Merge pull request #3701 from Infisical/daniel/cli-auto-open-login

feat(cli): automatically open browser on login
Merge pull request #3688 from Infisical/daniel/super-admin-view-orgs
2025-06-29 04:31:59 +00:00 · 2025-06-02 21:57:18 +04:00 · 2025-06-02 21:26:15 +04:00 · 2025-06-02 20:48:01 +04:00 · 2025-06-02 20:43:58 +04:00 · 2025-06-02 20:38:07 +04:00
144 changed files with 3809 additions and 1402 deletions
--- a/backend/src/db/migrations/20250527140639_dynamic-secret-username-template.ts
+++ b/backend/src/db/migrations/20250527140639_dynamic-secret-username-template.ts
@ -0,0 +1,21 @@
+import { Knex } from "knex";
+
+import { TableName } from "../schemas";
+
+export async function up(knex: Knex): Promise<void> {
+  const hasColumn = await knex.schema.hasColumn(TableName.DynamicSecret, "usernameTemplate");
+  if (!hasColumn) {
+    await knex.schema.alterTable(TableName.DynamicSecret, (t) => {
+      t.string("usernameTemplate").nullable();
+    });
+  }
+}
+
+export async function down(knex: Knex): Promise<void> {
+  const hasColumn = await knex.schema.hasColumn(TableName.DynamicSecret, "usernameTemplate");
+  if (hasColumn) {
+    await knex.schema.alterTable(TableName.DynamicSecret, (t) => {
+      t.dropColumn("usernameTemplate");
+    });
+  }
+}
--- a/backend/src/db/schemas/dynamic-secrets.ts
+++ b/backend/src/db/schemas/dynamic-secrets.ts
@ -28,7 +28,8 @@ export const DynamicSecretsSchema = z.object({
  updatedAt: z.date(),
  encryptedInput: zodBuffer,
  projectGatewayId: z.string().uuid().nullable().optional(),
-  gatewayId: z.string().uuid().nullable().optional()
+  gatewayId: z.string().uuid().nullable().optional(),
+  usernameTemplate: z.string().nullable().optional()
 });

 export type TDynamicSecrets = z.infer<typeof DynamicSecretsSchema>;
--- a/backend/src/ee/routes/v1/dynamic-secret-router.ts
+++ b/backend/src/ee/routes/v1/dynamic-secret-router.ts
@ -6,6 +6,8 @@ import { ApiDocsTags, DYNAMIC_SECRETS } from "@app/lib/api-docs";
 import { daysToMillisecond } from "@app/lib/dates";
 import { removeTrailingSlash } from "@app/lib/fn";
 import { ms } from "@app/lib/ms";
+import { isValidHandleBarTemplate } from "@app/lib/template/validate-handlebars";
+import { CharacterType, characterValidator } from "@app/lib/validator/validate-string";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
@ -13,6 +15,28 @@ import { SanitizedDynamicSecretSchema } from "@app/server/routes/sanitizedSchema
 import { AuthMode } from "@app/services/auth/auth-type";
 import { ResourceMetadataSchema } from "@app/services/resource-metadata/resource-metadata-schema";

+const validateUsernameTemplateCharacters = characterValidator([
+  CharacterType.AlphaNumeric,
+  CharacterType.Underscore,
+  CharacterType.Hyphen,
+  CharacterType.OpenBrace,
+  CharacterType.CloseBrace,
+  CharacterType.CloseBracket,
+  CharacterType.OpenBracket,
+  CharacterType.Fullstop
+]);
+
+const userTemplateSchema = z
+  .string()
+  .trim()
+  .max(255)
+  .refine((el) => validateUsernameTemplateCharacters(el))
+  .refine((el) =>
+    isValidHandleBarTemplate(el, {
+      allowedExpressions: (val) => ["randomUsername", "unixTimestamp"].includes(val)
+    })
+  );
+
 export const registerDynamicSecretRouter = async (server: FastifyZodProvider) => {
  server.route({
    method: "POST",
@ -52,7 +76,8 @@ export const registerDynamicSecretRouter = async (server: FastifyZodProvider) =>
        path: z.string().describe(DYNAMIC_SECRETS.CREATE.path).trim().default("/").transform(removeTrailingSlash),
        environmentSlug: z.string().describe(DYNAMIC_SECRETS.CREATE.environmentSlug).min(1),
        name: slugSchema({ min: 1, max: 64, field: "Name" }).describe(DYNAMIC_SECRETS.CREATE.name),
-        metadata: ResourceMetadataSchema.optional()
+        metadata: ResourceMetadataSchema.optional(),
+        usernameTemplate: userTemplateSchema.optional()
      }),
      response: {
        200: z.object({
@ -73,39 +98,6 @@ export const registerDynamicSecretRouter = async (server: FastifyZodProvider) =>
    }
  });

-  server.route({
-    method: "POST",
-    url: "/entra-id/users",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      body: z.object({
-        tenantId: z.string().min(1).describe("The tenant ID of the Azure Entra ID"),
-        applicationId: z.string().min(1).describe("The application ID of the Azure Entra ID App Registration"),
-        clientSecret: z.string().min(1).describe("The client secret of the Azure Entra ID App Registration")
-      }),
-      response: {
-        200: z
-          .object({
-            name: z.string().min(1).describe("The name of the user"),
-            id: z.string().min(1).describe("The ID of the user"),
-            email: z.string().min(1).describe("The email of the user")
-          })
-          .array()
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const data = await server.services.dynamicSecret.fetchAzureEntraIdUsers({
-        tenantId: req.body.tenantId,
-        applicationId: req.body.applicationId,
-        clientSecret: req.body.clientSecret
-      });
-      return data;
-    }
-  });
-
  server.route({
    method: "PATCH",
    url: "/:name",
@ -150,7 +142,8 @@ export const registerDynamicSecretRouter = async (server: FastifyZodProvider) =>
            })
            .nullable(),
          newName: z.string().describe(DYNAMIC_SECRETS.UPDATE.newName).optional(),
-          metadata: ResourceMetadataSchema.optional()
+          metadata: ResourceMetadataSchema.optional(),
+          usernameTemplate: userTemplateSchema.nullable().optional()
        })
      }),
      response: {
@ -328,4 +321,37 @@ export const registerDynamicSecretRouter = async (server: FastifyZodProvider) =>
      return { leases };
    }
  });
+
+  server.route({
+    method: "POST",
+    url: "/entra-id/users",
+    config: {
+      rateLimit: readLimit
+    },
+    schema: {
+      body: z.object({
+        tenantId: z.string().min(1).describe("The tenant ID of the Azure Entra ID"),
+        applicationId: z.string().min(1).describe("The application ID of the Azure Entra ID App Registration"),
+        clientSecret: z.string().min(1).describe("The client secret of the Azure Entra ID App Registration")
+      }),
+      response: {
+        200: z
+          .object({
+            name: z.string().min(1).describe("The name of the user"),
+            id: z.string().min(1).describe("The ID of the user"),
+            email: z.string().min(1).describe("The email of the user")
+          })
+          .array()
+      }
+    },
+    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
+    handler: async (req) => {
+      const data = await server.services.dynamicSecret.fetchAzureEntraIdUsers({
+        tenantId: req.body.tenantId,
+        applicationId: req.body.applicationId,
+        clientSecret: req.body.clientSecret
+      });
+      return data;
+    }
+  });
 };
--- a/backend/src/ee/services/dynamic-secret-lease/dynamic-secret-lease-service.ts
+++ b/backend/src/ee/services/dynamic-secret-lease/dynamic-secret-lease-service.ts
@ -132,7 +132,11 @@ export const dynamicSecretLeaseServiceFactory = ({

    let result;
    try {
-      result = await selectedProvider.create(decryptedStoredInput, expireAt.getTime());
+      result = await selectedProvider.create({
+        inputs: decryptedStoredInput,
+        expireAt: expireAt.getTime(),
+        usernameTemplate: dynamicSecretCfg.usernameTemplate
+      });
    } catch (error: unknown) {
      if (error && typeof error === "object" && error !== null && "sqlMessage" in error) {
        throw new BadRequestError({ message: error.sqlMessage as string });
--- a/backend/src/ee/services/dynamic-secret/dynamic-secret-fns.ts
+++ b/backend/src/ee/services/dynamic-secret/dynamic-secret-fns.ts
@ -11,6 +11,8 @@ export const verifyHostInputValidity = async (host: string, isGateway = false) =

  if (appCfg.isDevelopmentMode) return [host];

+  if (isGateway) return [host];
+
  const reservedHosts = [appCfg.DB_HOST || getDbConnectionHost(appCfg.DB_CONNECTION_URI)].concat(
    (appCfg.DB_READ_REPLICAS || []).map((el) => getDbConnectionHost(el.DB_CONNECTION_URI)),
    getDbConnectionHost(appCfg.REDIS_URL),
@ -58,7 +60,7 @@ export const verifyHostInputValidity = async (host: string, isGateway = false) =
    }
  }

-  if (!isGateway && !(appCfg.DYNAMIC_SECRET_ALLOW_INTERNAL_IP || appCfg.ALLOW_INTERNAL_IP_CONNECTIONS)) {
+  if (!(appCfg.DYNAMIC_SECRET_ALLOW_INTERNAL_IP || appCfg.ALLOW_INTERNAL_IP_CONNECTIONS)) {
    const isInternalIp = inputHostIps.some((el) => isPrivateIp(el));
    if (isInternalIp) throw new BadRequestError({ message: "Invalid db host" });
  }
--- a/backend/src/ee/services/dynamic-secret/dynamic-secret-service.ts
+++ b/backend/src/ee/services/dynamic-secret/dynamic-secret-service.ts
@ -78,7 +78,8 @@ export const dynamicSecretServiceFactory = ({
    actorOrgId,
    defaultTTL,
    actorAuthMethod,
-    metadata
+    metadata,
+    usernameTemplate
  }: TCreateDynamicSecretDTO) => {
    const project = await projectDAL.findProjectBySlug(projectSlug, actorOrgId);
    if (!project) throw new NotFoundError({ message: `Project with slug '${projectSlug}' not found` });
@ -163,7 +164,8 @@ export const dynamicSecretServiceFactory = ({
          defaultTTL,
          folderId: folder.id,
          name,
-          gatewayId: selectedGatewayId
+          gatewayId: selectedGatewayId,
+          usernameTemplate
        },
        tx
      );
@ -199,7 +201,8 @@ export const dynamicSecretServiceFactory = ({
    newName,
    actorOrgId,
    actorAuthMethod,
-    metadata
+    metadata,
+    usernameTemplate
  }: TUpdateDynamicSecretDTO) => {
    const project = await projectDAL.findProjectBySlug(projectSlug, actorOrgId);
    if (!project) throw new NotFoundError({ message: `Project with slug '${projectSlug}' not found` });
@ -311,7 +314,8 @@ export const dynamicSecretServiceFactory = ({
          defaultTTL,
          name: newName ?? name,
          status: null,
-          gatewayId: selectedGatewayId
+          gatewayId: selectedGatewayId,
+          usernameTemplate
        },
        tx
      );
--- a/backend/src/ee/services/dynamic-secret/dynamic-secret-types.ts
+++ b/backend/src/ee/services/dynamic-secret/dynamic-secret-types.ts
@ -22,6 +22,7 @@ export type TCreateDynamicSecretDTO = {
  name: string;
  projectSlug: string;
  metadata?: ResourceMetadataDTO;
+  usernameTemplate?: string | null;
 } & Omit<TProjectPermission, "projectId">;

 export type TUpdateDynamicSecretDTO = {
@ -34,6 +35,7 @@ export type TUpdateDynamicSecretDTO = {
  inputs?: TProvider["inputs"];
  projectSlug: string;
  metadata?: ResourceMetadataDTO;
+  usernameTemplate?: string | null;
 } & Omit<TProjectPermission, "projectId">;

 export type TDeleteDynamicSecretDTO = {
--- a/backend/src/ee/services/dynamic-secret/providers/aws-elasticache.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/aws-elasticache.ts
@ -132,9 +132,15 @@ const generatePassword = () => {
  return customAlphabet(charset, 64)();
 };

-const generateUsername = () => {
+const generateUsername = (usernameTemplate?: string | null) => {
  const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-";
-  return `inf-${customAlphabet(charset, 32)()}`; // Username must start with an ascii letter, so we prepend the username with "inf-"
+  const randomUsername = `inf-${customAlphabet(charset, 32)()}`;
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 export const AwsElastiCacheDatabaseProvider = (): TDynamicProviderFns => {
@ -168,13 +174,14 @@ export const AwsElastiCacheDatabaseProvider = (): TDynamicProviderFns => {
    return true;
  };

-  const create = async (inputs: unknown, expireAt: number) => {
+  const create = async (data: { inputs: unknown; expireAt: number; usernameTemplate?: string | null }) => {
+    const { inputs, expireAt, usernameTemplate } = data;
    const providerInputs = await validateProviderInputs(inputs);
    if (!(await validateConnection(providerInputs))) {
      throw new BadRequestError({ message: "Failed to establish connection" });
    }

-    const leaseUsername = generateUsername();
+    const leaseUsername = generateUsername(usernameTemplate);
    const leasePassword = generatePassword();
    const leaseExpiration = new Date(expireAt).toISOString();

--- a/backend/src/ee/services/dynamic-secret/providers/aws-iam.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/aws-iam.ts
@ -16,6 +16,7 @@ import {
  PutUserPolicyCommand,
  RemoveUserFromGroupCommand
 } from "@aws-sdk/client-iam";
+import handlebars from "handlebars";
 import { z } from "zod";

 import { BadRequestError } from "@app/lib/errors";
@ -23,8 +24,14 @@ import { alphaNumericNanoId } from "@app/lib/nanoid";

 import { DynamicSecretAwsIamSchema, TDynamicProviderFns } from "./models";

-const generateUsername = () => {
-  return alphaNumericNanoId(32);
+const generateUsername = (usernameTemplate?: string | null) => {
+  const randomUsername = alphaNumericNanoId(32);
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 export const AwsIamProvider = (): TDynamicProviderFns => {
@ -53,11 +60,13 @@ export const AwsIamProvider = (): TDynamicProviderFns => {
    return isConnected;
  };

-  const create = async (inputs: unknown) => {
+  const create = async (data: { inputs: unknown; expireAt: number; usernameTemplate?: string | null }) => {
+    const { inputs, usernameTemplate } = data;
+
    const providerInputs = await validateProviderInputs(inputs);
    const client = await $getClient(providerInputs);

-    const username = generateUsername();
+    const username = generateUsername(usernameTemplate);
    const { policyArns, userGroups, policyDocument, awsPath, permissionBoundaryPolicyArn } = providerInputs;
    const createUserRes = await client.send(
      new CreateUserCommand({
--- a/backend/src/ee/services/dynamic-secret/providers/azure-entra-id.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/azure-entra-id.ts
@ -55,7 +55,7 @@ export const AzureEntraIDProvider = (): TDynamicProviderFns & {
    return data.success;
  };

-  const create = async (inputs: unknown) => {
+  const create = async ({ inputs }: { inputs: unknown }) => {
    const providerInputs = await validateProviderInputs(inputs);
    const data = await $getToken(providerInputs.tenantId, providerInputs.applicationId, providerInputs.clientSecret);
    if (!data.success) {
@ -88,7 +88,7 @@ export const AzureEntraIDProvider = (): TDynamicProviderFns & {

  const revoke = async (inputs: unknown, entityId: string) => {
    // Creates a new password
-    await create(inputs);
+    await create({ inputs });
    return { entityId };
  };

--- a/backend/src/ee/services/dynamic-secret/providers/cassandra.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/cassandra.ts
@ -14,8 +14,14 @@ const generatePassword = (size = 48) => {
  return customAlphabet(charset, 48)(size);
 };

-const generateUsername = () => {
-  return alphaNumericNanoId(32);
+const generateUsername = (usernameTemplate?: string | null) => {
+  const randomUsername = alphaNumericNanoId(32); // Username must start with an ascii letter, so we prepend the username with "inf-"
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 export const CassandraProvider = (): TDynamicProviderFns => {
@ -69,11 +75,12 @@ export const CassandraProvider = (): TDynamicProviderFns => {
    return isConnected;
  };

-  const create = async (inputs: unknown, expireAt: number) => {
+  const create = async (data: { inputs: unknown; expireAt: number; usernameTemplate?: string | null }) => {
+    const { inputs, expireAt, usernameTemplate } = data;
    const providerInputs = await validateProviderInputs(inputs);
    const client = await $getClient(providerInputs);

-    const username = generateUsername();
+    const username = generateUsername(usernameTemplate);
    const password = generatePassword();
    const { keyspace } = providerInputs;
    const expiration = new Date(expireAt).toISOString();
--- a/backend/src/ee/services/dynamic-secret/providers/elastic-search.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/elastic-search.ts
@ -1,4 +1,5 @@
 import { Client as ElasticSearchClient } from "@elastic/elasticsearch";
+import handlebars from "handlebars";
 import { customAlphabet } from "nanoid";
 import { z } from "zod";

@ -12,8 +13,14 @@ const generatePassword = () => {
  return customAlphabet(charset, 64)();
 };

-const generateUsername = () => {
-  return alphaNumericNanoId(32);
+const generateUsername = (usernameTemplate?: string | null) => {
+  const randomUsername = alphaNumericNanoId(32); // Username must start with an ascii letter, so we prepend the username with "inf-"
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 export const ElasticSearchProvider = (): TDynamicProviderFns => {
@ -64,11 +71,12 @@ export const ElasticSearchProvider = (): TDynamicProviderFns => {
    return infoResponse;
  };

-  const create = async (inputs: unknown) => {
+  const create = async (data: { inputs: unknown; usernameTemplate?: string | null }) => {
+    const { inputs, usernameTemplate } = data;
    const providerInputs = await validateProviderInputs(inputs);
    const connection = await $getClient(providerInputs);

-    const username = generateUsername();
+    const username = generateUsername(usernameTemplate);
    const password = generatePassword();

    await connection.security.putUser({
--- a/backend/src/ee/services/dynamic-secret/providers/kubernetes.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/kubernetes.ts
@ -116,7 +116,7 @@ export const KubernetesProvider = ({ gatewayService }: TKubernetesProviderDTO):
    }
  };

-  const create = async (inputs: unknown, expireAt: number) => {
+  const create = async ({ inputs, expireAt }: { inputs: unknown; expireAt: number }) => {
    const providerInputs = await validateProviderInputs(inputs);

    const tokenRequestCallback = async (host: string, port: number) => {
--- a/backend/src/ee/services/dynamic-secret/providers/ldap.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/ldap.ts
@ -22,8 +22,14 @@ const encodePassword = (password?: string) => {
  return base64Password;
 };

-const generateUsername = () => {
-  return alphaNumericNanoId(20);
+const generateUsername = (usernameTemplate?: string | null) => {
+  const randomUsername = alphaNumericNanoId(32); // Username must start with an ascii letter, so we prepend the username with "inf-"
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 const generateLDIF = ({
@ -190,7 +196,8 @@ export const LdapProvider = (): TDynamicProviderFns => {
    return dnArray;
  };

-  const create = async (inputs: unknown) => {
+  const create = async (data: { inputs: unknown; usernameTemplate?: string | null }) => {
+    const { inputs, usernameTemplate } = data;
    const providerInputs = await validateProviderInputs(inputs);
    const client = await $getClient(providerInputs);

@ -217,7 +224,7 @@ export const LdapProvider = (): TDynamicProviderFns => {
        });
      }
    } else {
-      const username = generateUsername();
+      const username = generateUsername(usernameTemplate);
      const password = generatePassword();
      const generatedLdif = generateLDIF({ username, password, ldifTemplate: providerInputs.creationLdif });

--- a/backend/src/ee/services/dynamic-secret/providers/models.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/models.ts
@ -360,7 +360,11 @@ export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
 ]);

 export type TDynamicProviderFns = {
-  create: (inputs: unknown, expireAt: number) => Promise<{ entityId: string; data: unknown }>;
+  create: (arg: {
+    inputs: unknown;
+    expireAt: number;
+    usernameTemplate?: string | null;
+  }) => Promise<{ entityId: string; data: unknown }>;
  validateConnection: (inputs: unknown) => Promise<boolean>;
  validateProviderInputs: (inputs: object) => Promise<unknown>;
  revoke: (inputs: unknown, entityId: string) => Promise<{ entityId: string }>;
--- a/backend/src/ee/services/dynamic-secret/providers/mongo-atlas.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/mongo-atlas.ts
@ -1,4 +1,5 @@
 import axios, { AxiosError } from "axios";
+import handlebars from "handlebars";
 import { customAlphabet } from "nanoid";
 import { z } from "zod";

@ -12,8 +13,14 @@ const generatePassword = (size = 48) => {
  return customAlphabet(charset, 48)(size);
 };

-const generateUsername = () => {
-  return alphaNumericNanoId(32);
+const generateUsername = (usernameTemplate?: string | null) => {
+  const randomUsername = alphaNumericNanoId(32);
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 export const MongoAtlasProvider = (): TDynamicProviderFns => {
@ -57,11 +64,12 @@ export const MongoAtlasProvider = (): TDynamicProviderFns => {
    return isConnected;
  };

-  const create = async (inputs: unknown, expireAt: number) => {
+  const create = async (data: { inputs: unknown; expireAt: number; usernameTemplate?: string | null }) => {
+    const { inputs, expireAt, usernameTemplate } = data;
    const providerInputs = await validateProviderInputs(inputs);
    const client = await $getClient(providerInputs);

-    const username = generateUsername();
+    const username = generateUsername(usernameTemplate);
    const password = generatePassword();
    const expiration = new Date(expireAt).toISOString();
    await client({
--- a/backend/src/ee/services/dynamic-secret/providers/mongo-db.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/mongo-db.ts
@ -1,3 +1,4 @@
+import handlebars from "handlebars";
 import { MongoClient } from "mongodb";
 import { customAlphabet } from "nanoid";
 import { z } from "zod";
@ -12,8 +13,14 @@ const generatePassword = (size = 48) => {
  return customAlphabet(charset, 48)(size);
 };

-const generateUsername = () => {
-  return alphaNumericNanoId(32);
+const generateUsername = (usernameTemplate?: string | null) => {
+  const randomUsername = alphaNumericNanoId(32);
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 export const MongoDBProvider = (): TDynamicProviderFns => {
@ -53,11 +60,12 @@ export const MongoDBProvider = (): TDynamicProviderFns => {
    return isConnected;
  };

-  const create = async (inputs: unknown) => {
+  const create = async (data: { inputs: unknown; usernameTemplate?: string | null }) => {
+    const { inputs, usernameTemplate } = data;
    const providerInputs = await validateProviderInputs(inputs);
    const client = await $getClient(providerInputs);

-    const username = generateUsername();
+    const username = generateUsername(usernameTemplate);
    const password = generatePassword();

    const db = client.db(providerInputs.database);
--- a/backend/src/ee/services/dynamic-secret/providers/rabbit-mq.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/rabbit-mq.ts
@ -1,4 +1,5 @@
 import axios, { Axios } from "axios";
+import handlebars from "handlebars";
 import https from "https";
 import { customAlphabet } from "nanoid";
 import { z } from "zod";
@ -14,8 +15,14 @@ const generatePassword = () => {
  return customAlphabet(charset, 64)();
 };

-const generateUsername = () => {
-  return alphaNumericNanoId(32);
+const generateUsername = (usernameTemplate?: string | null) => {
+  const randomUsername = alphaNumericNanoId(32); // Username must start with an ascii letter, so we prepend the username with "inf-"
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 type TCreateRabbitMQUser = {
@ -110,11 +117,12 @@ export const RabbitMqProvider = (): TDynamicProviderFns => {
    return infoResponse;
  };

-  const create = async (inputs: unknown) => {
+  const create = async (data: { inputs: unknown; usernameTemplate?: string | null }) => {
+    const { inputs, usernameTemplate } = data;
    const providerInputs = await validateProviderInputs(inputs);
    const connection = await $getClient(providerInputs);

-    const username = generateUsername();
+    const username = generateUsername(usernameTemplate);
    const password = generatePassword();

    await createRabbitMqUser({
--- a/backend/src/ee/services/dynamic-secret/providers/redis.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/redis.ts
@ -15,8 +15,14 @@ const generatePassword = () => {
  return customAlphabet(charset, 64)();
 };

-const generateUsername = () => {
-  return alphaNumericNanoId(32);
+const generateUsername = (usernameTemplate?: string | null) => {
+  const randomUsername = alphaNumericNanoId(32); // Username must start with an ascii letter, so we prepend the username with "inf-"
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 const executeTransactions = async (connection: Redis, commands: string[]): Promise<(string | null)[] | null> => {
@ -115,11 +121,12 @@ export const RedisDatabaseProvider = (): TDynamicProviderFns => {
    return pingResponse;
  };

-  const create = async (inputs: unknown, expireAt: number) => {
+  const create = async (data: { inputs: unknown; expireAt: number; usernameTemplate?: string | null }) => {
+    const { inputs, expireAt, usernameTemplate } = data;
    const providerInputs = await validateProviderInputs(inputs);
    const connection = await $getClient(providerInputs);

-    const username = generateUsername();
+    const username = generateUsername(usernameTemplate);
    const password = generatePassword();
    const expiration = new Date(expireAt).toISOString();

--- a/backend/src/ee/services/dynamic-secret/providers/sap-ase.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/sap-ase.ts
@ -15,8 +15,14 @@ const generatePassword = (size = 48) => {
  return customAlphabet(charset, 48)(size);
 };

-const generateUsername = () => {
-  return alphaNumericNanoId(25);
+const generateUsername = (usernameTemplate?: string | null) => {
+  const randomUsername = `inf_${alphaNumericNanoId(25)}`; // Username must start with an ascii letter, so we prepend the username with "inf-"
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 enum SapCommands {
@ -81,11 +87,12 @@ export const SapAseProvider = (): TDynamicProviderFns => {
    return true;
  };

-  const create = async (inputs: unknown) => {
+  const create = async (data: { inputs: unknown; usernameTemplate?: string | null }) => {
+    const { inputs, usernameTemplate } = data;
    const providerInputs = await validateProviderInputs(inputs);

-    const username = `inf_${generateUsername()}`;
-    const password = `${generatePassword()}`;
+    const username = generateUsername(usernameTemplate);
+    const password = generatePassword();

    const client = await $getClient(providerInputs);
    const masterClient = await $getClient(providerInputs, true);
--- a/backend/src/ee/services/dynamic-secret/providers/sap-hana.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/sap-hana.ts
@ -21,8 +21,14 @@ const generatePassword = (size = 48) => {
  return customAlphabet(charset, 48)(size);
 };

-const generateUsername = () => {
-  return alphaNumericNanoId(32);
+const generateUsername = (usernameTemplate?: string | null) => {
+  const randomUsername = alphaNumericNanoId(32); // Username must start with an ascii letter, so we prepend the username with "inf-"
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 export const SapHanaProvider = (): TDynamicProviderFns => {
@ -91,10 +97,11 @@ export const SapHanaProvider = (): TDynamicProviderFns => {
    return testResult;
  };

-  const create = async (inputs: unknown, expireAt: number) => {
+  const create = async (data: { inputs: unknown; expireAt: number; usernameTemplate?: string | null }) => {
+    const { inputs, expireAt, usernameTemplate } = data;
    const providerInputs = await validateProviderInputs(inputs);

-    const username = generateUsername();
+    const username = generateUsername(usernameTemplate);
    const password = generatePassword();
    const expiration = new Date(expireAt).toISOString();

--- a/backend/src/ee/services/dynamic-secret/providers/snowflake.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/snowflake.ts
@ -17,8 +17,14 @@ const generatePassword = (size = 48) => {
  return customAlphabet(charset, 48)(size);
 };

-const generateUsername = () => {
-  return `infisical_${alphaNumericNanoId(32)}`; // username must start with alpha character, hence prefix
+const generateUsername = (usernameTemplate?: string | null) => {
+  const randomUsername = `infisical_${alphaNumericNanoId(32)}`; // Username must start with an ascii letter, so we prepend the username with "inf-"
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 const getDaysToExpiry = (expiryDate: Date) => {
@ -82,12 +88,13 @@ export const SnowflakeProvider = (): TDynamicProviderFns => {
    return isValidConnection;
  };

-  const create = async (inputs: unknown, expireAt: number) => {
+  const create = async (data: { inputs: unknown; expireAt: number; usernameTemplate?: string | null }) => {
+    const { inputs, expireAt, usernameTemplate } = data;
    const providerInputs = await validateProviderInputs(inputs);

    const client = await $getClient(providerInputs);

-    const username = generateUsername();
+    const username = generateUsername(usernameTemplate);
    const password = generatePassword();

    try {
--- a/backend/src/ee/services/dynamic-secret/providers/sql-database.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/sql-database.ts
@ -104,11 +104,21 @@ const generatePassword = (provider: SqlProviders, requirements?: PasswordRequire
  }
 };

-const generateUsername = (provider: SqlProviders) => {
-  // For oracle, the client assumes everything is upper case when not using quotes around the password
-  if (provider === SqlProviders.Oracle) return alphaNumericNanoId(32).toUpperCase();
+const generateUsername = (provider: SqlProviders, usernameTemplate?: string | null) => {
+  let randomUsername = "";

-  return alphaNumericNanoId(32);
+  // For oracle, the client assumes everything is upper case when not using quotes around the password
+  if (provider === SqlProviders.Oracle) {
+    randomUsername = alphaNumericNanoId(32).toUpperCase();
+  } else {
+    randomUsername = alphaNumericNanoId(32);
+  }
+  if (!usernameTemplate) return randomUsername;
+
+  return handlebars.compile(usernameTemplate)({
+    randomUsername,
+    unixTimestamp: Math.floor(Date.now() / 100)
+  });
 };

 type TSqlDatabaseProviderDTO = {
@ -210,9 +220,12 @@ export const SqlDatabaseProvider = ({ gatewayService }: TSqlDatabaseProviderDTO)
    return isConnected;
  };

-  const create = async (inputs: unknown, expireAt: number) => {
+  const create = async (data: { inputs: unknown; expireAt: number; usernameTemplate?: string | null }) => {
+    const { inputs, expireAt, usernameTemplate } = data;
+
    const providerInputs = await validateProviderInputs(inputs);
-    const username = generateUsername(providerInputs.client);
+    const username = generateUsername(providerInputs.client, usernameTemplate);
+
    const password = generatePassword(providerInputs.client, providerInputs.passwordRequirements);
    const gatewayCallback = async (host = providerInputs.host, port = providerInputs.port) => {
      const db = await $getClient({ ...providerInputs, port, host });
--- a/backend/src/lib/gateway/index.ts
+++ b/backend/src/lib/gateway/index.ts
@ -44,7 +44,7 @@ const createQuicConnection = async (
        if (!certs || certs.length === 0) return quic.native.CryptoError.CertificateRequired;
        const serverCertificate = new crypto.X509Certificate(Buffer.from(certs[0]));
        const caCertificate = new crypto.X509Certificate(tlsOptions.ca);
-        const isValidServerCertificate = serverCertificate.checkIssued(caCertificate);
+        const isValidServerCertificate = serverCertificate.verify(caCertificate.publicKey);
        if (!isValidServerCertificate) return quic.native.CryptoError.BadCertificate;

        const subjectDetails = parseSubjectDetails(serverCertificate.subject);
--- a/backend/src/lib/template/validate-handlebars.ts
+++ b/backend/src/lib/template/validate-handlebars.ts
@ -19,3 +19,15 @@ export const validateHandlebarTemplate = (templateName: string, template: string
    throw new BadRequestError({ message: `Template sanitization failed: ${templateName}` });
  });
 };
+
+export const isValidHandleBarTemplate = (template: string, dto: SanitizationArg) => {
+  const parsedAst = handlebars.parse(template);
+  return parsedAst.body.every((el) => {
+    if (el.type === "ContentStatement") return true;
+    if (el.type === "MustacheStatement" && "path" in el) {
+      const { path } = el as { type: "MustacheStatement"; path: { type: "PathExpression"; original: string } };
+      if (path.type === "PathExpression" && dto?.allowedExpressions?.(path.original)) return true;
+    }
+    return false;
+  });
+};
--- a/backend/src/server/routes/index.ts
+++ b/backend/src/server/routes/index.ts
@ -741,12 +741,14 @@ export const registerRoutes = async (
    userAliasDAL,
    identityTokenAuthDAL,
    identityAccessTokenDAL,
+    orgMembershipDAL,
    identityOrgMembershipDAL,
    authService: loginService,
    serverCfgDAL: superAdminDAL,
    kmsRootConfigDAL,
    orgService,
    keyStore,
+    orgDAL,
    licenseService,
    kmsService,
    microsoftTeamsService,
--- a/backend/src/server/routes/sanitizedSchemas.ts
+++ b/backend/src/server/routes/sanitizedSchemas.ts
@ -235,11 +235,9 @@ export const SanitizedDynamicSecretSchema = DynamicSecretsSchema.omit({
  inputIV: true,
  inputTag: true,
  algorithm: true
-}).merge(
-  z.object({
-    metadata: ResourceMetadataSchema.optional()
-  })
-);
+}).extend({
+  metadata: ResourceMetadataSchema.optional()
+});

 export const SanitizedAuditLogStreamSchema = z.object({
  id: z.string(),
--- a/backend/src/server/routes/v1/admin-router.ts
+++ b/backend/src/server/routes/v1/admin-router.ts
@ -1,7 +1,13 @@
 import DOMPurify from "isomorphic-dompurify";
 import { z } from "zod";

-import { IdentitiesSchema, OrganizationsSchema, SuperAdminSchema, UsersSchema } from "@app/db/schemas";
+import {
+  IdentitiesSchema,
+  OrganizationsSchema,
+  OrgMembershipsSchema,
+  SuperAdminSchema,
+  UsersSchema
+} from "@app/db/schemas";
 import { getConfig } from "@app/lib/config/env";
 import { BadRequestError } from "@app/lib/errors";
 import { invalidateCacheLimit, readLimit, writeLimit } from "@app/server/config/rateLimiter";
@ -161,6 +167,129 @@ export const registerAdminRouter = async (server: FastifyZodProvider) => {
    }
  });

+  server.route({
+    method: "GET",
+    url: "/organization-management/organizations",
+    config: {
+      rateLimit: readLimit
+    },
+    schema: {
+      querystring: z.object({
+        searchTerm: z.string().default(""),
+        offset: z.coerce.number().default(0),
+        limit: z.coerce.number().max(100).default(20)
+      }),
+      response: {
+        200: z.object({
+          organizations: OrganizationsSchema.extend({
+            members: z
+              .object({
+                user: z.object({
+                  id: z.string(),
+                  email: z.string().nullish(),
+                  username: z.string(),
+                  firstName: z.string().nullish(),
+                  lastName: z.string().nullish()
+                }),
+                membershipId: z.string(),
+                role: z.string(),
+                roleId: z.string().nullish()
+              })
+              .array(),
+            projects: z
+              .object({
+                name: z.string(),
+                id: z.string(),
+                slug: z.string(),
+                createdAt: z.date()
+              })
+              .array()
+          }).array()
+        })
+      }
+    },
+    onRequest: (req, res, done) => {
+      verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN])(req, res, () => {
+        verifySuperAdmin(req, res, done);
+      });
+    },
+    handler: async (req) => {
+      const organizations = await server.services.superAdmin.getOrganizations({
+        ...req.query
+      });
+
+      return {
+        organizations
+      };
+    }
+  });
+
+  server.route({
+    method: "DELETE",
+    url: "/organization-management/organizations/:organizationId/memberships/:membershipId",
+    config: {
+      rateLimit: writeLimit
+    },
+    schema: {
+      params: z.object({
+        organizationId: z.string(),
+        membershipId: z.string()
+      }),
+      response: {
+        200: z.object({
+          organizationMembership: OrgMembershipsSchema
+        })
+      }
+    },
+    onRequest: (req, res, done) => {
+      verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN])(req, res, () => {
+        verifySuperAdmin(req, res, done);
+      });
+    },
+    handler: async (req) => {
+      const organizationMembership = await server.services.superAdmin.deleteOrganizationMembership(
+        req.params.organizationId,
+        req.params.membershipId,
+        req.permission.id,
+        req.permission.type
+      );
+
+      return {
+        organizationMembership
+      };
+    }
+  });
+
+  server.route({
+    method: "DELETE",
+    url: "/organization-management/organizations/:organizationId",
+    config: {
+      rateLimit: writeLimit
+    },
+    schema: {
+      params: z.object({
+        organizationId: z.string()
+      }),
+      response: {
+        200: z.object({
+          organization: OrganizationsSchema
+        })
+      }
+    },
+    onRequest: (req, res, done) => {
+      verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN])(req, res, () => {
+        verifySuperAdmin(req, res, done);
+      });
+    },
+    handler: async (req) => {
+      const organization = await server.services.superAdmin.deleteOrganization(req.params.organizationId);
+
+      return {
+        organization
+      };
+    }
+  });
+
  server.route({
    method: "GET",
    url: "/identity-management/identities",
--- a/backend/src/services/org-admin/org-admin-service.ts
+++ b/backend/src/services/org-admin/org-admin-service.ts
@ -196,17 +196,20 @@ export const orgAdminServiceFactory = ({
      .filter(
        (member) => member.roles.some((role) => role.role === ProjectMembershipRole.Admin) && member.userId !== actorId
      )
-      .map((el) => el.user.email!);
+      .map((el) => el.user.email!)
+      .filter(Boolean);

-    await smtpService.sendMail({
-      template: SmtpTemplates.OrgAdminProjectDirectAccess,
-      recipients: filteredProjectMembers,
-      subjectLine: "Organization Admin Project Direct Access Issued",
-      substitutions: {
-        projectName: project.name,
-        email: projectMembers.find((el) => el.userId === actorId)?.user?.username
-      }
-    });
+    if (filteredProjectMembers.length) {
+      await smtpService.sendMail({
+        template: SmtpTemplates.OrgAdminProjectDirectAccess,
+        recipients: filteredProjectMembers,
+        subjectLine: "Organization Admin Project Direct Access Issued",
+        substitutions: {
+          projectName: project.name,
+          email: projectMembers.find((el) => el.userId === actorId)?.user?.username
+        }
+      });
+    }
    return { isExistingMember: false, membership: updatedMembership };
  };

--- a/backend/src/services/org/org-dal.ts
+++ b/backend/src/services/org/org-dal.ts
@ -2,6 +2,7 @@ import { Knex } from "knex";

 import { TDbClient } from "@app/db";
 import {
+  OrganizationsSchema,
  OrgMembershipRole,
  TableName,
  TOrganizations,
@ -12,7 +13,15 @@ import {
  TUserEncryptionKeys
 } from "@app/db/schemas";
 import { DatabaseError } from "@app/lib/errors";
-import { buildFindFilter, ormify, selectAllTableCols, TFindFilter, TFindOpt, withTransaction } from "@app/lib/knex";
+import {
+  buildFindFilter,
+  ormify,
+  selectAllTableCols,
+  sqlNestRelationships,
+  TFindFilter,
+  TFindOpt,
+  withTransaction
+} from "@app/lib/knex";
 import { generateKnexQueryFromScim } from "@app/lib/knex/scim";

 import { OrgAuthMethod } from "./org-types";
@ -22,6 +31,110 @@ export type TOrgDALFactory = ReturnType<typeof orgDALFactory>;
 export const orgDALFactory = (db: TDbClient) => {
  const orgOrm = ormify(db, TableName.Organization);

+  const findOrganizationsByFilter = async ({
+    limit,
+    offset,
+    searchTerm,
+    sortBy
+  }: {
+    limit: number;
+    offset: number;
+    searchTerm: string;
+    sortBy?: keyof TOrganizations;
+  }) => {
+    try {
+      const query = db.replicaNode()(TableName.Organization);
+
+      // Build the subquery for limited organization IDs
+      const orgSubquery = db.replicaNode().select("id").from(TableName.Organization);
+
+      if (searchTerm) {
+        void orgSubquery.where((qb) => {
+          void qb.whereILike(`${TableName.Organization}.name`, `%${searchTerm}%`);
+        });
+      }
+
+      if (sortBy) {
+        void orgSubquery.orderBy(sortBy);
+      }
+
+      void orgSubquery.limit(limit).offset(offset);
+
+      // Main query with joins, limited to the subquery results
+      const docs = await query
+        .whereIn(`${TableName.Organization}.id`, orgSubquery)
+        .leftJoin(TableName.Project, `${TableName.Organization}.id`, `${TableName.Project}.orgId`)
+        .leftJoin(TableName.OrgMembership, `${TableName.Organization}.id`, `${TableName.OrgMembership}.orgId`)
+        .leftJoin(TableName.Users, `${TableName.OrgMembership}.userId`, `${TableName.Users}.id`)
+        .leftJoin(TableName.OrgRoles, `${TableName.OrgMembership}.roleId`, `${TableName.OrgRoles}.id`)
+        .where((qb) => {
+          void qb.where(`${TableName.Users}.isGhost`, false).orWhereNull(`${TableName.Users}.id`);
+        })
+        .select(selectAllTableCols(TableName.Organization))
+        .select(db.ref("name").withSchema(TableName.Project).as("projectName"))
+        .select(db.ref("id").withSchema(TableName.Project).as("projectId"))
+        .select(db.ref("slug").withSchema(TableName.Project).as("projectSlug"))
+        .select(db.ref("createdAt").withSchema(TableName.Project).as("projectCreatedAt"))
+        .select(db.ref("email").withSchema(TableName.Users).as("userEmail"))
+        .select(db.ref("username").withSchema(TableName.Users).as("username"))
+        .select(db.ref("firstName").withSchema(TableName.Users).as("firstName"))
+        .select(db.ref("lastName").withSchema(TableName.Users).as("lastName"))
+        .select(db.ref("id").withSchema(TableName.Users).as("userId"))
+        .select(db.ref("id").withSchema(TableName.OrgMembership).as("orgMembershipId"))
+        .select(db.ref("role").withSchema(TableName.OrgMembership).as("orgMembershipRole"))
+        .select(db.ref("roleId").withSchema(TableName.OrgMembership).as("orgMembershipRoleId"))
+        .select(db.ref("name").withSchema(TableName.OrgRoles).as("orgMembershipRoleName"));
+
+      const formattedDocs = sqlNestRelationships({
+        data: docs,
+        key: "id",
+        parentMapper: (data) => OrganizationsSchema.parse(data),
+        childrenMapper: [
+          {
+            key: "projectId",
+            label: "projects" as const,
+            mapper: ({ projectId, projectName, projectSlug, projectCreatedAt }) => ({
+              id: projectId,
+              name: projectName,
+              slug: projectSlug,
+              createdAt: projectCreatedAt
+            })
+          },
+          {
+            key: "userId",
+            label: "members" as const,
+            mapper: ({
+              userId,
+              userEmail,
+              username,
+              firstName,
+              lastName,
+              orgMembershipId,
+              orgMembershipRole,
+              orgMembershipRoleName,
+              orgMembershipRoleId
+            }) => ({
+              user: {
+                id: userId,
+                email: userEmail,
+                username,
+                firstName,
+                lastName
+              },
+              membershipId: orgMembershipId,
+              role: orgMembershipRoleName || orgMembershipRole, // custom role name or pre-defined role name
+              roleId: orgMembershipRoleId
+            })
+          }
+        ]
+      });
+
+      return formattedDocs;
+    } catch (error) {
+      throw new DatabaseError({ error, name: "Find organizations by filter" });
+    }
+  };
+
  const findOrgById = async (orgId: string) => {
    try {
      const org = (await db
@ -507,6 +620,7 @@ export const orgDALFactory = (db: TDbClient) => {
    findOrgById,
    findOrgBySlug,
    findAllOrgsByUserId,
+    findOrganizationsByFilter,
    ghostUserExists,
    findOrgMembersByUsername,
    findOrgMembersByRole,
--- a/backend/src/services/super-admin/super-admin-service.ts
+++ b/backend/src/services/super-admin/super-admin-service.ts
@ -11,7 +11,7 @@ import { BadRequestError, NotFoundError } from "@app/lib/errors";
 import { TIdentityDALFactory } from "@app/services/identity/identity-dal";

 import { TAuthLoginFactory } from "../auth/auth-login-service";
-import { AuthMethod, AuthTokenType } from "../auth/auth-type";
+import { ActorType, AuthMethod, AuthTokenType } from "../auth/auth-type";
 import { TIdentityOrgDALFactory } from "../identity/identity-org-dal";
 import { TIdentityAccessTokenDALFactory } from "../identity-access-token/identity-access-token-dal";
 import { TIdentityAccessTokenJwtPayload } from "../identity-access-token/identity-access-token-types";
@ -21,7 +21,9 @@ import { TKmsRootConfigDALFactory } from "../kms/kms-root-config-dal";
 import { TKmsServiceFactory } from "../kms/kms-service";
 import { RootKeyEncryptionStrategy } from "../kms/kms-types";
 import { TMicrosoftTeamsServiceFactory } from "../microsoft-teams/microsoft-teams-service";
+import { TOrgDALFactory } from "../org/org-dal";
 import { TOrgServiceFactory } from "../org/org-service";
+import { TOrgMembershipDALFactory } from "../org-membership/org-membership-dal";
 import { TUserDALFactory } from "../user/user-dal";
 import { TUserAliasDALFactory } from "../user-alias/user-alias-dal";
 import { UserAliasType } from "../user-alias/user-alias-types";
@ -33,7 +35,8 @@ import {
  TAdminBootstrapInstanceDTO,
  TAdminGetIdentitiesDTO,
  TAdminGetUsersDTO,
-  TAdminSignUpDTO
+  TAdminSignUpDTO,
+  TGetOrganizationsDTO
 } from "./super-admin-types";

 type TSuperAdminServiceFactoryDep = {
@ -41,6 +44,8 @@ type TSuperAdminServiceFactoryDep = {
  identityTokenAuthDAL: TIdentityTokenAuthDALFactory;
  identityAccessTokenDAL: TIdentityAccessTokenDALFactory;
  identityOrgMembershipDAL: TIdentityOrgDALFactory;
+  orgDAL: TOrgDALFactory;
+  orgMembershipDAL: TOrgMembershipDALFactory;
  serverCfgDAL: TSuperAdminDALFactory;
  userDAL: TUserDALFactory;
  userAliasDAL: Pick<TUserAliasDALFactory, "findOne">;
@ -73,6 +78,8 @@ export const superAdminServiceFactory = ({
  serverCfgDAL,
  userDAL,
  identityDAL,
+  orgDAL,
+  orgMembershipDAL,
  userAliasDAL,
  authService,
  orgService,
@ -521,6 +528,47 @@ export const superAdminServiceFactory = ({
    return updatedUser;
  };

+  const getOrganizations = async ({ offset, limit, searchTerm }: TGetOrganizationsDTO) => {
+    const organizations = await orgDAL.findOrganizationsByFilter({
+      offset,
+      searchTerm,
+      sortBy: "name",
+      limit
+    });
+    return organizations;
+  };
+
+  const deleteOrganization = async (organizationId: string) => {
+    const organization = await orgDAL.deleteById(organizationId);
+    return organization;
+  };
+
+  const deleteOrganizationMembership = async (
+    organizationId: string,
+    membershipId: string,
+    actorId: string,
+    actorType: ActorType
+  ) => {
+    if (actorType === ActorType.USER) {
+      const orgMembership = await orgMembershipDAL.findById(membershipId);
+      if (!orgMembership) {
+        throw new NotFoundError({ name: "Organization Membership", message: "Organization membership not found" });
+      }
+
+      if (orgMembership.userId === actorId) {
+        throw new BadRequestError({
+          message: "You cannot remove yourself from the organization from the instance management panel."
+        });
+      }
+    }
+
+    const [organizationMembership] = await orgMembershipDAL.delete({
+      orgId: organizationId,
+      id: membershipId
+    });
+    return organizationMembership;
+  };
+
  const getIdentities = async ({ offset, limit, searchTerm }: TAdminGetIdentitiesDTO) => {
    const identities = await identityDAL.getIdentitiesByFilter({
      limit,
@ -663,6 +711,9 @@ export const superAdminServiceFactory = ({
    deleteIdentitySuperAdminAccess,
    deleteUserSuperAdminAccess,
    invalidateCache,
-    checkIfInvalidatingCache
+    checkIfInvalidatingCache,
+    getOrganizations,
+    deleteOrganization,
+    deleteOrganizationMembership
  };
 };
--- a/backend/src/services/super-admin/super-admin-types.ts
+++ b/backend/src/services/super-admin/super-admin-types.ts
@ -35,6 +35,12 @@ export type TAdminGetIdentitiesDTO = {
  searchTerm: string;
 };

+export type TGetOrganizationsDTO = {
+  offset: number;
+  limit: number;
+  searchTerm: string;
+};
+
 export enum LoginMethod {
  EMAIL = "email",
  GOOGLE = "google",
--- a/cli/go.mod
+++ b/cli/go.mod
@ -5,6 +5,8 @@ go 1.23.0
 toolchain go1.23.5

 require (
+	github.com/BobuSumisu/aho-corasick v1.0.3
+	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/bradleyjkemp/cupaloy/v2 v2.8.0
 	github.com/charmbracelet/lipgloss v0.9.1
 	github.com/creack/pty v1.1.21
@ -19,10 +21,10 @@ require (
 	github.com/muesli/mango-cobra v1.2.0
 	github.com/muesli/reflow v0.3.0
 	github.com/muesli/roff v0.1.0
-	github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9
 	github.com/pion/dtls/v3 v3.0.4
 	github.com/pion/logging v0.2.3
 	github.com/pion/turn/v4 v4.0.0
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c
 	github.com/posthog/posthog-go v0.0.0-20221221115252-24dfed35d71a
 	github.com/quic-go/quic-go v0.50.0
 	github.com/rs/cors v1.11.0
@ -30,7 +32,9 @@ require (
 	github.com/spf13/cobra v1.6.1
 	github.com/spf13/viper v1.8.1
 	github.com/stretchr/testify v1.10.0
+	github.com/wasilibs/go-re2 v1.10.0
 	golang.org/x/crypto v0.36.0
+	golang.org/x/exp v0.0.0-20250228200357-dead58393ab7
 	golang.org/x/sys v0.31.0
 	golang.org/x/term v0.30.0
 	gopkg.in/yaml.v2 v2.4.0
@ -43,10 +47,8 @@ require (
 	cloud.google.com/go/compute/metadata v0.4.0 // indirect
 	cloud.google.com/go/iam v1.1.11 // indirect
 	dario.cat/mergo v1.0.1 // indirect
-	github.com/BobuSumisu/aho-corasick v1.0.3 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.3.0 // indirect
-	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
 	github.com/aws/aws-sdk-go-v2 v1.27.2 // indirect
@ -65,7 +67,7 @@ require (
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/chzyer/readline v1.5.1 // indirect
 	github.com/danieljoos/wincred v1.2.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dvsekhvalnov/jose2go v1.6.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
@ -105,13 +107,15 @@ require (
 	github.com/pion/stun/v3 v3.0.0 // indirect
 	github.com/pion/transport/v3 v3.0.7 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/spf13/afero v1.6.0 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
+	github.com/tetratelabs/wazero v1.9.0 // indirect
+	github.com/wasilibs/wazero-helpers v0.0.0-20240620070341-3dff1577cd52 // indirect
 	github.com/wlynxg/anet v0.0.5 // indirect
 	github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect
 	go.mongodb.org/mongo-driver v1.10.0 // indirect
@ -122,7 +126,6 @@ require (
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
 	go.uber.org/mock v0.5.0 // indirect
-	golang.org/x/exp v0.0.0-20250228200357-dead58393ab7 // indirect
 	golang.org/x/mod v0.23.0 // indirect
 	golang.org/x/net v0.35.0 // indirect
 	golang.org/x/oauth2 v0.21.0 // indirect
--- a/cli/go.sum
+++ b/cli/go.sum
@ -127,8 +127,9 @@ github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr
 github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=
 github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisbrodbeck/machineid v1.0.1 h1:geKr9qtkB876mXguW2X6TU4ZynleN6ezuMSRhl4D7AQ=
 github.com/denisbrodbeck/machineid v1.0.1/go.mod h1:dJUwb7PTidGDeYyUBmXZ2GphQBbjJCrnectwCyxcUSI=
 github.com/dvsekhvalnov/jose2go v1.6.0 h1:Y9gnSnP4qEI0+/uQkHvFXeD2PLPJeXEL+ySMEA2EjTY=
@ -147,11 +148,11 @@ github.com/fatih/semgroup v1.2.0 h1:h/OLXwEM+3NNyAdZEpMiH1OzfplU09i2qXPVThGZvyg=
 github.com/fatih/semgroup v1.2.0/go.mod h1:1KAD4iIYfXjE4U13B48VM4z9QUwV5Tt8O4rS879kgm8=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/gitleaks/go-gitdiff v0.8.0 h1:7aExTZm+K/M/EQKOyYcub8rIAdWK6ONxPGuRzxmWW+0=
-github.com/gitleaks/go-gitdiff v0.8.0/go.mod h1:pKz0X4YzCKZs30BL+weqBIG7mx0jl4tF1uXV9ZyNvrA=
 github.com/gitleaks/go-gitdiff v0.9.1 h1:ni6z6/3i9ODT685OLCTf+s/ERlWUNWQF4x1pvoNICw0=
 github.com/gitleaks/go-gitdiff v0.9.1/go.mod h1:pKz0X4YzCKZs30BL+weqBIG7mx0jl4tF1uXV9ZyNvrA=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@ -307,6 +308,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@ -373,8 +376,6 @@ github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlR
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.9.3 h1:zeC5b1GviRUyKYd6OJPvBU/mcVDVoL1OhT17FCt5dSQ=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 h1:lL+y4Xv20pVlCGyLzNHRC0I0rIHhIL1lTvHizoS/dU8=
-github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw=
 github.com/pion/dtls/v3 v3.0.4 h1:44CZekewMzfrn9pmGrj5BNnTMDCFwr+6sLH+cCuLM7U=
 github.com/pion/dtls/v3 v3.0.4/go.mod h1:R373CsjxWqNPf6MEkfdy3aSe9niZvL/JaKlGeFphtMg=
 github.com/pion/logging v0.2.3 h1:gHuf0zpoh1GW67Nr6Gj4cv5Z9ZscU7g/EaoC/Ke/igI=
@ -385,12 +386,15 @@ github.com/pion/stun/v3 v3.0.0 h1:4h1gwhWLWuZWOJIJR9s2ferRO+W3zA/b6ijOI6mKzUw=
 github.com/pion/stun/v3 v3.0.0/go.mod h1:HvCN8txt8mwi4FBvS3EmDghW6aQJ24T+y+1TKjB5jyU=
 github.com/pion/transport/v3 v3.0.7 h1:iRbMH05BzSNwhILHoBoAPxoB9xQgOaJk+591KC9P1o0=
 github.com/pion/transport/v3 v3.0.7/go.mod h1:YleKiTZ4vqNxVwh77Z0zytYi7rXHl7j6uPLGhhz9rwo=
+github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
+github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posthog/posthog-go v0.0.0-20221221115252-24dfed35d71a h1:Ey0XWvrg6u6hyIn1Kd/jCCmL+bMv9El81tvuGBbxZGg=
 github.com/posthog/posthog-go v0.0.0-20221221115252-24dfed35d71a/go.mod h1:oa2sAs9tGai3VldabTV0eWejt/O4/OOD7azP8GaikqU=
@ -402,6 +406,8 @@ github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po=
 github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
@ -420,7 +426,6 @@ github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIK
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
-github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
 github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
@ -451,9 +456,15 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
+github.com/tetratelabs/wazero v1.9.0 h1:IcZ56OuxrtaEz8UYNRHBrUa9bYeX9oVY93KspZZBf/I=
+github.com/tetratelabs/wazero v1.9.0/go.mod h1:TSbcXCfFP0L2FGkRPxHphadXPjo1T6W+CseNNY7EkjM=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/wasilibs/go-re2 v1.10.0 h1:vQZEBYZOCA9jdBMmrO4+CvqyCj0x4OomXTJ4a5/urQ0=
+github.com/wasilibs/go-re2 v1.10.0/go.mod h1:k+5XqO2bCJS+QpGOnqugyfwC04nw0jaglmjrrkG8U6o=
+github.com/wasilibs/wazero-helpers v0.0.0-20240620070341-3dff1577cd52 h1:OvLBa8SqJnZ6P+mjlzc2K7PM22rRUPE1x32G9DTPrC4=
+github.com/wasilibs/wazero-helpers v0.0.0-20240620070341-3dff1577cd52/go.mod h1:jMeV4Vpbi8osrE/pKUxRZkVaA0EX7NZN0A9/oRzgpgY=
 github.com/wlynxg/anet v0.0.5 h1:J3VJGi1gvo0JwZ/P1/Yc/8p63SoW98B5dHkYDmpgvvU=
 github.com/wlynxg/anet v0.0.5/go.mod h1:eay5PRQr7fIVAMbTbchTnO9gG65Hg/uYGdc7mguHxoA=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
@ -661,6 +672,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
--- a/cli/packages/api/api.go
+++ b/cli/packages/api/api.go
@ -12,35 +12,6 @@ import (

 const USER_AGENT = "cli"

-const (
-	operationCallGetRawSecretsV3                   = "CallGetRawSecretsV3"
-	operationCallGetEncryptedWorkspaceKey          = "CallGetEncryptedWorkspaceKey"
-	operationCallGetServiceTokenDetails            = "CallGetServiceTokenDetails"
-	operationCallLogin1V3                          = "CallLogin1V3"
-	operationCallVerifyMfaToken                    = "CallVerifyMfaToken"
-	operationCallLogin2V3                          = "CallLogin2V3"
-	operationCallGetAllOrganizations               = "CallGetAllOrganizations"
-	operationCallSelectOrganization                = "CallSelectOrganization"
-	operationCallGetAllWorkSpacesUserBelongsTo     = "CallGetAllWorkSpacesUserBelongsTo"
-	operationCallGetProjectById                    = "CallGetProjectById"
-	operationCallIsAuthenticated                   = "CallIsAuthenticated"
-	operationCallGetNewAccessTokenWithRefreshToken = "CallGetNewAccessTokenWithRefreshToken"
-	operationCallGetFoldersV1                      = "CallGetFoldersV1"
-	operationCallCreateFolderV1                    = "CallCreateFolderV1"
-	operationCallDeleteFolderV1                    = "CallDeleteFolderV1"
-	operationCallDeleteSecretsV3                   = "CallDeleteSecretsV3"
-	operationCallCreateServiceToken                = "CallCreateServiceToken"
-	operationCallUniversalAuthLogin                = "CallUniversalAuthLogin"
-	operationCallMachineIdentityRefreshAccessToken = "CallMachineIdentityRefreshAccessToken"
-	operationCallFetchSingleSecretByName           = "CallFetchSingleSecretByName"
-	operationCallCreateRawSecretsV3                = "CallCreateRawSecretsV3"
-	operationCallUpdateRawSecretsV3                = "CallUpdateRawSecretsV3"
-	operationCallRegisterGatewayIdentityV1         = "CallRegisterGatewayIdentityV1"
-	operationCallExchangeRelayCertV1               = "CallExchangeRelayCertV1"
-	operationCallGatewayHeartBeatV1                = "CallGatewayHeartBeatV1"
-	operationCallBootstrapInstance                 = "CallBootstrapInstance"
-)
-
 func CallGetEncryptedWorkspaceKey(httpClient *resty.Client, request GetEncryptedWorkspaceKeyRequest) (GetEncryptedWorkspaceKeyResponse, error) {
 	endpoint := fmt.Sprintf("%v/v2/workspace/%v/encrypted-key", config.INFISICAL_URL, request.WorkspaceId)
 	var result GetEncryptedWorkspaceKeyResponse
@ -51,11 +22,11 @@ func CallGetEncryptedWorkspaceKey(httpClient *resty.Client, request GetEncrypted
 		Get(endpoint)

 	if err != nil {
-		return GetEncryptedWorkspaceKeyResponse{}, NewGenericRequestError(operationCallGetEncryptedWorkspaceKey, err)
+		return GetEncryptedWorkspaceKeyResponse{}, fmt.Errorf("CallGetEncryptedWorkspaceKey: Unable to complete api request [err=%s]", err)
 	}

 	if response.IsError() {
-		return GetEncryptedWorkspaceKeyResponse{}, NewAPIErrorWithResponse(operationCallGetEncryptedWorkspaceKey, response, nil)
+		return GetEncryptedWorkspaceKeyResponse{}, fmt.Errorf("CallGetEncryptedWorkspaceKey: Unsuccessful response [%v %v] [status-code=%v]", response.Request.Method, response.Request.URL, response.StatusCode())
 	}

 	return result, nil
@ -70,11 +41,11 @@ func CallGetServiceTokenDetailsV2(httpClient *resty.Client) (GetServiceTokenDeta
 		Get(fmt.Sprintf("%v/v2/service-token", config.INFISICAL_URL))

 	if err != nil {
-		return GetServiceTokenDetailsResponse{}, NewGenericRequestError(operationCallGetServiceTokenDetails, err)
+		return GetServiceTokenDetailsResponse{}, fmt.Errorf("CallGetServiceTokenDetails: Unable to complete api request [err=%s]", err)
 	}

 	if response.IsError() {
-		return GetServiceTokenDetailsResponse{}, NewAPIErrorWithResponse(operationCallGetServiceTokenDetails, response, nil)
+		return GetServiceTokenDetailsResponse{}, fmt.Errorf("CallGetServiceTokenDetails: Unsuccessful response: [response=%s]", response)
 	}

 	return tokenDetailsResponse, nil
@ -90,11 +61,11 @@ func CallLogin1V2(httpClient *resty.Client, request GetLoginOneV2Request) (GetLo
 		Post(fmt.Sprintf("%v/v3/auth/login1", config.INFISICAL_URL))

 	if err != nil {
-		return GetLoginOneV2Response{}, NewGenericRequestError(operationCallLogin1V3, err)
+		return GetLoginOneV2Response{}, fmt.Errorf("CallLogin1V3: Unable to complete api request [err=%s]", err)
 	}

 	if response.IsError() {
-		return GetLoginOneV2Response{}, NewAPIErrorWithResponse(operationCallLogin1V3, response, nil)
+		return GetLoginOneV2Response{}, fmt.Errorf("CallLogin1V3: Unsuccessful response: [response=%s]", response)
 	}

 	return loginOneV2Response, nil
@ -128,7 +99,7 @@ func CallVerifyMfaToken(httpClient *resty.Client, request VerifyMfaTokenRequest)
 	}

 	if err != nil {
-		return nil, nil, NewGenericRequestError(operationCallVerifyMfaToken, err)
+		return nil, nil, fmt.Errorf("CallVerifyMfaToken: Unable to complete api request [err=%s]", err)
 	}

 	if response.IsError() {
@ -164,11 +135,11 @@ func CallLogin2V2(httpClient *resty.Client, request GetLoginTwoV2Request) (GetLo
 	}

 	if err != nil {
-		return GetLoginTwoV2Response{}, NewGenericRequestError(operationCallLogin2V3, err)
+		return GetLoginTwoV2Response{}, fmt.Errorf("CallLogin2V3: Unable to complete api request [err=%s]", err)
 	}

 	if response.IsError() {
-		return GetLoginTwoV2Response{}, NewAPIErrorWithResponse(operationCallLogin2V3, response, nil)
+		return GetLoginTwoV2Response{}, fmt.Errorf("CallLogin2V3: Unsuccessful response: [response=%s]", response)
 	}

 	return loginTwoV2Response, nil
@ -183,11 +154,11 @@ func CallGetAllOrganizations(httpClient *resty.Client) (GetOrganizationsResponse
 		Get(fmt.Sprintf("%v/v1/organization", config.INFISICAL_URL))

 	if err != nil {
-		return GetOrganizationsResponse{}, NewGenericRequestError(operationCallGetAllOrganizations, err)
+		return GetOrganizationsResponse{}, err
 	}

 	if response.IsError() {
-		return GetOrganizationsResponse{}, NewAPIErrorWithResponse(operationCallGetAllOrganizations, response, nil)
+		return GetOrganizationsResponse{}, fmt.Errorf("CallGetAllOrganizations: Unsuccessful response: [response=%v]", response)
 	}

 	return orgResponse, nil
@ -204,11 +175,11 @@ func CallSelectOrganization(httpClient *resty.Client, request SelectOrganization
 		Post(fmt.Sprintf("%v/v3/auth/select-organization", config.INFISICAL_URL))

 	if err != nil {
-		return SelectOrganizationResponse{}, NewGenericRequestError(operationCallSelectOrganization, err)
+		return SelectOrganizationResponse{}, err
 	}

 	if response.IsError() {
-		return SelectOrganizationResponse{}, NewAPIErrorWithResponse(operationCallSelectOrganization, response, nil)
+		return SelectOrganizationResponse{}, fmt.Errorf("CallSelectOrganization: Unsuccessful response: [response=%v]", response)
 	}

 	return selectOrgResponse, nil
@ -243,11 +214,11 @@ func CallGetProjectById(httpClient *resty.Client, id string) (Project, error) {
 		Get(fmt.Sprintf("%v/v1/workspace/%s", config.INFISICAL_URL, id))

 	if err != nil {
-		return Project{}, NewGenericRequestError(operationCallGetProjectById, err)
+		return Project{}, err
 	}

 	if response.IsError() {
-		return Project{}, NewAPIErrorWithResponse(operationCallGetProjectById, response, nil)
+		return Project{}, fmt.Errorf("CallGetProjectById: Unsuccessful response:  [response=%v]", response)
 	}

 	return projectResponse.Project, nil
@ -266,7 +237,7 @@ func CallIsAuthenticated(httpClient *resty.Client) bool {
 	}

 	if response.IsError() {
-		log.Debug().Msgf("%s: Unsuccessful response: [response=%v]", operationCallIsAuthenticated, response)
+		log.Debug().Msgf("CallIsAuthenticated: Unsuccessful response:  [response=%v]", response)
 		return false
 	}

@ -286,11 +257,11 @@ func CallGetNewAccessTokenWithRefreshToken(httpClient *resty.Client, refreshToke
 		Post(fmt.Sprintf("%v/v1/auth/token", config.INFISICAL_URL))

 	if err != nil {
-		return GetNewAccessTokenWithRefreshTokenResponse{}, NewGenericRequestError(operationCallGetNewAccessTokenWithRefreshToken, err)
+		return GetNewAccessTokenWithRefreshTokenResponse{}, err
 	}

 	if response.IsError() {
-		return GetNewAccessTokenWithRefreshTokenResponse{}, NewAPIErrorWithResponse(operationCallGetNewAccessTokenWithRefreshToken, response, nil)
+		return GetNewAccessTokenWithRefreshTokenResponse{}, fmt.Errorf("CallGetNewAccessTokenWithRefreshToken: Unsuccessful response:  [response=%v]", response)
 	}

 	return newAccessToken, nil
@ -309,11 +280,11 @@ func CallGetFoldersV1(httpClient *resty.Client, request GetFoldersV1Request) (Ge
 	response, err := httpRequest.Get(fmt.Sprintf("%v/v1/folders", config.INFISICAL_URL))

 	if err != nil {
-		return GetFoldersV1Response{}, NewGenericRequestError(operationCallGetFoldersV1, err)
+		return GetFoldersV1Response{}, fmt.Errorf("CallGetFoldersV1: Unable to complete api request [err=%v]", err)
 	}

 	if response.IsError() {
-		return GetFoldersV1Response{}, NewAPIErrorWithResponse(operationCallGetFoldersV1, response, nil)
+		return GetFoldersV1Response{}, fmt.Errorf("CallGetFoldersV1: Unsuccessful [response=%s]", response)
 	}

 	return foldersResponse, nil
@ -329,11 +300,11 @@ func CallCreateFolderV1(httpClient *resty.Client, request CreateFolderV1Request)

 	response, err := httpRequest.Post(fmt.Sprintf("%v/v1/folders", config.INFISICAL_URL))
 	if err != nil {
-		return CreateFolderV1Response{}, NewGenericRequestError(operationCallCreateFolderV1, err)
+		return CreateFolderV1Response{}, fmt.Errorf("CallCreateFolderV1: Unable to complete api request [err=%s]", err)
 	}

 	if response.IsError() {
-		return CreateFolderV1Response{}, NewAPIErrorWithResponse(operationCallCreateFolderV1, response, nil)
+		return CreateFolderV1Response{}, fmt.Errorf("CallCreateFolderV1: Unsuccessful [response=%s]", response.String())
 	}

 	return folderResponse, nil
@ -350,11 +321,11 @@ func CallDeleteFolderV1(httpClient *resty.Client, request DeleteFolderV1Request)

 	response, err := httpRequest.Delete(fmt.Sprintf("%v/v1/folders/%v", config.INFISICAL_URL, request.FolderName))
 	if err != nil {
-		return DeleteFolderV1Response{}, NewGenericRequestError(operationCallDeleteFolderV1, err)
+		return DeleteFolderV1Response{}, fmt.Errorf("CallDeleteFolderV1: Unable to complete api request [err=%s]", err)
 	}

 	if response.IsError() {
-		return DeleteFolderV1Response{}, NewAPIErrorWithResponse(operationCallDeleteFolderV1, response, nil)
+		return DeleteFolderV1Response{}, fmt.Errorf("CallDeleteFolderV1: Unsuccessful [response=%s]", response.String())
 	}

 	return folderResponse, nil
@ -371,12 +342,11 @@ func CallDeleteSecretsRawV3(httpClient *resty.Client, request DeleteSecretV3Requ
 		Delete(fmt.Sprintf("%v/v3/secrets/raw/%s", config.INFISICAL_URL, request.SecretName))

 	if err != nil {
-		return NewGenericRequestError(operationCallDeleteSecretsV3, err)
+		return fmt.Errorf("CallDeleteSecretsV3: Unable to complete api request [err=%s]", err)
 	}

 	if response.IsError() {
-		additionalContext := "Please make sure your secret path, workspace and environment name are all correct."
-		return NewAPIErrorWithResponse(operationCallDeleteSecretsV3, response, &additionalContext)
+		return fmt.Errorf("CallDeleteSecretsV3: Unsuccessful response. Please make sure your secret path, workspace and environment name are all correct [response=%s]", response)
 	}

 	return nil
@ -392,11 +362,11 @@ func CallCreateServiceToken(httpClient *resty.Client, request CreateServiceToken
 		Post(fmt.Sprintf("%v/v2/service-token/", config.INFISICAL_URL))

 	if err != nil {
-		return CreateServiceTokenResponse{}, NewGenericRequestError(operationCallCreateServiceToken, err)
+		return CreateServiceTokenResponse{}, fmt.Errorf("CallCreateServiceToken: Unable to complete api request [err=%s]", err)
 	}

 	if response.IsError() {
-		return CreateServiceTokenResponse{}, NewAPIErrorWithResponse(operationCallCreateServiceToken, response, nil)
+		return CreateServiceTokenResponse{}, fmt.Errorf("CallCreateServiceToken: Unsuccessful response [%v %v] [status-code=%v]", response.Request.Method, response.Request.URL, response.StatusCode())
 	}

 	return createServiceTokenResponse, nil
@ -412,11 +382,11 @@ func CallUniversalAuthLogin(httpClient *resty.Client, request UniversalAuthLogin
 		Post(fmt.Sprintf("%v/v1/auth/universal-auth/login/", config.INFISICAL_URL))

 	if err != nil {
-		return UniversalAuthLoginResponse{}, NewGenericRequestError(operationCallUniversalAuthLogin, err)
+		return UniversalAuthLoginResponse{}, fmt.Errorf("CallUniversalAuthLogin: Unable to complete api request [err=%s]", err)
 	}

 	if response.IsError() {
-		return UniversalAuthLoginResponse{}, NewAPIErrorWithResponse(operationCallUniversalAuthLogin, response, nil)
+		return UniversalAuthLoginResponse{}, fmt.Errorf("CallUniversalAuthLogin: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
 	}

 	return universalAuthLoginResponse, nil
@ -432,11 +402,11 @@ func CallMachineIdentityRefreshAccessToken(httpClient *resty.Client, request Uni
 		Post(fmt.Sprintf("%v/v1/auth/token/renew", config.INFISICAL_URL))

 	if err != nil {
-		return UniversalAuthRefreshResponse{}, NewGenericRequestError(operationCallMachineIdentityRefreshAccessToken, err)
+		return UniversalAuthRefreshResponse{}, fmt.Errorf("CallMachineIdentityRefreshAccessToken: Unable to complete api request [err=%s]", err)
 	}

 	if response.IsError() {
-		return UniversalAuthRefreshResponse{}, NewAPIErrorWithResponse(operationCallMachineIdentityRefreshAccessToken, response, nil)
+		return UniversalAuthRefreshResponse{}, fmt.Errorf("CallMachineIdentityRefreshAccessToken: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
 	}

 	return universalAuthRefreshResponse, nil
@ -471,19 +441,19 @@ func CallGetRawSecretsV3(httpClient *resty.Client, request GetRawSecretsV3Reques
 	response, err := req.Get(fmt.Sprintf("%v/v3/secrets/raw", config.INFISICAL_URL))

 	if err != nil {
-		return GetRawSecretsV3Response{}, NewGenericRequestError(operationCallGetRawSecretsV3, err)
+		return GetRawSecretsV3Response{}, fmt.Errorf("CallGetRawSecretsV3: Unable to complete api request [err=%w]", err)
 	}

 	if response.IsError() &&
 		(strings.Contains(response.String(), "bot_not_found_error") ||
 			strings.Contains(strings.ToLower(response.String()), "failed to find bot key") ||
 			strings.Contains(strings.ToLower(response.String()), "bot is not active")) {
-		additionalContext := fmt.Sprintf(`Project with id %s is incompatible with your current CLI version. Upgrade your project by visiting the project settings page. If you're self-hosting and project upgrade option isn't yet available, contact your administrator to upgrade your Infisical instance to the latest release.`, request.WorkspaceId)
-		return GetRawSecretsV3Response{}, NewAPIErrorWithResponse(operationCallGetRawSecretsV3, response, &additionalContext)
+		return GetRawSecretsV3Response{}, fmt.Errorf(`Project with id %s is incompatible with your current CLI version. Upgrade your project by visiting the project settings page. If you're self-hosting and project upgrade option isn't yet available, contact your administrator to upgrade your Infisical instance to the latest release.
+		`, request.WorkspaceId)
 	}

 	if response.IsError() {
-		return GetRawSecretsV3Response{}, NewAPIErrorWithResponse(operationCallGetRawSecretsV3, response, nil)
+		return GetRawSecretsV3Response{}, fmt.Errorf("CallGetRawSecretsV3: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
 	}

 	getRawSecretsV3Response.ETag = response.Header().Get(("etag"))
@ -507,11 +477,11 @@ func CallFetchSingleSecretByName(httpClient *resty.Client, request GetRawSecretV
 		Get(fmt.Sprintf("%v/v3/secrets/raw/%s", config.INFISICAL_URL, request.SecretName))

 	if err != nil {
-		return GetRawSecretV3ByNameResponse{}, NewGenericRequestError(operationCallFetchSingleSecretByName, err)
+		return GetRawSecretV3ByNameResponse{}, fmt.Errorf("CallFetchSingleSecretByName: Unable to complete api request [err=%w]", err)
 	}

 	if response.IsError() {
-		return GetRawSecretV3ByNameResponse{}, NewAPIErrorWithResponse(operationCallFetchSingleSecretByName, response, nil)
+		return GetRawSecretV3ByNameResponse{}, fmt.Errorf("CallFetchSingleSecretByName: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
 	}

 	getRawSecretV3ByNameResponse.ETag = response.Header().Get(("etag"))
@ -547,11 +517,11 @@ func CallCreateRawSecretsV3(httpClient *resty.Client, request CreateRawSecretV3R
 		Post(fmt.Sprintf("%v/v3/secrets/raw/%s", config.INFISICAL_URL, request.SecretName))

 	if err != nil {
-		return NewGenericRequestError(operationCallCreateRawSecretsV3, err)
+		return fmt.Errorf("CallCreateRawSecretsV3: Unable to complete api request [err=%w]", err)
 	}

 	if response.IsError() {
-		return NewAPIErrorWithResponse(operationCallCreateRawSecretsV3, response, nil)
+		return fmt.Errorf("CallCreateRawSecretsV3: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
 	}

 	return nil
@ -565,11 +535,11 @@ func CallUpdateRawSecretsV3(httpClient *resty.Client, request UpdateRawSecretByN
 		Patch(fmt.Sprintf("%v/v3/secrets/raw/%s", config.INFISICAL_URL, request.SecretName))

 	if err != nil {
-		return NewGenericRequestError(operationCallUpdateRawSecretsV3, err)
+		return fmt.Errorf("CallUpdateRawSecretsV3: Unable to complete api request [err=%w]", err)
 	}

 	if response.IsError() {
-		return NewAPIErrorWithResponse(operationCallUpdateRawSecretsV3, response, nil)
+		return fmt.Errorf("CallUpdateRawSecretsV3: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
 	}

 	return nil
@ -584,11 +554,11 @@ func CallRegisterGatewayIdentityV1(httpClient *resty.Client) (*GetRelayCredentia
 		Post(fmt.Sprintf("%v/v1/gateways/register-identity", config.INFISICAL_URL))

 	if err != nil {
-		return nil, NewGenericRequestError(operationCallRegisterGatewayIdentityV1, err)
+		return nil, fmt.Errorf("CallRegisterGatewayIdentityV1: Unable to complete api request [err=%w]", err)
 	}

 	if response.IsError() {
-		return nil, NewAPIErrorWithResponse(operationCallRegisterGatewayIdentityV1, response, nil)
+		return nil, fmt.Errorf("CallRegisterGatewayIdentityV1: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
 	}

 	return &resBody, nil
@ -604,11 +574,11 @@ func CallExchangeRelayCertV1(httpClient *resty.Client, request ExchangeRelayCert
 		Post(fmt.Sprintf("%v/v1/gateways/exchange-cert", config.INFISICAL_URL))

 	if err != nil {
-		return nil, NewGenericRequestError(operationCallExchangeRelayCertV1, err)
+		return nil, fmt.Errorf("CallExchangeRelayCertV1: Unable to complete api request [err=%w]", err)
 	}

 	if response.IsError() {
-		return nil, NewAPIErrorWithResponse(operationCallExchangeRelayCertV1, response, nil)
+		return nil, fmt.Errorf("CallExchangeRelayCertV1: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
 	}

 	return &resBody, nil
@ -621,11 +591,11 @@ func CallGatewayHeartBeatV1(httpClient *resty.Client) error {
 		Post(fmt.Sprintf("%v/v1/gateways/heartbeat", config.INFISICAL_URL))

 	if err != nil {
-		return NewGenericRequestError(operationCallGatewayHeartBeatV1, err)
+		return fmt.Errorf("CallGatewayHeartBeatV1: Unable to complete api request [err=%w]", err)
 	}

 	if response.IsError() {
-		return NewAPIErrorWithResponse(operationCallGatewayHeartBeatV1, response, nil)
+		return fmt.Errorf("CallGatewayHeartBeatV1: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
 	}

 	return nil
@ -641,11 +611,11 @@ func CallBootstrapInstance(httpClient *resty.Client, request BootstrapInstanceRe
 		Post(fmt.Sprintf("%v/v1/admin/bootstrap", request.Domain))

 	if err != nil {
-		return nil, NewGenericRequestError(operationCallBootstrapInstance, err)
+		return nil, fmt.Errorf("CallBootstrapInstance: Unable to complete api request [err=%w]", err)
 	}

 	if response.IsError() {
-		return nil, NewAPIErrorWithResponse(operationCallBootstrapInstance, response, nil)
+		return nil, fmt.Errorf("CallBootstrapInstance: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
 	}

 	return resBody, nil
--- a/cli/packages/api/errors.go
+++ b/cli/packages/api/errors.go
@ -1,80 +0,0 @@
-package api
-
-import (
-	"fmt"
-
-	"github.com/go-resty/resty/v2"
-	"github.com/infisical/go-sdk/packages/util"
-)
-
-type GenericRequestError struct {
-	err       error
-	operation string
-}
-
-func (e *GenericRequestError) Error() string {
-	return fmt.Sprintf("%s: Unable to complete api request [err=%v]", e.operation, e.err)
-}
-
-func NewGenericRequestError(operation string, err error) *GenericRequestError {
-	return &GenericRequestError{err: err, operation: operation}
-}
-
-// APIError represents an error response from the API
-type APIError struct {
-	AdditionalContext string `json:"additionalContext,omitempty"`
-	Operation         string `json:"operation"`
-	Method            string `json:"method"`
-	URL               string `json:"url"`
-	StatusCode        int    `json:"statusCode"`
-	ErrorMessage      string `json:"message,omitempty"`
-	ReqId             string `json:"reqId,omitempty"`
-}
-
-func (e *APIError) Error() string {
-	msg := fmt.Sprintf(
-		"%s Unsuccessful response [%v %v] [status-code=%v] [request-id=%v]",
-		e.Operation,
-		e.Method,
-		e.URL,
-		e.StatusCode,
-		e.ReqId,
-	)
-
-	if e.ErrorMessage != "" {
-		msg = fmt.Sprintf("%s [message=\"%s\"]", msg, e.ErrorMessage)
-	}
-
-	if e.AdditionalContext != "" {
-		msg = fmt.Sprintf("%s [additional-context=\"%s\"]", msg, e.AdditionalContext)
-	}
-
-	return msg
-}
-
-func NewAPIErrorWithResponse(operation string, res *resty.Response, additionalContext *string) error {
-	errorMessage := util.TryParseErrorBody(res)
-	reqId := util.TryExtractReqId(res)
-
-	if res == nil {
-		return NewGenericRequestError(operation, fmt.Errorf("response is nil"))
-	}
-
-	apiError := &APIError{
-		Operation:  operation,
-		Method:     res.Request.Method,
-		URL:        res.Request.URL,
-		StatusCode: res.StatusCode(),
-		ReqId:      reqId,
-	}
-
-	if additionalContext != nil && *additionalContext != "" {
-		apiError.AdditionalContext = *additionalContext
-	}
-
-	if errorMessage != "" {
-		apiError.ErrorMessage = errorMessage
-	}
-
-	return apiError
-}
--- a/cli/packages/cmd/login.go
+++ b/cli/packages/cmd/login.go
@ -9,6 +9,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"os"
+	"runtime"
 	"slices"
 	"strings"
 	"time"
@ -20,6 +21,8 @@ import (
 	"net/url"
 	"regexp"

+	browser "github.com/pkg/browser"
+
 	"github.com/Infisical/infisical-merge/packages/api"
 	"github.com/Infisical/infisical-merge/packages/config"
 	"github.com/Infisical/infisical-merge/packages/crypto"
@ -981,7 +984,17 @@ func browserCliLogin() (models.UserCredentials, error) {
 	callbackPort := listener.Addr().(*net.TCPAddr).Port
 	url := fmt.Sprintf("%s?callback_port=%d", config.INFISICAL_LOGIN_URL, callbackPort)

-	fmt.Printf("\n\nTo complete your login, open this address in your browser: %v \n", url)
+	defaultPrintStatement := fmt.Sprintf("\n\nTo complete your login, open this address in your browser: %v \n", url)
+
+	if runtime.GOOS == "darwin" || runtime.GOOS == "windows" {
+		if err := browser.OpenURL(url); err != nil {
+			fmt.Print(defaultPrintStatement)
+		} else {
+			fmt.Printf("\n\nPlease proceed to your browser to complete the login process.\nIf the browser doesn't open automatically, please open this address in your browser: %v \n", url)
+		}
+	} else {
+		fmt.Print(defaultPrintStatement)
+	}

 	//flow channels
 	success := make(chan models.UserCredentials)
--- a/cli/test/.snapshots/test-TestUniversalAuth_SecretsGetWrongEnvironment
+++ b/cli/test/.snapshots/test-TestUniversalAuth_SecretsGetWrongEnvironment
@ -1,4 +1,4 @@
-error: CallGetRawSecretsV3 Unsuccessful response [GET https://app.infisical.com/api/v3/secrets/raw?environment=invalid-env&expandSecretReferences=true&include_imports=true&recursive=true&secretPath=%2F&workspaceId=bef697d4-849b-4a75-b284-0922f87f8ba2] [status-code=404] [request-id=<unknown-value>] [message="Environment with slug 'invalid-env' in project with ID bef697d4-849b-4a75-b284-0922f87f8ba2 not found"]
+error: CallGetRawSecretsV3: Unsuccessful response [GET https://app.infisical.com/api/v3/secrets/raw?environment=invalid-env&expandSecretReferences=true&include_imports=true&recursive=true&secretPath=%2F&workspaceId=bef697d4-849b-4a75-b284-0922f87f8ba2] [status-code=404] [response={"error":"NotFound","message":"Environment with slug 'invalid-env' in project with ID bef697d4-849b-4a75-b284-0922f87f8ba2 not found","statusCode":404}]


 If this issue continues, get support at https://infisical.com/slack
--- a/cli/test/helper.go
+++ b/cli/test/helper.go
@ -6,7 +6,6 @@ import (
 	"log"
 	"os"
 	"os/exec"
-	"regexp"
 	"strings"
 )

@ -72,11 +71,7 @@ func SetupCli() {
 }

 func FilterRequestID(input string) string {
-	requestIDPattern := regexp.MustCompile(`\[request-id=[^\]]+\]`)
-	reqIDPattern := regexp.MustCompile(`\[reqId=[^\]]+\]`)
-	input = requestIDPattern.ReplaceAllString(input, "[request-id=<unknown-value>]")
-	input = reqIDPattern.ReplaceAllString(input, "[reqId=<unknown-value>]")
-
+	// Find the JSON part of the error message
 	start := strings.Index(input, "{")
 	end := strings.LastIndex(input, "}") + 1

--- a/docs/documentation/platform/dynamic-secrets/aws-elasticache.mdx
+++ b/docs/documentation/platform/dynamic-secrets/aws-elasticache.mdx
@ -60,7 +60,7 @@ The Infisical AWS ElastiCache dynamic secret allows you to generate AWS ElastiCa
  <Step title="Click on the 'Add Dynamic Secret' button">
 	![Add Dynamic Secret Button](../../../images/platform/dynamic-secrets/add-dynamic-secret-button.png)
  </Step>
-  <Step title="Select 'AWS ElastiCache'">
+  <Step title="Select AWS ElastiCache">
 	![Dynamic Secret Modal](../../../images/platform/dynamic-secrets/dynamic-secret-modal-aws-elasti-cache.png)
  </Step>
  <Step title="Provide the inputs for dynamic secret parameters">
@ -94,21 +94,29 @@ The Infisical AWS ElastiCache dynamic secret allows you to generate AWS ElastiCa

  </Step>
  <Step title="(Optional) Modify ElastiCache Statements">
-  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the ElastiCache statement to your needs. This is useful if you want to only give access to a specific table(s).
+  ![Modify ElastiCache Statements Modal](/images/platform/dynamic-secrets/modify-elasticache-statement.png)
+   <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+       Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.

-	![Modify ElastiCache Statements Modal](/images/platform/dynamic-secrets/modify-elasticache-statement.png)
+       Allowed template variables are
+       - `{{randomUsername}}`: Random username string
+       - `{{unixTimestamp}}`: Current Unix timestamp
+	</ParamField>
+	<ParamField path="Customize ElastiCache Statement" type="string">
+  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the ElastiCache statement to your needs. This is useful if you want to only give access to a specific resource.
+	</ParamField>
  </Step>
  <Step title="Click `Submit`">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

 	<Note>
-		If this step fails, you may have to add the CA certificate. 
+		If this step fails, you may have to add the CA certificate.
 	</Note>

  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

 	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate-redis.png)
@ -123,14 +131,14 @@ The Infisical AWS ElastiCache dynamic secret allows you to generate AWS ElastiCa
 	</Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you. 
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you.

 	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
@ -141,4 +149,4 @@ To extend the life of the generated dynamic secret leases past its initial time

 <Warning>
 	Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret
-</Warning>
+</Warning>
--- a/docs/documentation/platform/dynamic-secrets/aws-iam.mdx
+++ b/docs/documentation/platform/dynamic-secrets/aws-iam.mdx
@ -40,7 +40,7 @@ Infisical needs an initial AWS IAM user with the required permissions to create
 }
 ```

-To minimize managing user access you can attach a resource in format 
+To minimize managing user access you can attach a resource in format

 > arn:aws:iam::\<account-id\>:user/\<aws-scope-path\>

@ -94,28 +94,36 @@ Replace **\<account id\>** with your AWS account id and **\<aws-scope-path\>** w
 	</ParamField>

 	<ParamField path="AWS IAM Groups" type="string">
-	The AWS IAM groups that should be assigned to the created users. Multiple values can be provided by separating them with commas	
+	The AWS IAM groups that should be assigned to the created users. Multiple values can be provided by separating them with commas
 </ParamField>
- 
+
 	<ParamField path="AWS Policy ARNs" type="string">
-	The AWS IAM managed policies that should be attached to the created users. Multiple values can be provided by separating them with commas	
+	The AWS IAM managed policies that should be attached to the created users. Multiple values can be provided by separating them with commas
 </ParamField>

 <ParamField path="AWS IAM Policy Document" type="string">
-	The AWS IAM inline policy that should be attached to the created users. Multiple values can be provided by separating them with commas	
+	The AWS IAM inline policy that should be attached to the created users. Multiple values can be provided by separating them with commas
+</ParamField>
+
+<ParamField path="Username Template" type="string" default="{{randomUsername}}">
+Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.
+
+Allowed template variables are
+- `{{randomUsername}}`: Random username string
+- `{{unixTimestamp}}`: Current Unix timestamp
 </ParamField>

 	![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-setup-modal-aws-iam.png)

  </Step>
  <Step title="Click 'Submit'">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

 	![Dynamic Secret](../../../images/platform/dynamic-secrets/dynamic-secret.png)
  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

 	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
@ -130,14 +138,14 @@ Replace **\<account id\>** with your AWS account id and **\<aws-scope-path\>** w
 	</Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you. 
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you.

 	![Provision Lease](/images/platform/dynamic-secrets/lease-values-aws-iam.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the lease details and delete the lease ahead of its expiration time.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
--- a/docs/documentation/platform/dynamic-secrets/cassandra.mdx
+++ b/docs/documentation/platform/dynamic-secrets/cassandra.mdx
@ -7,7 +7,7 @@ The Infisical Cassandra dynamic secret allows you to generate Cassandra database

 ## Prerequisite

-Infisical requires a Cassandra user in your instance with the necessary permissions. This user will facilitate the creation of new accounts as needed. 
+Infisical requires a Cassandra user in your instance with the necessary permissions. This user will facilitate the creation of new accounts as needed.
 Ensure the user possesses privileges for creating, dropping, and granting permissions to roles for it to be able to create dynamic secrets.

 <Tip>
@ -19,7 +19,7 @@ authorizer: CassandraAuthorizer
 ```
 </Tip>

-The above configuration allows user creation and granting permissions. 
+The above configuration allows user creation and granting permissions.

 ## Set up Dynamic Secrets with Cassandra

@ -69,31 +69,39 @@ The above configuration allows user creation and granting permissions.
 	<ParamField path="Keyspace" type="string">
 		 Keyspace name where you want to create dynamic secrets. This ensures that the user is limited to that keyspace.
 	</ParamField>
- 
+
 	<ParamField path="CA(SSL)" type="string">
-		A CA may be required if your cassandra requires it for incoming connections. 	
+		A CA may be required if your cassandra requires it for incoming connections.
  </ParamField>

 	![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-setup-modal-cassandra.png)

  </Step>
  <Step title="(Optional) Modify CQL Statements">
-  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the CQL statement to your needs. This is useful if you want to only give access to a specific key-space(s).
+  ![Modify CQL Statements Modal](../../../images/platform/dynamic-secrets/modify-cql-statements.png)
+  <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+       Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.

-	![Modify CQL Statements Modal](../../../images/platform/dynamic-secrets/modify-cql-statements.png)
+       Allowed template variables are
+       - `{{randomUsername}}`: Random username string
+       - `{{unixTimestamp}}`: Current Unix timestamp
+	</ParamField>
+	<ParamField path="Customize CQL Statement" type="string">
+  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the CQL statement to your needs. This is useful if you want to only give access to a specific key-space(s).
+	</ParamField>
  </Step>
  <Step title="Click 'Submit'">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

 	<Note>
-		If this step fails, you may have to add the CA certficate. 
+		If this step fails, you may have to add the CA certificate.
 	</Note>

 	![Dynamic Secret](../../../images/platform/dynamic-secrets/dynamic-secret.png)
  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

 	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
@ -108,14 +116,14 @@ The above configuration allows user creation and granting permissions.
 	</Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you. 
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you.

 	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the lease details and delete the lease ahead of its expiration time.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
--- a/docs/documentation/platform/dynamic-secrets/elastic-search.mdx
+++ b/docs/documentation/platform/dynamic-secrets/elastic-search.mdx
@ -7,13 +7,14 @@ The Infisical Elasticsearch dynamic secret allows you to generate Elasticsearch

 ## Prerequisites

-
-
 1. Create a role with at least `manage_security` and `monitor` permissions.
 2. Assign the newly created role to your API key or user that you'll use later in the dynamic secret configuration.

 <Note>
-  For testing purposes, you can also use a highly privileged role like `superuser`, that will have full control over the cluster. This is not recommended in production environments following the principle of least privilege.
+  For testing purposes, you can also use a highly privileged role like
+  `superuser`, that will have full control over the cluster. This is not
+  recommended in production environments following the principle of least
+  privilege.
 </Note>

 ## Set up Dynamic Secrets with Elasticsearch
@ -33,95 +34,115 @@ The Infisical Elasticsearch dynamic secret allows you to generate Elasticsearch
 		Name by which you want the secret to be referenced
 	</ParamField>

-	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
-	</ParamField>
+    <ParamField path="Default TTL" type="string" required>
+    	Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
+    </ParamField>

-	<ParamField path="Max TTL" type="string" required>
-		Maximum time-to-live for a generated secret.
-	</ParamField>
+    <ParamField path="Max TTL" type="string" required>
+    	Maximum time-to-live for a generated secret.
+    </ParamField>

-	<ParamField path="Host" type="string" required>
+    <ParamField path="Host" type="string" required>
    Your Elasticsearch host. This is the endpoint that your instance runs on. _(Example: https://your-cluster-ip)_
-	</ParamField>
+    </ParamField>

-	<ParamField path="Port" type="string" required>
-  The port that your Elasticsearch instance is running on. _(Example: 9200)_
-	</ParamField>
+    <ParamField path="Port" type="string" required>

-  <ParamField path="Roles" type="string[]" required>
-    The roles that the new user that is created when a lease is provisioned will be assigned to. This is a required field. This defaults to `superuser`, which is highly privileged. It is recommended to create a new role with the least privileges required for the lease.
-  </ParamField>
+The port that your Elasticsearch instance is running on. _(Example: 9200)_
+</ParamField>

-	<ParamField path="Authentication Method" type="API Key | Username/Password" required>
+<ParamField path="Roles" type="string[]" required>
+  The roles that the new user that is created when a lease is provisioned will
+  be assigned to. This is a required field. This defaults to `superuser`, which
+  is highly privileged. It is recommended to create a new role with the least
+  privileges required for the lease.
+</ParamField>
+
+    <ParamField path="Authentication Method" type="API Key | Username/Password" required>
    Select the authentication method you want to use to connect to your Elasticsearch instance.
-	</ParamField>
+    </ParamField>

-  <ParamField path="Username" type="string" required>
-    The username of the user that will be used to provision new dynamic secret leases. Only required if you selected the `Username/Password` authentication method.
-	</ParamField>
+<ParamField path="Username" type="string" required>
+  The username of the user that will be used to provision new dynamic secret
+  leases. Only required if you selected the `Username/Password` authentication
+  method.
+</ParamField>

-  <ParamField path="Password" type="string" required>
-    The password of the user that will be used to provision new dynamic secret leases. Only required if you selected the `Username/Password` authentication method.
-  </ParamField>
+<ParamField path="Password" type="string" required>
+  The password of the user that will be used to provision new dynamic secret
+  leases. Only required if you selected the `Username/Password` authentication
+  method.
+</ParamField>

-  <ParamField path="API Key ID" required>
-    The ID of the API key that will be used to provision new dynamic secret leases. Only required if you selected the `API Key` authentication method.
-  </ParamField>
+<ParamField path="API Key ID" required>
+  The ID of the API key that will be used to provision new dynamic secret
+  leases. Only required if you selected the `API Key` authentication method.
+</ParamField>

-  <ParamField path="API Key" required>
-    The API key that will be used to provision new dynamic secret leases. Only required if you selected the `API Key` authentication method.
-  </ParamField>
+<ParamField path="API Key" required>
+  The API key that will be used to provision new dynamic secret leases. Only
+  required if you selected the `API Key` authentication method.
+</ParamField>

-	<ParamField path="CA(SSL)" type="string">
-		A CA may be required if your DB requires it for incoming connections. This is often the case when connecting to a managed service.
-	</ParamField>
+    <ParamField path="CA(SSL)" type="string">
+    	A CA may be required if your DB requires it for incoming connections. This is often the case when connecting to a managed service.
+    </ParamField>
+    <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+      Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.

-  	![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-input-modal-elastic-search.png)
+      Allowed template variables are
+      - `{{randomUsername}}`: Random username string
+      - `{{unixTimestamp}}`: Current Unix timestamp
+    </ParamField>

+![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-input-modal-elastic-search.png)

  </Step>
  <Step title="Click `Submit`">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

-	<Note>
-		If this step fails, you may have to add the CA certificate. 
-	</Note>
+    <Note>
+    	If this step fails, you may have to add the CA certificate.
+    </Note>

  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

-	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate-redis.png)
-	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-lease-empty-redis.png)
+    ![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate-redis.png)
+    ![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-lease-empty-redis.png)

-	When generating these secrets, it's important to specify a Time-to-Live (TTL) duration. This will dictate  how long the credentials are valid for.
+    When generating these secrets, it's important to specify a Time-to-Live (TTL) duration. This will dictate  how long the credentials are valid for.

-	![Provision Lease](/images/platform/dynamic-secrets/provision-lease.png)
+    ![Provision Lease](/images/platform/dynamic-secrets/provision-lease.png)

-	<Tip>
-		Ensure that the TTL for the lease fall within the maximum TTL defined when configuring the dynamic secret.
-	</Tip>
+    <Tip>
+    	Ensure that the TTL for the lease fall within the maximum TTL defined when configuring the dynamic secret.
+    </Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you. 
+    Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you.
+
+    ![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)

-	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)

 ## Renew Leases
+
 To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)

 <Warning>
-	Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret
+  Lease renewals cannot exceed the maximum TTL set when configuring the dynamic
+  secret
 </Warning>
--- a/docs/documentation/platform/dynamic-secrets/ldap.mdx
+++ b/docs/documentation/platform/dynamic-secrets/ldap.mdx
@ -123,6 +123,13 @@ The Infisical LDAP dynamic secret allows you to generate user credentials on dem
            changetype: delete
            ```
        </ParamField>
+         <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+    Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.
+
+    Allowed template variables are
+    - `{{randomUsername}}`: Random username string
+    - `{{unixTimestamp}}`: Current Unix timestamp
+    </ParamField>
      </Step>

      <Step title="Click `Submit`">
--- a/docs/documentation/platform/dynamic-secrets/mongo-atlas.mdx
+++ b/docs/documentation/platform/dynamic-secrets/mongo-atlas.mdx
@ -6,11 +6,10 @@ description: "Learn how to dynamically generate Mongo Atlas Database user creden
 The Infisical Mongo Atlas dynamic secret allows you to generate Mongo Atlas Database credentials on demand based on configured role.

 ## Prerequisite
-Create a project scopped API Key with the required permission in your Mongo Atlas following the [official doc](https://www.mongodb.com/docs/atlas/configure-api-access/#grant-programmatic-access-to-a-project).

-<Info>
-				The API Key must have permission to manage users in the project.
-</Info>
+Create a project scoped API Key with the required permission in your Mongo Atlas following the [official doc](https://www.mongodb.com/docs/atlas/configure-api-access/#grant-programmatic-access-to-a-project).
+
+<Info>The API Key must have permission to manage users in the project.</Info>

 ## Set up Dynamic Secrets with Mongo Atlas

@ -29,86 +28,104 @@ Create a project scopped API Key with the required permission in your Mongo Atla
 		Name by which you want the secret to be referenced
 	</ParamField>

-	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
-	</ParamField>
+    <ParamField path="Default TTL" type="string" required>
+    	Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
+    </ParamField>

-	<ParamField path="Max TTL" type="string" required>
-		Maximum time-to-live for a generated secret
-	</ParamField>
+    <ParamField path="Max TTL" type="string" required>
+    	Maximum time-to-live for a generated secret
+    </ParamField>

-	<ParamField path="Admin public key" type="string" required>
-				The public key of your generated Atlas API Key. This acts as a username.
-	</ParamField>
+    <ParamField path="Admin public key" type="string" required>
+    			The public key of your generated Atlas API Key. This acts as a username.
+    </ParamField>

-	<ParamField path="Admin private key" type="string" required>
-				The private key of your generated Atlas API Key. This acts as a password.
-	</ParamField>
+    <ParamField path="Admin private key" type="string" required>
+    			The private key of your generated Atlas API Key. This acts as a password.
+    </ParamField>

-	<ParamField path="Group ID" type="number" required>
-				Unique 24-hexadecimal digit string that identifies your project. This is same as project id
-	</ParamField>
+    <ParamField path="Group ID" type="number" required>
+    			Unique 24-hexadecimal digit string that identifies your project. This is same as project id
+    </ParamField>

-	<ParamField path="Roles" type="string" required>
-	   List that provides the pairings of one role with one applicable database.
-		 - **Database Name**: Database to which the user is granted access privileges.
-		 - **Collection**: Collection on which this role applies.
-		 - **Role Name**: Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.
-				- Enum: `atlasAdmin` `backup` `clusterMonitor` `dbAdmin` `dbAdminAnyDatabase` `enableSharding` `read` `readAnyDatabase` `readWrite` `readWriteAnyDatabase` `<a custom role name>`.
-	</ParamField>
+    <ParamField path="Roles" type="string" required>
+       List that provides the pairings of one role with one applicable database.
+    	 - **Database Name**: Database to which the user is granted access privileges.
+    	 - **Collection**: Collection on which this role applies.
+    	 - **Role Name**: Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.
+    			- Enum: `atlasAdmin` `backup` `clusterMonitor` `dbAdmin` `dbAdminAnyDatabase` `enableSharding` `read` `readAnyDatabase` `readWrite` `readWriteAnyDatabase` `<a custom role name>`.
+    </ParamField>

-	![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-modal-atlas.png)
+    ![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-modal-atlas.png)

  </Step>
  <Step title="(Optional) Modify Access Scope">
-  	List that contains clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances that this database user can access. If omitted, MongoDB Cloud grants the database user access to all the clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances in the project.

-				![Modify Scope Modal](../../../images/platform/dynamic-secrets/advanced-option-atlas.png)
-				- **Label**: Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access.
-				- **Type**: Category of resource that this database user can access.
+![Modify Scope Modal](../../../images/platform/dynamic-secrets/advanced-option-atlas.png)
+
+   <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+       Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.
+
+       Allowed template variables are
+       - `{{randomUsername}}`: Random username string
+       - `{{unixTimestamp}}`: Current Unix timestamp
+    </ParamField>
+    <ParamField path="Customize Scope" type="string">
+
+    List that contains clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances that this database user can access. If omitted, MongoDB Cloud grants the database user access to all the clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances in the project.
+ 			- **Label**: Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access.
+ 			- **Type**: Category of resource that this database user can access.
+
+    </ParamField>
  </Step>
+
  <Step title="Click 'Submit'">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

-	<Note>
-		If this step fails, you may have to add the CA certficate. 
-	</Note>
+    <Note>
+    	If this step fails, you may have to add the CA certificate.
+    </Note>
+
+    ![Dynamic Secret](../../../images/platform/dynamic-secrets/dynamic-secret.png)

-	![Dynamic Secret](../../../images/platform/dynamic-secrets/dynamic-secret.png)
  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

-	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
-	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-lease-empty.png)
+    ![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
+    ![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-lease-empty.png)

-	When generating these secrets, it's important to specify a Time-to-Live (TTL) duration. This will dictate how long the credentials are valid for.
+    When generating these secrets, it's important to specify a Time-to-Live (TTL) duration. This will dictate how long the credentials are valid for.

-	![Provision Lease](/images/platform/dynamic-secrets/provision-lease.png)
+    ![Provision Lease](/images/platform/dynamic-secrets/provision-lease.png)

-	<Tip>
-		Ensure that the TTL for the lease fall within the maximum TTL defined when configuring the dynamic secret.
-	</Tip>
+    <Tip>
+    	Ensure that the TTL for the lease falls within the maximum TTL defined when configuring the dynamic secret.
+    </Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you. 
+    Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you.
+
+    ![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)

-	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)

 ## Renew Leases
+
 To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)

 <Warning>
-	Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret
+  Lease renewals cannot exceed the maximum TTL set when configuring the dynamic
+  secret
 </Warning>
--- a/docs/documentation/platform/dynamic-secrets/mongo-db.mdx
+++ b/docs/documentation/platform/dynamic-secrets/mongo-db.mdx
@ -62,25 +62,32 @@ Create a user with the required permission in your MongoDB instance. This user w
 		 Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.
 		 - Enum: `atlasAdmin` `backup` `clusterMonitor` `dbAdmin` `dbAdminAnyDatabase` `enableSharding` `read` `readAnyDatabase` `readWrite` `readWriteAnyDatabase` `<a custom role name>`.
 	</ParamField>
- 
+
 	<ParamField path="CA(SSL)" type="string">
 		A CA may be required if your DB requires it for incoming connections.
 	</ParamField>
+  <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+    Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.
+
+    Allowed template variables are
+    - `{{randomUsername}}`: Random username string
+    - `{{unixTimestamp}}`: Current Unix timestamp
+	</ParamField>

 	![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-mongodb.png)
 	</Step>

  <Step title="Click `Submit`">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

 	<Note>
-		If this step fails, you may have to add the CA certificate. 
+		If this step fails, you may have to add the CA certificate.
 	</Note>

  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

 	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
@ -95,14 +102,14 @@ Create a user with the required permission in your MongoDB instance. This user w
 	</Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you. 
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you.

 	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
--- a/docs/documentation/platform/dynamic-secrets/mssql.mdx
+++ b/docs/documentation/platform/dynamic-secrets/mssql.mdx
@ -62,7 +62,7 @@ Create a user with the required permission in your SQL instance. This user will
 	<ParamField path="Database Name" type="string" required>
 		Name of the database for which you want to create dynamic secrets
 	</ParamField>
- 
+
 	<ParamField path="CA(SSL)" type="string">
 		A CA may be required if your DB requires it for incoming connections. AWS RDS instances with default settings will requires a CA which can be downloaded [here](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesAllRegions).
 	</ParamField>
@ -71,22 +71,30 @@ Create a user with the required permission in your SQL instance. This user will

  </Step>
  <Step title="(Optional) Modify SQL Statements">
-  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs. This is useful if you want to only give access to a specific table(s).
+  ![Modify SQL Statements Modal](../../../images/platform/dynamic-secrets/modify-sql-statements-mssql.png)
+  <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+       Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.

-	![Modify SQL Statements Modal](../../../images/platform/dynamic-secrets/modify-sql-statements-mssql.png)
+       Allowed template variables are
+       - `{{randomUsername}}`: Random username string
+       - `{{unixTimestamp}}`: Current Unix timestamp
+	</ParamField>
+	<ParamField path="Customize SQL Statement" type="string">
+   	If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs. This is useful if you want to only give access to a specific table(s).
+	</ParamField>
  </Step>
  <Step title="Click 'Submit'">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

 	<Note>
-		If this step fails, you may have to add the CA certficate. 
+		If this step fails, you may have to add the CA certificate.
 	</Note>

 	![Dynamic Secret](../../../images/platform/dynamic-secrets/dynamic-secret.png)
  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

 	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
@ -101,14 +109,14 @@ Create a user with the required permission in your SQL instance. This user will
 	</Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you. 
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you.

 	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the expiration time of the lease or delete the lease before it's set time to live.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
--- a/docs/documentation/platform/dynamic-secrets/mysql.mdx
+++ b/docs/documentation/platform/dynamic-secrets/mysql.mdx
@ -61,29 +61,37 @@ Create a user with the required permission in your SQL instance. This user will
 	<ParamField path="Database Name" type="string" required>
 		Name of the database for which you want to create dynamic secrets
 	</ParamField>
- 
+
 	<ParamField path="CA(SSL)" type="string">
 		A CA may be required if your DB requires it for incoming connections. AWS RDS instances with default settings will requires a CA which can be downloaded [here](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesAllRegions).
 	</ParamField>

  </Step>
  <Step title="(Optional) Modify SQL Statements">
-  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs. This is useful if you want to only give access to a specific table(s).
+  ![Modify SQL Statements Modal](../../../images/platform/dynamic-secrets/modify-sql-statement-mysql.png)
+  <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+       Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.

-	![Modify SQL Statements Modal](/images/platform/dynamic-secrets/modify-sql-statement-mysql.png)
+       Allowed template variables are
+       - `{{randomUsername}}`: Random username string
+       - `{{unixTimestamp}}`: Current Unix timestamp
+	</ParamField>
+	<ParamField path="Customize SQL Statement" type="string">
+   	If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs. This is useful if you want to only give access to a specific table(s).
+	</ParamField>
  </Step>
  <Step title="Click `Submit`">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

 	<Note>
-		If this step fails, you may have to add the CA certificate. 
+		If this step fails, you may have to add the CA certificate.
 	</Note>

 	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret.png)
  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

 	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
@ -98,14 +106,14 @@ Create a user with the required permission in your SQL instance. This user will
 	</Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you. 
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you.

 	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
@ -116,4 +124,4 @@ To extend the life of the generated dynamic secret leases past its initial time

 <Warning>
 	Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret
-</Warning>
+</Warning>
--- a/docs/documentation/platform/dynamic-secrets/oracle.mdx
+++ b/docs/documentation/platform/dynamic-secrets/oracle.mdx
@ -61,7 +61,7 @@ Create a user with the required permission in your SQL instance. This user will
 	<ParamField path="Database Name" type="string" required>
 		Name of the database for which you want to create dynamic secrets
 	</ParamField>
- 
+
 	<ParamField path="CA(SSL)" type="string">
 		A CA may be required if your DB requires it for incoming connections. AWS RDS instances with default settings will requires a CA which can be downloaded [here](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesAllRegions).
 	</ParamField>
@ -70,20 +70,30 @@ Create a user with the required permission in your SQL instance. This user will

  </Step>
  <Step title="(Optional) Modify SQL Statements">
+	![Modify SQL Statements Modal](../../../images/platform/dynamic-secrets/modify-sql-statement-oracle.png)
+	<ParamField path="Username Template" type="string" default="{{randomUsername}}">
+      Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.
+
+      Allowed template variables are
+      - `{{randomUsername}}`: Random username string
+      - `{{unixTimestamp}}`: Current Unix timestamp
+	</ParamField>
+	<ParamField path="Customize SQL Statement" type="string">
  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs. This is useful if you want to only give access to a specific table(s).
+	</ParamField>
  </Step>
  <Step title="Click 'Submit'">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

 	<Note>
-		If this step fails, you may have to add the CA certficate. 
+		If this step fails, you may have to add the CA certificate.
 	</Note>

 	![Dynamic Secret](../../../images/platform/dynamic-secrets/dynamic-secret.png)
  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

 	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
@ -98,14 +108,14 @@ Create a user with the required permission in your SQL instance. This user will
 	</Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you. 
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you.

 	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
@ -116,4 +126,4 @@ To extend the life of the generated dynamic secret leases past its initial time

 <Warning>
 	Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret
-</Warning>
+</Warning>
--- a/docs/documentation/platform/dynamic-secrets/postgresql.mdx
+++ b/docs/documentation/platform/dynamic-secrets/postgresql.mdx
@ -62,7 +62,7 @@ Create a user with the required permission in your SQL instance. This user will
 	<ParamField path="Database Name" type="string" required>
 		Name of the database for which you want to create dynamic secrets
 	</ParamField>
- 
+
 	<ParamField path="CA(SSL)" type="string">
 		A CA may be required if your DB requires it for incoming connections. AWS RDS instances with default settings will requires a CA which can be downloaded [here](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesAllRegions).
 	</ParamField>
@ -71,22 +71,30 @@ Create a user with the required permission in your SQL instance. This user will

  </Step>
  <Step title="(Optional) Modify SQL Statements">
-  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs. This is useful if you want to only give access to a specific table(s).
-
 	![Modify SQL Statements Modal](../../../images/platform/dynamic-secrets/modify-sql-statements.png)
+	<ParamField path="Username Template" type="string" default="{{randomUsername}}">
+      Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.
+
+      Allowed template variables are
+      - `{{randomUsername}}`: Random username string
+      - `{{unixTimestamp}}`: Current Unix timestamp
+	</ParamField>
+	<ParamField path="Customize SQL Statement" type="string">
+  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs. This is useful if you want to only give access to a specific table(s).
+	</ParamField>
  </Step>
  <Step title="Click 'Submit'">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

 	<Note>
-		If this step fails, you may have to add the CA certficate. 
+		If this step fails, you may have to add the CA certificate.
 	</Note>

 	![Dynamic Secret](../../../images/platform/dynamic-secrets/dynamic-secret.png)
  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

 	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
@ -101,14 +109,14 @@ Create a user with the required permission in your SQL instance. This user will
 	</Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you. 
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you.

 	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the expiration time of the lease or delete the lease before it's set time to live.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
--- a/docs/documentation/platform/dynamic-secrets/rabbit-mq.mdx
+++ b/docs/documentation/platform/dynamic-secrets/rabbit-mq.mdx
@ -9,7 +9,6 @@ The Infisical RabbitMQ dynamic secret allows you to generate RabbitMQ credential

 1. Ensure that the `management` plugin is enabled on your RabbitMQ instance. This is required for the dynamic secret to work.

-
 ## Set up Dynamic Secrets with RabbitMQ

 <Steps>
@ -19,98 +18,113 @@ The Infisical RabbitMQ dynamic secret allows you to generate RabbitMQ credential
  <Step title="Click on the 'Add Dynamic Secret' button">
 	![Add Dynamic Secret Button](../../../images/platform/dynamic-secrets/add-dynamic-secret-button.png)
  </Step>
-  <Step title="Select 'RabbitMQ'">
-	![Dynamic Secret Modal](../../../images/platform/dynamic-secrets/dynamic-secret-modal-rabbit-mq.png)
+  <Step title="Select RabbitMQ">
+	![Dynamic Secret Modal](../../../images/platform/dynamic-secrets/dynamic-secret-rabbit-mq-modal.png)
  </Step>
  <Step title="Provide the inputs for dynamic secret parameters">
 	<ParamField path="Secret Name" type="string" required>
 		Name by which you want the secret to be referenced
 	</ParamField>

-	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
-	</ParamField>
+    <ParamField path="Default TTL" type="string" required>
+    	Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
+    </ParamField>

-	<ParamField path="Max TTL" type="string" required>
-		Maximum time-to-live for a generated secret.
-	</ParamField>
+    <ParamField path="Max TTL" type="string" required>
+    	Maximum time-to-live for a generated secret.
+    </ParamField>

-	<ParamField path="Host" type="string" required>
+    <ParamField path="Host" type="string" required>
    Your RabbitMQ host. This must be in HTTP format. _(Example: http://your-cluster-ip)_
-	</ParamField>
+    </ParamField>

-	<ParamField path="Port" type="string" required>
-  The port that the RabbitMQ management plugin is listening on. This is `15672` by default.
-	</ParamField>
+    <ParamField path="Port" type="string" required>

-  <ParamField path="Virtual host name" type="string" required>
-    The name of the virtual host that the user will be assigned to. This defaults to `/`.
-  </ParamField>
+The port that the RabbitMQ management plugin is listening on. This is `15672` by default.
+</ParamField>
+
+<ParamField path="Virtual host name" type="string" required>
+  The name of the virtual host that the user will be assigned to. This defaults
+  to `/`.
+</ParamField>

 <ParamField path="Virtual host permissions (Read/Write/Configure)" type="string" required>
    The permissions that the user will have on the virtual host. This defaults to `.*`.

    The three permission fields all take a regular expression _(regex)_, that should match resource names for which the user is granted read / write / configuration permissions
+
  </ParamField>

+<ParamField path="Username" type="string" required>
+  The username of the user that will be used to provision new dynamic secret
+  leases.
+</ParamField>

-  <ParamField path="Username" type="string" required>
-    The username of the user that will be used to provision new dynamic secret leases.
-	</ParamField>
+<ParamField path="Password" type="string" required>
+  The password of the user that will be used to provision new dynamic secret
+  leases.
+</ParamField>

-  <ParamField path="Password" type="string" required>
-    The password of the user that will be used to provision new dynamic secret leases.
-  </ParamField>
+<ParamField path="Username Template" type="string" default="{{randomUsername}}">
+Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.

-	<ParamField path="CA(SSL)" type="string">
-		A CA may be required if your DB requires it for incoming connections. This is often the case when connecting to a managed service.
-	</ParamField>
+Allowed template variables are
+- `{{randomUsername}}`: Random username string
+- `{{unixTimestamp}}`: Current Unix timestamp
+</ParamField>

-  	![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-input-modal-rabbit-mq.png)
+<ParamField path="CA(SSL)" type="string">
+   	A CA may be required if your DB requires it for incoming connections. This is often the case when connecting to a managed service.
+</ParamField>

+![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-input-modal-rabbit-mq.png)

  </Step>
  <Step title="Click `Submit`">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

-	<Note>
-		If this step fails, you may have to add the CA certificate. 
-	</Note>
+    <Note>
+    	If this step fails, you may have to add the CA certificate.
+    </Note>

  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

-	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate-redis.png)
-	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-lease-empty-redis.png)
+    ![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate-redis.png)
+    ![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-lease-empty-redis.png)

-	When generating these secrets, it's important to specify a Time-to-Live (TTL) duration. This will dictate  how long the credentials are valid for.
+    When generating these secrets, it's important to specify a Time-to-Live (TTL) duration. This will dictate  how long the credentials are valid for.

-	![Provision Lease](/images/platform/dynamic-secrets/provision-lease.png)
+    ![Provision Lease](/images/platform/dynamic-secrets/provision-lease.png)

-	<Tip>
-		Ensure that the TTL for the lease fall within the maximum TTL defined when configuring the dynamic secret.
-	</Tip>
+    <Tip>
+    	Ensure that the TTL for the lease fall within the maximum TTL defined when configuring the dynamic secret.
+    </Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you. 
+    Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you.
+
+    ![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)

-	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)

 ## Renew Leases
+
 To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)

 <Warning>
-	Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret
+  Lease renewals cannot exceed the maximum TTL set when configuring the dynamic
+  secret
 </Warning>
--- a/docs/documentation/platform/dynamic-secrets/redis.mdx
+++ b/docs/documentation/platform/dynamic-secrets/redis.mdx
@ -56,21 +56,29 @@ Create a user with the required permission in your Redis instance. This user wil

  </Step>
  <Step title="(Optional) Modify Redis Statements">
-  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the Redis statement to your needs. This is useful if you want to only give access to a specific table(s).
+  ![Modify Redis Statements Modal](/images/platform/dynamic-secrets/modify-redis-statement.png)
+   <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+       Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.

-	![Modify Redis Statements Modal](/images/platform/dynamic-secrets/modify-redis-statement.png)
+       Allowed template variables are
+       - `{{randomUsername}}`: Random username string
+       - `{{unixTimestamp}}`: Current Unix timestamp
+	</ParamField>
+	<ParamField path="Customize Redis Statement" type="string">
+  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the Redis statement to your needs. This is useful if you want to only give access to a specific table(s).
+	</ParamField>
  </Step>
  <Step title="Click `Submit`">
-  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+  	After submitting the form, you will see a dynamic secret created in the dashboard.

 	<Note>
-		If this step fails, you may have to add the CA certificate. 
+		If this step fails, you may have to add the CA certificate.
 	</Note>

  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

 	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate-redis.png)
@ -85,14 +93,14 @@ Create a user with the required permission in your Redis instance. This user wil
 	</Tip>


-	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you. 
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you.

 	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
  </Step>
 </Steps>

 ## Audit or Revoke Leases
-Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
 This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.

 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
@ -103,4 +111,4 @@ To extend the life of the generated dynamic secret leases past its initial time

 <Warning>
 	Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret
-</Warning>
+</Warning>
--- a/docs/documentation/platform/dynamic-secrets/sap-ase.mdx
+++ b/docs/documentation/platform/dynamic-secrets/sap-ase.mdx
@ -62,21 +62,30 @@ The Infisical SAP ASE dynamic secret allows you to generate SAP ASE database cre
    ![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/sap-ase/dynamic-secret-sap-ase-setup-modal.png)

  </Step>
-  <Step title="(Optional) Modify SQL Statements">
-  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs.
+  <Step title="(Optional) Modify SAP SQL Statements">
    ![Modify SQL Statements Modal](../../../images/platform/dynamic-secrets/sap-ase/dynamic-secret-sap-ase-statements.png)
+    <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+        Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.

-    <Warning>
-      Due to SAP ASE limitations, the attached SQL statements are not executed as a transaction.
-    </Warning>
+        Allowed template variables are
+        - `{{randomUsername}}`: Random username string
+        - `{{unixTimestamp}}`: Current Unix timestamp
+    </ParamField>
+    <ParamField path="Customize Statement" type="string">
+
+If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs.
+<Warning>
+Due to SAP ASE limitations, the attached SQL statements are not executed as a transaction.
+</Warning>
+</ParamField>

  </Step>
  <Step title="Click 'Submit'">
  	After submitting the form, you will see a dynamic secret created in the dashboard.
  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

    ![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
--- a/docs/documentation/platform/dynamic-secrets/sap-hana.mdx
+++ b/docs/documentation/platform/dynamic-secrets/sap-hana.mdx
@ -62,14 +62,25 @@ The Infisical SAP HANA dynamic secret allows you to generate SAP HANA database c
    ![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-setup-modal-sap-hana.png)

  </Step>
-  <Step title="(Optional) Modify SQL Statements">
-  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs.
-    ![Modify SQL Statements Modal](../../../images/platform/dynamic-secrets/modify-sap-hana-sql-statements.png)
+  <Step title="(Optional) Modify SAP SQL Statements">
+  ![Modify SQL Statements Modal](../../../images/platform/dynamic-secrets/modify-sap-hana-sql-statements.png)
+    <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+        Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.
+
+        Allowed template variables are
+        - `{{randomUsername}}`: Random username string
+        - `{{unixTimestamp}}`: Current Unix timestamp
+    </ParamField>
+    <ParamField path="Customize Statement" type="string">
+
+    If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs.

    <Warning>
      Due to SAP HANA limitations, the attached SQL statements are not executed as a transaction.
    </Warning>

+</ParamField>
+
  </Step>
  <Step title="Click 'Submit'">
  	After submitting the form, you will see a dynamic secret created in the dashboard.
@ -80,8 +91,8 @@ The Infisical SAP HANA dynamic secret allows you to generate SAP HANA database c

  </Step>
  <Step title="Generate dynamic secrets">
-	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
-	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials.
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item.
 	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.

    ![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
--- a/docs/documentation/platform/dynamic-secrets/snowflake.mdx
+++ b/docs/documentation/platform/dynamic-secrets/snowflake.mdx
@ -8,22 +8,27 @@ Infisical's Snowflake dynamic secrets allow you to generate Snowflake user crede
 ## Snowflake Prerequisites

 <Note>
-    Infisical requires a Snowflake user in your account with the USERADMIN role. This user will act as a service account for Infisical and facilitate the creation of new users as needed.
+  Infisical requires a Snowflake user in your account with the USERADMIN role.
+  This user will act as a service account for Infisical and facilitate the
+  creation of new users as needed.
 </Note>

 <Steps>
-    <Step title="Navigate to Snowflake's User Dashboard and press the '+ User' button">
-        ![Snowflake User Dashboard](/images/platform/dynamic-secrets/snowflake/dynamic-secret-snowflake-users-page.png)
-    </Step>
-    <Step title="Create a Snowflake user with the USERADMIN role for Infisical">
-        <Warning>
-                Be sure to uncheck "Force user to change password on first time login"
-        </Warning>
-        ![Snowflake Create Service User](/images/platform/dynamic-secrets/snowflake/dynamic-secret-snowflake-create-service-user.png)
-    </Step>
-    <Step title="Click on the Account Menu in the bottom left and take note of your Account and Organization identifiers">
-        ![Snowflake Account And Organization Identifiers](/images/platform/dynamic-secrets/snowflake/dynamic-secret-snowflake-identifiers.png)
-    </Step>
+  <Step title="Navigate to Snowflake's User Dashboard and press the '+ User' button">
+    ![Snowflake User
+    Dashboard](/images/platform/dynamic-secrets/snowflake/dynamic-secret-snowflake-users-page.png)
+  </Step>
+  <Step title="Create a Snowflake user with the USERADMIN role for Infisical">
+    <Warning>
+      Be sure to uncheck "Force user to change password on first time login"
+    </Warning>
+    ![Snowflake Create Service
+    User](/images/platform/dynamic-secrets/snowflake/dynamic-secret-snowflake-create-service-user.png)
+  </Step>
+  <Step title="Click on the Account Menu in the bottom left and take note of your Account and Organization identifiers">
+    ![Snowflake Account And Organization
+    Identifiers](/images/platform/dynamic-secrets/snowflake/dynamic-secret-snowflake-identifiers.png)
+  </Step>
 </Steps>

 ## Set up Dynamic Secrets with Snowflake
@ -71,10 +76,23 @@ Infisical's Snowflake dynamic secrets allow you to generate Snowflake user crede

    </Step>
    <Step title="(Optional) Modify SQL Statements">
-        If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL
-        statement to your needs.
        ![Modify SQL Statements Modal](/images/platform/dynamic-secrets/snowflake/dynamic-secret-snowflake-sql-statements.png)
-    </Step>
+    <ParamField path="Username Template" type="string" default="{{randomUsername}}">
+        Specifies a template for generating usernames. This field allows customization of how usernames are automatically created.
+
+        Allowed template variables are
+        - `{{randomUsername}}`: Random username string
+        - `{{unixTimestamp}}`: Current Unix timestamp
+    </ParamField>
+    <ParamField path="Customize Statement" type="string">
+
+    If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL
+        statement to your needs.
+
+</ParamField>
+
+  </Step>
+
    <Step title="Click 'Submit'">
        After submitting the form, you will see a dynamic secret created in the dashboard.
    </Step>
@ -104,6 +122,7 @@ Infisical's Snowflake dynamic secrets allow you to generate Snowflake user crede
        ![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)

    </Step>
+
 </Steps>

 ## Audit or Revoke Leases
@ -119,6 +138,6 @@ To extend the life of the generated dynamic secret lease past its initial time t
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)

 <Warning>
-    Lease renewals cannot exceed the maximum TTL set when configuring the dynamic
-    secret.
+  Lease renewals cannot exceed the maximum TTL set when configuring the dynamic
+  secret.
 </Warning>
--- a/docs/images/platform/dynamic-secrets/advanced-option-atlas.png
+++ b/docs/images/platform/dynamic-secrets/advanced-option-atlas.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-input-modal-elastic-search.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-input-modal-elastic-search.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-mongodb.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-mongodb.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-setup-modal-aws-iam.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-setup-modal-aws-iam.png
--- a/docs/images/platform/dynamic-secrets/modify-cql-statements.png
+++ b/docs/images/platform/dynamic-secrets/modify-cql-statements.png
--- a/docs/images/platform/dynamic-secrets/modify-elasticache-statement.png
+++ b/docs/images/platform/dynamic-secrets/modify-elasticache-statement.png
--- a/docs/images/platform/dynamic-secrets/modify-redis-statement.png
+++ b/docs/images/platform/dynamic-secrets/modify-redis-statement.png
--- a/docs/images/platform/dynamic-secrets/modify-sap-hana-sql-statements.png
+++ b/docs/images/platform/dynamic-secrets/modify-sap-hana-sql-statements.png
--- a/docs/images/platform/dynamic-secrets/modify-sql-statement-mysql.png
+++ b/docs/images/platform/dynamic-secrets/modify-sql-statement-mysql.png
--- a/docs/images/platform/dynamic-secrets/modify-sql-statement-oracle.png
+++ b/docs/images/platform/dynamic-secrets/modify-sql-statement-oracle.png
--- a/docs/images/platform/dynamic-secrets/modify-sql-statements-mssql.png
+++ b/docs/images/platform/dynamic-secrets/modify-sql-statements-mssql.png
--- a/docs/images/platform/dynamic-secrets/modify-sql-statements.png
+++ b/docs/images/platform/dynamic-secrets/modify-sql-statements.png
--- a/docs/images/platform/dynamic-secrets/sap-ase/dynamic-secret-sap-ase-statements.png
+++ b/docs/images/platform/dynamic-secrets/sap-ase/dynamic-secret-sap-ase-statements.png
--- a/docs/images/platform/dynamic-secrets/snowflake/dynamic-secret-snowflake-sql-statements.png
+++ b/docs/images/platform/dynamic-secrets/snowflake/dynamic-secret-snowflake-sql-statements.png
--- a/frontend/src/hooks/api/admin/index.ts
+++ b/frontend/src/hooks/api/admin/index.ts
@ -1,16 +1,2 @@
-export {
-  useAdminDeleteUser,
-  useAdminGrantServerAdminAccess,
-  useAdminRemoveIdentitySuperAdminAccess,
-  useCreateAdminUser,
-  useInvalidateCache,
-  useRemoveUserServerAdminAccess,
-  useUpdateServerConfig,
-  useUpdateServerEncryptionStrategy
-} from "./mutation";
-export {
-  useAdminGetUsers,
-  useGetAdminIntegrationsConfig,
-  useGetServerConfig,
-  useGetServerRootKmsEncryptionDetails
-} from "./queries";
+export * from "./mutation";
+export * from "./queries";
--- a/frontend/src/hooks/api/admin/mutation.ts
+++ b/frontend/src/hooks/api/admin/mutation.ts
@ -63,6 +63,41 @@ export const useAdminDeleteUser = () => {
      queryClient.invalidateQueries({
        queryKey: [adminStandaloneKeys.getUsers]
      });
+      queryClient.invalidateQueries({ queryKey: adminStandaloneKeys.getOrganizations });
+    }
+  });
+};
+
+export const useAdminDeleteOrganizationMembership = () => {
+  const queryClient = useQueryClient();
+  return useMutation<object, object, { organizationId: string; membershipId: string }>({
+    mutationFn: async ({ organizationId, membershipId }) => {
+      await apiRequest.delete(
+        `/api/v1/admin/organization-management/organizations/${organizationId}/memberships/${membershipId}`
+      );
+
+      return {};
+    },
+    onSuccess: () => {
+      queryClient.invalidateQueries({
+        queryKey: [adminStandaloneKeys.getOrganizations]
+      });
+    }
+  });
+};
+
+export const useAdminDeleteOrganization = () => {
+  const queryClient = useQueryClient();
+  return useMutation({
+    mutationFn: async (organizationId: string) => {
+      await apiRequest.delete(
+        `/api/v1/admin/organization-management/organizations/${organizationId}`
+      );
+    },
+    onSuccess: () => {
+      queryClient.invalidateQueries({
+        queryKey: [adminStandaloneKeys.getOrganizations]
+      });
    }
  });
 };
--- a/frontend/src/hooks/api/admin/queries.ts
+++ b/frontend/src/hooks/api/admin/queries.ts
@ -6,8 +6,10 @@ import { Identity } from "@app/hooks/api/identities/types";
 import { User } from "../types";
 import {
  AdminGetIdentitiesFilters,
+  AdminGetOrganizationsFilters,
  AdminGetUsersFilters,
  AdminIntegrationsConfig,
+  OrganizationWithProjects,
  TGetInvalidatingCacheStatus,
  TGetServerRootKmsEncryptionDetails,
  TServerConfig
@ -15,12 +17,15 @@ import {

 export const adminStandaloneKeys = {
  getUsers: "get-users",
+  getOrganizations: "get-organizations",
  getIdentities: "get-identities"
 };

 export const adminQueryKeys = {
  serverConfig: () => ["server-config"] as const,
  getUsers: (filters: AdminGetUsersFilters) => [adminStandaloneKeys.getUsers, { filters }] as const,
+  getOrganizations: (filters: AdminGetOrganizationsFilters) =>
+    [adminStandaloneKeys.getOrganizations, { filters }] as const,
  getIdentities: (filters: AdminGetIdentitiesFilters) =>
    [adminStandaloneKeys.getIdentities, { filters }] as const,
  getAdminSlackConfig: () => ["admin-slack-config"] as const,
@ -34,6 +39,28 @@ export const fetchServerConfig = async () => {
  return data.config;
 };

+export const useAdminGetOrganizations = (filters: AdminGetOrganizationsFilters) => {
+  return useInfiniteQuery({
+    initialPageParam: 0,
+    queryKey: adminQueryKeys.getOrganizations(filters),
+    queryFn: async ({ pageParam }) => {
+      const { data } = await apiRequest.get<{ organizations: OrganizationWithProjects[] }>(
+        "/api/v1/admin/organization-management/organizations",
+        {
+          params: {
+            ...filters,
+            offset: pageParam
+          }
+        }
+      );
+
+      return data.organizations;
+    },
+    getNextPageParam: (lastPage, pages) =>
+      lastPage.length !== 0 ? pages.length * filters.limit : undefined
+  });
+};
+
 export const useGetServerConfig = ({
  options = {}
 }: {
--- a/frontend/src/hooks/api/admin/types.ts
+++ b/frontend/src/hooks/api/admin/types.ts
@ -1,3 +1,5 @@
+import { Organization } from "../types";
+
 export enum LoginMethod {
  EMAIL = "email",
  GOOGLE = "google",
@ -8,6 +10,27 @@ export enum LoginMethod {
  OIDC = "oidc"
 }

+export type OrganizationWithProjects = Organization & {
+  members: {
+    user: {
+      id: string;
+      email: string | null;
+      username: string;
+      firstName: string | null;
+      lastName: string | null;
+    };
+    membershipId: string;
+    role: string;
+    roleId: string | null;
+  }[];
+  projects: {
+    name: string;
+    id: string;
+    slug: string;
+    createdAt: string;
+  }[];
+};
+
 export type TServerConfig = {
  initialized: boolean;
  allowSignUp: boolean;
@ -51,6 +74,11 @@ export type TCreateAdminUserDTO = {
  salt: string;
 };

+export type AdminGetOrganizationsFilters = {
+  limit: number;
+  searchTerm: string;
+};
+
 export type AdminGetUsersFilters = {
  limit: number;
  searchTerm: string;
--- a/frontend/src/hooks/api/dynamicSecret/types.ts
+++ b/frontend/src/hooks/api/dynamicSecret/types.ts
@ -13,6 +13,7 @@ export type TDynamicSecret = {
  status?: DynamicSecretStatus;
  statusDetails?: string;
  maxTTL: string;
+  usernameTemplate?: string | null;
  metadata?: { key: string; value: string }[];
 };

@ -287,6 +288,7 @@ export type TCreateDynamicSecretDTO = {
  environmentSlug: string;
  name: string;
  metadata?: { key: string; value: string }[];
+  usernameTemplate?: string;
 };

 export type TUpdateDynamicSecretDTO = {
@ -300,6 +302,7 @@ export type TUpdateDynamicSecretDTO = {
    defaultTTL?: string;
    maxTTL?: string | null;
    inputs?: unknown;
+    usernameTemplate?: string | null;
  };
 };

--- a/frontend/src/layouts/AdminLayout/AdminLayout.tsx
+++ b/frontend/src/layouts/AdminLayout/AdminLayout.tsx
@ -1,27 +1,23 @@
 import { useTranslation } from "react-i18next";
-import { faArrowLeft, faInfo, faMobile, faQuestion } from "@fortawesome/free-solid-svg-icons";
+import { faMobile } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
-import { Link, Outlet } from "@tanstack/react-router";
+import { Outlet, useRouterState } from "@tanstack/react-router";

-import { WishForm } from "@app/components/features/WishForm";
 import { Banner } from "@app/components/page-frames/Banner";
-import {
-  DropdownMenu,
-  DropdownMenuContent,
-  DropdownMenuItem,
-  DropdownMenuTrigger
-} from "@app/components/v2";
-import { envConfig } from "@app/config/env";
+import { BreadcrumbContainer, TBreadcrumbFormat } from "@app/components/v2";
 import { useServerConfig } from "@app/context";
-import { ProjectType } from "@app/hooks/api/workspace/types";

 import { InsecureConnectionBanner } from "../OrganizationLayout/components/InsecureConnectionBanner";
-import { INFISICAL_SUPPORT_OPTIONS } from "../OrganizationLayout/components/MinimizedOrgSidebar/MinimizedOrgSidebar";
+import { AdminSidebar } from "./Sidebar";

 export const AdminLayout = () => {
  const { t } = useTranslation();
  const { config } = useServerConfig();

+  const matches = useRouterState({ select: (s) => s.matches.at(-1)?.context });
+
+  const breadcrumbs = matches && "breadcrumbs" in matches ? matches.breadcrumbs : undefined;
+
  const containerHeight = config.pageFrameContent ? "h-[94vh]" : "h-screen";

  return (
@ -30,54 +26,11 @@ export const AdminLayout = () => {
      <div className={`dark hidden ${containerHeight} w-full flex-col overflow-x-hidden md:flex`}>
        {!window.isSecureContext && <InsecureConnectionBanner />}
        <div className="flex flex-grow flex-col overflow-y-hidden md:flex-row">
-          <aside className="dark w-full border-r border-mineshaft-600 bg-gradient-to-tr from-mineshaft-700 via-mineshaft-800 to-mineshaft-900 md:w-60">
-            <nav className="items-between flex h-full flex-col justify-between overflow-y-auto dark:[color-scheme:dark]">
-              <div className="flex-grow">
-                <Link to={`/organization/${ProjectType.SecretManager}/overview` as const}>
-                  <div className="my-6 flex cursor-default items-center justify-center pr-2 text-sm text-mineshaft-300 hover:text-mineshaft-100">
-                    <FontAwesomeIcon icon={faArrowLeft} className="pr-3" />
-                    Back to organization
-                  </div>
-                </Link>
-              </div>
-              <div className="relative mt-10 flex w-full cursor-default flex-col items-center px-3 text-sm text-mineshaft-400">
-                {(window.location.origin.includes("https://app.infisical.com") ||
-                  window.location.origin.includes("https://gamma.infisical.com")) && <WishForm />}
-                <DropdownMenu>
-                  <DropdownMenuTrigger asChild>
-                    <div className="mb-2 w-full pl-5 duration-200 hover:text-mineshaft-200">
-                      <FontAwesomeIcon icon={faQuestion} className="mr-3 px-[0.1rem]" />
-                      Help & Support
-                    </div>
-                  </DropdownMenuTrigger>
-                  <DropdownMenuContent align="start" className="p-1">
-                    {INFISICAL_SUPPORT_OPTIONS.map(([icon, text, url]) => (
-                      <DropdownMenuItem key={url as string}>
-                        <a
-                          target="_blank"
-                          rel="noopener noreferrer"
-                          href={String(url)}
-                          className="flex w-full items-center rounded-md font-normal text-mineshaft-300 duration-200"
-                        >
-                          <div className="relative flex w-full cursor-pointer select-none items-center justify-start rounded-md">
-                            {icon}
-                            <div className="text-sm">{text}</div>
-                          </div>
-                        </a>
-                      </DropdownMenuItem>
-                    ))}
-                    {envConfig.PLATFORM_VERSION && (
-                      <div className="mb-2 mt-2 w-full cursor-default pl-5 text-sm duration-200 hover:text-mineshaft-200">
-                        <FontAwesomeIcon icon={faInfo} className="mr-4 px-[0.1rem]" />
-                        Version: {envConfig.PLATFORM_VERSION}
-                      </div>
-                    )}
-                  </DropdownMenuContent>
-                </DropdownMenu>
-              </div>
-            </nav>
-          </aside>
-          <main className="flex-1 overflow-y-auto overflow-x-hidden bg-bunker-800 dark:[color-scheme:dark]">
+          <AdminSidebar />
+          <main className="flex-1 overflow-y-auto overflow-x-hidden bg-bunker-800 px-4 pb-4 dark:[color-scheme:dark]">
+            {breadcrumbs ? (
+              <BreadcrumbContainer breadcrumbs={breadcrumbs as TBreadcrumbFormat[]} />
+            ) : null}
            <Outlet />
          </main>
        </div>
--- a/frontend/src/layouts/AdminLayout/Sidebar.tsx
+++ b/frontend/src/layouts/AdminLayout/Sidebar.tsx
@ -0,0 +1,141 @@
+import { faArrowLeft, faInfo, faQuestion } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { Link, useMatchRoute } from "@tanstack/react-router";
+
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+  Menu,
+  MenuGroup,
+  MenuItem
+} from "@app/components/v2";
+import { envConfig } from "@app/config/env";
+import { ProjectType } from "@app/hooks/api/workspace/types";
+
+import { INFISICAL_SUPPORT_OPTIONS } from "../OrganizationLayout/components/MinimizedOrgSidebar/MinimizedOrgSidebar";
+
+const generalTabs = [
+  {
+    label: "General",
+    icon: "settings-cog",
+    link: "/admin/"
+  },
+  {
+    label: "Encryption",
+    icon: "lock-closed",
+    link: "/admin/encryption"
+  },
+  {
+    label: "Authentication",
+    icon: "check",
+    link: "/admin/authentication"
+  },
+  {
+    label: "Integrations",
+    icon: "sliding-carousel",
+    link: "/admin/integrations"
+  },
+  {
+    label: "Caching",
+    icon: "note",
+    link: "/admin/caching"
+  }
+];
+
+const resourceTabs = [
+  {
+    label: "Organizations",
+    icon: "groups",
+    link: "/admin/resources/organizations"
+  },
+  {
+    label: "User Identities",
+    icon: "user",
+    link: "/admin/resources/user-identities"
+  },
+  {
+    label: "Machine Identities",
+    icon: "key-user",
+    link: "/admin/resources/machine-identities"
+  }
+];
+
+export const AdminSidebar = () => {
+  const matchRoute = useMatchRoute();
+
+  return (
+    <aside className="dark w-full border-r border-mineshaft-600 bg-gradient-to-tr from-mineshaft-700 via-mineshaft-800 to-mineshaft-900 md:w-60">
+      <nav className="items-between flex h-full flex-col justify-between overflow-y-auto dark:[color-scheme:dark]">
+        <div className="flex-grow">
+          <Link to={`/organization/${ProjectType.SecretManager}/overview` as const}>
+            <div className="my-6 flex cursor-default items-center justify-center pr-2 text-sm text-mineshaft-300 hover:text-mineshaft-100">
+              <FontAwesomeIcon icon={faArrowLeft} className="pr-3" />
+              Back to organization
+            </div>
+          </Link>
+          <Menu>
+            <MenuGroup title="General">
+              {generalTabs.map((tab) => {
+                const isActive = matchRoute({ to: tab.link, fuzzy: false });
+                return (
+                  <Link key={tab.link} to={tab.link}>
+                    <MenuItem isSelected={Boolean(isActive)} icon={tab.icon}>
+                      {tab.label}
+                    </MenuItem>
+                  </Link>
+                );
+              })}
+            </MenuGroup>
+            <MenuGroup title="Resources">
+              {resourceTabs.map((tab) => {
+                const isActive = matchRoute({ to: tab.link, fuzzy: false });
+                return (
+                  <Link key={tab.link} to={tab.link}>
+                    <MenuItem isSelected={Boolean(isActive)} icon={tab.icon}>
+                      {tab.label}
+                    </MenuItem>
+                  </Link>
+                );
+              })}
+            </MenuGroup>
+          </Menu>
+        </div>
+        <div className="relative mb-4 mt-10 flex w-full cursor-default flex-col items-center px-3 text-sm text-mineshaft-400">
+          <DropdownMenu>
+            <DropdownMenuTrigger asChild>
+              <div className="mb-2 w-full pl-5 duration-200 hover:text-mineshaft-200">
+                <FontAwesomeIcon icon={faQuestion} className="mr-3 px-[0.1rem]" />
+                Help & Support
+              </div>
+            </DropdownMenuTrigger>
+            <DropdownMenuContent align="start" className="p-1">
+              {INFISICAL_SUPPORT_OPTIONS.map(([icon, text, url]) => (
+                <DropdownMenuItem key={url as string}>
+                  <a
+                    target="_blank"
+                    rel="noopener noreferrer"
+                    href={String(url)}
+                    className="flex w-full items-center rounded-md font-normal text-mineshaft-300 duration-200"
+                  >
+                    <div className="relative flex w-full cursor-pointer select-none items-center justify-start rounded-md">
+                      {icon}
+                      <div className="text-sm">{text}</div>
+                    </div>
+                  </a>
+                </DropdownMenuItem>
+              ))}
+              {envConfig.PLATFORM_VERSION && (
+                <div className="mb-2 mt-2 w-full cursor-default pl-5 text-sm duration-200 hover:text-mineshaft-200">
+                  <FontAwesomeIcon icon={faInfo} className="mr-4 px-[0.1rem]" />
+                  Version: {envConfig.PLATFORM_VERSION}
+                </div>
+              )}
+            </DropdownMenuContent>
+          </DropdownMenu>
+        </div>
+      </nav>
+    </aside>
+  );
+};
--- a/frontend/src/pages/admin/AuthenticationPage/AuthenticationPage.tsx
+++ b/frontend/src/pages/admin/AuthenticationPage/AuthenticationPage.tsx
@ -0,0 +1,27 @@
+import { Helmet } from "react-helmet";
+import { useTranslation } from "react-i18next";
+
+import { PageHeader } from "@app/components/v2";
+
+import { AuthenticationPageForm } from "./components";
+
+export const AuthenticationPage = () => {
+  const { t } = useTranslation();
+
+  return (
+    <div className="h-full bg-bunker-800">
+      <Helmet>
+        <title>{t("common.head-title", { title: "Admin" })}</title>
+      </Helmet>
+      <div className="container mx-auto flex flex-col justify-between bg-bunker-800 text-white">
+        <div className="mx-auto mb-6 w-full max-w-7xl">
+          <PageHeader
+            title="Authentication"
+            description="Manage authentication settings for your Infisical instance."
+          />
+          <AuthenticationPageForm />
+        </div>
+      </div>
+    </div>
+  );
+};
--- a/frontend/src/pages/admin/AuthenticationPage/components/AuthenticationPageForm.tsx
+++ b/frontend/src/pages/admin/AuthenticationPage/components/AuthenticationPageForm.tsx
@ -20,7 +20,7 @@ const formSchema = z.object({

 type TAuthForm = z.infer<typeof formSchema>;

-export const AuthPanel = () => {
+export const AuthenticationPageForm = () => {
  const { config } = useServerConfig();
  const { enabledLoginMethods } = config;
  const { mutateAsync: updateServerConfig } = useUpdateServerConfig();
--- a/frontend/src/pages/admin/AuthenticationPage/components/index.ts
+++ b/frontend/src/pages/admin/AuthenticationPage/components/index.ts
@ -0,0 +1 @@
+export { AuthenticationPageForm } from "./AuthenticationPageForm";
--- a/frontend/src/pages/admin/AuthenticationPage/route.tsx
+++ b/frontend/src/pages/admin/AuthenticationPage/route.tsx
@ -0,0 +1,25 @@
+import { createFileRoute, linkOptions } from "@tanstack/react-router";
+
+import { AuthenticationPage } from "./AuthenticationPage";
+
+export const Route = createFileRoute(
+  "/_authenticate/_inject-org-details/admin/_admin-layout/authentication"
+)({
+  component: AuthenticationPage,
+  beforeLoad: async () => {
+    return {
+      breadcrumbs: [
+        {
+          label: "Admin",
+          link: linkOptions({ to: "/admin" })
+        },
+        {
+          label: "Authentication",
+          link: linkOptions({
+            to: "/admin/authentication"
+          })
+        }
+      ]
+    };
+  }
+});
--- a/frontend/src/pages/admin/CachingPage/CachingPage.tsx
+++ b/frontend/src/pages/admin/CachingPage/CachingPage.tsx
@ -0,0 +1,24 @@
+import { Helmet } from "react-helmet";
+import { useTranslation } from "react-i18next";
+
+import { PageHeader } from "@app/components/v2";
+
+import { CachingPageForm } from "./components";
+
+export const CachingPage = () => {
+  const { t } = useTranslation();
+
+  return (
+    <div className="h-full bg-bunker-800">
+      <Helmet>
+        <title>{t("common.head-title", { title: "Admin" })}</title>
+      </Helmet>
+      <div className="container mx-auto flex flex-col justify-between bg-bunker-800 text-white">
+        <div className="mx-auto mb-6 w-full max-w-7xl">
+          <PageHeader title="Caching" description="Manage caching for your Infisical instance." />
+          <CachingPageForm />
+        </div>
+      </div>
+    </div>
+  );
+};
--- a/frontend/src/pages/admin/CachingPage/components/CachingPageForm.tsx
+++ b/frontend/src/pages/admin/CachingPage/components/CachingPageForm.tsx
@ -10,7 +10,7 @@ import { useInvalidateCache } from "@app/hooks/api";
 import { useGetInvalidatingCacheStatus } from "@app/hooks/api/admin/queries";
 import { CacheType } from "@app/hooks/api/admin/types";

-export const CachingPanel = () => {
+export const CachingPageForm = () => {
  const { mutateAsync: invalidateCache } = useInvalidateCache();
  const { user } = useUser();

--- a/frontend/src/pages/admin/CachingPage/components/index.ts
+++ b/frontend/src/pages/admin/CachingPage/components/index.ts
@ -0,0 +1 @@
+export { CachingPageForm } from "./CachingPageForm";
--- a/frontend/src/pages/admin/CachingPage/route.tsx
+++ b/frontend/src/pages/admin/CachingPage/route.tsx
@ -0,0 +1,25 @@
+import { createFileRoute, linkOptions } from "@tanstack/react-router";
+
+import { CachingPage } from "./CachingPage";
+
+export const Route = createFileRoute(
+  "/_authenticate/_inject-org-details/admin/_admin-layout/caching"
+)({
+  component: CachingPage,
+  beforeLoad: async () => {
+    return {
+      breadcrumbs: [
+        {
+          label: "Admin",
+          link: linkOptions({ to: "/admin" })
+        },
+        {
+          label: "Caching",
+          link: linkOptions({
+            to: "/admin/caching"
+          })
+        }
+      ]
+    };
+  }
+});
--- a/frontend/src/pages/admin/EncryptionPage/EncryptionPage.tsx
+++ b/frontend/src/pages/admin/EncryptionPage/EncryptionPage.tsx
@ -0,0 +1,27 @@
+import { Helmet } from "react-helmet";
+import { useTranslation } from "react-i18next";
+
+import { PageHeader } from "@app/components/v2";
+
+import { EncryptionPageForm } from "./components";
+
+export const EncryptionPage = () => {
+  const { t } = useTranslation();
+
+  return (
+    <div className="h-full bg-bunker-800">
+      <Helmet>
+        <title>{t("common.head-title", { title: "Admin" })}</title>
+      </Helmet>
+      <div className="container mx-auto flex flex-col justify-between bg-bunker-800 text-white">
+        <div className="mx-auto mb-6 w-full max-w-7xl">
+          <PageHeader
+            title="Encryption"
+            description="Manage encryption settings for your Infisical instance."
+          />
+          <EncryptionPageForm />
+        </div>
+      </div>
+    </div>
+  );
+};
--- a/frontend/src/pages/admin/EncryptionPage/components/EncryptionPageForm.tsx
+++ b/frontend/src/pages/admin/EncryptionPage/components/EncryptionPageForm.tsx
@ -8,11 +8,11 @@ import { createNotification } from "@app/components/notifications";
 import { Button, FormControl, Select, SelectItem } from "@app/components/v2";
 import { useSubscription } from "@app/context";
 import { usePopUp } from "@app/hooks";
-import { useUpdateServerEncryptionStrategy } from "@app/hooks/api";
 import {
-  RootKeyEncryptionStrategy,
-  TGetServerRootKmsEncryptionDetails
-} from "@app/hooks/api/admin/types";
+  useGetServerRootKmsEncryptionDetails,
+  useUpdateServerEncryptionStrategy
+} from "@app/hooks/api";
+import { RootKeyEncryptionStrategy } from "@app/hooks/api/admin/types";

 const formSchema = z.object({
  encryptionStrategy: z.nativeEnum(RootKeyEncryptionStrategy)
@ -25,11 +25,9 @@ const strategies: Record<RootKeyEncryptionStrategy, string> = {

 type TForm = z.infer<typeof formSchema>;

-type Props = {
-  rootKmsDetails?: TGetServerRootKmsEncryptionDetails;
-};
+export const EncryptionPageForm = () => {
+  const { data: rootKmsDetails } = useGetServerRootKmsEncryptionDetails();

-export const EncryptionPanel = ({ rootKmsDetails }: Props) => {
  const { mutateAsync: updateEncryptionStrategy } = useUpdateServerEncryptionStrategy();
  const { subscription } = useSubscription();

--- a/frontend/src/pages/admin/EncryptionPage/components/index.ts
+++ b/frontend/src/pages/admin/EncryptionPage/components/index.ts
@ -0,0 +1 @@
+export { EncryptionPageForm } from "./EncryptionPageForm";
--- a/frontend/src/pages/admin/EncryptionPage/route.tsx
+++ b/frontend/src/pages/admin/EncryptionPage/route.tsx
@ -0,0 +1,25 @@
+import { createFileRoute, linkOptions } from "@tanstack/react-router";
+
+import { EncryptionPage } from "./EncryptionPage";
+
+export const Route = createFileRoute(
+  "/_authenticate/_inject-org-details/admin/_admin-layout/encryption"
+)({
+  component: EncryptionPage,
+  beforeLoad: async () => {
+    return {
+      breadcrumbs: [
+        {
+          label: "Admin",
+          link: linkOptions({ to: "/admin" })
+        },
+        {
+          label: "Encryption",
+          link: linkOptions({
+            to: "/admin/encryption"
+          })
+        }
+      ]
+    };
+  }
+});
--- a/frontend/src/pages/admin/GeneralPage/GeneralPage.tsx
+++ b/frontend/src/pages/admin/GeneralPage/GeneralPage.tsx
@ -0,0 +1,27 @@
+import { Helmet } from "react-helmet";
+import { useTranslation } from "react-i18next";
+
+import { PageHeader } from "@app/components/v2";
+
+import { GeneralPageForm } from "./components";
+
+export const GeneralPage = () => {
+  const { t } = useTranslation();
+
+  return (
+    <div className="h-full bg-bunker-800">
+      <Helmet>
+        <title>{t("common.head-title", { title: "Admin" })}</title>
+      </Helmet>
+      <div className="container mx-auto flex flex-col justify-between bg-bunker-800 text-white">
+        <div className="mx-auto mb-6 w-full max-w-7xl">
+          <PageHeader
+            title="General"
+            description="Manage general settings for your Infisical instance."
+          />
+          <GeneralPageForm />
+        </div>
+      </div>
+    </div>
+  );
+};
--- a/frontend/src/pages/admin/GeneralPage/components/GeneralPageForm.tsx
+++ b/frontend/src/pages/admin/GeneralPage/components/GeneralPageForm.tsx
@ -0,0 +1,309 @@
+import { Controller, useForm } from "react-hook-form";
+import { faAt } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { z } from "zod";
+
+import { createNotification } from "@app/components/notifications";
+import {
+  Button,
+  FormControl,
+  Input,
+  Select,
+  SelectClear,
+  SelectItem,
+  Switch,
+  TextArea
+} from "@app/components/v2";
+import { useServerConfig } from "@app/context";
+import { useGetOrganizations, useUpdateServerConfig } from "@app/hooks/api";
+
+enum SignUpModes {
+  Disabled = "disabled",
+  Anyone = "anyone"
+}
+
+const formSchema = z.object({
+  signUpMode: z.nativeEnum(SignUpModes),
+  allowedSignUpDomain: z.string().optional().nullable(),
+  trustSamlEmails: z.boolean(),
+  trustLdapEmails: z.boolean(),
+  trustOidcEmails: z.boolean(),
+  defaultAuthOrgId: z.string(),
+  authConsentContent: z.string().optional().default(""),
+  pageFrameContent: z.string().optional().default("")
+});
+
+type TDashboardForm = z.infer<typeof formSchema>;
+
+export const GeneralPageForm = () => {
+  const data = useServerConfig();
+  const { config } = data;
+
+  const {
+    control,
+    handleSubmit,
+    watch,
+    formState: { isSubmitting, isDirty }
+  } = useForm<TDashboardForm>({
+    resolver: zodResolver(formSchema),
+    values: {
+      // eslint-disable-next-line
+      signUpMode: config.allowSignUp ? SignUpModes.Anyone : SignUpModes.Disabled,
+      allowedSignUpDomain: config.allowedSignUpDomain,
+      trustSamlEmails: config.trustSamlEmails,
+      trustLdapEmails: config.trustLdapEmails,
+      trustOidcEmails: config.trustOidcEmails,
+      defaultAuthOrgId: config.defaultAuthOrgId ?? "",
+      authConsentContent: config.authConsentContent ?? "",
+      pageFrameContent: config.pageFrameContent ?? ""
+    }
+  });
+
+  const signUpMode = watch("signUpMode");
+  const defaultAuthOrgId = watch("defaultAuthOrgId");
+
+  const { mutateAsync: updateServerConfig } = useUpdateServerConfig();
+
+  const organizations = useGetOrganizations();
+
+  const onFormSubmit = async (formData: TDashboardForm) => {
+    try {
+      const {
+        allowedSignUpDomain,
+        trustSamlEmails,
+        trustLdapEmails,
+        trustOidcEmails,
+        authConsentContent,
+        pageFrameContent
+      } = formData;
+
+      await updateServerConfig({
+        defaultAuthOrgId: defaultAuthOrgId || null,
+        allowSignUp: signUpMode !== SignUpModes.Disabled,
+        allowedSignUpDomain: signUpMode === SignUpModes.Anyone ? allowedSignUpDomain : null,
+        trustSamlEmails,
+        trustLdapEmails,
+        trustOidcEmails,
+        authConsentContent,
+        pageFrameContent
+      });
+      createNotification({
+        text: "Successfully changed sign up setting.",
+        type: "success"
+      });
+    } catch (e) {
+      console.error(e);
+      createNotification({
+        type: "error",
+        text: "Failed to update sign up setting."
+      });
+    }
+  };
+
+  return (
+    <form
+      className="space-y-8 rounded-lg border border-mineshaft-600 bg-mineshaft-900 p-4"
+      onSubmit={handleSubmit(onFormSubmit)}
+    >
+      <div className="flex flex-col justify-start">
+        <div className="mb-2 text-xl font-semibold text-mineshaft-100">Allow user signups</div>
+        <div className="mb-4 max-w-sm text-sm text-mineshaft-400">
+          Select if you want users to be able to signup freely into your Infisical instance.
+        </div>
+        <Controller
+          control={control}
+          name="signUpMode"
+          render={({ field: { onChange, ...field }, fieldState: { error } }) => (
+            <FormControl className="max-w-sm" errorText={error?.message} isError={Boolean(error)}>
+              <Select
+                className="w-full bg-mineshaft-700"
+                dropdownContainerClassName="bg-mineshaft-800"
+                defaultValue={field.value}
+                onValueChange={(e) => onChange(e)}
+                {...field}
+              >
+                <SelectItem value={SignUpModes.Disabled}>Disabled</SelectItem>
+                <SelectItem value={SignUpModes.Anyone}>Anyone</SelectItem>
+              </Select>
+            </FormControl>
+          )}
+        />
+      </div>
+      {signUpMode === "anyone" && (
+        <div className="flex flex-col justify-start">
+          <div className="mb-4 text-xl font-semibold text-mineshaft-100">
+            Restrict signup by email domain(s)
+          </div>
+          <Controller
+            control={control}
+            defaultValue=""
+            name="allowedSignUpDomain"
+            render={({ field, fieldState: { error } }) => (
+              <FormControl
+                label="Leave blank to allow any email domains"
+                className="w-72"
+                isError={Boolean(error)}
+                errorText={error?.message}
+              >
+                <Input
+                  {...field}
+                  value={field.value || ""}
+                  placeholder="gmail.com, aws.com, redhat.com"
+                  leftIcon={<FontAwesomeIcon icon={faAt} />}
+                />
+              </FormControl>
+            )}
+          />
+        </div>
+      )}
+
+      <div className="flex flex-col justify-start">
+        <div className="mb-2 text-xl font-semibold text-mineshaft-100">Default organization</div>
+        <div className="mb-4 max-w-sm text-sm text-mineshaft-400">
+          Select the default organization you want to set for SAML/LDAP/OIDC/Github logins. When
+          selected, user logins will be automatically scoped to the selected organization.
+        </div>
+        <Controller
+          control={control}
+          name="defaultAuthOrgId"
+          render={({ field: { onChange, ...field }, fieldState: { error } }) => (
+            <FormControl className="max-w-sm" errorText={error?.message} isError={Boolean(error)}>
+              <Select
+                placeholder="Allow all organizations"
+                className="w-full bg-mineshaft-700"
+                dropdownContainerClassName="bg-mineshaft-800"
+                defaultValue={field.value ?? " "}
+                onValueChange={(e) => onChange(e)}
+                {...field}
+              >
+                <SelectClear
+                  selectValue={defaultAuthOrgId}
+                  onClear={() => {
+                    onChange("");
+                  }}
+                >
+                  Allow all organizations
+                </SelectClear>
+                {organizations.data?.map((org) => (
+                  <SelectItem key={org.id} value={org.id}>
+                    {org.name}
+                  </SelectItem>
+                ))}
+              </Select>
+            </FormControl>
+          )}
+        />
+      </div>
+
+      <div className="flex flex-col justify-start">
+        <div className="mb-2 text-xl font-semibold text-mineshaft-100">Trust emails</div>
+        <div className="mb-4 max-w-sm text-sm text-mineshaft-400">
+          Select if you want Infisical to trust external emails from SAML/LDAP/OIDC identity
+          providers. If set to false, then Infisical will prompt SAML/LDAP/OIDC provisioned users to
+          verify their email upon their first login.
+        </div>
+        <Controller
+          control={control}
+          name="trustSamlEmails"
+          render={({ field, fieldState: { error } }) => {
+            return (
+              <FormControl isError={Boolean(error)} errorText={error?.message}>
+                <Switch
+                  id="trust-saml-emails"
+                  onCheckedChange={(value) => field.onChange(value)}
+                  isChecked={field.value}
+                >
+                  <p className="w-full">Trust SAML emails</p>
+                </Switch>
+              </FormControl>
+            );
+          }}
+        />
+        <Controller
+          control={control}
+          name="trustLdapEmails"
+          render={({ field, fieldState: { error } }) => {
+            return (
+              <FormControl isError={Boolean(error)} errorText={error?.message}>
+                <Switch
+                  id="trust-ldap-emails"
+                  onCheckedChange={(value) => field.onChange(value)}
+                  isChecked={field.value}
+                >
+                  <p className="w-full">Trust LDAP emails</p>
+                </Switch>
+              </FormControl>
+            );
+          }}
+        />
+        <Controller
+          control={control}
+          name="trustOidcEmails"
+          render={({ field, fieldState: { error } }) => {
+            return (
+              <FormControl isError={Boolean(error)} errorText={error?.message}>
+                <Switch
+                  id="trust-oidc-emails"
+                  onCheckedChange={(value) => field.onChange(value)}
+                  isChecked={field.value}
+                >
+                  <p className="w-full">Trust OIDC emails</p>
+                </Switch>
+              </FormControl>
+            );
+          }}
+        />
+      </div>
+
+      <div className="flex flex-col justify-start">
+        <div className="mb-2 text-xl font-semibold text-mineshaft-100">Notices</div>
+        <div className="mb-4 max-w-lg text-sm text-mineshaft-400">
+          Configure system-wide notification banners and security messages. These settings control
+          the text displayed to users during authentication and throughout their session
+        </div>
+        <Controller
+          render={({ field, fieldState: { error } }) => (
+            <FormControl
+              isError={Boolean(error)}
+              errorText={error?.message}
+              label="Auth Consent Content"
+              tooltipText="Formatting supported: HTML, Markdown, Plain text"
+            >
+              <TextArea
+                placeholder="**Auth Consent Message**"
+                {...field}
+                rows={3}
+                className="thin-scrollbar h-48 max-w-lg !resize-none bg-mineshaft-800"
+              />
+            </FormControl>
+          )}
+          control={control}
+          name="authConsentContent"
+        />
+        <Controller
+          render={({ field, fieldState: { error } }) => (
+            <FormControl
+              isError={Boolean(error)}
+              errorText={error?.message}
+              label="Page Frame Content"
+              tooltipText="Formatting supported: HTML, Markdown, Plain text"
+            >
+              <TextArea
+                placeholder='<div style="background-color: red">TOP SECRET</div>'
+                {...field}
+                rows={3}
+                className="thin-scrollbar h-48 max-w-lg !resize-none bg-mineshaft-800"
+              />
+            </FormControl>
+          )}
+          control={control}
+          name="pageFrameContent"
+        />
+      </div>
+      <Button type="submit" isLoading={isSubmitting} isDisabled={isSubmitting || !isDirty}>
+        Save
+      </Button>
+    </form>
+  );
+};
--- a/frontend/src/pages/admin/GeneralPage/components/index.ts
+++ b/frontend/src/pages/admin/GeneralPage/components/index.ts
@ -0,0 +1 @@
+export { GeneralPageForm } from "./GeneralPageForm";
--- a/frontend/src/pages/admin/GeneralPage/route.tsx
+++ b/frontend/src/pages/admin/GeneralPage/route.tsx
@ -0,0 +1,23 @@
+import { createFileRoute, linkOptions } from "@tanstack/react-router";
+
+import { GeneralPage } from "./GeneralPage";
+
+export const Route = createFileRoute("/_authenticate/_inject-org-details/admin/_admin-layout/")({
+  component: GeneralPage,
+  beforeLoad: async () => {
+    return {
+      breadcrumbs: [
+        {
+          label: "Admin",
+          link: linkOptions({ to: "/admin" })
+        },
+        {
+          label: "General",
+          link: linkOptions({
+            to: "/admin"
+          })
+        }
+      ]
+    };
+  }
+});
--- a/frontend/src/pages/admin/IntegrationsPage/IntegrationsPage.tsx
+++ b/frontend/src/pages/admin/IntegrationsPage/IntegrationsPage.tsx
@ -0,0 +1,27 @@
+import { Helmet } from "react-helmet";
+import { useTranslation } from "react-i18next";
+
+import { PageHeader } from "@app/components/v2";
+
+import { IntegrationsPageForm } from "./components";
+
+export const IntegrationsPage = () => {
+  const { t } = useTranslation();
+
+  return (
+    <div className="h-full bg-bunker-800">
+      <Helmet>
+        <title>{t("common.head-title", { title: "Admin" })}</title>
+      </Helmet>
+      <div className="container mx-auto flex flex-col justify-between bg-bunker-800 text-white">
+        <div className="mx-auto mb-6 w-full max-w-7xl">
+          <PageHeader
+            title="Integrations"
+            description="Manage integrations for your Infisical instance."
+          />
+          <IntegrationsPageForm />
+        </div>
+      </div>
+    </div>
+  );
+};
--- a/frontend/src/pages/admin/IntegrationsPage/components/IntegrationsPageForm.tsx
+++ b/frontend/src/pages/admin/IntegrationsPage/components/IntegrationsPageForm.tsx
@ -3,7 +3,7 @@ import { useGetAdminIntegrationsConfig } from "@app/hooks/api";
 import { MicrosoftTeamsIntegrationForm } from "./MicrosoftTeamsIntegrationForm";
 import { SlackIntegrationForm } from "./SlackIntegrationForm";

-export const IntegrationPanel = () => {
+export const IntegrationsPageForm = () => {
  const { data: adminIntegrationsConfig } = useGetAdminIntegrationsConfig();

  return (
--- a/frontend/src/pages/admin/IntegrationsPage/components/MicrosoftTeamsIntegrationForm.tsx
+++ b/frontend/src/pages/admin/IntegrationsPage/components/MicrosoftTeamsIntegrationForm.tsx
--- a/frontend/src/pages/admin/IntegrationsPage/components/SlackIntegrationForm.tsx
+++ b/frontend/src/pages/admin/IntegrationsPage/components/SlackIntegrationForm.tsx
--- a/frontend/src/pages/admin/IntegrationsPage/components/index.ts
+++ b/frontend/src/pages/admin/IntegrationsPage/components/index.ts
@ -0,0 +1 @@
+export { IntegrationsPageForm } from "./IntegrationsPageForm";
--- a/frontend/src/pages/admin/IntegrationsPage/route.tsx
+++ b/frontend/src/pages/admin/IntegrationsPage/route.tsx
@ -0,0 +1,25 @@
+import { createFileRoute, linkOptions } from "@tanstack/react-router";
+
+import { IntegrationsPage } from "./IntegrationsPage";
+
+export const Route = createFileRoute(
+  "/_authenticate/_inject-org-details/admin/_admin-layout/integrations"
+)({
+  component: IntegrationsPage,
+  beforeLoad: async () => {
+    return {
+      breadcrumbs: [
+        {
+          label: "Admin",
+          link: linkOptions({ to: "/admin" })
+        },
+        {
+          label: "Integrations",
+          link: linkOptions({
+            to: "/admin/integrations"
+          })
+        }
+      ]
+    };
+  }
+});
--- a/frontend/src/pages/admin/MachineIdentitiesResourcesPage/MachineIdentitiesResourcesPage.tsx
+++ b/frontend/src/pages/admin/MachineIdentitiesResourcesPage/MachineIdentitiesResourcesPage.tsx
@ -0,0 +1,27 @@
+import { Helmet } from "react-helmet";
+import { useTranslation } from "react-i18next";
+
+import { PageHeader } from "@app/components/v2";
+
+import { MachineIdentitiesTable } from "./components";
+
+export const MachineIdentitiesResourcesPage = () => {
+  const { t } = useTranslation();
+
+  return (
+    <div className="h-full bg-bunker-800">
+      <Helmet>
+        <title>{t("common.head-title", { title: "Admin" })}</title>
+      </Helmet>
+      <div className="container mx-auto flex flex-col justify-between bg-bunker-800 text-white">
+        <div className="mx-auto mb-6 w-full max-w-7xl">
+          <PageHeader
+            title="Machine Identities"
+            description="Manage all machine identities within your Infisical instance."
+          />
+          <MachineIdentitiesTable />
+        </div>
+      </div>
+    </div>
+  );
+};
--- a/frontend/src/pages/admin/MachineIdentitiesResourcesPage/components/MachineIdentitiesTable.tsx
+++ b/frontend/src/pages/admin/MachineIdentitiesResourcesPage/components/MachineIdentitiesTable.tsx
@ -120,7 +120,7 @@ const IdentityPanelTable = ({
          <Button
            className="mt-4 py-3 text-sm"
            isFullWidth
-            variant="star"
+            variant="outline_bg"
            isLoading={isFetchingNextPage}
            isDisabled={isFetchingNextPage || !hasNextPage}
            onClick={() => fetchNextPage()}
@ -133,7 +133,7 @@ const IdentityPanelTable = ({
  );
 };

-export const IdentityPanel = () => {
+export const MachineIdentitiesTable = () => {
  const { handlePopUpToggle, popUp, handlePopUpOpen, handlePopUpClose } = usePopUp([
    "removeServerAdmin"
  ] as const);
@ -161,9 +161,6 @@ export const IdentityPanel = () => {

  return (
    <div className="mb-6 rounded-lg border border-mineshaft-600 bg-mineshaft-900 p-4">
-      <div className="mb-4">
-        <p className="text-xl font-semibold text-mineshaft-100">Identities</p>
-      </div>
      <IdentityPanelTable handlePopUpOpen={handlePopUpOpen} />
      <DeleteActionModal
        isOpen={popUp.removeServerAdmin.isOpen}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Daniel Hougaard	739ef8e05a	Merge pull request #3701 from Infisical/daniel/cli-auto-open-login feat(cli): automatically open browser on login	2025-06-02 21:57:18 +04:00
Daniel Hougaard	644659bc10	Merge pull request #3688 from Infisical/daniel/super-admin-view-orgs feat(instance-management): organizations overview and control	2025-06-02 21:26:15 +04:00
Daniel Hougaard	21e4fa83ef	Update Sidebar.tsx	2025-06-02 20:48:01 +04:00
Daniel Hougaard	a6a6c72397	requested changes	2025-06-02 20:43:58 +04:00
Daniel Hougaard	4061feba21	Update login.go	2025-06-02 20:38:07 +04:00
carlosmonastyrski	90a415722c	Merge pull request #3697 from Infisical/approvals-redesign revamp UI for access requests	2025-06-02 13:15:38 -03:00
carlosmonastyrski	f3d5790e2c	Fix lint issues	2025-06-02 13:10:50 -03:00
Daniel Hougaard	0d0fddb53a	feat(cli): automatically open browser on login	2025-06-02 18:52:55 +04:00
Maidul Islam	9f2e379d4d	Merge pull request #3700 from akhilmhdh/fix/gateway-dns-resolve feat: resolved gateway verify issue and validation check	2025-06-02 10:15:38 -04:00
Scott Wilson	14e898351f	Merge pull request #3673 from Infisical/check-for-recipients-on-project-access Fix(org-admin-project-access): Check for recipients prior to sending project access email	2025-06-02 07:05:53 -07:00
=	16e0aa13c8	feat: fixed type error	2025-06-02 19:18:04 +05:30
Daniel Hougaard	dc130ecd7f	Update routes.ts	2025-06-02 17:45:47 +04:00
Daniel Hougaard	b70c6b6260	fix: refactored admin panel layout	2025-06-02 17:45:27 +04:00
=	a701635f08	feat: remove gateway condition	2025-06-02 16:23:10 +05:30
=	9eb98dd276	feat: resolved gateway verify issue and validation check	2025-06-02 15:40:32 +05:30
Maidul Islam	96e9bc3b2f	Merge pull request #3667 from akhilmhdh/feat/dynamic-secret-username-template Feat/dynamic secret username template	2025-06-01 21:59:56 -04:00
Daniel Hougaard	90d213a8ab	Merge pull request #3696 from Infisical/daniel/remove-fips-section docs: remove fips section	2025-06-01 17:46:46 +04:00
Vladyslav Matsiiako	52a26b51af	revamp UI for access requests	2025-05-31 17:46:01 -07:00
Daniel Hougaard	abedb4b53c	feat(instance-management): organizations overview and control	2025-05-30 19:28:16 +04:00
Daniel Hougaard	29561d37e9	feat(instance-management): organizations overview and control	2025-05-30 19:28:05 +04:00
=	0885620981	feat: removed all tooltip text as it's doc	2025-05-29 17:54:45 +05:30
=	f67511fa19	feat: added max to validation of dynamic secret username template	2025-05-29 17:51:18 +05:30
Scott Wilson	44367f9149	add boolean filter	2025-05-28 17:06:08 -07:00
Scott Wilson	286dc39ed2	fix: check for recipients to send project access email	2025-05-28 16:45:43 -07:00
=	90c36eeded	feat: reptile requested changes	2025-05-28 19:37:08 +05:30
=	b5c3f17ec1	feat: resolved reptile changes	2025-05-28 17:04:43 +05:30
=	99d88f7687	doc: updated doc for dynamic secret to have user template input	2025-05-28 16:09:35 +05:30
=	8e3559828f	feat: ui changes for input template	2025-05-28 16:09:12 +05:30
=	93d7c812e7	feat: backend changes for dynamic secret	2025-05-28 16:08:26 +05:30
				`@ -0,0 +1 @@`
				`export { AuthenticationPageForm } from "./AuthenticationPageForm";`
				`@ -0,0 +1 @@`
				`export { CachingPageForm } from "./CachingPageForm";`
				`@ -0,0 +1 @@`
				`export { EncryptionPageForm } from "./EncryptionPageForm";`
				`@ -0,0 +1 @@`
				`export { GeneralPageForm } from "./GeneralPageForm";`
				`@ -0,0 +1 @@`
				`export { IntegrationsPageForm } from "./IntegrationsPageForm";`