Merge pull request #1670 from JunedKhan101/main

docs:fixed broken link
remove link from docs
2025-08-11 05:49:05 +00:00 · 2024-04-08 17:45:51 -07:00 · 2024-04-08 12:00:11 -07:00 · 2024-04-08 11:58:48 -07:00 · 2024-04-08 11:56:19 -07:00 · 2024-04-08 11:55:38 -07:00
34 changed files with 321 additions and 1684 deletions
--- a/Dockerfile.standalone-infisical
+++ b/Dockerfile.standalone-infisical
@@ -1,6 +1,7 @@
 ARG POSTHOG_HOST=https://app.posthog.com
 ARG POSTHOG_API_KEY=posthog-api-key
 ARG INTERCOM_ID=intercom-id
+ARG SAML_ORG_SLUG=saml-org-slug-default

 FROM  node:20-alpine AS base

@@ -35,6 +36,8 @@ ARG INTERCOM_ID
 ENV NEXT_PUBLIC_INTERCOM_ID $INTERCOM_ID
 ARG INFISICAL_PLATFORM_VERSION
 ENV NEXT_PUBLIC_INFISICAL_PLATFORM_VERSION $INFISICAL_PLATFORM_VERSION
+ARG SAML_ORG_SLUG
+ENV NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG 

 # Build
 RUN npm run build
@@ -100,6 +103,9 @@ ENV NEXT_PUBLIC_POSTHOG_API_KEY=$POSTHOG_API_KEY \
 ARG INTERCOM_ID=intercom-id
 ENV NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID \
  BAKED_NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID
+ARG SAML_ORG_SLUG
+ENV NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG \
+  BAKED_NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG

 WORKDIR / 

--- a/cli/packages/api/model.go
+++ b/cli/packages/api/model.go
@@ -528,7 +528,6 @@ type GetRawSecretsV3Request struct {
 	WorkspaceId   string `json:"workspaceId"`
 	SecretPath    string `json:"secretPath"`
 	IncludeImport bool   `json:"include_imports"`
-	Recursive     bool   `json:"recursive"`
 }

 type GetRawSecretsV3Response struct {
--- a/cli/packages/cmd/agent.go
+++ b/cli/packages/cmd/agent.go
@@ -479,7 +479,7 @@ func (tm *AgentManager) GetToken() string {

 // Fetches a new access token using client credentials
 func (tm *AgentManager) FetchNewAccessToken() error {
-	clientID := os.Getenv(util.INFISICAL_UNIVERSAL_AUTH_CLIENT_ID_NAME)
+	clientID := os.Getenv("INFISICAL_UNIVERSAL_AUTH_CLIENT_ID")
 	if clientID == "" {
 		clientIDAsByte, err := ReadFile(tm.clientIdPath)
 		if err != nil {
@@ -509,7 +509,7 @@ func (tm *AgentManager) FetchNewAccessToken() error {
 	// save as cache in memory
 	tm.cachedClientSecret = clientSecret

-	loginResponse, err := util.UniversalAuthLogin(clientID, clientSecret)
+	err, loginResponse := universalAuthLogin(clientID, clientSecret)
 	if err != nil {
 		return err
 	}
@@ -725,6 +725,20 @@ func (tm *AgentManager) MonitorSecretChanges(secretTemplate Template, templateId
 	}
 }

+func universalAuthLogin(clientId string, clientSecret string) (error, api.UniversalAuthLoginResponse) {
+	httpClient := resty.New()
+	httpClient.SetRetryCount(10000).
+		SetRetryMaxWaitTime(20 * time.Second).
+		SetRetryWaitTime(5 * time.Second)
+
+	tokenResponse, err := api.CallUniversalAuthLogin(httpClient, api.UniversalAuthLoginRequest{ClientId: clientId, ClientSecret: clientSecret})
+	if err != nil {
+		return err, api.UniversalAuthLoginResponse{}
+	}
+
+	return nil, tokenResponse
+}
+
 // runCmd represents the run command
 var agentCmd = &cobra.Command{
 	Example: `
--- a/cli/packages/cmd/export.go
+++ b/cli/packages/cmd/export.go
@@ -44,11 +44,6 @@ var exportCmd = &cobra.Command{
 			util.HandleError(err)
 		}

-		includeImports, err := cmd.Flags().GetBool("include-imports")
-		if err != nil {
-			util.HandleError(err)
-		}
-
 		projectId, err := cmd.Flags().GetString("projectId")
 		if err != nil {
 			util.HandleError(err)
@@ -64,7 +59,8 @@ var exportCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}

-		token, err := util.GetInfisicalToken(cmd)
+		infisicalToken, err := util.GetInfisicalServiceToken(cmd)
+
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}
@@ -79,21 +75,7 @@ var exportCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}

-		request := models.GetAllSecretsParameters{
-			Environment:   environmentName,
-			TagSlugs:      tagSlugs,
-			WorkspaceId:   projectId,
-			SecretsPath:   secretsPath,
-			IncludeImport: includeImports,
-		}
-
-		if token != nil && token.Type == "service-token" {
-			request.InfisicalToken = token.Token
-		} else if token != nil && token.Type == "universal-auth-token" {
-			request.UniversalAuthAccessToken = token.Token
-		}
-
-		secrets, err := util.GetAllEnvironmentVariables(request, "")
+		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs, WorkspaceId: projectId, SecretsPath: secretsPath}, "")
 		if err != nil {
 			util.HandleError(err, "Unable to fetch secrets")
 		}
@@ -106,16 +88,9 @@ var exportCmd = &cobra.Command{

 		var output string
 		if shouldExpandSecrets {
-
-			authParams := models.ExpandSecretsAuthentication{}
-
-			if token != nil && token.Type == "service-token" {
-				authParams.InfisicalToken = token.Token
-			} else if token != nil && token.Type == "universal-auth-token" {
-				authParams.UniversalAuthAccessToken = token.Token
-			}
-
-			secrets = util.ExpandSecrets(secrets, authParams, "")
+			secrets = util.ExpandSecrets(secrets, models.ExpandSecretsAuthentication{
+				InfisicalToken: infisicalToken,
+			}, "")
 		}
 		secrets = util.FilterSecretsByTag(secrets, tagSlugs)
 		output, err = formatEnvs(secrets, format)
@@ -135,7 +110,6 @@ func init() {
 	exportCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	exportCmd.Flags().StringP("format", "f", "dotenv", "Set the format of the output file (dotenv, json, csv)")
 	exportCmd.Flags().Bool("secret-overriding", true, "Prioritizes personal secrets, if any, with the same name over shared secrets")
-	exportCmd.Flags().Bool("include-imports", true, "Imported linked secrets")
 	exportCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
 	exportCmd.Flags().StringP("tags", "t", "", "filter secrets by tag slugs")
 	exportCmd.Flags().String("projectId", "", "manually set the projectId to fetch secrets from")
--- a/cli/packages/cmd/folder.go
+++ b/cli/packages/cmd/folder.go
@@ -36,33 +36,18 @@ var getCmd = &cobra.Command{
 			}
 		}

-		projectId, err := cmd.Flags().GetString("projectId")
+		infisicalToken, err := util.GetInfisicalServiceToken(cmd)
+
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}

-		token, err := util.GetInfisicalToken(cmd)
-		if err != nil {
-			util.HandleError(err, "Unable to parse flag")
-		}
 		foldersPath, err := cmd.Flags().GetString("path")
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}

-		request := models.GetAllFoldersParameters{
-			Environment: environmentName,
-			WorkspaceId: projectId,
-			FoldersPath: foldersPath,
-		}
-
-		if token != nil && token.Type == "service-token" {
-			request.InfisicalToken = token.Token
-		} else if token != nil && token.Type == "universal-auth-token" {
-			request.UniversalAuthAccessToken = token.Token
-		}
-
-		folders, err := util.GetAllFolders(request)
+		folders, err := util.GetAllFolders(models.GetAllFoldersParameters{Environment: environmentName, InfisicalToken: infisicalToken, FoldersPath: foldersPath})
 		if err != nil {
 			util.HandleError(err, "Unable to get folders")
 		}
--- a/cli/packages/cmd/login.go
+++ b/cli/packages/cmd/login.go
@@ -55,19 +55,6 @@ var loginCmd = &cobra.Command{
 	Short:                 "Login into your Infisical account",
 	DisableFlagsInUseLine: true,
 	Run: func(cmd *cobra.Command, args []string) {
-
-		loginMethod, err := cmd.Flags().GetString("method")
-
-		if err != nil {
-			util.HandleError(err)
-		}
-
-		if loginMethod != "user" && loginMethod != "universal-auth" {
-			util.PrintErrorMessageAndExit("Invalid login method. Please use either 'user' or 'universal-auth'")
-		}
-
-		if loginMethod == "user" {
-
 		currentLoggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
 		// if the key can't be found or there is an error getting current credentials from key ring, allow them to override
 		if err != nil && (strings.Contains(err.Error(), "we couldn't find your logged in details")) {
@@ -157,46 +144,6 @@ var loginCmd = &cobra.Command{
 		fmt.Println("- Learn to inject secrets into your application at https://infisical.com/docs/cli/usage")
 		fmt.Println("- Stuck? Join our slack for quick support https://infisical.com/slack")
 		Telemetry.CaptureEvent("cli-command:login", posthog.NewProperties().Set("infisical-backend", config.INFISICAL_URL).Set("version", util.CLI_VERSION))
-		} else if loginMethod == "universal-auth" {
-
-			clientId, err := cmd.Flags().GetString("client-id")
-			if err != nil {
-				util.HandleError(err)
-			}
-
-			clientSecret, err := cmd.Flags().GetString("client-secret")
-			if err != nil {
-				util.HandleError(err)
-			}
-
-			if clientId == "" {
-				clientId = os.Getenv(util.INFISICAL_UNIVERSAL_AUTH_CLIENT_ID_NAME)
-				if clientId == "" {
-					util.PrintErrorMessageAndExit("Please provide client-id")
-				}
-			}
-			if clientSecret == "" {
-				clientSecret = os.Getenv(util.INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET_NAME)
-				if clientSecret == "" {
-					util.PrintErrorMessageAndExit("Please provide client-secret")
-				}
-			}
-
-			res, err := util.UniversalAuthLogin(clientId, clientSecret)
-
-			if err != nil {
-				util.HandleError(err)
-			}
-
-			boldGreen := color.New(color.FgGreen).Add(color.Bold)
-			time.Sleep(time.Second * 1)
-			boldGreen.Printf(">>>> Successfully authenticated with Universal Auth!\n\n")
-			boldGreen.Printf("Universal Auth Access Token:\n%v", res.AccessToken)
-
-			plainBold := color.New(color.Bold)
-			plainBold.Println("\n\nYou can use this access token to authenticate through other commands in the CLI.")
-
-		}
 	},
 }

@@ -366,9 +313,6 @@ func cliDefaultLogin(userCredentialsToBeStored *models.UserCredentials) {
 func init() {
 	rootCmd.AddCommand(loginCmd)
 	loginCmd.Flags().BoolP("interactive", "i", false, "login via the command line")
-	loginCmd.Flags().String("method", "user", "login method [user, universal-auth]")
-	loginCmd.Flags().String("client-id", "", "client id for universal auth")
-	loginCmd.Flags().String("client-secret", "", "client secret for universal auth")
 }

 func DomainOverridePrompt() (bool, error) {
--- a/cli/packages/cmd/run.go
+++ b/cli/packages/cmd/run.go
@@ -62,7 +62,8 @@ var runCmd = &cobra.Command{
 			}
 		}

-		token, err := util.GetInfisicalToken(cmd)
+		infisicalToken, err := util.GetInfisicalServiceToken(cmd)
+
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}
@@ -72,11 +73,6 @@ var runCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}

-		projectId, err := cmd.Flags().GetString("projectId")
-		if err != nil {
-			util.HandleError(err, "Unable to parse flag")
-		}
-
 		secretOverriding, err := cmd.Flags().GetBool("secret-overriding")
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
@@ -107,22 +103,7 @@ var runCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}

-		request := models.GetAllSecretsParameters{
-			Environment:   environmentName,
-			WorkspaceId:   projectId,
-			TagSlugs:      tagSlugs,
-			SecretsPath:   secretsPath,
-			IncludeImport: includeImports,
-			Recursive:     recursive,
-		}
-
-		if token != nil && token.Type == "service-token" {
-			request.InfisicalToken = token.Token
-		} else if token != nil && token.Type == "universal-auth-token" {
-			request.UniversalAuthAccessToken = token.Token
-		}
-
-		secrets, err := util.GetAllEnvironmentVariables(request, projectConfigDir)
+		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs, SecretsPath: secretsPath, IncludeImport: includeImports, Recursive: recursive}, projectConfigDir)

 		if err != nil {
 			util.HandleError(err, "Could not fetch secrets", "If you are using a service token to fetch secrets, please ensure it is valid")
@@ -135,16 +116,9 @@ var runCmd = &cobra.Command{
 		}

 		if shouldExpandSecrets {
-
-			authParams := models.ExpandSecretsAuthentication{}
-
-			if token != nil && token.Type == "service-token" {
-				authParams.InfisicalToken = token.Token
-			} else if token != nil && token.Type == "universal-auth-token" {
-				authParams.UniversalAuthAccessToken = token.Token
-			}
-
-			secrets = util.ExpandSecrets(secrets, authParams, projectConfigDir)
+			secrets = util.ExpandSecrets(secrets, models.ExpandSecretsAuthentication{
+				InfisicalToken: infisicalToken,
+			}, projectConfigDir)
 		}

 		secretsByKey := getSecretsByKeys(secrets)
@@ -175,15 +149,7 @@ var runCmd = &cobra.Command{

 		log.Debug().Msgf("injecting the following environment variables into shell: %v", env)

-		Telemetry.CaptureEvent("cli-command:run",
-			posthog.NewProperties().
-				Set("secretsCount", len(secrets)).
-				Set("environment", environmentName).
-				Set("isUsingServiceToken", token.Type == "service-token").
-				Set("isUsingUniversalAuthToken", token.Type == "universal-auth-token").
-				Set("single-command", strings.Join(args, " ")).
-				Set("multi-command", cmd.Flag("command").Value.String()).
-				Set("version", util.CLI_VERSION))
+		Telemetry.CaptureEvent("cli-command:run", posthog.NewProperties().Set("secretsCount", len(secrets)).Set("environment", environmentName).Set("isUsingServiceToken", infisicalToken != "").Set("single-command", strings.Join(args, " ")).Set("multi-command", cmd.Flag("command").Value.String()).Set("version", util.CLI_VERSION))

 		if cmd.Flags().Changed("command") {
 			command := cmd.Flag("command").Value.String()
@@ -238,7 +204,6 @@ func filterReservedEnvVars(env map[string]models.SingleEnvironmentVariable) {
 func init() {
 	rootCmd.AddCommand(runCmd)
 	runCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
-	runCmd.Flags().String("projectId", "", "manually set the projectId to fetch folders from for machine identity")
 	runCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
 	runCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	runCmd.Flags().Bool("include-imports", true, "Import linked secrets ")
--- a/cli/packages/cmd/secrets.go
+++ b/cli/packages/cmd/secrets.go
@@ -38,12 +38,12 @@ var secretsCmd = &cobra.Command{
 			}
 		}

-		token, err := util.GetInfisicalToken(cmd)
+		infisicalToken, err := util.GetInfisicalServiceToken(cmd)
+
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}

-		projectId, err := cmd.Flags().GetString("projectId")
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}
@@ -78,22 +78,7 @@ var secretsCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}

-		request := models.GetAllSecretsParameters{
-			Environment:   environmentName,
-			WorkspaceId:   projectId,
-			TagSlugs:      tagSlugs,
-			SecretsPath:   secretsPath,
-			IncludeImport: includeImports,
-			Recursive:     recursive,
-		}
-
-		if token != nil && token.Type == "service-token" {
-			request.InfisicalToken = token.Token
-		} else if token != nil && token.Type == "universal-auth-token" {
-			request.UniversalAuthAccessToken = token.Token
-		}
-
-		secrets, err := util.GetAllEnvironmentVariables(request, "")
+		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs, SecretsPath: secretsPath, IncludeImport: includeImports, Recursive: recursive}, "")
 		if err != nil {
 			util.HandleError(err)
 		}
@@ -105,15 +90,9 @@ var secretsCmd = &cobra.Command{
 		}

 		if shouldExpandSecrets {
-
-			authParams := models.ExpandSecretsAuthentication{}
-			if token != nil && token.Type == "service-token" {
-				authParams.InfisicalToken = token.Token
-			} else if token != nil && token.Type == "universal-auth-token" {
-				authParams.UniversalAuthAccessToken = token.Token
-			}
-
-			secrets = util.ExpandSecrets(secrets, authParams, "")
+			secrets = util.ExpandSecrets(secrets, models.ExpandSecretsAuthentication{
+				InfisicalToken: infisicalToken,
+			}, "")
 		}

 		visualize.PrintAllSecretDetails(secrets)
@@ -423,12 +402,8 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
 		}
 	}

-	token, err := util.GetInfisicalToken(cmd)
-	if err != nil {
-		util.HandleError(err, "Unable to parse flag")
-	}
+	infisicalToken, err := util.GetInfisicalServiceToken(cmd)

-	shouldExpand, err := cmd.Flags().GetBool("expand")
 	if err != nil {
 		util.HandleError(err, "Unable to parse flag")
 	}
@@ -438,11 +413,6 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
 		util.HandleError(err, "Unable to parse flag")
 	}

-	projectId, err := cmd.Flags().GetString("projectId")
-	if err != nil {
-		util.HandleError(err, "Unable to parse flag")
-	}
-
 	secretsPath, err := cmd.Flags().GetString("path")
 	if err != nil {
 		util.HandleError(err, "Unable to parse path flag")
@@ -458,22 +428,7 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
 		util.HandleError(err, "Unable to parse path flag")
 	}

-	request := models.GetAllSecretsParameters{
-		Environment:   environmentName,
-		WorkspaceId:   projectId,
-		TagSlugs:      tagSlugs,
-		SecretsPath:   secretsPath,
-		IncludeImport: true,
-		Recursive:     recursive,
-	}
-
-	if token != nil && token.Type == "service-token" {
-		request.InfisicalToken = token.Token
-	} else if token != nil && token.Type == "universal-auth-token" {
-		request.UniversalAuthAccessToken = token.Token
-	}
-
-	secrets, err := util.GetAllEnvironmentVariables(request, "")
+	secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs, SecretsPath: secretsPath, IncludeImport: true, Recursive: recursive}, "")
 	if err != nil {
 		util.HandleError(err, "To fetch all secrets")
 	}
@@ -494,18 +449,6 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
 		}
 	}

-	if shouldExpand {
-
-		authParams := models.ExpandSecretsAuthentication{}
-		if token != nil && token.Type == "service-token" {
-			authParams.InfisicalToken = token.Token
-		} else if token != nil && token.Type == "universal-auth-token" {
-			authParams.UniversalAuthAccessToken = token.Token
-		}
-
-		requestedSecrets = util.ExpandSecrets(requestedSecrets, authParams, "")
-	}
-
 	if showOnlyValue && len(requestedSecrets) > 1 {
 		util.PrintErrorMessageAndExit("--raw-value only works with one secret.")
 	}
@@ -532,12 +475,8 @@ func generateExampleEnv(cmd *cobra.Command, args []string) {
 		util.HandleError(err, "Unable to parse flag")
 	}

-	token, err := util.GetInfisicalToken(cmd)
-	if err != nil {
-		util.HandleError(err, "Unable to parse flag")
-	}
+	infisicalToken, err := util.GetInfisicalServiceToken(cmd)

-	projectId, err := cmd.Flags().GetString("projectId")
 	if err != nil {
 		util.HandleError(err, "Unable to parse flag")
 	}
@@ -547,21 +486,7 @@ func generateExampleEnv(cmd *cobra.Command, args []string) {
 		util.HandleError(err, "Unable to parse flag")
 	}

-	request := models.GetAllSecretsParameters{
-		Environment:   environmentName,
-		WorkspaceId:   projectId,
-		TagSlugs:      tagSlugs,
-		SecretsPath:   secretsPath,
-		IncludeImport: true,
-	}
-
-	if token != nil && token.Type == "service-token" {
-		request.InfisicalToken = token.Token
-	} else if token != nil && token.Type == "universal-auth-token" {
-		request.UniversalAuthAccessToken = token.Token
-	}
-
-	secrets, err := util.GetAllEnvironmentVariables(request, "")
+	secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs, SecretsPath: secretsPath, IncludeImport: true}, "")
 	if err != nil {
 		util.HandleError(err, "To fetch all secrets")
 	}
@@ -761,23 +686,19 @@ func getSecretsByKeys(secrets []models.SingleEnvironmentVariable) map[string]mod

 func init() {
 	secretsGenerateExampleEnvCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
-	secretsGenerateExampleEnvCmd.Flags().String("projectId", "", "manually set the projectId to fetch folders from for machine identity")
 	secretsGenerateExampleEnvCmd.Flags().String("path", "/", "Fetch secrets from within a folder path")
 	secretsCmd.AddCommand(secretsGenerateExampleEnvCmd)

 	secretsGetCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
-	secretsGetCmd.Flags().String("projectId", "", "manually set the projectId to fetch folders from for machine identity")
+	secretsCmd.AddCommand(secretsGetCmd)
 	secretsGetCmd.Flags().String("path", "/", "get secrets within a folder path")
-	secretsGetCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	secretsGetCmd.Flags().Bool("raw-value", false, "Returns only the value of secret, only works with one secret")
 	secretsGetCmd.Flags().Bool("recursive", false, "Fetch secrets from all sub-folders")
-	secretsCmd.AddCommand(secretsGetCmd)

 	secretsCmd.Flags().Bool("secret-overriding", true, "Prioritizes personal secrets, if any, with the same name over shared secrets")
 	secretsCmd.AddCommand(secretsSetCmd)
 	secretsSetCmd.Flags().String("path", "/", "set secrets within a folder path")

-	// Only supports logged in users (JWT auth)
 	secretsSetCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
 		util.RequireLogin()
 		util.RequireLocalWorkspaceFile()
@@ -786,8 +707,6 @@ func init() {
 	secretsDeleteCmd.Flags().String("type", "personal", "the type of secret to delete: personal or shared  (default: personal)")
 	secretsDeleteCmd.Flags().String("path", "/", "get secrets within a folder path")
 	secretsCmd.AddCommand(secretsDeleteCmd)
-
-	// Only supports logged in users (JWT auth)
 	secretsDeleteCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
 		util.RequireLogin()
 		util.RequireLocalWorkspaceFile()
@@ -799,7 +718,6 @@ func init() {
 	// Add getCmd, createCmd and deleteCmd flags here
 	getCmd.Flags().StringP("path", "p", "/", "The path from where folders should be fetched from")
 	getCmd.Flags().String("token", "", "Fetch folders using the infisical token")
-	getCmd.Flags().String("projectId", "", "manually set the projectId to fetch folders from for machine identity")
 	folderCmd.AddCommand(getCmd)

 	// Add createCmd flags here
@@ -817,7 +735,6 @@ func init() {
 	// ** End of folders sub command

 	secretsCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
-	secretsCmd.Flags().String("projectId", "", "manually set the projectId to fetch folders from for machine identity")
 	secretsCmd.PersistentFlags().String("env", "dev", "Used to select the environment name on which actions should be taken on")
 	secretsCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	secretsCmd.Flags().Bool("include-imports", true, "Imported linked secrets ")
--- a/cli/packages/cmd/token.go
+++ b/cli/packages/cmd/token.go
@@ -1,63 +0,0 @@
-/*
-Copyright (c) 2023 Infisical Inc.
-*/
-package cmd
-
-import (
-	"strings"
-	"time"
-
-	"github.com/Infisical/infisical-merge/packages/util"
-	"github.com/fatih/color"
-	"github.com/spf13/cobra"
-)
-
-var tokenCmd = &cobra.Command{
-	Use:                   "token",
-	Short:                 "Manage your access tokens",
-	DisableFlagsInUseLine: true,
-	Example:               "infisical token",
-	Args:                  cobra.ExactArgs(0),
-	PreRun: func(cmd *cobra.Command, args []string) {
-		util.RequireLogin()
-	},
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var tokenRenewCmd = &cobra.Command{
-	Use:                   "renew [token]",
-	Short:                 "Used to renew your universal auth access token",
-	DisableFlagsInUseLine: true,
-	Example:               "infisical token renew <access-token>",
-	Args:                  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		// args[0] will be the <INSERT_TOKEN> from your command call
-		token := args[0]
-
-		if strings.HasPrefix(token, "st.") {
-			util.PrintErrorMessageAndExit("You are trying to renew a service token. You can only renew universal auth access tokens.")
-		}
-
-		renewedAccessToken, err := util.RenewUniversalAuthAccessToken(token)
-
-		if err != nil {
-			util.HandleError(err, "Unable to renew token")
-		}
-
-		boldGreen := color.New(color.FgGreen).Add(color.Bold)
-		time.Sleep(time.Second * 1)
-		boldGreen.Printf(">>>> Successfully renewed token!\n\n")
-		boldGreen.Printf("Renewed Access Token:\n%v", renewedAccessToken)
-
-		plainBold := color.New(color.Bold)
-		plainBold.Println("\n\nYou can use the new access token to authenticate through other commands in the CLI.")
-
-	},
-}
-
-func init() {
-	tokenCmd.AddCommand(tokenRenewCmd)
-
-	rootCmd.AddCommand(tokenCmd)
-}
--- a/cli/packages/models/cli.go
+++ b/cli/packages/models/cli.go
@@ -59,11 +59,6 @@ type DynamicSecretLease struct {
 	Data map[string]interface{} `json:"data"`
 }

-type TokenDetails struct {
-	Type  string
-	Token string
-}
-
 type SingleFolder struct {
 	ID   string `json:"_id"`
 	Name string `json:"name"`
@@ -106,7 +101,6 @@ type GetAllFoldersParameters struct {
 	Environment    string
 	FoldersPath    string
 	InfisicalToken string
-	UniversalAuthAccessToken string
 }

 type CreateFolderParameters struct {
@@ -129,8 +123,3 @@ type ExpandSecretsAuthentication struct {
 	InfisicalToken           string
 	UniversalAuthAccessToken string
 }
-
-type MachineIdentityCredentials struct {
-	ClientId     string
-	ClientSecret string
-}
--- a/cli/packages/util/constants.go
+++ b/cli/packages/util/constants.go
@@ -7,9 +7,6 @@ const (
 	INFISICAL_DEFAULT_URL                = "https://app.infisical.com"
 	INFISICAL_WORKSPACE_CONFIG_FILE_NAME = ".infisical.json"
 	INFISICAL_TOKEN_NAME                 = "INFISICAL_TOKEN"
-	INFISICAL_UNIVERSAL_AUTH_CLIENT_ID_NAME     = "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID"
-	INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET_NAME = "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET"
-	INFISICAL_UNIVERSAL_AUTH_ACCESS_TOKEN_NAME  = "INFISICAL_UNIVERSAL_AUTH_ACCESS_TOKEN"
 	SECRET_TYPE_PERSONAL                 = "personal"
 	SECRET_TYPE_SHARED                   = "shared"
 	KEYRING_SERVICE_NAME                 = "infisical"
--- a/cli/packages/util/folders.go
+++ b/cli/packages/util/folders.go
@@ -19,7 +19,7 @@ func GetAllFolders(params models.GetAllFoldersParameters) ([]models.SingleFolder

 	var foldersToReturn []models.SingleFolder
 	var folderErr error
-	if params.InfisicalToken == "" && params.UniversalAuthAccessToken == "" {
+	if params.InfisicalToken == "" {

 		log.Debug().Msg("GetAllFolders: Trying to fetch folders using logged in details")

@@ -44,21 +44,11 @@ func GetAllFolders(params models.GetAllFoldersParameters) ([]models.SingleFolder
 		folders, err := GetFoldersViaJTW(loggedInUserDetails.UserCredentials.JTWToken, workspaceFile.WorkspaceId, params.Environment, params.FoldersPath)
 		folderErr = err
 		foldersToReturn = folders
-	} else if params.InfisicalToken != "" {
+	} else {
 		// get folders via service token
 		folders, err := GetFoldersViaServiceToken(params.InfisicalToken, params.WorkspaceId, params.Environment, params.FoldersPath)
 		folderErr = err
 		foldersToReturn = folders
-	} else if params.UniversalAuthAccessToken != "" {
-
-		if params.WorkspaceId == "" {
-			PrintErrorMessageAndExit("Project ID is required when using machine identity")
-		}
-
-		// get folders via machine identity
-		folders, err := GetFoldersViaMachineIdentity(params.UniversalAuthAccessToken, params.WorkspaceId, params.Environment, params.FoldersPath)
-		folderErr = err
-		foldersToReturn = folders
 	}
 	return foldersToReturn, folderErr
 }
@@ -142,34 +132,6 @@ func GetFoldersViaServiceToken(fullServiceToken string, workspaceId string, envi
 	return folders, nil
 }

-func GetFoldersViaMachineIdentity(accessToken string, workspaceId string, envSlug string, foldersPath string) ([]models.SingleFolder, error) {
-	httpClient := resty.New()
-	httpClient.SetAuthToken(accessToken).
-		SetHeader("Accept", "application/json")
-
-	getFoldersRequest := api.GetFoldersV1Request{
-		WorkspaceId: workspaceId,
-		Environment: envSlug,
-		FoldersPath: foldersPath,
-	}
-
-	apiResponse, err := api.CallGetFoldersV1(httpClient, getFoldersRequest)
-	if err != nil {
-		return nil, err
-	}
-
-	var folders []models.SingleFolder
-
-	for _, folder := range apiResponse.Folders {
-		folders = append(folders, models.SingleFolder{
-			Name: folder.Name,
-			ID:   folder.ID,
-		})
-	}
-
-	return folders, nil
-}
-
 // CreateFolder creates a folder in Infisical
 func CreateFolder(params models.CreateFolderParameters) (models.SingleFolder, error) {
 	loggedInUserDetails, err := GetCurrentLoggedInUserDetails()
--- a/cli/packages/util/helper.go
+++ b/cli/packages/util/helper.go
@@ -9,11 +9,8 @@ import (
 	"os/exec"
 	"path"
 	"strings"
-	"time"

-	"github.com/Infisical/infisical-merge/packages/api"
 	"github.com/Infisical/infisical-merge/packages/models"
-	"github.com/go-resty/resty/v2"
 	"github.com/spf13/cobra"
 )

@@ -67,105 +64,18 @@ func IsSecretTypeValid(s string) bool {
 	return false
 }

-func GetInfisicalToken(cmd *cobra.Command) (token *models.TokenDetails, err error) {
+func GetInfisicalServiceToken(cmd *cobra.Command) (serviceToken string, err error) {
 	infisicalToken, err := cmd.Flags().GetString("token")

-	if err != nil {
-		return nil, err
-	}
-
-	if infisicalToken == "" {
-		// If no flag is passed, we first check for the universal auth access token env variable.
-		infisicalToken = os.Getenv(INFISICAL_UNIVERSAL_AUTH_ACCESS_TOKEN_NAME)
-		// If it's still empty after the first env check, we check for the service token env variable.
 	if infisicalToken == "" {
 		infisicalToken = os.Getenv(INFISICAL_TOKEN_NAME)
 	}
-	}

-	// If it's empty, we return nothing at all.
-	if infisicalToken == "" {
-		return nil, nil
-	}
-
-	if strings.HasPrefix(infisicalToken, "st.") {
-		return &models.TokenDetails{
-			Type:  "service-token",
-			Token: infisicalToken,
-		}, nil
-	}
-
-	return &models.TokenDetails{
-		Type:  "universal-auth-token",
-		Token: infisicalToken,
-	}, nil
-
-}
-
-func GetInfisicalUniversalAuthAccessToken(cmd *cobra.Command) (accessToken string, err error) {
-
-	var token string
-
-	universalAuthClientId, err := cmd.Flags().GetString("universal-auth-client-id")
-	if err != nil {
-		return token, err
-	}
-	universalAuthClientSecret, err := cmd.Flags().GetString("universal-auth-client-secret")
-	if err != nil {
-		return token, err
-	}
-
-	if universalAuthClientId == "" {
-		universalAuthClientId = os.Getenv(INFISICAL_UNIVERSAL_AUTH_CLIENT_ID_NAME)
-	}
-
-	if universalAuthClientSecret == "" {
-		universalAuthClientSecret = os.Getenv(INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET_NAME)
-	}
-
-	if universalAuthClientId != "" || universalAuthClientSecret != "" {
-		res, err := UniversalAuthLogin(universalAuthClientId, universalAuthClientSecret)
-
-		if err != nil {
-			return token, err
-		}
-		token = res.AccessToken
-	}
-
-	return token, nil
-}
-
-func UniversalAuthLogin(clientId string, clientSecret string) (api.UniversalAuthLoginResponse, error) {
-	httpClient := resty.New()
-	httpClient.SetRetryCount(10000).
-		SetRetryMaxWaitTime(20 * time.Second).
-		SetRetryWaitTime(5 * time.Second)
-
-	tokenResponse, err := api.CallUniversalAuthLogin(httpClient, api.UniversalAuthLoginRequest{ClientId: clientId, ClientSecret: clientSecret})
-	if err != nil {
-		return api.UniversalAuthLoginResponse{}, err
-	}
-
-	return tokenResponse, nil
-}
-
-func RenewUniversalAuthAccessToken(accessToken string) (string, error) {
-
-	httpClient := resty.New()
-	httpClient.SetRetryCount(10000).
-		SetRetryMaxWaitTime(20 * time.Second).
-		SetRetryWaitTime(5 * time.Second)
-
-	request := api.UniversalAuthRefreshRequest{
-		AccessToken: accessToken,
-	}
-
-	tokenResponse, err := api.CallUniversalAuthRefreshAccessToken(httpClient, request)
 	if err != nil {
 		return "", err
 	}

-	return tokenResponse.AccessToken, nil
+	return infisicalToken, nil
 }

 // Checks if the passed in email already exists in the users slice
--- a/cli/packages/util/secrets.go
+++ b/cli/packages/util/secrets.go
@@ -159,7 +159,7 @@ func GetPlainTextSecretsViaMachineIdentity(accessToken string, workspaceId strin
 	httpClient.SetAuthToken(accessToken).
 		SetHeader("Accept", "application/json")

-	getSecretsRequest := api.GetRawSecretsV3Request{
+	getSecretsRequest := api.GetEncryptedSecretsV3Request{
 		WorkspaceId:   workspaceId,
 		Environment:   environmentName,
 		IncludeImport: includeImports,
@@ -171,8 +171,7 @@ func GetPlainTextSecretsViaMachineIdentity(accessToken string, workspaceId strin
 		getSecretsRequest.SecretPath = secretsPath
 	}

-	rawSecrets, err := api.CallGetRawSecretsV3(httpClient, getSecretsRequest)
-
+	rawSecrets, err := api.CallGetRawSecretsV3(httpClient, api.GetRawSecretsV3Request{WorkspaceId: workspaceId, SecretPath: secretsPath, Environment: environmentName})
 	if err != nil {
 		return models.PlaintextSecretResult{}, err
 	}
@@ -183,7 +182,7 @@ func GetPlainTextSecretsViaMachineIdentity(accessToken string, workspaceId strin
 	}

 	for _, secret := range rawSecrets.Secrets {
-		plainTextSecrets = append(plainTextSecrets, models.SingleEnvironmentVariable{Key: secret.SecretKey, Value: secret.SecretValue, Type: secret.Type, WorkspaceId: secret.Workspace})
+		plainTextSecrets = append(plainTextSecrets, models.SingleEnvironmentVariable{Key: secret.SecretKey, Value: secret.SecretValue, WorkspaceId: secret.Workspace})
 	}

 	// if includeImports {
@@ -356,11 +355,6 @@ func GetAllEnvironmentVariables(params models.GetAllSecretsParameters, projectCo
 			log.Debug().Msg("Trying to fetch secrets using service token")
 			secretsToReturn, _, errorToReturn = GetPlainTextSecretsViaServiceToken(params.InfisicalToken, params.Environment, params.SecretsPath, params.IncludeImport, params.Recursive)
 		} else if params.UniversalAuthAccessToken != "" {
-
-			if params.WorkspaceId == "" {
-				PrintErrorMessageAndExit("Project ID is required when using machine identity")
-			}
-
 			log.Debug().Msg("Trying to fetch secrets using universal auth")
 			res, err := GetPlainTextSecretsViaMachineIdentity(params.UniversalAuthAccessToken, params.WorkspaceId, params.Environment, params.SecretsPath, params.IncludeImport, params.Recursive)

--- a/docs/api-reference/overview/examples/e2ee-disabled.mdx
+++ b/docs/api-reference/overview/examples/e2ee-disabled.mdx
@@ -1,180 +0,0 @@
---
-title: "E2EE Disabled"
---
-
-Using Infisical's API to read/write secrets with E2EE disabled allows you to create, update, and retrieve secrets
-in plaintext. Effectively, this means each such secret operation only requires 1 HTTP call.
-
-<AccordionGroup>
-    <Accordion title="Retrieve secrets">
-        Retrieve all secrets for an Infisical project and environment. 
-        <Tabs>
-            <Tab title="cURL">
-                ```bash
-                curl --location --request GET 'https://app.infisical.com/api/v3/secrets/raw?environment=environment&workspaceId=workspaceId' \
-                    --header 'Authorization: Bearer serviceToken'
-
-                ```
-            </Tab>
-        </Tabs>
-    ####
-    <Info>
-        When using a [service token](../../../documentation/platform/token) with access to a single environment and path, you don't need to provide request parameters because the server will automatically scope the request to the defined environment/secrets path of the service token used. 
-        For all other cases, request parameters are required.
-    </Info>
-    ####
-        <ParamField query="workspaceId" type="string" required>
-            The ID of the workspace
-        </ParamField>
-        <ParamField query="environment" type="string" required>
-            The environment slug
-        </ParamField>
-        <ParamField query="secretPath" type="string" default="/" optional>
-            Path to secrets in workspace
-        </ParamField>
-    </Accordion>
-    <Accordion title="Create secret">
-        Create a secret in Infisical.
-
-        <Tabs>
-            <Tab title="cURL">
-                ```bash
-                curl --location --request POST 'https://app.infisical.com/api/v3/secrets/raw/secretName' \
-                    --header 'Authorization: Bearer serviceToken' \
-                    --header 'Content-Type: application/json' \
-                    --data-raw '{
-                        "workspaceId": "workspaceId",
-                        "environment": "environment",
-                        "type": "shared",
-                        "secretValue": "secretValue",
-                        "secretPath": "/"
-                    }'
-                ```
-            </Tab>
-        </Tabs>
-
-        <ParamField path="secretName" type="string" required>
-            Name of secret to create
-        </ParamField>
-        <ParamField body="workspaceId" type="string" required>
-            The ID of the workspace
-        </ParamField>
-        <ParamField body="environment" type="string" required>
-            The environment slug
-        </ParamField>
-        <ParamField body="secretValue" type="string" required>
-            Value of secret
-        </ParamField>
-        <ParamField body="secretComment" type="string" optional>
-            Comment of secret
-        </ParamField>
-        <ParamField body="secretPath" type="string" default="/" optional>
-            Path to secret in workspace
-        </ParamField>
-        <ParamField query="type" type="string" optional default="shared">
-            The type of the secret. Valid options are “shared” or “personal”
-        </ParamField>
-    </Accordion>
-    <Accordion title="Retrieve secret">
-        Retrieve a secret from Infisical.
-
-        <Tabs>
-            <Tab title="cURL">
-                ```bash
-                curl --location --request GET 'https://app.infisical.com/api/v3/secrets/raw/secretName?workspaceId=workspaceId&environment=environment' \
-                    --header 'Authorization: Bearer serviceToken'
-                ```
-            </Tab>
-        </Tabs>
-
-        <ParamField path="secretName" type="string" required>
-            Name of secret to retrieve
-        </ParamField>
-        <ParamField query="workspaceId" type="string" required>
-            The ID of the workspace
-        </ParamField>
-        <ParamField query="environment" type="string" required>
-            The environment slug
-        </ParamField>
-        <ParamField query="secretPath" type="string" default="/" optional>
-            Path to secrets in workspace
-        </ParamField>
-        <ParamField query="type" type="string" optional default="personal">
-            The type of the secret. Valid options are “shared” or “personal”
-        </ParamField>
-    </Accordion>
-    <Accordion title="Update secret">
-        Update an existing secret in Infisical.
-
-        <Tabs>
-            <Tab title="cURL">
-                ```bash
-                curl --location --request PATCH 'https://app.infisical.com/api/v3/secrets/raw/secretName' \
-                    --header 'Authorization: Bearer serviceToken' \
-                    --header 'Content-Type: application/json' \
-                    --data-raw '{
-                        "workspaceId": "workspaceId",
-                        "environment": "environment",
-                        "type": "shared",
-                        "secretValue": "secretValue",
-                        "secretPath": "/"
-                    }'
-                ```
-            </Tab>
-        </Tabs>
-
-        <ParamField path="secretName" type="string" required>
-            Name of secret to update
-        </ParamField>
-        <ParamField body="workspaceId" type="string" required>
-            The ID of the workspace
-        </ParamField>
-        <ParamField body="environment" type="string" required>
-            The environment slug
-        </ParamField>
-        <ParamField body="secretValue" type="string" required>
-            Value of secret
-        </ParamField>
-        <ParamField body="secretPath" type="string" default="/" optional>
-            Path to secret in workspace.
-        </ParamField>
-        <ParamField query="type" type="string" optional default="shared">
-            The type of the secret. Valid options are “shared” or “personal”
-        </ParamField>
-    </Accordion>
-    <Accordion title="Delete secret">
-        Delete a secret in Infisical.
-
-        <Tabs>
-            <Tab title="cURL">
-                ```bash
-            curl --location --request DELETE 'https://app.infisical.com/api/v3/secrets/raw/secretName' \
-                --header 'Authorization: Bearer serviceToken' \
-                --header 'Content-Type: application/json' \
-                --data-raw '{
-                    "workspaceId": "workspaceId",
-                    "environment": "environment",
-                    "type": "shared",
-                    "secretPath": "/"
-                }'
-                ```
-            </Tab>
-        </Tabs>
-
-        <ParamField path="secretName" type="string" required>
-            Name of secret to update
-        </ParamField>
-        <ParamField body="workspaceId" type="string" required>
-            The ID of the workspace
-        </ParamField>
-        <ParamField body="environment" type="string" required>
-            The environment slug
-        </ParamField>
-        <ParamField body="secretPath" type="string" default="/" optional>
-            Path to secret in workspace.
-        </ParamField>
-        <ParamField query="type" type="string" optional default="personal">
-            The type of the secret. Valid options are “shared” or “personal”
-    </ParamField>
-    </Accordion>
-</AccordionGroup>
--- a/docs/api-reference/overview/examples/e2ee-enabled.mdx
+++ b/docs/api-reference/overview/examples/e2ee-enabled.mdx
@@ -1,862 +0,0 @@
---
-title: "E2EE Enabled"
---
-
-<Note>
-    E2EE enabled mode only works with [Service Tokens](/documentation/platform/token) and cannot be used with [Identities](/documentation/platform/identities/overview).
-</Note>
-
-Using Infisical's API to read/write secrets with E2EE enabled allows you to create, update, and retrieve secrets
-but requires you to perform client-side encryption/decryption operations. For this reason, we recommend using one of the available
-SDKs instead.
-
-<AccordionGroup>
-    <Accordion title="Retrieve secrets">
-        <Tabs>
-  <Tab title="Javascript">
-   Retrieve all secrets for an Infisical project and environment.
-```js
-const crypto = require('crypto');
-const axios = require('axios');
-
-const BASE_URL = 'https://app.infisical.com';
-const ALGORITHM = 'aes-256-gcm';
-
-const decrypt = ({ ciphertext, iv, tag, secret}) => {
-	const decipher = crypto.createDecipheriv(
-		ALGORITHM,
-		secret,
-		Buffer.from(iv, 'base64')
-	);
-	decipher.setAuthTag(Buffer.from(tag, 'base64'));
-
-    let cleartext = decipher.update(ciphertext, 'base64', 'utf8');
-    cleartext += decipher.final('utf8');
-
-    return cleartext;
-}
-
-const getSecrets = async () => {
-	const serviceToken = 'your_service_token';
-	const serviceTokenSecret = serviceToken.substring(serviceToken.lastIndexOf('.') + 1);
-
-    // 1. Get your Infisical Token data
-    const { data: serviceTokenData } = await axios.get(
-       `${BASE_URL}/api/v2/service-token`,
-        {
-            headers: {
-                Authorization: `Bearer ${serviceToken}`
-            }
-        }
-    );
-
-    // 2. Get secrets for your project and environment
-    const { data } = await axios.get(
-       `${BASE_URL}/api/v3/secrets?${new URLSearchParams({
-            environment: serviceTokenData.environment,
-            workspaceId: serviceTokenData.workspace
-        })}`,
-        {
-            headers: {
-                Authorization: `Bearer ${serviceToken}`
-            }
-        }
-    );
-
-    const encryptedSecrets = data.secrets;
-
-    // 3. Decrypt the (encrypted) project key with the key from your Infisical Token
-    const projectKey = decrypt({
-        ciphertext: serviceTokenData.encryptedKey,
-        iv: serviceTokenData.iv,
-        tag: serviceTokenData.tag,
-        secret: serviceTokenSecret
-    });
-
-	// 4. Decrypt the (encrypted) secrets
-    const secrets = encryptedSecrets.map((secret) => {
-        const secretKey = decrypt({
-          ciphertext: secret.secretKeyCiphertext,
-          iv: secret.secretKeyIV,
-          tag: secret.secretKeyTag,
-          secret: projectKey
-        });
-
-        const secretValue = decrypt({
-          ciphertext: secret.secretValueCiphertext,
-          iv: secret.secretValueIV,
-          tag: secret.secretValueTag,
-          secret: projectKey
-        });
-
-        return ({
-            secretKey,
-            secretValue
-        });
-    });
-
-    console.log('secrets: ', secrets);
-}
-
-getSecrets();
-
-```
-  </Tab>
-
-<Tab title="Python">
-```Python
-import requests
-import base64
-from Cryptodome.Cipher import AES
-
-
-BASE_URL = "http://app.infisical.com"
-
-
-def decrypt(ciphertext, iv, tag, secret):
-    secret = bytes(secret, "utf-8")
-    iv = base64.standard_b64decode(iv)
-    tag = base64.standard_b64decode(tag)
-    ciphertext = base64.standard_b64decode(ciphertext)
-
-    cipher = AES.new(secret, AES.MODE_GCM, iv)
-    cipher.update(tag)
-    cleartext = cipher.decrypt(ciphertext).decode("utf-8")
-    return cleartext
-
-
-def get_secrets():
-    service_token = "your_service_token"
-    service_token_secret = service_token[service_token.rindex(".") + 1 :]
-
-    # 1. Get your Infisical Token data
-    service_token_data = requests.get(
-        f"{BASE_URL}/api/v2/service-token",
-        headers={"Authorization": f"Bearer {service_token}"},
-    ).json()
-
-    # 2. Get secrets for your project and environment
-    data = requests.get(
-        f"{BASE_URL}/api/v3/secrets",
-        params={
-            "environment": service_token_data["environment"],
-            "workspaceId": service_token_data["workspace"],
-        },
-        headers={"Authorization": f"Bearer {service_token}"},
-    ).json()
-
-    encrypted_secrets = data["secrets"]
-
-    # 3. Decrypt the (encrypted) project key with the key from your Infisical Token
-    project_key = decrypt(
-        ciphertext=service_token_data["encryptedKey"],
-        iv=service_token_data["iv"],
-        tag=service_token_data["tag"],
-        secret=service_token_secret,
-    )
-
-    # 4. Decrypt the (encrypted) secrets
-    secrets = []
-    for secret in encrypted_secrets:
-        secret_key = decrypt(
-            ciphertext=secret["secretKeyCiphertext"],
-            iv=secret["secretKeyIV"],
-            tag=secret["secretKeyTag"],
-            secret=project_key,
-        )
-
-        secret_value = decrypt(
-            ciphertext=secret["secretValueCiphertext"],
-            iv=secret["secretValueIV"],
-            tag=secret["secretValueTag"],
-            secret=project_key,
-        )
-
-        secrets.append(
-            {
-                "secret_key": secret_key,
-                "secret_value": secret_value,
-            }
-        )
-
-    print("secrets:", secrets)
-
-
-get_secrets()
-
-```
-</Tab>
-</Tabs>
-    </Accordion>
-    <Accordion title="Create secret">
-        <Tabs>
-<Tab title="Javascript">
-Create a secret in Infisical.
-```js
-const crypto = require('crypto');
-const axios = require('axios');
-const nacl = require('tweetnacl');
-
-const BASE_URL = 'https://app.infisical.com';
-const ALGORITHM = 'aes-256-gcm';
-const BLOCK_SIZE_BYTES = 16;
-
-const encrypt = ({ text, secret }) => {
-    const iv = crypto.randomBytes(BLOCK_SIZE_BYTES);
-    const cipher = crypto.createCipheriv(ALGORITHM, secret, iv);
-
-    let ciphertext = cipher.update(text, 'utf8', 'base64');
-    ciphertext += cipher.final('base64');
-    return {
-        ciphertext,
-        iv: iv.toString('base64'),
-        tag: cipher.getAuthTag().toString('base64')
-    };
-}
-
-const decrypt = ({ ciphertext, iv, tag, secret}) => {
-	const decipher = crypto.createDecipheriv(
-		ALGORITHM,
-		secret,
-		Buffer.from(iv, 'base64')
-	);
-	decipher.setAuthTag(Buffer.from(tag, 'base64'));
-
-	let cleartext = decipher.update(ciphertext, 'base64', 'utf8');
-	cleartext += decipher.final('utf8');
-
-	return cleartext;
-}
-
-const createSecrets = async () => {
-    const serviceToken = '';
-    const serviceTokenSecret = serviceToken.substring(serviceToken.lastIndexOf('.') + 1);
-    
-    const secretType = 'shared'; // 'shared' or 'personal'
-    const secretKey = 'some_key';
-    const secretValue = 'some_value';
-    const secretComment = 'some_comment';
-
-    // 1. Get your Infisical Token data
-    const { data: serviceTokenData } = await axios.get(
-       `${BASE_URL}/api/v2/service-token`,
-        {
-            headers: {
-                Authorization: `Bearer ${serviceToken}`
-            }
-        }
-    );
-
-    // 2. Decrypt the (encrypted) project key with the key from your Infisical Token
-    const projectKey = decrypt({
-        ciphertext: serviceTokenData.encryptedKey,
-        iv: serviceTokenData.iv,
-        tag: serviceTokenData.tag,
-        secret: serviceTokenSecret
-    });
-    
-	// 3. Encrypt your secret with the project key
-    const {
-        ciphertext: secretKeyCiphertext,
-        iv: secretKeyIV,
-        tag: secretKeyTag
-    } = encrypt({
-        text: secretKey,
-        secret: projectKey
-    });
-
-    const {
-        ciphertext: secretValueCiphertext,
-        iv: secretValueIV,
-        tag: secretValueTag
-    } = encrypt({
-        text: secretValue,
-        secret: projectKey
-    });
-
-    const {
-        ciphertext: secretCommentCiphertext,
-        iv: secretCommentIV,
-        tag: secretCommentTag
-    } = encrypt({
-        text: secretComment,
-        secret: projectKey
-    });
-
-	// 4. Send (encrypted) secret to Infisical
-    await axios.post(
-        `${BASE_URL}/api/v3/secrets/${secretKey}`,
-        {
-            workspaceId: serviceTokenData.workspace,
-            environment: serviceTokenData.environment,
-            type: secretType,
-            secretKeyCiphertext,
-            secretKeyIV,
-            secretKeyTag,
-            secretValueCiphertext,
-            secretValueIV,
-            secretValueTag,
-            secretCommentCiphertext,
-            secretCommentIV,
-            secretCommentTag
-        },
-        {
-            headers: {
-                Authorization: `Bearer ${serviceToken}`
-            }
-        }
-    );
-}
-
-createSecrets();
-```
-</Tab>
-
-<Tab title="Python">
-```Python
-import base64
-import requests
-from Cryptodome.Cipher import AES
-from Cryptodome.Random import get_random_bytes
-
-
-BASE_URL = "https://app.infisical.com"
-BLOCK_SIZE_BYTES = 16
-
-
-def encrypt(text, secret):
-    iv = get_random_bytes(BLOCK_SIZE_BYTES)
-    secret = bytes(secret, "utf-8")
-    cipher = AES.new(secret, AES.MODE_GCM, iv)
-    ciphertext, tag = cipher.encrypt_and_digest(text.encode("utf-8"))
-    return {
-        "ciphertext": base64.standard_b64encode(ciphertext).decode("utf-8"),
-        "tag": base64.standard_b64encode(tag).decode("utf-8"),
-        "iv": base64.standard_b64encode(iv).decode("utf-8"),
-    }
-
-
-def decrypt(ciphertext, iv, tag, secret):
-    secret = bytes(secret, "utf-8")
-    iv = base64.standard_b64decode(iv)
-    tag = base64.standard_b64decode(tag)
-    ciphertext = base64.standard_b64decode(ciphertext)
-
-    cipher = AES.new(secret, AES.MODE_GCM, iv)
-    cipher.update(tag)
-    cleartext = cipher.decrypt(ciphertext).decode("utf-8")
-    return cleartext
-
-
-def create_secrets():
-    service_token = "your_service_token"
-    service_token_secret = service_token[service_token.rindex(".") + 1 :]
-
-    secret_type = "shared"  # "shared or "personal"
-    secret_key = "some_key"
-    secret_value = "some_value"
-    secret_comment = "some_comment"
-
-    # 1. Get your Infisical Token data
-    service_token_data = requests.get(
-        f"{BASE_URL}/api/v2/service-token",
-        headers={"Authorization": f"Bearer {service_token}"},
-    ).json()
-
-    # 2. Decrypt the (encrypted) project key with the key from your Infisical Token
-    project_key = decrypt(
-        ciphertext=service_token_data["encryptedKey"],
-        iv=service_token_data["iv"],
-        tag=service_token_data["tag"],
-        secret=service_token_secret,
-    )
-
-    # 3. Encrypt your secret with the project key
-    encrypted_key_data = encrypt(text=secret_key, secret=project_key)
-    encrypted_value_data = encrypt(text=secret_value, secret=project_key)
-    encrypted_comment_data = encrypt(text=secret_comment, secret=project_key)
-
-    # 4. Send (encrypted) secret to Infisical
-    requests.post(
-        f"{BASE_URL}/api/v3/secrets/{secret_key}",
-        json={
-            "workspaceId": service_token_data["workspace"],
-            "environment": service_token_data["environment"],
-            "type": secret_type,
-            "secretKeyCiphertext": encrypted_key_data["ciphertext"],
-            "secretKeyIV": encrypted_key_data["iv"],
-            "secretKeyTag": encrypted_key_data["tag"],
-            "secretValueCiphertext": encrypted_value_data["ciphertext"],
-            "secretValueIV": encrypted_value_data["iv"],
-            "secretValueTag": encrypted_value_data["tag"],
-            "secretCommentCiphertext": encrypted_comment_data["ciphertext"],
-            "secretCommentIV": encrypted_comment_data["iv"],
-            "secretCommentTag": encrypted_comment_data["tag"]
-        },
-        headers={"Authorization": f"Bearer {service_token}"},
-    )
-
-
-create_secrets()
-
-```
-</Tab>
-</Tabs>
-    </Accordion>
-    <Accordion title="Retrieve secret">
-        <Tabs>
-  <Tab title="Javascript">
-  Retrieve a secret from Infisical.
-```js
-const crypto = require('crypto');
-const axios = require('axios');
-
-const BASE_URL = 'https://app.infisical.com';
-const ALGORITHM = 'aes-256-gcm';
-
-const decrypt = ({ ciphertext, iv, tag, secret}) => {
-	const decipher = crypto.createDecipheriv(
-		ALGORITHM,
-		secret,
-		Buffer.from(iv, 'base64')
-	);
-	decipher.setAuthTag(Buffer.from(tag, 'base64'));
-
-    let cleartext = decipher.update(ciphertext, 'base64', 'utf8');
-    cleartext += decipher.final('utf8');
-
-    return cleartext;
-}
-
-const getSecret = async () => {
-	const serviceToken = 'your_service_token';
-	const serviceTokenSecret = serviceToken.substring(serviceToken.lastIndexOf('.') + 1);
-    
-    const secretType = 'shared' // 'shared' or 'personal'
-    const secretKey = 'some_key';
-
-    // 1. Get your Infisical Token data
-    const { data: serviceTokenData } = await axios.get(
-       `${BASE_URL}/api/v2/service-token`,
-        {
-            headers: {
-                Authorization: `Bearer ${serviceToken}`
-            }
-        }
-    );
-
-    // 2. Get the secret from your project and environment
-    const { data } = await axios.get(
-       `${BASE_URL}/api/v3/secrets/${secretKey}?${new URLSearchParams({
-            environment: serviceTokenData.environment,
-            workspaceId: serviceTokenData.workspace,
-            type: secretType // optional, defaults to 'shared'
-        })}`,
-        {
-            headers: {
-                Authorization: `Bearer ${serviceToken}`
-            }
-        }
-    );
-
-    const encryptedSecret = data.secret;
-
-    // 3. Decrypt the (encrypted) project key with the key from your Infisical Token
-    const projectKey = decrypt({
-        ciphertext: serviceTokenData.encryptedKey,
-        iv: serviceTokenData.iv,
-        tag: serviceTokenData.tag,
-        secret: serviceTokenSecret
-    });
-
-	// 4. Decrypt the (encrypted) secret value
-
-    const secretValue = decrypt({
-        ciphertext: encryptedSecret.secretValueCiphertext,
-        iv: encryptedSecret.secretValueIV,
-        tag: encryptedSecret.secretValueTag,
-        secret: projectKey
-    });
-
-    console.log('secret: ', ({
-        secretKey,
-        secretValue
-    }));
-}
-
-getSecret();
-
-```
-  </Tab>
-
-<Tab title="Python">
-```Python
-import requests
-import base64
-from Cryptodome.Cipher import AES
-
-
-BASE_URL = "http://app.infisical.com"
-
-
-def decrypt(ciphertext, iv, tag, secret):
-    secret = bytes(secret, "utf-8")
-    iv = base64.standard_b64decode(iv)
-    tag = base64.standard_b64decode(tag)
-    ciphertext = base64.standard_b64decode(ciphertext)
-
-    cipher = AES.new(secret, AES.MODE_GCM, iv)
-    cipher.update(tag)
-    cleartext = cipher.decrypt(ciphertext).decode("utf-8")
-    return cleartext
-
-
-def get_secret():
-    service_token = "your_service_token"
-    service_token_secret = service_token[service_token.rindex(".") + 1 :]
-
-    secret_type = "shared" # "shared" or "personal"
-    secret_key = "some_key"
-
-    # 1. Get your Infisical Token data
-    service_token_data = requests.get(
-        f"{BASE_URL}/api/v2/service-token",
-        headers={"Authorization": f"Bearer {service_token}"},
-    ).json()
-
-    # 2. Get secret from your project and environment
-    data = requests.get(
-        f"{BASE_URL}/api/v3/secrets/{secret_key}",
-        params={
-            "environment": service_token_data["environment"],
-            "workspaceId": service_token_data["workspace"],
-            "type": secret_type # optional, defaults to "shared"
-        },
-        headers={"Authorization": f"Bearer {service_token}"},
-    ).json()
-
-    encrypted_secret = data["secret"]
-
-    # 3. Decrypt the (encrypted) project key with the key from your Infisical Token
-    project_key = decrypt(
-        ciphertext=service_token_data["encryptedKey"],
-        iv=service_token_data["iv"],
-        tag=service_token_data["tag"],
-        secret=service_token_secret,
-    )
-
-    # 4. Decrypt the (encrypted) secret value
-    secret_value = decrypt(
-        ciphertext=encrypted_secret["secretValueCiphertext"],
-        iv=encrypted_secret["secretValueIV"],
-        tag=encrypted_secret["secretValueTag"],
-        secret=project_key,
-    )
-
-    print("secret: ", {
-        "secret_key": secret_key,
-        "secret_value": secret_value
-    })
-
-
-get_secret()
-
-```
-</Tab>
-</Tabs>
-    </Accordion>
-    <Accordion title="Update secret">
-        <Tabs>
-<Tab title="Javascript">
-Update an existing secret in Infisical.
-```js
-const crypto = require('crypto');
-const axios = require('axios');
-
-const BASE_URL = 'https://app.infisical.com';
-const ALGORITHM = 'aes-256-gcm';
-const BLOCK_SIZE_BYTES = 16;
-
-const encrypt = ({ text, secret }) => {
-    const iv = crypto.randomBytes(BLOCK_SIZE_BYTES);
-    const cipher = crypto.createCipheriv(ALGORITHM, secret, iv);
-
-    let ciphertext = cipher.update(text, 'utf8', 'base64');
-    ciphertext += cipher.final('base64');
-    return {
-        ciphertext,
-        iv: iv.toString('base64'),
-        tag: cipher.getAuthTag().toString('base64')
-    };
-}
-
-const decrypt = ({ ciphertext, iv, tag, secret}) => {
-	const decipher = crypto.createDecipheriv(
-		ALGORITHM,
-		secret,
-		Buffer.from(iv, 'base64')
-	);
-	decipher.setAuthTag(Buffer.from(tag, 'base64'));
-
-	let cleartext = decipher.update(ciphertext, 'base64', 'utf8');
-	cleartext += decipher.final('utf8');
-
-	return cleartext;
-}
-
-const updateSecrets = async () => {
-    const serviceToken = 'your_service_token';
-    const serviceTokenSecret = serviceToken.substring(serviceToken.lastIndexOf('.') + 1);
-    
-    const secretType = 'shared' // 'shared' or 'personal'
-    const secretKey = 'some_key';
-    const secretValue = 'updated_value';
-    const secretComment = 'updated_comment';
-
-    // 1. Get your Infisical Token data
-    const { data: serviceTokenData } = await axios.get(
-       `${BASE_URL}/api/v2/service-token`,
-        {
-            headers: {
-                Authorization: `Bearer ${serviceToken}`
-            }
-        }
-    );
-
-    // 2. Decrypt the (encrypted) project key with the key from your Infisical Token
-    const projectKey = decrypt({
-        ciphertext: serviceTokenData.encryptedKey,
-        iv: serviceTokenData.iv,
-        tag: serviceTokenData.tag,
-        secret: serviceTokenSecret
-    });
-    
-	// 3. Encrypt your updated secret with the project key
-    const {
-        ciphertext: secretKeyCiphertext,
-        iv: secretKeyIV,
-        tag: secretKeyTag
-    } = encrypt({
-        text: secretKey,
-        secret: projectKey
-    });
-
-    const {
-        ciphertext: secretValueCiphertext,
-        iv: secretValueIV,
-        tag: secretValueTag
-    } = encrypt({
-        text: secretValue,
-        secret: projectKey
-    });
-
-    const {
-        ciphertext: secretCommentCiphertext,
-        iv: secretCommentIV,
-        tag: secretCommentTag
-    } = encrypt({
-        text: secretComment,
-        secret: projectKey
-    });
-	
-	// 4. Send (encrypted) updated secret to Infisical
-    await axios.patch(
-        `${BASE_URL}/api/v3/secrets/${secretKey}`,
-        {
-            workspaceId: serviceTokenData.workspace,
-            environment: serviceTokenData.environment,
-            type: secretType,
-            secretValueCiphertext,
-            secretValueIV,
-            secretValueTag,
-            secretCommentCiphertext,
-            secretCommentIV,
-            secretCommentTag
-        },
-        {
-            headers: {
-                Authorization: `Bearer ${serviceToken}`
-            }
-        }
-    );
-}
-
-updateSecrets();
-```
-</Tab>
-
-<Tab title="Python">
-```Python
-import base64
-import requests
-from Cryptodome.Cipher import AES
-from Cryptodome.Random import get_random_bytes
-
-
-BASE_URL = "https://app.infisical.com"
-BLOCK_SIZE_BYTES = 16
-
-
-def encrypt(text, secret):
-    iv = get_random_bytes(BLOCK_SIZE_BYTES)
-    secret = bytes(secret, "utf-8")
-    cipher = AES.new(secret, AES.MODE_GCM, iv)
-    ciphertext, tag = cipher.encrypt_and_digest(text.encode("utf-8"))
-    return {
-        "ciphertext": base64.standard_b64encode(ciphertext).decode("utf-8"),
-        "tag": base64.standard_b64encode(tag).decode("utf-8"),
-        "iv": base64.standard_b64encode(iv).decode("utf-8"),
-    }
-
-
-def decrypt(ciphertext, iv, tag, secret):
-    secret = bytes(secret, "utf-8")
-    iv = base64.standard_b64decode(iv)
-    tag = base64.standard_b64decode(tag)
-    ciphertext = base64.standard_b64decode(ciphertext)
-
-    cipher = AES.new(secret, AES.MODE_GCM, iv)
-    cipher.update(tag)
-    cleartext = cipher.decrypt(ciphertext).decode("utf-8")
-    return cleartext
-
-
-def update_secret():
-    service_token = "your_service_token"
-    service_token_secret = service_token[service_token.rindex(".") + 1 :]
-
-    secret_type = "shared" # "shared" or "personal"
-    secret_key = "some_key"
-    secret_value = "updated_value"
-    secret_comment = "updated_comment"
-
-    # 1. Get your Infisical Token data
-    service_token_data = requests.get(
-        f"{BASE_URL}/api/v2/service-token",
-        headers={"Authorization": f"Bearer {service_token}"},
-    ).json()
-
-    # 2. Decrypt the (encrypted) project key with the key from your Infisical Token
-    project_key = decrypt(
-        ciphertext=service_token_data["encryptedKey"],
-        iv=service_token_data["iv"],
-        tag=service_token_data["tag"],
-        secret=service_token_secret,
-    )
-
-    # 3. Encrypt your updated secret with the project key
-    encrypted_key_data = encrypt(text=secret_key, secret=project_key)
-    encrypted_value_data = encrypt(text=secret_value, secret=project_key)
-    encrypted_comment_data = encrypt(text=secret_comment, secret=project_key)
-
-    # 4. Send (encrypted) updated secret to Infisical
-    requests.patch(
-        f"{BASE_URL}/api/v3/secrets/{secret_key}",
-        json={
-            "workspaceId": service_token_data["workspace"],
-            "environment": service_token_data["environment"],
-            "type": secret_type,
-            "secretKeyCiphertext": encrypted_key_data["ciphertext"],
-            "secretKeyIV": encrypted_key_data["iv"],
-            "secretKeyTag": encrypted_key_data["tag"],
-            "secretValueCiphertext": encrypted_value_data["ciphertext"],
-            "secretValueIV": encrypted_value_data["iv"],
-            "secretValueTag": encrypted_value_data["tag"],
-            "secretCommentCiphertext": encrypted_comment_data["ciphertext"],
-            "secretCommentIV": encrypted_comment_data["iv"],
-            "secretCommentTag": encrypted_comment_data["tag"]
-        },
-        headers={"Authorization": f"Bearer {service_token}"},
-    )
-
-
-update_secret()
-
-```
-</Tab>
-</Tabs>
-    </Accordion>
-    <Accordion title="Delete secret">
-        <Tabs>
-  <Tab title="Javascript">
-  Delete a secret in Infisical.
-```js
-const axios = require('axios'); 
-const BASE_URL = 'https://app.infisical.com';
-
-const deleteSecrets = async () => {
-  const serviceToken = 'your_service_token';
-  const secretType = 'shared' // 'shared' or 'personal'
-  const secretKey = 'some_key'
-  
-  // 1. Get your Infisical Token data
-  const { data: serviceTokenData } = await axios.get(
-      `${BASE_URL}/api/v2/service-token`,
-      {
-          headers: {
-              Authorization: `Bearer ${serviceToken}`
-          }
-      }
-  );
-
-  // 2. Delete secret from Infisical
-  await axios.delete(
-    `${BASE_URL}/api/v3/secrets/${secretKey}`,
-    {
-      workspaceId: serviceTokenData.workspace,
-      environment: serviceTokenData.environment,
-      type: secretType
-    },
-    {
-      headers: {
-        Authorization: `Bearer ${serviceToken}`
-      },
-    }
-  );
-};
-
-deleteSecrets();
-```
-  </Tab>
-
-  <Tab title="Python">
-```Python
-import requests
-
-BASE_URL = "https://app.infisical.com"
-
-
-def delete_secrets():
-    service_token = "<your_service_token>"
-    secret_type = "shared" # "shared" or "personal"
-    secret_key = "some_key"
-
-    # 1. Get your Infisical Token data
-    service_token_data = requests.get(
-        f"{BASE_URL}/api/v2/service-token",
-        headers={"Authorization": f"Bearer {service_token}"},
-    ).json() 
-
-    # 2. Delete secret from Infisical
-    requests.delete(
-        f"{BASE_URL}/api/v2/secrets/{secret_key}",
-        json={
-            "workspaceId": service_token_data["workspace"],
-            "environment": service_token_data["environment"],
-            "type": secret_type
-        },
-        headers={"Authorization": f"Bearer {service_token}"},
-    )
-
-
-delete_secrets()
-
-```
-  </Tab>
-</Tabs>
-<Info>
-  If using an `API_KEY` to authenticate with the Infisical API, then you should include it in the `X_API_KEY` header.
-</Info>
-
-    </Accordion>
-</AccordionGroup>
--- a/docs/api-reference/overview/examples/integration.mdx
+++ b/docs/api-reference/overview/examples/integration.mdx
@@ -0,0 +1,90 @@
+---
+title: "Configure native integrations programmatically"
+description: "How to use Infisical API to sync secrets to external secret managers"
+---
+
+The Infisical API allows you to create programmatic integrations that connect with third-party secret managers to synchronize secrets from Infisical.
+
+This guide will primarily demonstrate the process using AWS Secret Store Manager (AWS SSM), but the steps are generally applicable to other secret management integrations.
+
+<Info>
+    For details on setting up AWS SSM synchronization and understanding its prerequisites, refer to the [AWS SSM integration setup documentation](../../../integrations/cloud/aws-secret-manager).
+</Info>
+
+<Steps>
+  <Step title="Authenticate with AWS SSM">
+     Authentication is required for all integrations. Use the [Integration Auth API](../../endpoints/integrations/create-auth) with the following parameters to authenticate.
+
+    <ParamField body="integration" type="string" initialValue="aws-secret-manager" required>
+        Set this parameter to **aws-secret-manager**.
+    </ParamField>
+    <ParamField body="workspaceId" type="string" required>
+        The Infisical project ID for the integration.
+    </ParamField>
+    <ParamField body="accessId" type="string" required>
+        The AWS IAM User Access ID.
+    </ParamField>
+    <ParamField body="accessToken" type="string" required>
+        The AWS IAM User Access Secret Key.
+    </ParamField>
+
+    ```bash Request
+    curl --request POST \
+        --url https://app.infisical.com/api/v1/integration-auth/access-token \
+        --header 'Authorization: <authorization>' \
+        --header 'Content-Type: application/json' \
+        --data '{
+        "workspaceId": "<workspaceid>",
+        "integration": "aws-secret-manager",
+        "accessId": "<aws iam user access id>",
+        "accessToken": "<aws iam user access secret key>"
+    }'
+    ```
+
+  </Step>
+  <Step title="Configure the Synchronization Setup">
+	Once authentication between AWS SSM and Infisical is established, you can configure the synchronization behavior. 
+	This involves specifying the source (environment and secret path in Infisical) and the destination in SSM to which the secrets will be synchronized.
+
+    Use the [integration API](../../endpoints/integrations/create) with the following parameters to configure the sync source and destination.
+
+    <ParamField body="integrationAuthId" type="string" required>
+        The ID of the integration authentication object used with AWS, obtained from the previous API response.
+    </ParamField>
+    <ParamField body="isActive" type="boolean">
+        Indicates whether the integration should be active or inactive.
+    </ParamField>
+    <ParamField body="app" type="string" required>
+        The secret name for saving in AWS SSM, which can be arbitrarily chosen.
+    </ParamField>
+    <ParamField body="region" type="string" required>
+        The AWS region where the SSM is located, e.g., `us-east-1`.
+    </ParamField>
+    <ParamField body="sourceEnvironment" type="string" required>
+        The Infisical environment slug from which secrets will be synchronized, e.g., `dev`.
+    </ParamField>
+    <ParamField body="secretPath" type="string" required>
+        The Infisical folder path from which secrets will be synchronized, e.g., `/some/path`. The root path is `/`.
+    </ParamField>
+
+    ```bash Request
+    curl --request POST \
+        --url https://app.infisical.com/api/v1/integration \
+        --header 'Authorization: <authorization>' \
+        --header 'Content-Type: application/json' \
+        --data '{
+        "integrationAuthId": "<integrationauthid>",
+        "sourceEnvironment": "<sourceenvironment>",
+        "secretPath": "<secret-path, default is '/' >",
+        "app": "<app>",
+        "region": "<aws-ssm-region>"
+    }'
+    ```
+
+  </Step>
+</Steps>
+
+<Check>
+Congratulations! You have successfully set up an integration to synchronize secrets from Infisical with AWS SSM.
+For more information, [view the integration API reference](../../endpoints/integrations).
+</Check>
--- a/docs/cli/commands/login.mdx
+++ b/docs/cli/commands/login.mdx
@@ -13,49 +13,3 @@ The CLI uses authentication to verify your identity. When you enter the correct
 To change where the login credentials are stored, visit the [vaults command](./vault).

 If you have added multiple users, you can switch between the users by using the [user command](./user).
-
-
-### Flags
-  <Accordion title="--method">
-    ```bash
-    infisical login --method=<auth-method> # Optional, will default to 'user'.
-    ```
-
-    #### Valid values for the `method` flag are:
-    - `user`: Login using email and password.
-    - `universal-auth`: Login using a universal auth client ID and client secret.
-
-    <Info>
-      When `method` is set to `universal-auth`, the `client-id` and `client-secret` flags are required. Optionally you can set the `INFISICAL_UNIVERSAL_AUTH_CLIENT_ID` and `INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET` environment variables instead of using the flags.
-
-      When you authenticate with universal auth, an access token will be printed to the console upon successful login. This token can be used to authenticate with the Infisical API and the CLI by passing it in the `--token` flag when applicable.
-    </Info>
-
-  </Accordion>
-  <Accordion title="--client-id">
-    ```bash
-    infisical login --client-id=<client-id> # Optional, required if --method=universal-auth.
-    ```
-
-    #### Description
-    The client ID of the universal auth client. This is required if the `--method` flag is set to `universal-auth`.
-
-    <Tip>
-      The `client-id` flag can be substituted with the `INFISICAL_UNIVERSAL_AUTH_CLIENT_ID` environment variable.
-    </Tip>
-  </Accordion>
-  <Accordion title="--client-secret">
-    ```bash
-    infisical login --client-secret=<client-secret> # Optional, required if --method=universal-auth.
-    ```
-    #### Description
-    The client secret of the universal auth client. This is required if the `--method` flag is set to `universal-auth`.
-
-    <Tip>
-      The `client-secret` flag can be substituted with the `INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET` environment variable.
-    </Tip>
-    
-  </Accordion>
-
-
-  
--- a/docs/cli/commands/token.mdx
+++ b/docs/cli/commands/token.mdx
@@ -1,21 +0,0 @@
---
-title: "infisical token"
-description: "Manage your Infisical identity access tokens"
---
-
-```bash 
-infisical service-token renew <ua-access-token>
-```
-
-## Description
-The Infisical `token` command allows you to manage your universal auth access tokens. 
-With this command, you can renew your access tokens. In the future more subcommands will be added to better help you manage your tokens through the CLI.
-
-<Accordion title="token renew <access-token>" defaultOpen="true">
-  Use this command to renew your access token. This command will renew your access token and output a renewed access token to the console.
-
-  ```bash
-  $ infisical token renew <ua-access-token>
-  ```
-
-</Accordion>
--- a/docs/documentation/platform/token.mdx
+++ b/docs/documentation/platform/token.mdx
@@ -44,7 +44,7 @@ In the above screenshot, you can see that we are creating a token token with `re
 of the `/common` path within the development environment of the project; the token expires in 6 months and can be used from any IP address.

 <Note>
-For a deeper understanding of service tokens, it is recommended to read [this guide](http://localhost:3000/internals/service-tokens). 
+For a deeper understanding of service tokens, it is recommended to read [this guide](https://infisical.com/docs/internals/service-tokens). 
 </Note>

 **FAQ**
--- a/docs/mint.json
+++ b/docs/mint.json
@@ -225,7 +225,6 @@
            "cli/commands/run",
            "cli/commands/secrets",
            "cli/commands/export",
-            "cli/commands/token",
            "cli/commands/service-token",
            "cli/commands/vault",
            "cli/commands/user",
@@ -389,8 +388,7 @@
          "group": "Examples",
          "pages": [
            "api-reference/overview/examples/note",
-            "api-reference/overview/examples/e2ee-disabled",
-            "api-reference/overview/examples/e2ee-enabled"
+            "api-reference/overview/examples/integration"
          ]
        }
      ]
--- a/docs/self-hosting/configuration/envars.mdx
+++ b/docs/self-hosting/configuration/envars.mdx
@@ -335,6 +335,10 @@ To login into Infisical with OAuth providers such as Google, configure the assoc
  Requires enterprise license. Please contact team@infisical.com to get more information.
 </Accordion>

+<ParamField query="NEXT_PUBLIC_SAML_ORG_SLUG" type="string">
+  Configure SAML organization slug to automatically redirect all users of your Infisical instance to the identity provider.
+</ParamField>
+



--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -52,6 +52,9 @@ ENV NEXT_PUBLIC_POSTHOG_API_KEY=$POSTHOG_API_KEY \
 ARG INTERCOM_ID
 ENV NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID \
    BAKED_NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID
+ARG SAML_ORG_SLUG
+ENV NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG \
+    BAKED_NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG
 ARG NEXT_INFISICAL_PLATFORM_VERSION
 ENV NEXT_PUBLIC_INFISICAL_PLATFORM_VERSION=$NEXT_INFISICAL_PLATFORM_VERSION 

--- a/frontend/scripts/initialize-standalone-build.sh
+++ b/frontend/scripts/initialize-standalone-build.sh
@@ -4,6 +4,8 @@ scripts/replace-standalone-build-variable.sh "$BAKED_NEXT_PUBLIC_POSTHOG_API_KEY

 scripts/replace-standalone-build-variable.sh "$BAKED_NEXT_PUBLIC_INTERCOM_ID" "$NEXT_PUBLIC_INTERCOM_ID"

+scripts/replace-standalone-build-variable.sh "$BAKED_NEXT_PUBLIC_SAML_ORG_SLUG" "$NEXT_PUBLIC_SAML_ORG_SLUG"
+
 if [ "$TELEMETRY_ENABLED" != "false" ]; then
    echo "Telemetry is enabled"
    scripts/set-standalone-build-telemetry.sh true
--- a/frontend/scripts/start.sh
+++ b/frontend/scripts/start.sh
@@ -4,6 +4,8 @@ scripts/replace-variable.sh "$BAKED_NEXT_PUBLIC_POSTHOG_API_KEY" "$NEXT_PUBLIC_P

 scripts/replace-variable.sh "$BAKED_NEXT_PUBLIC_INTERCOM_ID" "$NEXT_PUBLIC_INTERCOM_ID"

+scripts/replace-variable.sh "$BAKED_NEXT_SAML_ORG_SLUG" "$NEXT_PUBLIC_SAML_ORG_SLUG"
+
 if [ "$TELEMETRY_ENABLED" != "false" ]; then
    echo "Telemetry is enabled"
    scripts/set-telemetry.sh true
--- a/frontend/src/pages/org/[id]/overview/index.tsx
+++ b/frontend/src/pages/org/[id]/overview/index.tsx
@@ -483,10 +483,10 @@ const OrganizationPage = withPermission(
    
    const addUsersToProject = useAddUserToWsNonE2EE();

-    const { data: updateClosed } = useGetUserAction("april_2024_db_update_closed");
+    const { data: updateClosed } = useGetUserAction("april_13_2024_db_update_closed");
    const registerUserAction = useRegisterUserAction();
    const closeUpdate = async () => {
-      await registerUserAction.mutateAsync("april_2024_db_update_closed");
+      await registerUserAction.mutateAsync("april_13_2024_db_update_closed");
    };

    const { popUp, handlePopUpOpen, handlePopUpClose, handlePopUpToggle } = usePopUp([
@@ -594,6 +594,7 @@ const OrganizationPage = withPermission(
          </div>
        )}
        <div className="mb-4 flex flex-col items-start justify-start px-6 py-6 pb-0 text-3xl">
+        {window.location.origin.includes("https://app.infisical.com") || window.location.origin.includes("http://localhost:8080") && (
        <div
            className={`${
              !updateClosed ? "block" : "hidden"
@@ -601,11 +602,11 @@ const OrganizationPage = withPermission(
          >
            <FontAwesomeIcon icon={faWarning} className="p-6 text-4xl text-primary" />
            <div className="text-sm">
-              <span className="text-lg font-semibold">Scheduled maintenance on April 6th 2024 </span>{" "}
+              <span className="text-lg font-semibold">Scheduled maintenance on April 13th 2024 </span>{" "}
              <br />
-              Infisical will undergo scheduled maintenance for approximately 1 hour on Saturday, April 6th, 11am EST. During these hours, read
+              Infisical will undergo scheduled maintenance for approximately 1 hour on Saturday, April 13th, 11am EST. During these hours, read
              operations will continue to function normally but no resources will be editable. 
-              No action is required on your end — your applications can continue to fetch secrets.
+              No action is required on your end — your applications will continue to fetch secrets.
              <br />
            </div>
            <button
@@ -616,7 +617,8 @@ const OrganizationPage = withPermission(
            >
              <FontAwesomeIcon icon={faXmark} />
            </button>
-          </div>
+          </div>)}
+          
          <p className="mr-4 font-semibold text-white">Projects</p>
          <div className="mt-6 flex w-full flex-row">
            <Input
--- a/frontend/src/views/Login/components/InitialStep/InitialStep.tsx
+++ b/frontend/src/views/Login/components/InitialStep/InitialStep.tsx
@@ -1,4 +1,4 @@
-import { FormEvent, useState } from "react";
+import { FormEvent, useEffect, useState } from "react";
 import { useTranslation } from "react-i18next";
 import Link from "next/link";
 import { useRouter } from "next/router";
@@ -32,6 +32,18 @@ export const InitialStep = ({ setStep, email, setEmail, password, setPassword }:
  const { config } = useServerConfig();
  const queryParams = new URLSearchParams(window.location.search);

+  useEffect(() => {
+    if (process.env.NEXT_PUBLIC_SAML_ORG_SLUG && process.env.NEXT_PUBLIC_SAML_ORG_SLUG !== "saml-org-slug-default") {
+      const callbackPort = queryParams.get("callback_port");
+      window.open(
+        `/api/v1/sso/redirect/saml2/organizations/${process.env.NEXT_PUBLIC_SAML_ORG_SLUG}${
+          callbackPort ? `?callback_port=${callbackPort}` : ""
+        }`
+      );
+      window.close();
+    }
+  }, [])
+
  const handleLogin = async (e: FormEvent<HTMLFormElement>) => {
    e.preventDefault();
    try {
@@ -244,7 +256,7 @@ export const InitialStep = ({ setStep, email, setEmail, password, setPassword }:
          </Link>
        </div>
      ) : (
-        <div />
+        <div className="mt-4" />
      )}
      <div className="mt-2 flex flex-row text-sm text-bunker-400">
        <Link href="/verify-email">
--- a/frontend/src/views/Org/MembersPage/MembersPage.tsx
+++ b/frontend/src/views/Org/MembersPage/MembersPage.tsx
@@ -23,9 +23,6 @@ export const MembersPage = withPermission(
              <Tab value={TabSections.Identities}>
                <div className="flex items-center">
                  <p>Machine Identities</p>
-                  <div className="ml-2 inline-block cursor-default rounded-md bg-yellow/20 px-1.5 pb-[0.03rem] pt-[0.04rem] text-sm text-yellow opacity-80 hover:opacity-100">
-                    New
-                  </div>
                </div>
              </Tab>
              <Tab value={TabSections.Roles}>Organization Roles</Tab>
--- a/frontend/src/views/SecretMainPage/SecretMainPage.tsx
+++ b/frontend/src/views/SecretMainPage/SecretMainPage.tsx
@@ -313,6 +313,7 @@ export const SecretMainPage = () => {
                  workspaceId={workspaceId}
                  secretPath={secretPath}
                  sortDir={sortDir}
+                  searchTerm={filter.searchFilter}
                />
                {canReadSecret && (
                  <DynamicSecretListView
--- a/frontend/src/views/SecretMainPage/components/FolderListView/FolderListView.tsx
+++ b/frontend/src/views/SecretMainPage/components/FolderListView/FolderListView.tsx
@@ -20,12 +20,14 @@ type Props = {
  workspaceId: string;
  secretPath?: string;
  sortDir: SortDir;
+  searchTerm?: string;
 };

 export const FolderListView = ({
  folders = [],
  environment,
  workspaceId,
+  searchTerm,
  secretPath = "/",
  sortDir = SortDir.ASC
 }: Props) => {
@@ -35,8 +37,6 @@ export const FolderListView = ({
  ] as const);
  const router = useRouter();

-  
-
  const { mutateAsync: updateFolder } = useUpdateFolder();
  const { mutateAsync: deleteFolder } = useDeleteFolder();

@@ -100,6 +100,7 @@ export const FolderListView = ({
  return (
    <>
      {folders
+        .filter(({ name }) => name.toUpperCase().includes(String(searchTerm?.toUpperCase())))
        .sort((a, b) =>
          sortDir === SortDir.ASC
            ? a.name.toLowerCase().localeCompare(b.name.toLowerCase())
--- a/k8-operator/README.md
+++ b/k8-operator/README.md
@@ -72,6 +72,12 @@ If you are editing the API definitions, generate the manifests such as CRs or CR
 make manifests
 ```

+Also, after editing the API definitions, update the kubectl-install folder:
+
+```sh
+make kubectl-install
+```
+
 **NOTE:** Run `make --help` for more information on all potential `make` targets

 More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html)
--- a/k8-operator/kubectl-install/install-secrets-operator.yaml
+++ b/k8-operator/kubectl-install/install-secrets-operator.yaml
@@ -96,12 +96,47 @@ spec:
                    - secretsScope
                    - serviceTokenSecretReference
                    type: object
+                  universalAuth:
+                    properties:
+                      credentialsRef:
+                        properties:
+                          secretName:
+                            description: The name of the Kubernetes Secret
+                            type: string
+                          secretNamespace:
+                            description: The name space where the Kubernetes Secret is located
+                            type: string
+                        required:
+                        - secretName
+                        - secretNamespace
+                        type: object
+                      secretsScope:
+                        properties:
+                          envSlug:
+                            type: string
+                          projectSlug:
+                            type: string
+                          secretsPath:
+                            type: string
+                        required:
+                        - envSlug
+                        - projectSlug
+                        - secretsPath
+                        type: object
+                    required:
+                    - credentialsRef
+                    - secretsScope
+                    type: object
                type: object
              hostAPI:
                description: Infisical host to pull secrets from
                type: string
              managedSecretReference:
                properties:
+                  creationPolicy:
+                    default: Orphan
+                    description: 'The Kubernetes Secret creation policy. Enum with values: ''Owner'', ''Orphan''. Owner creates the secret and sets .metadata.ownerReferences of the InfisicalSecret CRD that created it. Orphan will not set the secret owner. This will result in the secret being orphaned and not deleted when the resource is deleted.'
+                    type: string
                  secretName:
                    description: The name of the Kubernetes Secret
                    type: string
Author	SHA1	Message	Date
Maidul Islam	e143a31e79	Merge pull request #1670 from JunedKhan101/main docs:fixed broken link	2024-04-08 17:45:51 -07:00
Maidul Islam	f6cc20b08b	remove link from docs	2024-04-08 12:00:11 -07:00
Maidul Islam	90e125454e	remove docs for e2ee	2024-04-08 11:58:48 -07:00
Maidul Islam	fbdf3dc9ce	Merge pull request #1647 from akhilmhdh/doc/integration-api-guide docs: added guide to setup integration with api	2024-04-08 11:56:19 -07:00
Maidul Islam	f333c905d9	revise generic integration docs	2024-04-08 11:55:38 -07:00
Maidul Islam	71e60df39a	Merge pull request #1659 from agilesyndrome/fix_universalAuth_operatorinstall fix: Run make kubectl-install	2024-04-08 10:18:00 -07:00
Maidul Islam	8b4d050d05	updated original value in replace script	2024-04-08 10:15:09 -07:00
Maidul Islam	3b4bb591a3	set default for NEXT_PUBLIC_SAML_ORG_SLUG	2024-04-08 09:25:37 -07:00
Maidul Islam	54f1a4416b	add default value	2024-04-08 09:06:42 -07:00
Maidul Islam	47e3f1b510	Merge pull request #1661 from Infisical/saml-auto-redirect add automatic SAML redirect	2024-04-08 08:22:04 -07:00
Juned Khan	5810b76027	docs:fixed broken link	2024-04-08 16:55:11 +05:30
Daniel Hougaard	246e6c64d1	Merge pull request #1668 from JunedKhan101/main removed extra whitespace from error message	2024-04-07 16:05:31 -07:00
Juned Khan	4e836c5dca	removed extra whitespace from error message	2024-04-07 17:41:39 +05:30
Maidul Islam	63a289c3be	add saml org clug to standalone	2024-04-06 11:58:50 -07:00
Maidul Islam	0a52bbd55d	add render once to use effect	2024-04-06 11:40:13 -07:00
Maidul Islam	593bdf74b8	patch notice	2024-04-06 10:57:08 -07:00
Maidul Islam	1f3742e619	update april_2024_db_update_closed	2024-04-06 10:39:21 -07:00
Maidul Islam	d6e5ac2133	maintenance postponed	2024-04-06 10:01:13 -07:00
Vladyslav Matsiiako	fea48518a3	removed new tag from identities	2024-04-05 19:01:54 -07:00
Vladyslav Matsiiako	94d509eb01	fixed search bar with folders	2024-04-05 18:37:12 -07:00
Vladyslav Matsiiako	055fd34c33	added baked env var	2024-04-05 17:25:25 -07:00
Vladyslav Matsiiako	74fefa9879	add automatic SAML redirect	2024-04-05 14:39:31 -07:00
Vladyslav Matsiiako	ff2c8d017f	add automatic SAML redirect	2024-04-05 14:29:50 -07:00
Drew Easley	f6d7ec52c2	fix: Run make kubectl-install	2024-04-05 08:10:38 -04:00
Akhil Mohan	40bb9668fe	docs: added guide to setup integration with api	2024-04-03 01:12:30 +05:30