update april_2024_db_update_closed

cli/packages/api/model.go

@@ -528,7 +528,6 @@ type GetRawSecretsV3Request struct {
 	WorkspaceId   string `json:"workspaceId"`
 	SecretPath    string `json:"secretPath"`
 	IncludeImport bool   `json:"include_imports"`
-	Recursive     bool   `json:"recursive"`
 }
 
 type GetRawSecretsV3Response struct {

cli/packages/cmd/agent.go

@@ -479,7 +479,7 @@ func (tm *AgentManager) GetToken() string {
 
 // Fetches a new access token using client credentials
 func (tm *AgentManager) FetchNewAccessToken() error {
-	clientID := os.Getenv(util.INFISICAL_UNIVERSAL_AUTH_CLIENT_ID_NAME)
+	clientID := os.Getenv("INFISICAL_UNIVERSAL_AUTH_CLIENT_ID")
 	if clientID == "" {
 		clientIDAsByte, err := ReadFile(tm.clientIdPath)
 		if err != nil {
@@ -509,7 +509,7 @@ func (tm *AgentManager) FetchNewAccessToken() error {
 	// save as cache in memory
 	tm.cachedClientSecret = clientSecret
 
-	loginResponse, err := util.UniversalAuthLogin(clientID, clientSecret)
+	err, loginResponse := universalAuthLogin(clientID, clientSecret)
 	if err != nil {
 		return err
 	}
@@ -725,6 +725,20 @@ func (tm *AgentManager) MonitorSecretChanges(secretTemplate Template, templateId
 	}
 }
 
+func universalAuthLogin(clientId string, clientSecret string) (error, api.UniversalAuthLoginResponse) {
+	httpClient := resty.New()
+	httpClient.SetRetryCount(10000).
+		SetRetryMaxWaitTime(20 * time.Second).
+		SetRetryWaitTime(5 * time.Second)
+
+	tokenResponse, err := api.CallUniversalAuthLogin(httpClient, api.UniversalAuthLoginRequest{ClientId: clientId, ClientSecret: clientSecret})
+	if err != nil {
+		return err, api.UniversalAuthLoginResponse{}
+	}
+
+	return nil, tokenResponse
+}
+
 // runCmd represents the run command
 var agentCmd = &cobra.Command{
 	Example: `

cli/packages/cmd/export.go

@@ -44,11 +44,6 @@ var exportCmd = &cobra.Command{
 			util.HandleError(err)
 		}
 
-		includeImports, err := cmd.Flags().GetBool("include-imports")
-		if err != nil {
-			util.HandleError(err)
-		}
-
 		projectId, err := cmd.Flags().GetString("projectId")
 		if err != nil {
 			util.HandleError(err)
@@ -64,7 +59,8 @@ var exportCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}
 
-		token, err := util.GetInfisicalToken(cmd)
+		infisicalToken, err := util.GetInfisicalServiceToken(cmd)
+
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}
@@ -79,21 +75,7 @@ var exportCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}
 
-		request := models.GetAllSecretsParameters{
-			Environment:   environmentName,
-			TagSlugs:      tagSlugs,
-			WorkspaceId:   projectId,
-			SecretsPath:   secretsPath,
-			IncludeImport: includeImports,
-		}
-
-		if token != nil && token.Type == "service-token" {
-			request.InfisicalToken = token.Token
-		} else if token != nil && token.Type == "universal-auth-token" {
-			request.UniversalAuthAccessToken = token.Token
-		}
-
-		secrets, err := util.GetAllEnvironmentVariables(request, "")
+		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs, WorkspaceId: projectId, SecretsPath: secretsPath}, "")
 		if err != nil {
 			util.HandleError(err, "Unable to fetch secrets")
 		}
@@ -106,16 +88,9 @@ var exportCmd = &cobra.Command{
 
 		var output string
 		if shouldExpandSecrets {
-
-			authParams := models.ExpandSecretsAuthentication{}
-
-			if token != nil && token.Type == "service-token" {
-				authParams.InfisicalToken = token.Token
-			} else if token != nil && token.Type == "universal-auth-token" {
-				authParams.UniversalAuthAccessToken = token.Token
-			}
-
-			secrets = util.ExpandSecrets(secrets, authParams, "")
+			secrets = util.ExpandSecrets(secrets, models.ExpandSecretsAuthentication{
+				InfisicalToken: infisicalToken,
+			}, "")
 		}
 		secrets = util.FilterSecretsByTag(secrets, tagSlugs)
 		output, err = formatEnvs(secrets, format)
@@ -135,7 +110,6 @@ func init() {
 	exportCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	exportCmd.Flags().StringP("format", "f", "dotenv", "Set the format of the output file (dotenv, json, csv)")
 	exportCmd.Flags().Bool("secret-overriding", true, "Prioritizes personal secrets, if any, with the same name over shared secrets")
-	exportCmd.Flags().Bool("include-imports", true, "Imported linked secrets")
 	exportCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
 	exportCmd.Flags().StringP("tags", "t", "", "filter secrets by tag slugs")
 	exportCmd.Flags().String("projectId", "", "manually set the projectId to fetch secrets from")

cli/packages/cmd/folder.go

@@ -36,33 +36,18 @@ var getCmd = &cobra.Command{
 			}
 		}
 
-		projectId, err := cmd.Flags().GetString("projectId")
+		infisicalToken, err := util.GetInfisicalServiceToken(cmd)
+
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}
 
-		token, err := util.GetInfisicalToken(cmd)
-		if err != nil {
-			util.HandleError(err, "Unable to parse flag")
-		}
 		foldersPath, err := cmd.Flags().GetString("path")
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}
 
-		request := models.GetAllFoldersParameters{
-			Environment: environmentName,
-			WorkspaceId: projectId,
-			FoldersPath: foldersPath,
-		}
-
-		if token != nil && token.Type == "service-token" {
-			request.InfisicalToken = token.Token
-		} else if token != nil && token.Type == "universal-auth-token" {
-			request.UniversalAuthAccessToken = token.Token
-		}
-
-		folders, err := util.GetAllFolders(request)
+		folders, err := util.GetAllFolders(models.GetAllFoldersParameters{Environment: environmentName, InfisicalToken: infisicalToken, FoldersPath: foldersPath})
 		if err != nil {
 			util.HandleError(err, "Unable to get folders")
 		}

cli/packages/cmd/login.go

@@ -55,19 +55,6 @@ var loginCmd = &cobra.Command{
 	Short:                 "Login into your Infisical account",
 	DisableFlagsInUseLine: true,
 	Run: func(cmd *cobra.Command, args []string) {
-
-		loginMethod, err := cmd.Flags().GetString("method")
-
-		if err != nil {
-			util.HandleError(err)
-		}
-
-		if loginMethod != "user" && loginMethod != "universal-auth" {
-			util.PrintErrorMessageAndExit("Invalid login method. Please use either 'user' or 'universal-auth'")
-		}
-
-		if loginMethod == "user" {
-
 		currentLoggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
 		// if the key can't be found or there is an error getting current credentials from key ring, allow them to override
 		if err != nil && (strings.Contains(err.Error(), "we couldn't find your logged in details")) {
@@ -157,46 +144,6 @@ var loginCmd = &cobra.Command{
 		fmt.Println("- Learn to inject secrets into your application at https://infisical.com/docs/cli/usage")
 		fmt.Println("- Stuck? Join our slack for quick support https://infisical.com/slack")
 		Telemetry.CaptureEvent("cli-command:login", posthog.NewProperties().Set("infisical-backend", config.INFISICAL_URL).Set("version", util.CLI_VERSION))
-		} else if loginMethod == "universal-auth" {
-
-			clientId, err := cmd.Flags().GetString("client-id")
-			if err != nil {
-				util.HandleError(err)
-			}
-
-			clientSecret, err := cmd.Flags().GetString("client-secret")
-			if err != nil {
-				util.HandleError(err)
-			}
-
-			if clientId == "" {
-				clientId = os.Getenv(util.INFISICAL_UNIVERSAL_AUTH_CLIENT_ID_NAME)
-				if clientId == "" {
-					util.PrintErrorMessageAndExit("Please provide client-id")
-				}
-			}
-			if clientSecret == "" {
-				clientSecret = os.Getenv(util.INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET_NAME)
-				if clientSecret == "" {
-					util.PrintErrorMessageAndExit("Please provide client-secret")
-				}
-			}
-
-			res, err := util.UniversalAuthLogin(clientId, clientSecret)
-
-			if err != nil {
-				util.HandleError(err)
-			}
-
-			boldGreen := color.New(color.FgGreen).Add(color.Bold)
-			time.Sleep(time.Second * 1)
-			boldGreen.Printf(">>>> Successfully authenticated with Universal Auth!\n\n")
-			boldGreen.Printf("Universal Auth Access Token:\n%v", res.AccessToken)
-
-			plainBold := color.New(color.Bold)
-			plainBold.Println("\n\nYou can use this access token to authenticate through other commands in the CLI.")
-
-		}
 	},
 }
 
@@ -366,9 +313,6 @@ func cliDefaultLogin(userCredentialsToBeStored *models.UserCredentials) {
 func init() {
 	rootCmd.AddCommand(loginCmd)
 	loginCmd.Flags().BoolP("interactive", "i", false, "login via the command line")
-	loginCmd.Flags().String("method", "user", "login method [user, universal-auth]")
-	loginCmd.Flags().String("client-id", "", "client id for universal auth")
-	loginCmd.Flags().String("client-secret", "", "client secret for universal auth")
 }
 
 func DomainOverridePrompt() (bool, error) {

cli/packages/cmd/run.go

@@ -62,7 +62,8 @@ var runCmd = &cobra.Command{
 			}
 		}
 
-		token, err := util.GetInfisicalToken(cmd)
+		infisicalToken, err := util.GetInfisicalServiceToken(cmd)
+
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}
@@ -72,11 +73,6 @@ var runCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}
 
-		projectId, err := cmd.Flags().GetString("projectId")
-		if err != nil {
-			util.HandleError(err, "Unable to parse flag")
-		}
-
 		secretOverriding, err := cmd.Flags().GetBool("secret-overriding")
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
@@ -107,22 +103,7 @@ var runCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}
 
-		request := models.GetAllSecretsParameters{
-			Environment:   environmentName,
-			WorkspaceId:   projectId,
-			TagSlugs:      tagSlugs,
-			SecretsPath:   secretsPath,
-			IncludeImport: includeImports,
-			Recursive:     recursive,
-		}
-
-		if token != nil && token.Type == "service-token" {
-			request.InfisicalToken = token.Token
-		} else if token != nil && token.Type == "universal-auth-token" {
-			request.UniversalAuthAccessToken = token.Token
-		}
-
-		secrets, err := util.GetAllEnvironmentVariables(request, projectConfigDir)
+		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs, SecretsPath: secretsPath, IncludeImport: includeImports, Recursive: recursive}, projectConfigDir)
 
 		if err != nil {
 			util.HandleError(err, "Could not fetch secrets", "If you are using a service token to fetch secrets, please ensure it is valid")
@@ -135,16 +116,9 @@ var runCmd = &cobra.Command{
 		}
 
 		if shouldExpandSecrets {
-
-			authParams := models.ExpandSecretsAuthentication{}
-
-			if token != nil && token.Type == "service-token" {
-				authParams.InfisicalToken = token.Token
-			} else if token != nil && token.Type == "universal-auth-token" {
-				authParams.UniversalAuthAccessToken = token.Token
-			}
-
-			secrets = util.ExpandSecrets(secrets, authParams, projectConfigDir)
+			secrets = util.ExpandSecrets(secrets, models.ExpandSecretsAuthentication{
+				InfisicalToken: infisicalToken,
+			}, projectConfigDir)
 		}
 
 		secretsByKey := getSecretsByKeys(secrets)
@@ -175,15 +149,7 @@ var runCmd = &cobra.Command{
 
 		log.Debug().Msgf("injecting the following environment variables into shell: %v", env)
 
-		Telemetry.CaptureEvent("cli-command:run",
-			posthog.NewProperties().
-				Set("secretsCount", len(secrets)).
-				Set("environment", environmentName).
-				Set("isUsingServiceToken", token.Type == "service-token").
-				Set("isUsingUniversalAuthToken", token.Type == "universal-auth-token").
-				Set("single-command", strings.Join(args, " ")).
-				Set("multi-command", cmd.Flag("command").Value.String()).
-				Set("version", util.CLI_VERSION))
+		Telemetry.CaptureEvent("cli-command:run", posthog.NewProperties().Set("secretsCount", len(secrets)).Set("environment", environmentName).Set("isUsingServiceToken", infisicalToken != "").Set("single-command", strings.Join(args, " ")).Set("multi-command", cmd.Flag("command").Value.String()).Set("version", util.CLI_VERSION))
 
 		if cmd.Flags().Changed("command") {
 			command := cmd.Flag("command").Value.String()
@@ -238,7 +204,6 @@ func filterReservedEnvVars(env map[string]models.SingleEnvironmentVariable) {
 func init() {
 	rootCmd.AddCommand(runCmd)
 	runCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
-	runCmd.Flags().String("projectId", "", "manually set the projectId to fetch folders from for machine identity")
 	runCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
 	runCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	runCmd.Flags().Bool("include-imports", true, "Import linked secrets ")

cli/packages/cmd/secrets.go

@@ -38,12 +38,12 @@ var secretsCmd = &cobra.Command{
 			}
 		}
 
-		token, err := util.GetInfisicalToken(cmd)
+		infisicalToken, err := util.GetInfisicalServiceToken(cmd)
+
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}
 
-		projectId, err := cmd.Flags().GetString("projectId")
 		if err != nil {
 			util.HandleError(err, "Unable to parse flag")
 		}
@@ -78,22 +78,7 @@ var secretsCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag")
 		}
 
-		request := models.GetAllSecretsParameters{
-			Environment:   environmentName,
-			WorkspaceId:   projectId,
-			TagSlugs:      tagSlugs,
-			SecretsPath:   secretsPath,
-			IncludeImport: includeImports,
-			Recursive:     recursive,
-		}
-
-		if token != nil && token.Type == "service-token" {
-			request.InfisicalToken = token.Token
-		} else if token != nil && token.Type == "universal-auth-token" {
-			request.UniversalAuthAccessToken = token.Token
-		}
-
-		secrets, err := util.GetAllEnvironmentVariables(request, "")
+		secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs, SecretsPath: secretsPath, IncludeImport: includeImports, Recursive: recursive}, "")
 		if err != nil {
 			util.HandleError(err)
 		}
@@ -105,15 +90,9 @@ var secretsCmd = &cobra.Command{
 		}
 
 		if shouldExpandSecrets {
-
-			authParams := models.ExpandSecretsAuthentication{}
-			if token != nil && token.Type == "service-token" {
-				authParams.InfisicalToken = token.Token
-			} else if token != nil && token.Type == "universal-auth-token" {
-				authParams.UniversalAuthAccessToken = token.Token
-			}
-
-			secrets = util.ExpandSecrets(secrets, authParams, "")
+			secrets = util.ExpandSecrets(secrets, models.ExpandSecretsAuthentication{
+				InfisicalToken: infisicalToken,
+			}, "")
 		}
 
 		visualize.PrintAllSecretDetails(secrets)
@@ -423,12 +402,8 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
 		}
 	}
 
-	token, err := util.GetInfisicalToken(cmd)
-	if err != nil {
-		util.HandleError(err, "Unable to parse flag")
-	}
+	infisicalToken, err := util.GetInfisicalServiceToken(cmd)
 
-	shouldExpand, err := cmd.Flags().GetBool("expand")
 	if err != nil {
 		util.HandleError(err, "Unable to parse flag")
 	}
@@ -438,11 +413,6 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
 		util.HandleError(err, "Unable to parse flag")
 	}
 
-	projectId, err := cmd.Flags().GetString("projectId")
-	if err != nil {
-		util.HandleError(err, "Unable to parse flag")
-	}
-
 	secretsPath, err := cmd.Flags().GetString("path")
 	if err != nil {
 		util.HandleError(err, "Unable to parse path flag")
@@ -458,22 +428,7 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
 		util.HandleError(err, "Unable to parse path flag")
 	}
 
-	request := models.GetAllSecretsParameters{
-		Environment:   environmentName,
-		WorkspaceId:   projectId,
-		TagSlugs:      tagSlugs,
-		SecretsPath:   secretsPath,
-		IncludeImport: true,
-		Recursive:     recursive,
-	}
-
-	if token != nil && token.Type == "service-token" {
-		request.InfisicalToken = token.Token
-	} else if token != nil && token.Type == "universal-auth-token" {
-		request.UniversalAuthAccessToken = token.Token
-	}
-
-	secrets, err := util.GetAllEnvironmentVariables(request, "")
+	secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs, SecretsPath: secretsPath, IncludeImport: true, Recursive: recursive}, "")
 	if err != nil {
 		util.HandleError(err, "To fetch all secrets")
 	}
@@ -494,18 +449,6 @@ func getSecretsByNames(cmd *cobra.Command, args []string) {
 		}
 	}
 
-	if shouldExpand {
-
-		authParams := models.ExpandSecretsAuthentication{}
-		if token != nil && token.Type == "service-token" {
-			authParams.InfisicalToken = token.Token
-		} else if token != nil && token.Type == "universal-auth-token" {
-			authParams.UniversalAuthAccessToken = token.Token
-		}
-
-		requestedSecrets = util.ExpandSecrets(requestedSecrets, authParams, "")
-	}
-
 	if showOnlyValue && len(requestedSecrets) > 1 {
 		util.PrintErrorMessageAndExit("--raw-value only works with one secret.")
 	}
@@ -532,12 +475,8 @@ func generateExampleEnv(cmd *cobra.Command, args []string) {
 		util.HandleError(err, "Unable to parse flag")
 	}
 
-	token, err := util.GetInfisicalToken(cmd)
-	if err != nil {
-		util.HandleError(err, "Unable to parse flag")
-	}
+	infisicalToken, err := util.GetInfisicalServiceToken(cmd)
 
-	projectId, err := cmd.Flags().GetString("projectId")
 	if err != nil {
 		util.HandleError(err, "Unable to parse flag")
 	}
@@ -547,21 +486,7 @@ func generateExampleEnv(cmd *cobra.Command, args []string) {
 		util.HandleError(err, "Unable to parse flag")
 	}
 
-	request := models.GetAllSecretsParameters{
-		Environment:   environmentName,
-		WorkspaceId:   projectId,
-		TagSlugs:      tagSlugs,
-		SecretsPath:   secretsPath,
-		IncludeImport: true,
-	}
-
-	if token != nil && token.Type == "service-token" {
-		request.InfisicalToken = token.Token
-	} else if token != nil && token.Type == "universal-auth-token" {
-		request.UniversalAuthAccessToken = token.Token
-	}
-
-	secrets, err := util.GetAllEnvironmentVariables(request, "")
+	secrets, err := util.GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: environmentName, InfisicalToken: infisicalToken, TagSlugs: tagSlugs, SecretsPath: secretsPath, IncludeImport: true}, "")
 	if err != nil {
 		util.HandleError(err, "To fetch all secrets")
 	}
@@ -761,23 +686,19 @@ func getSecretsByKeys(secrets []models.SingleEnvironmentVariable) map[string]mod
 
 func init() {
 	secretsGenerateExampleEnvCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
-	secretsGenerateExampleEnvCmd.Flags().String("projectId", "", "manually set the projectId to fetch folders from for machine identity")
 	secretsGenerateExampleEnvCmd.Flags().String("path", "/", "Fetch secrets from within a folder path")
 	secretsCmd.AddCommand(secretsGenerateExampleEnvCmd)
 
 	secretsGetCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
-	secretsGetCmd.Flags().String("projectId", "", "manually set the projectId to fetch folders from for machine identity")
+	secretsCmd.AddCommand(secretsGetCmd)
 	secretsGetCmd.Flags().String("path", "/", "get secrets within a folder path")
-	secretsGetCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	secretsGetCmd.Flags().Bool("raw-value", false, "Returns only the value of secret, only works with one secret")
 	secretsGetCmd.Flags().Bool("recursive", false, "Fetch secrets from all sub-folders")
-	secretsCmd.AddCommand(secretsGetCmd)
 
 	secretsCmd.Flags().Bool("secret-overriding", true, "Prioritizes personal secrets, if any, with the same name over shared secrets")
 	secretsCmd.AddCommand(secretsSetCmd)
 	secretsSetCmd.Flags().String("path", "/", "set secrets within a folder path")
 
-	// Only supports logged in users (JWT auth)
 	secretsSetCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
 		util.RequireLogin()
 		util.RequireLocalWorkspaceFile()
@@ -786,8 +707,6 @@ func init() {
 	secretsDeleteCmd.Flags().String("type", "personal", "the type of secret to delete: personal or shared  (default: personal)")
 	secretsDeleteCmd.Flags().String("path", "/", "get secrets within a folder path")
 	secretsCmd.AddCommand(secretsDeleteCmd)
-
-	// Only supports logged in users (JWT auth)
 	secretsDeleteCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
 		util.RequireLogin()
 		util.RequireLocalWorkspaceFile()
@@ -799,7 +718,6 @@ func init() {
 	// Add getCmd, createCmd and deleteCmd flags here
 	getCmd.Flags().StringP("path", "p", "/", "The path from where folders should be fetched from")
 	getCmd.Flags().String("token", "", "Fetch folders using the infisical token")
-	getCmd.Flags().String("projectId", "", "manually set the projectId to fetch folders from for machine identity")
 	folderCmd.AddCommand(getCmd)
 
 	// Add createCmd flags here
@@ -817,7 +735,6 @@ func init() {
 	// ** End of folders sub command
 
 	secretsCmd.Flags().String("token", "", "Fetch secrets using the Infisical Token")
-	secretsCmd.Flags().String("projectId", "", "manually set the projectId to fetch folders from for machine identity")
 	secretsCmd.PersistentFlags().String("env", "dev", "Used to select the environment name on which actions should be taken on")
 	secretsCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	secretsCmd.Flags().Bool("include-imports", true, "Imported linked secrets ")

cli/packages/cmd/token.go

@@ -1,63 +0,0 @@
-/*
-Copyright (c) 2023 Infisical Inc.
-*/
-package cmd
-
-import (
-	"strings"
-	"time"
-
-	"github.com/Infisical/infisical-merge/packages/util"
-	"github.com/fatih/color"
-	"github.com/spf13/cobra"
-)
-
-var tokenCmd = &cobra.Command{
-	Use:                   "token",
-	Short:                 "Manage your access tokens",
-	DisableFlagsInUseLine: true,
-	Example:               "infisical token",
-	Args:                  cobra.ExactArgs(0),
-	PreRun: func(cmd *cobra.Command, args []string) {
-		util.RequireLogin()
-	},
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var tokenRenewCmd = &cobra.Command{
-	Use:                   "renew [token]",
-	Short:                 "Used to renew your universal auth access token",
-	DisableFlagsInUseLine: true,
-	Example:               "infisical token renew <access-token>",
-	Args:                  cobra.ExactArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		// args[0] will be the <INSERT_TOKEN> from your command call
-		token := args[0]
-
-		if strings.HasPrefix(token, "st.") {
-			util.PrintErrorMessageAndExit("You are trying to renew a service token. You can only renew universal auth access tokens.")
-		}
-
-		renewedAccessToken, err := util.RenewUniversalAuthAccessToken(token)
-
-		if err != nil {
-			util.HandleError(err, "Unable to renew token")
-		}
-
-		boldGreen := color.New(color.FgGreen).Add(color.Bold)
-		time.Sleep(time.Second * 1)
-		boldGreen.Printf(">>>> Successfully renewed token!\n\n")
-		boldGreen.Printf("Renewed Access Token:\n%v", renewedAccessToken)
-
-		plainBold := color.New(color.Bold)
-		plainBold.Println("\n\nYou can use the new access token to authenticate through other commands in the CLI.")
-
-	},
-}
-
-func init() {
-	tokenCmd.AddCommand(tokenRenewCmd)
-
-	rootCmd.AddCommand(tokenCmd)
-}

cli/packages/models/cli.go

@@ -59,11 +59,6 @@ type DynamicSecretLease struct {
 	Data map[string]interface{} `json:"data"`
 }
 
-type TokenDetails struct {
-	Type  string
-	Token string
-}
-
 type SingleFolder struct {
 	ID   string `json:"_id"`
 	Name string `json:"name"`
@@ -106,7 +101,6 @@ type GetAllFoldersParameters struct {
 	Environment    string
 	FoldersPath    string
 	InfisicalToken string
-	UniversalAuthAccessToken string
 }
 
 type CreateFolderParameters struct {
@@ -129,8 +123,3 @@ type ExpandSecretsAuthentication struct {
 	InfisicalToken           string
 	UniversalAuthAccessToken string
 }
-
-type MachineIdentityCredentials struct {
-	ClientId     string
-	ClientSecret string
-}

cli/packages/util/constants.go

@@ -7,9 +7,6 @@ const (
 	INFISICAL_DEFAULT_URL                = "https://app.infisical.com"
 	INFISICAL_WORKSPACE_CONFIG_FILE_NAME = ".infisical.json"
 	INFISICAL_TOKEN_NAME                 = "INFISICAL_TOKEN"
-	INFISICAL_UNIVERSAL_AUTH_CLIENT_ID_NAME     = "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID"
-	INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET_NAME = "INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET"
-	INFISICAL_UNIVERSAL_AUTH_ACCESS_TOKEN_NAME  = "INFISICAL_UNIVERSAL_AUTH_ACCESS_TOKEN"
 	SECRET_TYPE_PERSONAL                 = "personal"
 	SECRET_TYPE_SHARED                   = "shared"
 	KEYRING_SERVICE_NAME                 = "infisical"

cli/packages/util/folders.go

@@ -19,7 +19,7 @@ func GetAllFolders(params models.GetAllFoldersParameters) ([]models.SingleFolder
 
 	var foldersToReturn []models.SingleFolder
 	var folderErr error
-	if params.InfisicalToken == "" && params.UniversalAuthAccessToken == "" {
+	if params.InfisicalToken == "" {
 
 		log.Debug().Msg("GetAllFolders: Trying to fetch folders using logged in details")
 
@@ -44,21 +44,11 @@ func GetAllFolders(params models.GetAllFoldersParameters) ([]models.SingleFolder
 		folders, err := GetFoldersViaJTW(loggedInUserDetails.UserCredentials.JTWToken, workspaceFile.WorkspaceId, params.Environment, params.FoldersPath)
 		folderErr = err
 		foldersToReturn = folders
-	} else if params.InfisicalToken != "" {
+	} else {
 		// get folders via service token
 		folders, err := GetFoldersViaServiceToken(params.InfisicalToken, params.WorkspaceId, params.Environment, params.FoldersPath)
 		folderErr = err
 		foldersToReturn = folders
-	} else if params.UniversalAuthAccessToken != "" {
-
-		if params.WorkspaceId == "" {
-			PrintErrorMessageAndExit("Project ID is required when using machine identity")
-		}
-
-		// get folders via machine identity
-		folders, err := GetFoldersViaMachineIdentity(params.UniversalAuthAccessToken, params.WorkspaceId, params.Environment, params.FoldersPath)
-		folderErr = err
-		foldersToReturn = folders
 	}
 	return foldersToReturn, folderErr
 }
@@ -142,34 +132,6 @@ func GetFoldersViaServiceToken(fullServiceToken string, workspaceId string, envi
 	return folders, nil
 }
 
-func GetFoldersViaMachineIdentity(accessToken string, workspaceId string, envSlug string, foldersPath string) ([]models.SingleFolder, error) {
-	httpClient := resty.New()
-	httpClient.SetAuthToken(accessToken).
-		SetHeader("Accept", "application/json")
-
-	getFoldersRequest := api.GetFoldersV1Request{
-		WorkspaceId: workspaceId,
-		Environment: envSlug,
-		FoldersPath: foldersPath,
-	}
-
-	apiResponse, err := api.CallGetFoldersV1(httpClient, getFoldersRequest)
-	if err != nil {
-		return nil, err
-	}
-
-	var folders []models.SingleFolder
-
-	for _, folder := range apiResponse.Folders {
-		folders = append(folders, models.SingleFolder{
-			Name: folder.Name,
-			ID:   folder.ID,
-		})
-	}
-
-	return folders, nil
-}
-
 // CreateFolder creates a folder in Infisical
 func CreateFolder(params models.CreateFolderParameters) (models.SingleFolder, error) {
 	loggedInUserDetails, err := GetCurrentLoggedInUserDetails()

cli/packages/util/helper.go

@@ -9,11 +9,8 @@ import (
 	"os/exec"
 	"path"
 	"strings"
-	"time"
 
-	"github.com/Infisical/infisical-merge/packages/api"
 	"github.com/Infisical/infisical-merge/packages/models"
-	"github.com/go-resty/resty/v2"
 	"github.com/spf13/cobra"
 )
 
@@ -67,105 +64,18 @@ func IsSecretTypeValid(s string) bool {
 	return false
 }
 
-func GetInfisicalToken(cmd *cobra.Command) (token *models.TokenDetails, err error) {
+func GetInfisicalServiceToken(cmd *cobra.Command) (serviceToken string, err error) {
 	infisicalToken, err := cmd.Flags().GetString("token")
 
-	if err != nil {
-		return nil, err
-	}
-
-	if infisicalToken == "" {
-		// If no flag is passed, we first check for the universal auth access token env variable.
-		infisicalToken = os.Getenv(INFISICAL_UNIVERSAL_AUTH_ACCESS_TOKEN_NAME)
-		// If it's still empty after the first env check, we check for the service token env variable.
 	if infisicalToken == "" {
 		infisicalToken = os.Getenv(INFISICAL_TOKEN_NAME)
 	}
-	}
 
-	// If it's empty, we return nothing at all.
-	if infisicalToken == "" {
-		return nil, nil
-	}
-
-	if strings.HasPrefix(infisicalToken, "st.") {
-		return &models.TokenDetails{
-			Type:  "service-token",
-			Token: infisicalToken,
-		}, nil
-	}
-
-	return &models.TokenDetails{
-		Type:  "universal-auth-token",
-		Token: infisicalToken,
-	}, nil
-
-}
-
-func GetInfisicalUniversalAuthAccessToken(cmd *cobra.Command) (accessToken string, err error) {
-
-	var token string
-
-	universalAuthClientId, err := cmd.Flags().GetString("universal-auth-client-id")
-	if err != nil {
-		return token, err
-	}
-	universalAuthClientSecret, err := cmd.Flags().GetString("universal-auth-client-secret")
-	if err != nil {
-		return token, err
-	}
-
-	if universalAuthClientId == "" {
-		universalAuthClientId = os.Getenv(INFISICAL_UNIVERSAL_AUTH_CLIENT_ID_NAME)
-	}
-
-	if universalAuthClientSecret == "" {
-		universalAuthClientSecret = os.Getenv(INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET_NAME)
-	}
-
-	if universalAuthClientId != "" || universalAuthClientSecret != "" {
-		res, err := UniversalAuthLogin(universalAuthClientId, universalAuthClientSecret)
-
-		if err != nil {
-			return token, err
-		}
-		token = res.AccessToken
-	}
-
-	return token, nil
-}
-
-func UniversalAuthLogin(clientId string, clientSecret string) (api.UniversalAuthLoginResponse, error) {
-	httpClient := resty.New()
-	httpClient.SetRetryCount(10000).
-		SetRetryMaxWaitTime(20 * time.Second).
-		SetRetryWaitTime(5 * time.Second)
-
-	tokenResponse, err := api.CallUniversalAuthLogin(httpClient, api.UniversalAuthLoginRequest{ClientId: clientId, ClientSecret: clientSecret})
-	if err != nil {
-		return api.UniversalAuthLoginResponse{}, err
-	}
-
-	return tokenResponse, nil
-}
-
-func RenewUniversalAuthAccessToken(accessToken string) (string, error) {
-
-	httpClient := resty.New()
-	httpClient.SetRetryCount(10000).
-		SetRetryMaxWaitTime(20 * time.Second).
-		SetRetryWaitTime(5 * time.Second)
-
-	request := api.UniversalAuthRefreshRequest{
-		AccessToken: accessToken,
-	}
-
-	tokenResponse, err := api.CallUniversalAuthRefreshAccessToken(httpClient, request)
 	if err != nil {
 		return "", err
 	}
 
-	return tokenResponse.AccessToken, nil
+	return infisicalToken, nil
 }
 
 // Checks if the passed in email already exists in the users slice

cli/packages/util/secrets.go

@@ -159,7 +159,7 @@ func GetPlainTextSecretsViaMachineIdentity(accessToken string, workspaceId strin
 	httpClient.SetAuthToken(accessToken).
 		SetHeader("Accept", "application/json")
 
-	getSecretsRequest := api.GetRawSecretsV3Request{
+	getSecretsRequest := api.GetEncryptedSecretsV3Request{
 		WorkspaceId:   workspaceId,
 		Environment:   environmentName,
 		IncludeImport: includeImports,
@@ -171,8 +171,7 @@ func GetPlainTextSecretsViaMachineIdentity(accessToken string, workspaceId strin
 		getSecretsRequest.SecretPath = secretsPath
 	}
 
-	rawSecrets, err := api.CallGetRawSecretsV3(httpClient, getSecretsRequest)
-
+	rawSecrets, err := api.CallGetRawSecretsV3(httpClient, api.GetRawSecretsV3Request{WorkspaceId: workspaceId, SecretPath: secretsPath, Environment: environmentName})
 	if err != nil {
 		return models.PlaintextSecretResult{}, err
 	}
@@ -183,7 +182,7 @@ func GetPlainTextSecretsViaMachineIdentity(accessToken string, workspaceId strin
 	}
 
 	for _, secret := range rawSecrets.Secrets {
-		plainTextSecrets = append(plainTextSecrets, models.SingleEnvironmentVariable{Key: secret.SecretKey, Value: secret.SecretValue, Type: secret.Type, WorkspaceId: secret.Workspace})
+		plainTextSecrets = append(plainTextSecrets, models.SingleEnvironmentVariable{Key: secret.SecretKey, Value: secret.SecretValue, WorkspaceId: secret.Workspace})
 	}
 
 	// if includeImports {
@@ -356,11 +355,6 @@ func GetAllEnvironmentVariables(params models.GetAllSecretsParameters, projectCo
 			log.Debug().Msg("Trying to fetch secrets using service token")
 			secretsToReturn, _, errorToReturn = GetPlainTextSecretsViaServiceToken(params.InfisicalToken, params.Environment, params.SecretsPath, params.IncludeImport, params.Recursive)
 		} else if params.UniversalAuthAccessToken != "" {
-
-			if params.WorkspaceId == "" {
-				PrintErrorMessageAndExit("Project ID is required when using machine identity")
-			}
-
 			log.Debug().Msg("Trying to fetch secrets using universal auth")
 			res, err := GetPlainTextSecretsViaMachineIdentity(params.UniversalAuthAccessToken, params.WorkspaceId, params.Environment, params.SecretsPath, params.IncludeImport, params.Recursive)
 

docs/cli/commands/login.mdx

@@ -13,49 +13,3 @@ The CLI uses authentication to verify your identity. When you enter the correct
 To change where the login credentials are stored, visit the [vaults command](./vault).
 
 If you have added multiple users, you can switch between the users by using the [user command](./user).
-
-
-### Flags
-  <Accordion title="--method">
-    ```bash
-    infisical login --method=<auth-method> # Optional, will default to 'user'.
-    ```
-
-    #### Valid values for the `method` flag are:
-    - `user`: Login using email and password.
-    - `universal-auth`: Login using a universal auth client ID and client secret.
-
-    <Info>
-      When `method` is set to `universal-auth`, the `client-id` and `client-secret` flags are required. Optionally you can set the `INFISICAL_UNIVERSAL_AUTH_CLIENT_ID` and `INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET` environment variables instead of using the flags.
-
-      When you authenticate with universal auth, an access token will be printed to the console upon successful login. This token can be used to authenticate with the Infisical API and the CLI by passing it in the `--token` flag when applicable.
-    </Info>
-
-  </Accordion>
-  <Accordion title="--client-id">
-    ```bash
-    infisical login --client-id=<client-id> # Optional, required if --method=universal-auth.
-    ```
-
-    #### Description
-    The client ID of the universal auth client. This is required if the `--method` flag is set to `universal-auth`.
-
-    <Tip>
-      The `client-id` flag can be substituted with the `INFISICAL_UNIVERSAL_AUTH_CLIENT_ID` environment variable.
-    </Tip>
-  </Accordion>
-  <Accordion title="--client-secret">
-    ```bash
-    infisical login --client-secret=<client-secret> # Optional, required if --method=universal-auth.
-    ```
-    #### Description
-    The client secret of the universal auth client. This is required if the `--method` flag is set to `universal-auth`.
-
-    <Tip>
-      The `client-secret` flag can be substituted with the `INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET` environment variable.
-    </Tip>
-    
-  </Accordion>
-
-
-  

docs/cli/commands/token.mdx

@@ -1,21 +0,0 @@
----
-title: "infisical token"
-description: "Manage your Infisical identity access tokens"
----
-
-```bash 
-infisical service-token renew <ua-access-token>
-```
-
-## Description
-The Infisical `token` command allows you to manage your universal auth access tokens. 
-With this command, you can renew your access tokens. In the future more subcommands will be added to better help you manage your tokens through the CLI.
-
-<Accordion title="token renew <access-token>" defaultOpen="true">
-  Use this command to renew your access token. This command will renew your access token and output a renewed access token to the console.
-
-  ```bash
-  $ infisical token renew <ua-access-token>
-  ```
-
-</Accordion>

docs/mint.json

@@ -225,7 +225,6 @@
             "cli/commands/run",
             "cli/commands/secrets",
             "cli/commands/export",
-            "cli/commands/token",
             "cli/commands/service-token",
             "cli/commands/vault",
             "cli/commands/user",

frontend/src/pages/org/[id]/overview/index.tsx

@@ -483,10 +483,10 @@ const OrganizationPage = withPermission(
     
     const addUsersToProject = useAddUserToWsNonE2EE();
 
-    const { data: updateClosed } = useGetUserAction("april_2024_db_update_closed");
+    const { data: updateClosed } = useGetUserAction("april_13_2024_db_update_closed");
     const registerUserAction = useRegisterUserAction();
     const closeUpdate = async () => {
-      await registerUserAction.mutateAsync("april_2024_db_update_closed");
+      await registerUserAction.mutateAsync("april_13_2024_db_update_closed");
     };
 
     const { popUp, handlePopUpOpen, handlePopUpClose, handlePopUpToggle } = usePopUp([
@@ -594,6 +594,8 @@ const OrganizationPage = withPermission(
           </div>
         )}
         <div className="mb-4 flex flex-col items-start justify-start px-6 py-6 pb-0 text-3xl">
+        {
+        window.location.origin.includes("https://app.infisical.com") || window.location.origin.includes("http://localhost:8080") && 
         <div
             className={`${
               !updateClosed ? "block" : "hidden"
@@ -601,11 +603,11 @@ const OrganizationPage = withPermission(
           >
             <FontAwesomeIcon icon={faWarning} className="p-6 text-4xl text-primary" />
             <div className="text-sm">
-              <span className="text-lg font-semibold">Scheduled maintenance on April 6th 2024 </span>{" "}
+              <span className="text-lg font-semibold">Scheduled maintenance on April 13th 2024 </span>{" "}
               <br />
-              Infisical will undergo scheduled maintenance for approximately 1 hour on Saturday, April 6th, 11am EST. During these hours, read
+              Infisical will undergo scheduled maintenance for approximately 1 hour on Saturday, April 13th, 11am EST. During these hours, read
               operations will continue to function normally but no resources will be editable. 
-              No action is required on your end — your applications can continue to fetch secrets.
+              No action is required on your end — your applications will continue to fetch secrets.
               <br />
             </div>
             <button
@@ -617,6 +619,8 @@ const OrganizationPage = withPermission(
               <FontAwesomeIcon icon={faXmark} />
             </button>
           </div>
+        }
+          
           <p className="mr-4 font-semibold text-white">Projects</p>
           <div className="mt-6 flex w-full flex-row">
             <Input

frontend/src/views/Org/MembersPage/MembersPage.tsx

@@ -23,9 +23,6 @@ export const MembersPage = withPermission(
               <Tab value={TabSections.Identities}>
                 <div className="flex items-center">
                   <p>Machine Identities</p>
-                  <div className="ml-2 inline-block cursor-default rounded-md bg-yellow/20 px-1.5 pb-[0.03rem] pt-[0.04rem] text-sm text-yellow opacity-80 hover:opacity-100">
-                    New
-                  </div>
                 </div>
               </Tab>
               <Tab value={TabSections.Roles}>Organization Roles</Tab>

frontend/src/views/SecretMainPage/SecretMainPage.tsx

@@ -313,6 +313,7 @@ export const SecretMainPage = () => {
                   workspaceId={workspaceId}
                   secretPath={secretPath}
                   sortDir={sortDir}
+                  searchTerm={filter.searchFilter}
                 />
                 {canReadSecret && (
                   <DynamicSecretListView

frontend/src/views/SecretMainPage/components/FolderListView/FolderListView.tsx

@@ -20,12 +20,14 @@ type Props = {
   workspaceId: string;
   secretPath?: string;
   sortDir: SortDir;
+  searchTerm?: string;
 };
 
 export const FolderListView = ({
   folders = [],
   environment,
   workspaceId,
+  searchTerm,
   secretPath = "/",
   sortDir = SortDir.ASC
 }: Props) => {
@@ -35,8 +37,6 @@ export const FolderListView = ({
   ] as const);
   const router = useRouter();
 
-  
-
   const { mutateAsync: updateFolder } = useUpdateFolder();
   const { mutateAsync: deleteFolder } = useDeleteFolder();
 
@@ -100,6 +100,7 @@ export const FolderListView = ({
   return (
     <>
       {folders
+        .filter(({ name }) => name.toUpperCase().includes(String(searchTerm?.toUpperCase())))
         .sort((a, b) =>
           sortDir === SortDir.ASC
             ? a.name.toLowerCase().localeCompare(b.name.toLowerCase())