALL
     image:
       repository: infisical/kubernetes-operator
-      tag: v0.9.3
+      tag: v0.9.4
     resources:
       limits:
         cpu: 500m

k8-operator/go.mod

@@ -5,7 +5,7 @@ go 1.21
 require (
 	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/aws/smithy-go v1.20.3
-	github.com/infisical/go-sdk v0.4.4
+	github.com/infisical/go-sdk v0.5.97
 	github.com/lestrrat-go/jwx/v2 v2.1.4
 	github.com/onsi/ginkgo/v2 v2.6.0
 	github.com/onsi/gomega v1.24.1
@@ -43,6 +43,7 @@ require (
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.5 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
@@ -105,7 +106,7 @@ require (
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
 	golang.org/x/crypto v0.32.0
-	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/oauth2 v0.21.0 // indirect
 	golang.org/x/sys v0.29.0 // indirect
 	golang.org/x/term v0.28.0 // indirect

k8-operator/go.sum

@@ -228,13 +228,15 @@ github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBY
 github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
+github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/infisical/go-sdk v0.4.4 h1:Z4CBzxfhiY6ikjRimOEeyEEnb3QT/BKw3OzNFH7Pe+U=
+github.com/infisical/go-sdk v0.5.97 h1:veOi6Hduda6emtwjdUI5SBg2qd2iDQc5xLKqZ15KSoM=
-github.com/infisical/go-sdk v0.4.4/go.mod h1:6fWzAwTPIoKU49mQ2Oxu+aFnJu9n7k2JcNrZjzhHM2M=
+github.com/infisical/go-sdk v0.5.97/go.mod h1:ExjqFLRz7LSpZpGluqDLvFl6dFBLq5LKyLW7GBaMAIs=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
@@ -479,8 +481,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=