feat(telemetry): increase even redis key exp to 15 mins

.infisicalignore

@@ -45,4 +45,3 @@ cli/detect/config/gitleaks.toml:gcp-api-key:582
 .github/workflows/helm-release-infisical-core.yml:generic-api-key:48
 .github/workflows/helm-release-infisical-core.yml:generic-api-key:47
 backend/src/services/smtp/smtp-service.ts:generic-api-key:79
-frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/CloudflarePagesSyncFields.tsx:cloudflare-api-key:7

backend/e2e-test/mocks/keystore.ts

@@ -8,6 +8,9 @@ import { Lock } from "@app/lib/red-lock";
 export const mockKeyStore = (): TKeyStoreFactory => {
   const store: Record<string, string | number | Buffer> = {};
 
+  const getRegex = (pattern: string) =>
+    new RE2(`^${pattern.replace(/[-[\]/{}()+?.\\^$|]/g, "\\$&").replace(/\*/g, ".*")}$`);
+
   return {
     setItem: async (key, value) => {
       store[key] = value;
@@ -23,7 +26,7 @@ export const mockKeyStore = (): TKeyStoreFactory => {
       return 1;
     },
     deleteItems: async ({ pattern, batchSize = 500, delay = 1500, jitter = 200 }) => {
-      const regex = new RE2(`^${pattern.replace(/[-[\]/{}()+?.\\^$|]/g, "\\$&").replace(/\*/g, ".*")}$`);
+      const regex = getRegex(pattern);
       let totalDeleted = 0;
       const keys = Object.keys(store);
 
@@ -53,6 +56,27 @@ export const mockKeyStore = (): TKeyStoreFactory => {
     incrementBy: async () => {
       return 1;
     },
+    getItems: async (keys) => {
+      const values = keys.map((key) => {
+        const value = store[key];
+        if (typeof value === "string") {
+          return value;
+        }
+        return null;
+      });
+      return values;
+    },
+    getKeysByPattern: async (pattern) => {
+      const regex = getRegex(pattern);
+      const keys = Object.keys(store);
+      return keys.filter((key) => regex.test(key));
+    },
+    deleteItemsByKeyIn: async (keys) => {
+      for (const key of keys) {
+        delete store[key];
+      }
+      return keys.length;
+    },
     acquireLock: () => {
       return Promise.resolve({
         release: () => {}

backend/src/ee/routes/v1/ssh-certificate-router.ts

@@ -80,6 +80,7 @@ export const registerSshCertRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SignSshKey,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           certificateTemplateId: req.body.certificateTemplateId,
           principals: req.body.principals,
@@ -171,6 +172,7 @@ export const registerSshCertRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.IssueSshCreds,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           certificateTemplateId: req.body.certificateTemplateId,
           principals: req.body.principals,

backend/src/ee/routes/v1/ssh-host-router.ts

@@ -358,6 +358,7 @@ export const registerSshHostRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.IssueSshHostUserCert,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           sshHostId: req.params.sshHostId,
           hostname: host.hostname,
@@ -427,6 +428,7 @@ export const registerSshHostRouter = async (server: FastifyZodProvider) => {
 
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.IssueSshHostHostCert,
+        organizationId: req.permission.orgId,
         distinctId: getTelemetryDistinctId(req),
         properties: {
           sshHostId: req.params.sshHostId,

backend/src/keystore/keystore.ts

@@ -11,8 +11,7 @@ export const PgSqlLock = {
   OrgGatewayRootCaInit: (orgId: string) => pgAdvisoryLockHashText(`org-gateway-root-ca:${orgId}`),
   OrgGatewayCertExchange: (orgId: string) => pgAdvisoryLockHashText(`org-gateway-cert-exchange:${orgId}`),
   SecretRotationV2Creation: (folderId: string) => pgAdvisoryLockHashText(`secret-rotation-v2-creation:${folderId}`),
-  CreateProject: (orgId: string) => pgAdvisoryLockHashText(`create-project:${orgId}`),
-  CreateFolder: (envId: string, projectId: string) => pgAdvisoryLockHashText(`create-folder:${envId}-${projectId}`)
+  CreateProject: (orgId: string) => pgAdvisoryLockHashText(`create-project:${orgId}`)
 } as const;
 
 // all the key prefixes used must be set here to avoid conflict
@@ -73,6 +72,7 @@ type TWaitTillReady = {
 export type TKeyStoreFactory = {
   setItem: (key: string, value: string | number | Buffer, prefix?: string) => Promise<"OK">;
   getItem: (key: string, prefix?: string) => Promise<string | null>;
+  getItems: (keys: string[], prefix?: string) => Promise<(string | null)[]>;
   setExpiry: (key: string, expiryInSeconds: number) => Promise<number>;
   setItemWithExpiry: (
     key: string,
@@ -81,6 +81,7 @@ export type TKeyStoreFactory = {
     prefix?: string
   ) => Promise<"OK">;
   deleteItem: (key: string) => Promise<number>;
+  deleteItemsByKeyIn: (keys: string[]) => Promise<number>;
   deleteItems: (arg: TDeleteItems) => Promise<number>;
   incrementBy: (key: string, value: number) => Promise<number>;
   acquireLock(
@@ -89,6 +90,7 @@ export type TKeyStoreFactory = {
     settings?: Partial<Settings>
   ): Promise<{ release: () => Promise<ExecutionResult> }>;
   waitTillReady: ({ key, waitingCb, keyCheckCb, waitIteration, delay, jitter }: TWaitTillReady) => Promise<void>;
+  getKeysByPattern: (pattern: string, limit?: number) => Promise<string[]>;
 };
 
 export const keyStoreFactory = (redisConfigKeys: TRedisConfigKeys): TKeyStoreFactory => {
@@ -100,6 +102,9 @@ export const keyStoreFactory = (redisConfigKeys: TRedisConfigKeys): TKeyStoreFac
 
   const getItem = async (key: string, prefix?: string) => redis.get(prefix ? `${prefix}:${key}` : key);
 
+  const getItems = async (keys: string[], prefix?: string) =>
+    redis.mget(keys.map((key) => (prefix ? `${prefix}:${key}` : key)));
+
   const setItemWithExpiry = async (
     key: string,
     expiryInSeconds: number | string,
@@ -109,6 +114,11 @@ export const keyStoreFactory = (redisConfigKeys: TRedisConfigKeys): TKeyStoreFac
 
   const deleteItem = async (key: string) => redis.del(key);
 
+  const deleteItemsByKeyIn = async (keys: string[]) => {
+    if (keys.length === 0) return 0;
+    return redis.del(keys);
+  };
+
   const deleteItems = async ({ pattern, batchSize = 500, delay = 1500, jitter = 200 }: TDeleteItems) => {
     let cursor = "0";
     let totalDeleted = 0;
@@ -164,6 +174,24 @@ export const keyStoreFactory = (redisConfigKeys: TRedisConfigKeys): TKeyStoreFac
     }
   };
 
+  const getKeysByPattern = async (pattern: string, limit?: number) => {
+    let cursor = "0";
+    const allKeys: string[] = [];
+
+    do {
+      // eslint-disable-next-line no-await-in-loop
+      const [nextCursor, keys] = await redis.scan(cursor, "MATCH", pattern, "COUNT", 1000);
+      cursor = nextCursor;
+      allKeys.push(...keys);
+
+      if (limit && allKeys.length >= limit) {
+        return allKeys.slice(0, limit);
+      }
+    } while (cursor !== "0");
+
+    return allKeys;
+  };
+
   return {
     setItem,
     getItem,
@@ -175,6 +203,9 @@ export const keyStoreFactory = (redisConfigKeys: TRedisConfigKeys): TKeyStoreFac
     acquireLock(resources: string[], duration: number, settings?: Partial<Settings>) {
       return redisLock.acquire(resources, duration, settings);
     },
-    waitTillReady
+    waitTillReady,
+    getKeysByPattern,
+    deleteItemsByKeyIn,
+    getItems
   };
 };

backend/src/keystore/memory.ts

@@ -8,6 +8,8 @@ import { TKeyStoreFactory } from "./keystore";
 
 export const inMemoryKeyStore = (): TKeyStoreFactory => {
   const store: Record<string, string | number | Buffer> = {};
+  const getRegex = (pattern: string) =>
+    new RE2(`^${pattern.replace(/[-[\]/{}()+?.\\^$|]/g, "\\$&").replace(/\*/g, ".*")}$`);
 
   return {
     setItem: async (key, value) => {
@@ -24,7 +26,7 @@ export const inMemoryKeyStore = (): TKeyStoreFactory => {
       return 1;
     },
     deleteItems: async ({ pattern, batchSize = 500, delay = 1500, jitter = 200 }) => {
-      const regex = new RE2(`^${pattern.replace(/[-[\]/{}()+?.\\^$|]/g, "\\$&").replace(/\*/g, ".*")}$`);
+      const regex = getRegex(pattern);
       let totalDeleted = 0;
       const keys = Object.keys(store);
 
@@ -59,6 +61,27 @@ export const inMemoryKeyStore = (): TKeyStoreFactory => {
         release: () => {}
       }) as Promise<Lock>;
     },
-    waitTillReady: async () => {}
+    waitTillReady: async () => {},
+    getKeysByPattern: async (pattern) => {
+      const regex = getRegex(pattern);
+      const keys = Object.keys(store);
+      return keys.filter((key) => regex.test(key));
+    },
+    deleteItemsByKeyIn: async (keys) => {
+      for (const key of keys) {
+        delete store[key];
+      }
+      return keys.length;
+    },
+    getItems: async (keys) => {
+      const values = keys.map((key) => {
+        const value = store[key];
+        if (typeof value === "string") {
+          return value;
+        }
+        return null;
+      });
+      return values;
+    }
   };
 };

backend/src/lib/api-docs/constants.ts

@@ -2401,10 +2401,6 @@ export const SecretSyncs = {
     },
     FLYIO: {
       appId: "The ID of the Fly.io app to sync secrets to."
-    },
-    CLOUDFLARE_PAGES: {
-      projectName: "The name of the Cloudflare Pages project to sync secrets to.",
-      environment: "The environment of the Cloudflare Pages project to sync secrets to."
     }
   }
 };

backend/src/queue/queue-service.ts

@@ -62,7 +62,8 @@ export enum QueueName {
   SecretRotationV2 = "secret-rotation-v2",
   FolderTreeCheckpoint = "folder-tree-checkpoint",
   InvalidateCache = "invalidate-cache",
-  SecretScanningV2 = "secret-scanning-v2"
+  SecretScanningV2 = "secret-scanning-v2",
+  TelemetryAggregatedEvents = "telemetry-aggregated-events"
 }
 
 export enum QueueJobs {
@@ -101,7 +102,8 @@ export enum QueueJobs {
   SecretScanningV2DiffScan = "secret-scanning-v2-diff-scan",
   SecretScanningV2SendNotification = "secret-scanning-v2-notification",
   CaOrderCertificateForSubscriber = "ca-order-certificate-for-subscriber",
-  PkiSubscriberDailyAutoRenewal = "pki-subscriber-daily-auto-renewal"
+  PkiSubscriberDailyAutoRenewal = "pki-subscriber-daily-auto-renewal",
+  TelemetryAggregatedEvents = "telemetry-aggregated-events"
 }
 
 export type TQueueJobTypes = {
@@ -292,6 +294,10 @@ export type TQueueJobTypes = {
     name: QueueJobs.PkiSubscriberDailyAutoRenewal;
     payload: undefined;
   };
+  [QueueName.TelemetryAggregatedEvents]: {
+    name: QueueJobs.TelemetryAggregatedEvents;
+    payload: undefined;
+  };
 };
 
 const SECRET_SCANNING_JOBS = [

backend/src/server/routes/index.ts

@@ -686,7 +686,8 @@ export const registerRoutes = async (
   const telemetryQueue = telemetryQueueServiceFactory({
     keyStore,
     telemetryDAL,
-    queueService
+    queueService,
+    telemetryService
   });
 
   const invalidateCacheQueue = invalidateCacheQueueFactory({

backend/src/server/routes/v1/admin-router.ts

@@ -722,6 +722,7 @@ export const registerAdminRouter = async (server: FastifyZodProvider) => {
 
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.InvalidateCache,
+        organizationId: req.permission.orgId,
         distinctId: getTelemetryDistinctId(req),
         properties: {
           ...req.auditLogInfo

backend/src/server/routes/v1/app-connection-routers/app-connection-router.ts

@@ -80,10 +80,6 @@ import {
   WindmillConnectionListItemSchema
 } from "@app/services/app-connection/windmill";
 import { AuthMode } from "@app/services/auth/auth-type";
-import {
-  CloudflareConnectionListItemSchema,
-  SanitizedCloudflareConnectionSchema
-} from "@app/services/app-connection/cloudflare/cloudflare-connection-schema";
 
 // can't use discriminated due to multiple schemas for certain apps
 const SanitizedAppConnectionSchema = z.union([
@@ -113,8 +109,7 @@ const SanitizedAppConnectionSchema = z.union([
   ...SanitizedOnePassConnectionSchema.options,
   ...SanitizedHerokuConnectionSchema.options,
   ...SanitizedRenderConnectionSchema.options,
-  ...SanitizedFlyioConnectionSchema.options,
-  ...SanitizedCloudflareConnectionSchema.options
+  ...SanitizedFlyioConnectionSchema.options
 ]);
 
 const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
@@ -144,8 +139,7 @@ const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
   OnePassConnectionListItemSchema,
   HerokuConnectionListItemSchema,
   RenderConnectionListItemSchema,
-  FlyioConnectionListItemSchema,
-  CloudflareConnectionListItemSchema
+  FlyioConnectionListItemSchema
 ]);
 
 export const registerAppConnectionRouter = async (server: FastifyZodProvider) => {

backend/src/server/routes/v1/app-connection-routers/cloudflare-connection-router.ts

@@ -1,53 +0,0 @@
-import z from "zod";
-
-import { readLimit } from "@app/server/config/rateLimiter";
-import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-import {
-  CreateCloudflareConnectionSchema,
-  SanitizedCloudflareConnectionSchema,
-  UpdateCloudflareConnectionSchema
-} from "@app/services/app-connection/cloudflare/cloudflare-connection-schema";
-import { AuthMode } from "@app/services/auth/auth-type";
-
-import { registerAppConnectionEndpoints } from "./app-connection-endpoints";
-
-export const registerCloudflareConnectionRouter = async (server: FastifyZodProvider) => {
-  registerAppConnectionEndpoints({
-    app: AppConnection.Cloudflare,
-    server,
-    sanitizedResponseSchema: SanitizedCloudflareConnectionSchema,
-    createSchema: CreateCloudflareConnectionSchema,
-    updateSchema: UpdateCloudflareConnectionSchema
-  });
-
-  // The below endpoints are not exposed and for Infisical App use
-  server.route({
-    method: "GET",
-    url: `/:connectionId/cloudflare-pages-projects`,
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      params: z.object({
-        connectionId: z.string().uuid()
-      }),
-      response: {
-        200: z
-          .object({
-            id: z.string(),
-            name: z.string()
-          })
-          .array()
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const { connectionId } = req.params;
-
-      const projects = await server.services.appConnection.cloudflare.listPagesProjects(connectionId, req.permission);
-
-      return projects;
-    }
-  });
-};

backend/src/server/routes/v1/app-connection-routers/index.ts

@@ -27,7 +27,6 @@ import { registerTeamCityConnectionRouter } from "./teamcity-connection-router";
 import { registerTerraformCloudConnectionRouter } from "./terraform-cloud-router";
 import { registerVercelConnectionRouter } from "./vercel-connection-router";
 import { registerWindmillConnectionRouter } from "./windmill-connection-router";
-import { registerCloudflareConnectionRouter } from "./cloudflare-connection-router";
 
 export * from "./app-connection-router";
 
@@ -59,6 +58,5 @@ export const APP_CONNECTION_REGISTER_ROUTER_MAP: Record<AppConnection, (server:
     [AppConnection.OnePass]: registerOnePassConnectionRouter,
     [AppConnection.Heroku]: registerHerokuConnectionRouter,
     [AppConnection.Render]: registerRenderConnectionRouter,
-    [AppConnection.Flyio]: registerFlyioConnectionRouter,
-    [AppConnection.Cloudflare]: registerCloudflareConnectionRouter
+    [AppConnection.Flyio]: registerFlyioConnectionRouter
   };

backend/src/server/routes/v1/certificate-authority-router.ts

@@ -692,6 +692,7 @@ export const registerCaRouter = async (server: FastifyZodProvider) => {
 
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.IssueCert,
+        organizationId: req.permission.orgId,
         distinctId: getTelemetryDistinctId(req),
         properties: {
           caId: ca.id,
@@ -786,6 +787,7 @@ export const registerCaRouter = async (server: FastifyZodProvider) => {
 
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SignCert,
+        organizationId: req.permission.orgId,
         distinctId: getTelemetryDistinctId(req),
         properties: {
           caId: ca.id,

backend/src/server/routes/v1/certificate-router.ts

@@ -266,6 +266,7 @@ export const registerCertRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.IssueCert,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           caId: req.body.caId,
           certificateTemplateId: req.body.certificateTemplateId,
@@ -442,6 +443,7 @@ export const registerCertRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SignCert,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           caId: req.body.caId,
           certificateTemplateId: req.body.certificateTemplateId,

backend/src/server/routes/v1/dashboard-router.ts

@@ -475,6 +475,7 @@ export const registerDashboardRouter = async (server: FastifyZodProvider) => {
               await server.services.telemetry.sendPostHogEvents({
                 event: PostHogEventTypes.SecretPulled,
                 distinctId: getTelemetryDistinctId(req),
+                organizationId: req.permission.orgId,
                 properties: {
                   numberOfSecrets: secretCountFromEnv,
                   workspaceId: projectId,
@@ -979,6 +980,7 @@ export const registerDashboardRouter = async (server: FastifyZodProvider) => {
           await server.services.telemetry.sendPostHogEvents({
             event: PostHogEventTypes.SecretPulled,
             distinctId: getTelemetryDistinctId(req),
+            organizationId: req.permission.orgId,
             properties: {
               numberOfSecrets: secretCount,
               workspaceId: projectId,
@@ -1144,6 +1146,7 @@ export const registerDashboardRouter = async (server: FastifyZodProvider) => {
             await server.services.telemetry.sendPostHogEvents({
               event: PostHogEventTypes.SecretPulled,
               distinctId: getTelemetryDistinctId(req),
+              organizationId: req.permission.orgId,
               properties: {
                 numberOfSecrets: secretCountForEnv,
                 workspaceId: projectId,
@@ -1336,6 +1339,7 @@ export const registerDashboardRouter = async (server: FastifyZodProvider) => {
         await server.services.telemetry.sendPostHogEvents({
           event: PostHogEventTypes.SecretPulled,
           distinctId: getTelemetryDistinctId(req),
+          organizationId: req.permission.orgId,
           properties: {
             numberOfSecrets: secrets.length,
             workspaceId: projectId,

backend/src/server/routes/v1/identity-router.ts

@@ -85,6 +85,7 @@ export const registerIdentityRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.MachineIdentityCreated,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           orgId: req.body.organizationId,
           name: identity.name,

backend/src/server/routes/v1/integration-router.ts

@@ -103,6 +103,7 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
 
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.IntegrationCreated,
+        organizationId: req.permission.orgId,
         distinctId: getTelemetryDistinctId(req),
         properties: {
           ...createIntegrationEventProperty,

backend/src/server/routes/v1/invite-org-router.ts

@@ -64,6 +64,7 @@ export const registerInviteOrgRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.UserOrgInvitation,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           inviteeEmails: req.body.inviteeEmails,
           organizationRoleSlug: req.body.organizationRoleSlug,

backend/src/server/routes/v1/pki-subscriber-router.ts

@@ -331,6 +331,7 @@ export const registerPkiSubscriberRouter = async (server: FastifyZodProvider) =>
 
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.IssueCert,
+        organizationId: req.permission.orgId,
         distinctId: getTelemetryDistinctId(req),
         properties: {
           subscriberId: subscriber.id,
@@ -399,6 +400,7 @@ export const registerPkiSubscriberRouter = async (server: FastifyZodProvider) =>
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.IssueCert,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           subscriberId: subscriber.id,
           commonName: subscriber.commonName,
@@ -471,6 +473,7 @@ export const registerPkiSubscriberRouter = async (server: FastifyZodProvider) =>
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SignCert,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           subscriberId: subscriber.id,
           commonName: subscriber.commonName,

backend/src/server/routes/v1/secret-requests-router.ts

@@ -165,6 +165,7 @@ export const registerSecretRequestsRouter = async (server: FastifyZodProvider) =
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretRequestDeleted,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           secretRequestId: req.params.id,
           organizationId: req.permission.orgId,
@@ -256,6 +257,7 @@ export const registerSecretRequestsRouter = async (server: FastifyZodProvider) =
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretRequestCreated,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           secretRequestId: shareRequest.id,
           organizationId: req.permission.orgId,

backend/src/server/routes/v1/secret-sync-routers/cloudflare-pages-sync-router.ts

@@ -1,16 +0,0 @@
-import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
-import { registerSyncSecretsEndpoints } from "./secret-sync-endpoints";
-import {
-  CloudflarePagesSyncSchema,
-  CreateCloudflarePagesSyncSchema,
-  UpdateCloudflarePagesSyncSchema
-} from "@app/services/secret-sync/cloudflare-pages/cloudflare-pages-schema";
-
-export const registerCloudflarePagesSyncRouter = async (server: FastifyZodProvider) =>
-  registerSyncSecretsEndpoints({
-    destination: SecretSync.CloudflarePages,
-    server,
-    responseSchema: CloudflarePagesSyncSchema,
-    createSchema: CreateCloudflarePagesSyncSchema,
-    updateSchema: UpdateCloudflarePagesSyncSchema
-  });

backend/src/server/routes/v1/secret-sync-routers/index.ts

@@ -8,7 +8,6 @@ import { registerAzureAppConfigurationSyncRouter } from "./azure-app-configurati
 import { registerAzureDevOpsSyncRouter } from "./azure-devops-sync-router";
 import { registerAzureKeyVaultSyncRouter } from "./azure-key-vault-sync-router";
 import { registerCamundaSyncRouter } from "./camunda-sync-router";
-import { registerCloudflarePagesSyncRouter } from "./cloudflare-pages-sync-router";
 import { registerDatabricksSyncRouter } from "./databricks-sync-router";
 import { registerFlyioSyncRouter } from "./flyio-sync-router";
 import { registerGcpSyncRouter } from "./gcp-sync-router";
@@ -44,6 +43,5 @@ export const SECRET_SYNC_REGISTER_ROUTER_MAP: Record<SecretSync, (server: Fastif
   [SecretSync.OnePass]: registerOnePassSyncRouter,
   [SecretSync.Heroku]: registerHerokuSyncRouter,
   [SecretSync.Render]: registerRenderSyncRouter,
-  [SecretSync.Flyio]: registerFlyioSyncRouter,
-  [SecretSync.CloudflarePages]: registerCloudflarePagesSyncRouter
+  [SecretSync.Flyio]: registerFlyioSyncRouter
 };

backend/src/server/routes/v1/secret-sync-routers/secret-sync-router.ts

@@ -34,10 +34,6 @@ import { TeamCitySyncListItemSchema, TeamCitySyncSchema } from "@app/services/se
 import { TerraformCloudSyncListItemSchema, TerraformCloudSyncSchema } from "@app/services/secret-sync/terraform-cloud";
 import { VercelSyncListItemSchema, VercelSyncSchema } from "@app/services/secret-sync/vercel";
 import { WindmillSyncListItemSchema, WindmillSyncSchema } from "@app/services/secret-sync/windmill";
-import {
-  CloudflarePagesSyncListItemSchema,
-  CloudflarePagesSyncSchema
-} from "@app/services/secret-sync/cloudflare-pages/cloudflare-pages-schema";
 
 const SecretSyncSchema = z.discriminatedUnion("destination", [
   AwsParameterStoreSyncSchema,
@@ -59,8 +55,7 @@ const SecretSyncSchema = z.discriminatedUnion("destination", [
   OnePassSyncSchema,
   HerokuSyncSchema,
   RenderSyncSchema,
-  FlyioSyncSchema,
-  CloudflarePagesSyncSchema
+  FlyioSyncSchema
 ]);
 
 const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
@@ -83,8 +78,7 @@ const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
   OnePassSyncListItemSchema,
   HerokuSyncListItemSchema,
   RenderSyncListItemSchema,
-  FlyioSyncListItemSchema,
-  CloudflarePagesSyncListItemSchema
+  FlyioSyncListItemSchema
 ]);
 
 export const registerSecretSyncRouter = async (server: FastifyZodProvider) => {

backend/src/server/routes/v2/project-router.ts

@@ -198,6 +198,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.ProjectCreated,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           orgId: project.orgId,
           name: project.name,

backend/src/server/routes/v3/secret-router.ts

@@ -4,7 +4,7 @@ import { z } from "zod";
 import { SecretApprovalRequestsSchema, SecretsSchema, SecretType, ServiceTokenScopes } from "@app/db/schemas";
 import { EventType, UserAgentType } from "@app/ee/services/audit-log/audit-log-types";
 import { ApiDocsTags, RAW_SECRETS, SECRETS } from "@app/lib/api-docs";
-import { BadRequestError } from "@app/lib/errors";
+import { BadRequestError, NotFoundError } from "@app/lib/errors";
 import { removeTrailingSlash } from "@app/lib/fn";
 import { secretsLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { BaseSecretNameSchema, SecretNameSchema } from "@app/server/lib/schemas";
@@ -12,6 +12,7 @@ import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { getUserAgentType } from "@app/server/plugins/audit-log";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { ActorType, AuthMode } from "@app/services/auth/auth-type";
+import { ProjectFilterType } from "@app/services/project/project-types";
 import { ResourceMetadataSchema } from "@app/services/resource-metadata/resource-metadata-schema";
 import { SecretOperations, SecretProtectionType } from "@app/services/secret/secret-types";
 import { SecretUpdateMode } from "@app/services/secret-v2-bridge/secret-v2-bridge-types";
@@ -285,17 +286,22 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
           environment = scope[0].environment;
           workspaceId = req.auth.serviceToken.projectId;
         }
-      } else {
-        const projectId = await server.services.project.extractProjectIdFromSlug({
-          projectSlug: req.query.workspaceSlug,
-          projectId: workspaceId,
+      } else if (req.permission.type === ActorType.IDENTITY && req.query.workspaceSlug && !workspaceId) {
+        const workspace = await server.services.project.getAProject({
+          filter: {
+            type: ProjectFilterType.SLUG,
+            orgId: req.permission.orgId,
+            slug: req.query.workspaceSlug
+          },
           actorId: req.permission.id,
           actorAuthMethod: req.permission.authMethod,
           actor: req.permission.type,
           actorOrgId: req.permission.orgId
         });
 
-        workspaceId = projectId;
+        if (!workspace) throw new NotFoundError({ message: `No project found with slug ${req.query.workspaceSlug}` });
+
+        workspaceId = workspace.id;
       }
 
       if (!workspaceId || !environment) throw new BadRequestError({ message: "Missing workspace id or environment" });
@@ -333,6 +339,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         await server.services.telemetry.sendPostHogEvents({
           event: PostHogEventTypes.SecretPulled,
           distinctId: getTelemetryDistinctId(req),
+          organizationId: req.permission.orgId,
           properties: {
             numberOfSecrets: secrets.length,
             workspaceId,
@@ -436,23 +443,11 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
           environment = scope[0].environment;
           workspaceId = req.auth.serviceToken.projectId;
         }
-      } else {
-        const projectId = await server.services.project.extractProjectIdFromSlug({
-          projectSlug: workspaceSlug,
-          projectId: workspaceId,
-          actorId: req.permission.id,
-          actorAuthMethod: req.permission.authMethod,
-          actor: req.permission.type,
-          actorOrgId: req.permission.orgId
-        });
-
-        workspaceId = projectId;
       }
 
       if (!environment) throw new BadRequestError({ message: "Missing environment" });
-      if (!workspaceId) {
+      if (!workspaceId && !workspaceSlug)
         throw new BadRequestError({ message: "You must provide workspaceSlug or workspaceId" });
-      }
 
       const secret = await server.services.secret.getSecretByNameRaw({
         actorId: req.permission.id,
@@ -463,6 +458,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         environment,
         projectId: workspaceId,
         viewSecretValue: req.query.viewSecretValue,
+        projectSlug: workspaceSlug,
         path: secretPath,
         secretName: req.params.secretName,
         type: req.query.type,
@@ -489,6 +485,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       if (getUserAgentType(req.headers["user-agent"]) !== UserAgentType.K8_OPERATOR) {
         await server.services.telemetry.sendPostHogEvents({
           event: PostHogEventTypes.SecretPulled,
+          organizationId: req.permission.orgId,
           distinctId: getTelemetryDistinctId(req),
           properties: {
             numberOfSecrets: 1,
@@ -523,8 +520,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         secretName: SecretNameSchema.describe(RAW_SECRETS.CREATE.secretName)
       }),
       body: z.object({
-        workspaceId: z.string().trim().optional().describe(RAW_SECRETS.CREATE.workspaceId),
-        projectSlug: z.string().trim().optional().describe(RAW_SECRETS.CREATE.projectSlug),
+        workspaceId: z.string().trim().describe(RAW_SECRETS.CREATE.workspaceId),
         environment: z.string().trim().describe(RAW_SECRETS.CREATE.environment),
         secretPath: z
           .string()
@@ -564,22 +560,13 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     },
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.API_KEY, AuthMode.SERVICE_TOKEN, AuthMode.IDENTITY_ACCESS_TOKEN]),
     handler: async (req) => {
-      const projectId = await server.services.project.extractProjectIdFromSlug({
-        projectSlug: req.body.projectSlug,
-        projectId: req.body.workspaceId,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId
-      });
-
       const secretOperation = await server.services.secret.createSecretRaw({
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
         environment: req.body.environment,
         actorAuthMethod: req.permission.authMethod,
-        projectId,
+        projectId: req.body.workspaceId,
         secretPath: req.body.secretPath,
         secretName: req.params.secretName,
         type: req.body.type,
@@ -597,7 +584,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
 
       const { secret } = secretOperation;
       await server.services.auditLog.createAuditLog({
-        projectId,
+        projectId: req.body.workspaceId,
         ...req.auditLogInfo,
         event: {
           type: EventType.CREATE_SECRET,
@@ -615,9 +602,10 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretCreated,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: 1,
-          workspaceId: projectId,
+          workspaceId: req.body.workspaceId,
           environment: req.body.environment,
           secretPath: req.body.secretPath,
           channel: getUserAgentType(req.headers["user-agent"]),
@@ -648,8 +636,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         secretName: BaseSecretNameSchema.describe(RAW_SECRETS.UPDATE.secretName)
       }),
       body: z.object({
-        workspaceId: z.string().trim().optional().describe(RAW_SECRETS.UPDATE.workspaceId),
-        projectSlug: z.string().trim().optional().describe(RAW_SECRETS.UPDATE.projectSlug),
+        workspaceId: z.string().trim().describe(RAW_SECRETS.UPDATE.workspaceId),
         environment: z.string().trim().describe(RAW_SECRETS.UPDATE.environment),
         secretValue: z
           .string()
@@ -695,22 +682,13 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     },
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.API_KEY, AuthMode.SERVICE_TOKEN, AuthMode.IDENTITY_ACCESS_TOKEN]),
     handler: async (req) => {
-      const projectId = await server.services.project.extractProjectIdFromSlug({
-        projectSlug: req.body.projectSlug,
-        projectId: req.body.workspaceId,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId
-      });
-
       const secretOperation = await server.services.secret.updateSecretRaw({
         actorId: req.permission.id,
         actor: req.permission.type,
         actorOrgId: req.permission.orgId,
         actorAuthMethod: req.permission.authMethod,
         environment: req.body.environment,
-        projectId,
+        projectId: req.body.workspaceId,
         secretPath: req.body.secretPath,
         secretName: req.params.secretName,
         type: req.body.type,
@@ -732,7 +710,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const { secret } = secretOperation;
 
       await server.services.auditLog.createAuditLog({
-        projectId,
+        projectId: req.body.workspaceId,
         ...req.auditLogInfo,
         event: {
           type: EventType.UPDATE_SECRET,
@@ -750,9 +728,10 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretUpdated,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: 1,
-          workspaceId: projectId,
+          workspaceId: req.body.workspaceId,
           environment: req.body.environment,
           secretPath: req.body.secretPath,
           channel: getUserAgentType(req.headers["user-agent"]),
@@ -782,8 +761,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         secretName: z.string().min(1).describe(RAW_SECRETS.DELETE.secretName)
       }),
       body: z.object({
-        workspaceId: z.string().trim().optional().describe(RAW_SECRETS.DELETE.workspaceId),
-        projectSlug: z.string().trim().optional().describe(RAW_SECRETS.DELETE.projectSlug),
+        workspaceId: z.string().trim().describe(RAW_SECRETS.DELETE.workspaceId),
         environment: z.string().trim().describe(RAW_SECRETS.DELETE.environment),
         secretPath: z
           .string()
@@ -806,22 +784,13 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     },
     onRequest: verifyAuth([AuthMode.JWT, AuthMode.API_KEY, AuthMode.SERVICE_TOKEN, AuthMode.IDENTITY_ACCESS_TOKEN]),
     handler: async (req) => {
-      const projectId = await server.services.project.extractProjectIdFromSlug({
-        projectSlug: req.body.projectSlug,
-        projectId: req.body.workspaceId,
-        actorId: req.permission.id,
-        actorAuthMethod: req.permission.authMethod,
-        actor: req.permission.type,
-        actorOrgId: req.permission.orgId
-      });
-
       const secretOperation = await server.services.secret.deleteSecretRaw({
         actorId: req.permission.id,
         actor: req.permission.type,
         actorAuthMethod: req.permission.authMethod,
         actorOrgId: req.permission.orgId,
         environment: req.body.environment,
-        projectId,
+        projectId: req.body.workspaceId,
         secretPath: req.body.secretPath,
         secretName: req.params.secretName,
         type: req.body.type
@@ -833,7 +802,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       const { secret } = secretOperation;
 
       await server.services.auditLog.createAuditLog({
-        projectId,
+        projectId: req.body.workspaceId,
         ...req.auditLogInfo,
         event: {
           type: EventType.DELETE_SECRET,
@@ -850,9 +819,10 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretDeleted,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: 1,
-          workspaceId: projectId,
+          workspaceId: req.body.workspaceId,
           environment: req.body.environment,
           secretPath: req.body.secretPath,
           channel: getUserAgentType(req.headers["user-agent"]),
@@ -957,6 +927,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         await server.services.telemetry.sendPostHogEvents({
           event: PostHogEventTypes.SecretPulled,
           distinctId: getTelemetryDistinctId(req),
+          organizationId: req.permission.orgId,
           properties: {
             numberOfSecrets: secrets.length,
             workspaceId: req.query.workspaceId,
@@ -1036,6 +1007,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         await server.services.telemetry.sendPostHogEvents({
           event: PostHogEventTypes.SecretPulled,
           distinctId: getTelemetryDistinctId(req),
+          organizationId: req.permission.orgId,
           properties: {
             numberOfSecrets: 1,
             workspaceId: req.query.workspaceId,
@@ -1207,6 +1179,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretCreated,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: 1,
           workspaceId: req.body.workspaceId,
@@ -1396,6 +1369,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretUpdated,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: 1,
           workspaceId: req.body.workspaceId,
@@ -1519,6 +1493,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretDeleted,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: 1,
           workspaceId: req.body.workspaceId,
@@ -1702,6 +1677,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretCreated,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: secrets.length,
           workspaceId: req.body.workspaceId,
@@ -1828,6 +1804,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretUpdated,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: secrets.length,
           workspaceId: req.body.workspaceId,
@@ -1946,6 +1923,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretDeleted,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: secrets.length,
           workspaceId: req.body.workspaceId,
@@ -2054,6 +2032,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretCreated,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: secrets.length,
           workspaceId: secrets[0].workspace,
@@ -2209,6 +2188,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretUpdated,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: secrets.length,
           workspaceId: secrets[0].workspace,
@@ -2307,6 +2287,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       await server.services.telemetry.sendPostHogEvents({
         event: PostHogEventTypes.SecretDeleted,
         distinctId: getTelemetryDistinctId(req),
+        organizationId: req.permission.orgId,
         properties: {
           numberOfSecrets: secrets.length,
           workspaceId: secrets[0].workspace,

backend/src/services/app-connection/app-connection-enums.ts

@@ -25,8 +25,7 @@ export enum AppConnection {
   OnePass = "1password",
   Heroku = "heroku",
   Render = "render",
-  Flyio = "flyio",
-  Cloudflare = "cloudflare"
+  Flyio = "flyio"
 }
 
 export enum AWSRegion {

backend/src/services/app-connection/app-connection-fns.ts

@@ -99,11 +99,6 @@ import {
   validateWindmillConnectionCredentials,
   WindmillConnectionMethod
 } from "./windmill";
-import {
-  getCloudflareConnectionListItem,
-  validateCloudflareConnectionCredentials
-} from "./cloudflare/cloudflare-connection-fns";
-import { CloudflareConnectionMethod } from "./cloudflare/cloudflare-connection-enum";
 
 export const listAppConnectionOptions = () => {
   return [
@@ -133,8 +128,7 @@ export const listAppConnectionOptions = () => {
     getOnePassConnectionListItem(),
     getHerokuConnectionListItem(),
     getRenderConnectionListItem(),
-    getFlyioConnectionListItem(),
-    getCloudflareConnectionListItem()
+    getFlyioConnectionListItem()
   ].sort((a, b) => a.name.localeCompare(b.name));
 };
 
@@ -212,8 +206,7 @@ export const validateAppConnectionCredentials = async (
     [AppConnection.OnePass]: validateOnePassConnectionCredentials as TAppConnectionCredentialsValidator,
     [AppConnection.Heroku]: validateHerokuConnectionCredentials as TAppConnectionCredentialsValidator,
     [AppConnection.Render]: validateRenderConnectionCredentials as TAppConnectionCredentialsValidator,
-    [AppConnection.Flyio]: validateFlyioConnectionCredentials as TAppConnectionCredentialsValidator,
-    [AppConnection.Cloudflare]: validateCloudflareConnectionCredentials as TAppConnectionCredentialsValidator
+    [AppConnection.Flyio]: validateFlyioConnectionCredentials as TAppConnectionCredentialsValidator
   };
 
   return VALIDATE_APP_CONNECTION_CREDENTIALS_MAP[appConnection.app](appConnection);
@@ -248,7 +241,6 @@ export const getAppConnectionMethodName = (method: TAppConnection["method"]) =>
     case TerraformCloudConnectionMethod.ApiToken:
     case VercelConnectionMethod.ApiToken:
     case OnePassConnectionMethod.ApiToken:
-    case CloudflareConnectionMethod.APIToken:
       return "API Token";
     case PostgresConnectionMethod.UsernameAndPassword:
     case MsSqlConnectionMethod.UsernameAndPassword:
@@ -326,8 +318,7 @@ export const TRANSITION_CONNECTION_CREDENTIALS_TO_PLATFORM: Record<
   [AppConnection.OnePass]: platformManagedCredentialsNotSupported,
   [AppConnection.Heroku]: platformManagedCredentialsNotSupported,
   [AppConnection.Render]: platformManagedCredentialsNotSupported,
-  [AppConnection.Flyio]: platformManagedCredentialsNotSupported,
-  [AppConnection.Cloudflare]: platformManagedCredentialsNotSupported
+  [AppConnection.Flyio]: platformManagedCredentialsNotSupported
 };
 
 export const enterpriseAppCheck = async (

backend/src/services/app-connection/app-connection-maps.ts

@@ -27,8 +27,7 @@ export const APP_CONNECTION_NAME_MAP: Record<AppConnection, string> = {
   [AppConnection.OnePass]: "1Password",
   [AppConnection.Heroku]: "Heroku",
   [AppConnection.Render]: "Render",
-  [AppConnection.Flyio]: "Fly.io",
-  [AppConnection.Cloudflare]: "Cloudflare"
+  [AppConnection.Flyio]: "Fly.io"
 };
 
 export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanType> = {
@@ -58,6 +57,5 @@ export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanTyp
   [AppConnection.MySql]: AppConnectionPlanType.Regular,
   [AppConnection.Heroku]: AppConnectionPlanType.Regular,
   [AppConnection.Render]: AppConnectionPlanType.Regular,
-  [AppConnection.Flyio]: AppConnectionPlanType.Regular,
-  [AppConnection.Cloudflare]: AppConnectionPlanType.Regular
+  [AppConnection.Flyio]: AppConnectionPlanType.Regular
 };

backend/src/services/app-connection/app-connection-service.ts

@@ -47,8 +47,6 @@ import { azureDevOpsConnectionService } from "./azure-devops/azure-devops-servic
 import { ValidateAzureKeyVaultConnectionCredentialsSchema } from "./azure-key-vault";
 import { ValidateCamundaConnectionCredentialsSchema } from "./camunda";
 import { camundaConnectionService } from "./camunda/camunda-connection-service";
-import { ValidateCloudflareConnectionCredentialsSchema } from "./cloudflare/cloudflare-connection-schema";
-import { cloudflareConnectionService } from "./cloudflare/cloudflare-connection-service";
 import { ValidateDatabricksConnectionCredentialsSchema } from "./databricks";
 import { databricksConnectionService } from "./databricks/databricks-connection-service";
 import { ValidateFlyioConnectionCredentialsSchema } from "./flyio";
@@ -115,8 +113,7 @@ const VALIDATE_APP_CONNECTION_CREDENTIALS_MAP: Record<AppConnection, TValidateAp
   [AppConnection.OnePass]: ValidateOnePassConnectionCredentialsSchema,
   [AppConnection.Heroku]: ValidateHerokuConnectionCredentialsSchema,
   [AppConnection.Render]: ValidateRenderConnectionCredentialsSchema,
-  [AppConnection.Flyio]: ValidateFlyioConnectionCredentialsSchema,
-  [AppConnection.Cloudflare]: ValidateCloudflareConnectionCredentialsSchema
+  [AppConnection.Flyio]: ValidateFlyioConnectionCredentialsSchema
 };
 
 export const appConnectionServiceFactory = ({
@@ -524,7 +521,6 @@ export const appConnectionServiceFactory = ({
     onepass: onePassConnectionService(connectAppConnectionById),
     heroku: herokuConnectionService(connectAppConnectionById, appConnectionDAL, kmsService),
     render: renderConnectionService(connectAppConnectionById),
-    cloudflare: cloudflareConnectionService(connectAppConnectionById),
     flyio: flyioConnectionService(connectAppConnectionById)
   };
 };

backend/src/services/app-connection/app-connection-types.ts

@@ -153,12 +153,6 @@ import {
   TWindmillConnectionConfig,
   TWindmillConnectionInput
 } from "./windmill";
-import {
-  TCloudflareConnection,
-  TCloudflareConnectionConfig,
-  TCloudflareConnectionInput,
-  TValidateCloudflareConnectionCredentialsSchema
-} from "./cloudflare/cloudflare-connection-types";
 
 export type TAppConnection = { id: string } & (
   | TAwsConnection
@@ -188,7 +182,6 @@ export type TAppConnection = { id: string } & (
   | THerokuConnection
   | TRenderConnection
   | TFlyioConnection
-  | TCloudflareConnection
 );
 
 export type TAppConnectionRaw = NonNullable<Awaited<ReturnType<TAppConnectionDALFactory["findById"]>>>;
@@ -223,7 +216,6 @@ export type TAppConnectionInput = { id: string } & (
   | THerokuConnectionInput
   | TRenderConnectionInput
   | TFlyioConnectionInput
-  | TCloudflareConnectionInput
 );
 
 export type TSqlConnectionInput =
@@ -265,8 +257,7 @@ export type TAppConnectionConfig =
   | TOnePassConnectionConfig
   | THerokuConnectionConfig
   | TRenderConnectionConfig
-  | TFlyioConnectionConfig
-  | TCloudflareConnectionConfig;
+  | TFlyioConnectionConfig;
 
 export type TValidateAppConnectionCredentialsSchema =
   | TValidateAwsConnectionCredentialsSchema
@@ -295,8 +286,7 @@ export type TValidateAppConnectionCredentialsSchema =
   | TValidateOnePassConnectionCredentialsSchema
   | TValidateHerokuConnectionCredentialsSchema
   | TValidateRenderConnectionCredentialsSchema
-  | TValidateFlyioConnectionCredentialsSchema
-  | TValidateCloudflareConnectionCredentialsSchema;
+  | TValidateFlyioConnectionCredentialsSchema;
 
 export type TListAwsConnectionKmsKeys = {
   connectionId: string;

backend/src/services/app-connection/cloudflare/cloudflare-connection-enum.ts

@@ -1,3 +0,0 @@
-export enum CloudflareConnectionMethod {
-  APIToken = "api-token"
-}

backend/src/services/app-connection/cloudflare/cloudflare-connection-fns.ts

@@ -1,75 +0,0 @@
-import { AxiosError } from "axios";
-
-import { request } from "@app/lib/config/request";
-import { BadRequestError } from "@app/lib/errors";
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
-
-import { CloudflareConnectionMethod } from "./cloudflare-connection-enum";
-import {
-  TCloudflareConnection,
-  TCloudflareConnectionConfig,
-  TCloudflarePagesProject
-} from "./cloudflare-connection-types";
-
-export const getCloudflareConnectionListItem = () => {
-  return {
-    name: "Cloudflare" as const,
-    app: AppConnection.Cloudflare as const,
-    methods: Object.values(CloudflareConnectionMethod) as [CloudflareConnectionMethod.APIToken]
-  };
-};
-
-export const listCloudflarePagesProjects = async (
-  appConnection: TCloudflareConnection
-): Promise<TCloudflarePagesProject[]> => {
-  const {
-    credentials: { apiToken, accountId }
-  } = appConnection;
-
-  const { data } = await request.get<{ result: { name: string; id: string }[] }>(
-    `${IntegrationUrls.CLOUDFLARE_API_URL}/client/v4/accounts/${accountId}/pages/projects`,
-    {
-      headers: {
-        Authorization: `Bearer ${apiToken}`,
-        Accept: "application/json"
-      }
-    }
-  );
-
-  return data.result.map((a) => ({
-    name: a.name,
-    id: a.id
-  }));
-};
-
-export const validateCloudflareConnectionCredentials = async (config: TCloudflareConnectionConfig) => {
-  const { apiToken, accountId } = config.credentials;
-
-  try {
-    const resp = await request.get(`${IntegrationUrls.CLOUDFLARE_API_URL}/client/v4/accounts/${accountId}`, {
-      headers: {
-        Authorization: `Bearer ${apiToken}`,
-        Accept: "application/json"
-      }
-    });
-
-    if (resp.data === null) {
-      throw new BadRequestError({
-        message: "Unable to validate connection: Invalid API token provided."
-      });
-    }
-  } catch (error: unknown) {
-    if (error instanceof AxiosError) {
-      throw new BadRequestError({
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
-        message: `Failed to validate credentials: ${error.response?.data?.errors?.[0]?.message || error.message || "Unknown error"}`
-      });
-    }
-    throw new BadRequestError({
-      message: "Unable to validate connection: verify credentials"
-    });
-  }
-
-  return config.credentials;
-};

backend/src/services/app-connection/cloudflare/cloudflare-connection-schema.ts

@@ -1,74 +0,0 @@
-import z from "zod";
-
-import { AppConnections } from "@app/lib/api-docs";
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-import {
-  BaseAppConnectionSchema,
-  GenericCreateAppConnectionFieldsSchema,
-  GenericUpdateAppConnectionFieldsSchema
-} from "@app/services/app-connection/app-connection-schemas";
-
-import { CloudflareConnectionMethod } from "./cloudflare-connection-enum";
-import { CharacterType, characterValidator } from "@app/lib/validator/validate-string";
-
-const accountIdCharacterValidator = characterValidator([
-  CharacterType.AlphaNumeric,
-  CharacterType.Underscore,
-  CharacterType.Hyphen
-]);
-
-export const CloudflareConnectionApiTokenCredentialsSchema = z.object({
-  accountId: z
-    .string()
-    .trim()
-    .min(1, "Account ID required")
-    .max(256, "Account ID cannot exceed 256 characters")
-    .refine(
-      (val) => accountIdCharacterValidator(val),
-      "Account ID can only contain alphanumeric characters, underscores, and hyphens"
-    ),
-  apiToken: z.string().trim().min(1, "API token required").max(256, "API token cannot exceed 256 characters")
-});
-
-const BaseCloudflareConnectionSchema = BaseAppConnectionSchema.extend({ app: z.literal(AppConnection.Cloudflare) });
-
-export const CloudflareConnectionSchema = BaseCloudflareConnectionSchema.extend({
-  method: z.literal(CloudflareConnectionMethod.APIToken),
-  credentials: CloudflareConnectionApiTokenCredentialsSchema
-});
-
-export const SanitizedCloudflareConnectionSchema = z.discriminatedUnion("method", [
-  BaseCloudflareConnectionSchema.extend({
-    method: z.literal(CloudflareConnectionMethod.APIToken),
-    credentials: CloudflareConnectionApiTokenCredentialsSchema.pick({ accountId: true })
-  })
-]);
-
-export const ValidateCloudflareConnectionCredentialsSchema = z.discriminatedUnion("method", [
-  z.object({
-    method: z
-      .literal(CloudflareConnectionMethod.APIToken)
-      .describe(AppConnections.CREATE(AppConnection.Cloudflare).method),
-    credentials: CloudflareConnectionApiTokenCredentialsSchema.describe(
-      AppConnections.CREATE(AppConnection.Cloudflare).credentials
-    )
-  })
-]);
-
-export const CreateCloudflareConnectionSchema = ValidateCloudflareConnectionCredentialsSchema.and(
-  GenericCreateAppConnectionFieldsSchema(AppConnection.Cloudflare)
-);
-
-export const UpdateCloudflareConnectionSchema = z
-  .object({
-    credentials: CloudflareConnectionApiTokenCredentialsSchema.optional().describe(
-      AppConnections.UPDATE(AppConnection.Cloudflare).credentials
-    )
-  })
-  .and(GenericUpdateAppConnectionFieldsSchema(AppConnection.Cloudflare));
-
-export const CloudflareConnectionListItemSchema = z.object({
-  name: z.literal("Cloudflare"),
-  app: z.literal(AppConnection.Cloudflare),
-  methods: z.nativeEnum(CloudflareConnectionMethod).array()
-});

backend/src/services/app-connection/cloudflare/cloudflare-connection-service.ts

@@ -1,30 +0,0 @@
-import { logger } from "@app/lib/logger";
-import { OrgServiceActor } from "@app/lib/types";
-
-import { AppConnection } from "../app-connection-enums";
-import { listCloudflarePagesProjects } from "./cloudflare-connection-fns";
-import { TCloudflareConnection } from "./cloudflare-connection-types";
-
-type TGetAppConnectionFunc = (
-  app: AppConnection,
-  connectionId: string,
-  actor: OrgServiceActor
-) => Promise<TCloudflareConnection>;
-
-export const cloudflareConnectionService = (getAppConnection: TGetAppConnectionFunc) => {
-  const listPagesProjects = async (connectionId: string, actor: OrgServiceActor) => {
-    const appConnection = await getAppConnection(AppConnection.Cloudflare, connectionId, actor);
-    try {
-      const projects = await listCloudflarePagesProjects(appConnection);
-
-      return projects;
-    } catch (error) {
-      logger.error(error, "Failed to list Cloudflare Pages projects for Cloudflare connection");
-      return [];
-    }
-  };
-
-  return {
-    listPagesProjects
-  };
-};

backend/src/services/app-connection/cloudflare/cloudflare-connection-types.ts

@@ -1,30 +0,0 @@
-import z from "zod";
-
-import { DiscriminativePick } from "@app/lib/types";
-
-import { AppConnection } from "../app-connection-enums";
-import {
-  CloudflareConnectionSchema,
-  CreateCloudflareConnectionSchema,
-  ValidateCloudflareConnectionCredentialsSchema
-} from "./cloudflare-connection-schema";
-
-export type TCloudflareConnection = z.infer<typeof CloudflareConnectionSchema>;
-
-export type TCloudflareConnectionInput = z.infer<typeof CreateCloudflareConnectionSchema> & {
-  app: AppConnection.Cloudflare;
-};
-
-export type TValidateCloudflareConnectionCredentialsSchema = typeof ValidateCloudflareConnectionCredentialsSchema;
-
-export type TCloudflareConnectionConfig = DiscriminativePick<
-  TCloudflareConnectionInput,
-  "method" | "app" | "credentials"
-> & {
-  orgId: string;
-};
-
-export type TCloudflarePagesProject = {
-  id: string;
-  name: string;
-};

backend/src/services/integration-auth/integration-list.ts

@@ -84,8 +84,6 @@ export enum IntegrationUrls {
   QOVERY_API_URL = "https://api.qovery.com",
   TERRAFORM_CLOUD_API_URL = "https://app.terraform.io",
   CLOUDFLARE_PAGES_API_URL = "https://api.cloudflare.com",
-  // eslint-disable-next-line @typescript-eslint/no-duplicate-enum-values
-  CLOUDFLARE_API_URL = "https://api.cloudflare.com",
   // eslint-disable-next-line
   CLOUDFLARE_WORKERS_API_URL = "https://api.cloudflare.com",
   BITBUCKET_API_URL = "https://api.bitbucket.org",

backend/src/services/project/project-service.ts

@@ -42,7 +42,7 @@ import { TProjectPermission } from "@app/lib/types";
 import { TQueueServiceFactory } from "@app/queue";
 import { TPkiSubscriberDALFactory } from "@app/services/pki-subscriber/pki-subscriber-dal";
 
-import { ActorAuthMethod, ActorType } from "../auth/auth-type";
+import { ActorType } from "../auth/auth-type";
 import { TCertificateDALFactory } from "../certificate/certificate-dal";
 import { TCertificateAuthorityDALFactory } from "../certificate-authority/certificate-authority-dal";
 import { expandInternalCa } from "../certificate-authority/certificate-authority-fns";
@@ -82,7 +82,6 @@ import { assignWorkspaceKeysToMembers, bootstrapSshProject, createProjectKey } f
 import { TProjectQueueFactory } from "./project-queue";
 import { TProjectSshConfigDALFactory } from "./project-ssh-config-dal";
 import {
-  ProjectFilterType,
   TCreateProjectDTO,
   TDeleteProjectDTO,
   TDeleteProjectWorkflowIntegration,
@@ -867,39 +866,6 @@ export const projectServiceFactory = ({
     });
   };
 
-  const extractProjectIdFromSlug = async ({
-    projectSlug,
-    projectId,
-    actorId,
-    actorAuthMethod,
-    actor,
-    actorOrgId
-  }: {
-    projectSlug?: string;
-    projectId?: string;
-    actorId: string;
-    actorAuthMethod: ActorAuthMethod;
-    actor: ActorType;
-    actorOrgId: string;
-  }) => {
-    if (projectId) return projectId;
-    if (!projectSlug) throw new BadRequestError({ message: "You must provide projectSlug or workspaceId" });
-    const project = await getAProject({
-      filter: {
-        type: ProjectFilterType.SLUG,
-        orgId: actorOrgId,
-        slug: projectSlug
-      },
-      actorId,
-      actorAuthMethod,
-      actor,
-      actorOrgId
-    });
-
-    if (!project) throw new NotFoundError({ message: `No project found with slug ${projectSlug}` });
-    return project.id;
-  };
-
   const getProjectUpgradeStatus = async ({
     projectId,
     actor,
@@ -2040,7 +2006,6 @@ export const projectServiceFactory = ({
     getProjectSshConfig,
     updateProjectSshConfig,
     requestProjectAccess,
-    searchProjects,
-    extractProjectIdFromSlug
+    searchProjects
   };
 };

backend/src/services/secret-folder/secret-folder-service.ts

@@ -6,7 +6,6 @@ import { ActionProjectType, TSecretFoldersInsert } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { TSecretSnapshotServiceFactory } from "@app/ee/services/secret-snapshot/secret-snapshot-service";
-import { PgSqlLock } from "@app/keystore/keystore";
 import { BadRequestError, NotFoundError } from "@app/lib/errors";
 import { OrderByDirection, OrgServiceActor } from "@app/lib/types";
 import { buildFolderPath } from "@app/services/secret-folder/secret-folder-fns";
@@ -84,75 +83,36 @@ export const secretFolderServiceFactory = ({
       // that is this request must be idempotent
       // so we do a tricky move. we try to find the to be created folder path if that is exactly match return that
       // else we get some path before that then we will start creating remaining folder
-      await tx.raw("SELECT pg_advisory_xact_lock(?)", [PgSqlLock.CreateFolder(env.id, env.projectId)]);
-
       const pathWithFolder = path.join(secretPath, name);
       const parentFolder = await folderDAL.findClosestFolder(projectId, environment, pathWithFolder, tx);
-
+      // no folder found is not possible root should be their
       if (!parentFolder) {
         throw new NotFoundError({
-          message: `Parent folder for path '${pathWithFolder}' not found`
+          message: `Folder with path '${pathWithFolder}' in environment with slug '${environment}' not found`
         });
       }
+      // exact folder
+      if (parentFolder.path === pathWithFolder) return parentFolder;
 
-      // check if the exact folder already exists
-      const existingFolder = await folderDAL.findOne(
-        {
-          envId: env.id,
-          parentId: parentFolder.id,
-          name,
-          isReserved: false
-        },
-        tx
-      );
-
-      if (existingFolder) {
-        return existingFolder;
-      }
-
-      // exact folder case
-      if (parentFolder.path === pathWithFolder) {
-        return parentFolder;
-      }
-
-      let currentParentId = parentFolder.id;
-
-      // build the full path we need by processing each segment
+      let parentFolderId = parentFolder.id;
       if (parentFolder.path !== secretPath) {
-        const missingSegments = secretPath.substring(parentFolder.path.length).split("/").filter(Boolean);
-
-        const newFolders: TSecretFoldersInsert[] = [];
-
-        // process each segment sequentially
-        for await (const segment of missingSegments) {
-          const existingSegment = await folderDAL.findOne(
-            {
-              name: segment,
-              parentId: currentParentId,
-              envId: env.id,
-              isReserved: false
-            },
-            tx
-          );
-
-          if (existingSegment) {
-            // use existing folder and update the path / parent
-            currentParentId = existingSegment.id;
-          } else {
+        // this is upsert folder in a path
+        // we are not taking snapshots of this because
+        // snapshot will be removed from automatic for all commits to user click or cron based
+        const missingSegment = secretPath.substring(parentFolder.path.length).split("/").filter(Boolean);
+        if (missingSegment.length) {
+          const newFolders: Array<TSecretFoldersInsert & { id: string }> = missingSegment.map((segment) => {
             const newFolder = {
               name: segment,
-              parentId: currentParentId,
+              parentId: parentFolderId,
               id: uuidv4(),
               envId: env.id,
               version: 1
             };
-
-            currentParentId = newFolder.id;
-            newFolders.push(newFolder);
-          }
-        }
-
-        if (newFolders.length) {
+            parentFolderId = newFolder.id;
+            return newFolder;
+          });
+          parentFolderId = newFolders.at(-1)?.id as string;
           const docs = await folderDAL.insertMany(newFolders, tx);
           const folderVersions = await folderVersionDAL.insertMany(
             docs.map((doc) => ({
@@ -173,7 +133,7 @@ export const secretFolderServiceFactory = ({
                 }
               },
               message: "Folder created",
-              folderId: currentParentId,
+              folderId: parentFolderId,
               changes: folderVersions.map((fv) => ({
                 type: CommitType.ADD,
                 folderVersionId: fv.id
@@ -185,10 +145,9 @@ export const secretFolderServiceFactory = ({
       }
 
       const doc = await folderDAL.create(
-        { name, envId: env.id, version: 1, parentId: currentParentId, description },
+        { name, envId: env.id, version: 1, parentId: parentFolderId, description },
         tx
       );
-
       const folderVersion = await folderVersionDAL.create(
         {
           name: doc.name,
@@ -199,7 +158,6 @@ export const secretFolderServiceFactory = ({
         },
         tx
       );
-
       await folderCommitService.createCommit(
         {
           actor: {
@@ -209,7 +167,7 @@ export const secretFolderServiceFactory = ({
             }
           },
           message: "Folder created",
-          folderId: doc.id,
+          folderId: parentFolderId,
           changes: [
             {
               type: CommitType.ADD,
@@ -219,7 +177,6 @@ export const secretFolderServiceFactory = ({
         },
         tx
       );
-
       return doc;
     });
 

backend/src/services/secret-sync/cloudflare-pages/cloudflare-pages-constants.ts

@@ -1,10 +0,0 @@
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
-import { TSecretSyncListItem } from "@app/services/secret-sync/secret-sync-types";
-
-export const CLOUDFLARE_PAGES_SYNC_LIST_OPTION: TSecretSyncListItem = {
-  name: "Cloudflare Pages",
-  destination: SecretSync.CloudflarePages,
-  connection: AppConnection.Cloudflare,
-  canImportSecrets: false
-};

backend/src/services/secret-sync/cloudflare-pages/cloudflare-pages-fns.ts

@@ -1,138 +0,0 @@
-import { request } from "@app/lib/config/request";
-import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
-import { matchesSchema } from "@app/services/secret-sync/secret-sync-fns";
-import { TSecretMap } from "@app/services/secret-sync/secret-sync-types";
-
-import { SECRET_SYNC_NAME_MAP } from "../secret-sync-maps";
-import { TCloudflarePagesSyncWithCredentials } from "./cloudflare-pages-types";
-
-const getProjectEnvironmentSecrets = async (secretSync: TCloudflarePagesSyncWithCredentials) => {
-  const {
-    destinationConfig,
-    connection: {
-      credentials: { apiToken, accountId }
-    }
-  } = secretSync;
-
-  const secrets = (
-    await request.get<{
-      result: {
-        deployment_configs: Record<
-          string,
-          {
-            env_vars: Record<string, { type: "plain_text" | "secret_text"; value: string }>;
-          }
-        >;
-      };
-    }>(
-      `${IntegrationUrls.CLOUDFLARE_PAGES_API_URL}/client/v4/accounts/${accountId}/pages/projects/${destinationConfig.projectName}`,
-      {
-        headers: {
-          Authorization: `Bearer ${apiToken}`,
-          Accept: "application/json"
-        }
-      }
-    )
-  ).data.result.deployment_configs[destinationConfig.environment].env_vars;
-
-  return Object.entries(secrets ?? {}).map(([key, envVar]) => ({
-    key,
-    value: envVar.value
-  }));
-};
-
-export const CloudflarePagesSyncFns = {
-  syncSecrets: async (secretSync: TCloudflarePagesSyncWithCredentials, secretMap: TSecretMap) => {
-    const {
-      destinationConfig,
-      connection: {
-        credentials: { apiToken, accountId }
-      }
-    } = secretSync;
-
-    // Create/update secret entries
-    let secretEntries: [string, object | null][] = Object.entries(secretMap).map(([key, val]) => [
-      key,
-      { type: "secret_text", value: val.value }
-    ]);
-
-    // Handle deletions if not disabled
-    if (!secretSync.syncOptions.disableSecretDeletion) {
-      const existingSecrets = await getProjectEnvironmentSecrets(secretSync);
-      const toDeleteKeys = existingSecrets
-        .filter(
-          (secret) =>
-            matchesSchema(secret.key, secretSync.environment?.slug || "", secretSync.syncOptions.keySchema) &&
-            !secretMap[secret.key]
-        )
-        .map((secret) => secret.key);
-
-      const toDeleteEntries: [string, null][] = toDeleteKeys.map((key) => [key, null]);
-      secretEntries = [...secretEntries, ...toDeleteEntries];
-    }
-
-    const data = {
-      deployment_configs: {
-        [destinationConfig.environment]: {
-          env_vars: Object.fromEntries(secretEntries)
-        }
-      }
-    };
-
-    await request.patch(
-      `${IntegrationUrls.CLOUDFLARE_PAGES_API_URL}/client/v4/accounts/${accountId}/pages/projects/${destinationConfig.projectName}`,
-      data,
-      {
-        headers: {
-          Authorization: `Bearer ${apiToken}`,
-          Accept: "application/json"
-        }
-      }
-    );
-  },
-
-  getSecrets: async (secretSync: TCloudflarePagesSyncWithCredentials): Promise<TSecretMap> => {
-    throw new Error(`${SECRET_SYNC_NAME_MAP[secretSync.destination]} does not support importing secrets.`);
-  },
-
-  removeSecrets: async (secretSync: TCloudflarePagesSyncWithCredentials, secretMap: TSecretMap) => {
-    const {
-      destinationConfig,
-      connection: {
-        credentials: { apiToken, accountId }
-      }
-    } = secretSync;
-
-    const secrets = await getProjectEnvironmentSecrets(secretSync);
-    const toDeleteKeys = secrets
-      .filter(
-        (secret) =>
-          matchesSchema(secret.key, secretSync.environment?.slug || "", secretSync.syncOptions.keySchema) &&
-          secret.key in secretMap
-      )
-      .map((secret) => secret.key);
-
-    if (toDeleteKeys.length === 0) return;
-
-    const secretEntries: [string, null][] = toDeleteKeys.map((key) => [key, null]);
-
-    const data = {
-      deployment_configs: {
-        [destinationConfig.environment]: {
-          env_vars: Object.fromEntries(secretEntries)
-        }
-      }
-    };
-
-    await request.patch(
-      `${IntegrationUrls.CLOUDFLARE_PAGES_API_URL}/client/v4/accounts/${accountId}/pages/projects/${destinationConfig.projectName}`,
-      data,
-      {
-        headers: {
-          Authorization: `Bearer ${apiToken}`,
-          Accept: "application/json"
-        }
-      }
-    );
-  }
-};

backend/src/services/secret-sync/cloudflare-pages/cloudflare-pages-schema.ts

@@ -1,53 +0,0 @@
-import { z } from "zod";
-
-import { SecretSyncs } from "@app/lib/api-docs";
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
-import {
-  BaseSecretSyncSchema,
-  GenericCreateSecretSyncFieldsSchema,
-  GenericUpdateSecretSyncFieldsSchema
-} from "@app/services/secret-sync/secret-sync-schemas";
-import { TSyncOptionsConfig } from "@app/services/secret-sync/secret-sync-types";
-
-const CloudflarePagesSyncDestinationConfigSchema = z.object({
-  projectName: z
-    .string()
-    .min(1, "Project name is required")
-    .describe(SecretSyncs.DESTINATION_CONFIG.CLOUDFLARE_PAGES.projectName),
-  environment: z
-    .string()
-    .min(1, "Environment is required")
-    .describe(SecretSyncs.DESTINATION_CONFIG.CLOUDFLARE_PAGES.environment)
-});
-
-const CloudflarePagesSyncOptionsConfig: TSyncOptionsConfig = { canImportSecrets: false };
-
-export const CloudflarePagesSyncSchema = BaseSecretSyncSchema(
-  SecretSync.CloudflarePages,
-  CloudflarePagesSyncOptionsConfig
-).extend({
-  destination: z.literal(SecretSync.CloudflarePages),
-  destinationConfig: CloudflarePagesSyncDestinationConfigSchema
-});
-
-export const CreateCloudflarePagesSyncSchema = GenericCreateSecretSyncFieldsSchema(
-  SecretSync.CloudflarePages,
-  CloudflarePagesSyncOptionsConfig
-).extend({
-  destinationConfig: CloudflarePagesSyncDestinationConfigSchema
-});
-
-export const UpdateCloudflarePagesSyncSchema = GenericUpdateSecretSyncFieldsSchema(
-  SecretSync.CloudflarePages,
-  CloudflarePagesSyncOptionsConfig
-).extend({
-  destinationConfig: CloudflarePagesSyncDestinationConfigSchema.optional()
-});
-
-export const CloudflarePagesSyncListItemSchema = z.object({
-  name: z.literal("Cloudflare Pages"),
-  connection: z.literal(AppConnection.Cloudflare),
-  destination: z.literal(SecretSync.CloudflarePages),
-  canImportSecrets: z.literal(false)
-});

backend/src/services/secret-sync/cloudflare-pages/cloudflare-pages-types.ts

@@ -1,19 +0,0 @@
-import z from "zod";
-
-import { TCloudflareConnection } from "@app/services/app-connection/cloudflare/cloudflare-connection-types";
-
-import {
-  CloudflarePagesSyncListItemSchema,
-  CloudflarePagesSyncSchema,
-  CreateCloudflarePagesSyncSchema
-} from "./cloudflare-pages-schema";
-
-export type TCloudflarePagesSyncListItem = z.infer<typeof CloudflarePagesSyncListItemSchema>;
-
-export type TCloudflarePagesSync = z.infer<typeof CloudflarePagesSyncSchema>;
-
-export type TCloudflarePagesSyncInput = z.infer<typeof CreateCloudflarePagesSyncSchema>;
-
-export type TCloudflarePagesSyncWithCredentials = TCloudflarePagesSync & {
-  connection: TCloudflareConnection;
-};

backend/src/services/secret-sync/secret-sync-enums.ts

@@ -18,8 +18,7 @@ export enum SecretSync {
   OnePass = "1password",
   Heroku = "heroku",
   Render = "render",
-  Flyio = "flyio",
-  CloudflarePages = "cloudflare-pages"
+  Flyio = "flyio"
 }
 
 export enum SecretSyncInitialSyncBehavior {

backend/src/services/secret-sync/secret-sync-fns.ts

@@ -29,8 +29,6 @@ import { AZURE_APP_CONFIGURATION_SYNC_LIST_OPTION, azureAppConfigurationSyncFact
 import { AZURE_DEVOPS_SYNC_LIST_OPTION, azureDevOpsSyncFactory } from "./azure-devops";
 import { AZURE_KEY_VAULT_SYNC_LIST_OPTION, azureKeyVaultSyncFactory } from "./azure-key-vault";
 import { CAMUNDA_SYNC_LIST_OPTION, camundaSyncFactory } from "./camunda";
-import { CLOUDFLARE_PAGES_SYNC_LIST_OPTION } from "./cloudflare-pages/cloudflare-pages-constants";
-import { CloudflarePagesSyncFns } from "./cloudflare-pages/cloudflare-pages-fns";
 import { FLYIO_SYNC_LIST_OPTION, FlyioSyncFns } from "./flyio";
 import { GCP_SYNC_LIST_OPTION } from "./gcp";
 import { GcpSyncFns } from "./gcp/gcp-sync-fns";
@@ -65,8 +63,7 @@ const SECRET_SYNC_LIST_OPTIONS: Record<SecretSync, TSecretSyncListItem> = {
   [SecretSync.OnePass]: ONEPASS_SYNC_LIST_OPTION,
   [SecretSync.Heroku]: HEROKU_SYNC_LIST_OPTION,
   [SecretSync.Render]: RENDER_SYNC_LIST_OPTION,
-  [SecretSync.Flyio]: FLYIO_SYNC_LIST_OPTION,
-  [SecretSync.CloudflarePages]: CLOUDFLARE_PAGES_SYNC_LIST_OPTION
+  [SecretSync.Flyio]: FLYIO_SYNC_LIST_OPTION
 };
 
 export const listSecretSyncOptions = () => {
@@ -230,8 +227,6 @@ export const SecretSyncFns = {
         return RenderSyncFns.syncSecrets(secretSync, schemaSecretMap);
       case SecretSync.Flyio:
         return FlyioSyncFns.syncSecrets(secretSync, schemaSecretMap);
-      case SecretSync.CloudflarePages:
-        return CloudflarePagesSyncFns.syncSecrets(secretSync, schemaSecretMap);
       default:
         throw new Error(
           `Unhandled sync destination for sync secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
@@ -318,9 +313,6 @@ export const SecretSyncFns = {
       case SecretSync.Flyio:
         secretMap = await FlyioSyncFns.getSecrets(secretSync);
         break;
-      case SecretSync.CloudflarePages:
-        secretMap = await CloudflarePagesSyncFns.getSecrets(secretSync);
-        break;
       default:
         throw new Error(
           `Unhandled sync destination for get secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
@@ -394,8 +386,6 @@ export const SecretSyncFns = {
         return RenderSyncFns.removeSecrets(secretSync, schemaSecretMap);
       case SecretSync.Flyio:
         return FlyioSyncFns.removeSecrets(secretSync, schemaSecretMap);
-      case SecretSync.CloudflarePages:
-        return CloudflarePagesSyncFns.removeSecrets(secretSync, schemaSecretMap);
       default:
         throw new Error(
           `Unhandled sync destination for remove secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`

backend/src/services/secret-sync/secret-sync-maps.ts

@@ -21,8 +21,7 @@ export const SECRET_SYNC_NAME_MAP: Record<SecretSync, string> = {
   [SecretSync.OnePass]: "1Password",
   [SecretSync.Heroku]: "Heroku",
   [SecretSync.Render]: "Render",
-  [SecretSync.Flyio]: "Fly.io",
-  [SecretSync.CloudflarePages]: "Cloudflare Pages"
+  [SecretSync.Flyio]: "Fly.io"
 };
 
 export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
@@ -45,8 +44,7 @@ export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
   [SecretSync.OnePass]: AppConnection.OnePass,
   [SecretSync.Heroku]: AppConnection.Heroku,
   [SecretSync.Render]: AppConnection.Render,
-  [SecretSync.Flyio]: AppConnection.Flyio,
-  [SecretSync.CloudflarePages]: AppConnection.Cloudflare
+  [SecretSync.Flyio]: AppConnection.Flyio
 };
 
 export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
@@ -69,6 +67,5 @@ export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
   [SecretSync.OnePass]: SecretSyncPlanType.Regular,
   [SecretSync.Heroku]: SecretSyncPlanType.Regular,
   [SecretSync.Render]: SecretSyncPlanType.Regular,
-  [SecretSync.Flyio]: SecretSyncPlanType.Regular,
-  [SecretSync.CloudflarePages]: SecretSyncPlanType.Regular
+  [SecretSync.Flyio]: SecretSyncPlanType.Regular
 };

backend/src/services/secret-sync/secret-sync-types.ts

@@ -106,12 +106,6 @@ import {
   TTerraformCloudSyncWithCredentials
 } from "./terraform-cloud";
 import { TVercelSync, TVercelSyncInput, TVercelSyncListItem, TVercelSyncWithCredentials } from "./vercel";
-import {
-  TCloudflarePagesSync,
-  TCloudflarePagesSyncInput,
-  TCloudflarePagesSyncListItem,
-  TCloudflarePagesSyncWithCredentials
-} from "./cloudflare-pages/cloudflare-pages-types";
 
 export type TSecretSync =
   | TAwsParameterStoreSync
@@ -133,8 +127,7 @@ export type TSecretSync =
   | TOnePassSync
   | THerokuSync
   | TRenderSync
-  | TFlyioSync
-  | TCloudflarePagesSync;
+  | TFlyioSync;
 
 export type TSecretSyncWithCredentials =
   | TAwsParameterStoreSyncWithCredentials
@@ -156,8 +149,7 @@ export type TSecretSyncWithCredentials =
   | TOnePassSyncWithCredentials
   | THerokuSyncWithCredentials
   | TRenderSyncWithCredentials
-  | TFlyioSyncWithCredentials
-  | TCloudflarePagesSyncWithCredentials;
+  | TFlyioSyncWithCredentials;
 
 export type TSecretSyncInput =
   | TAwsParameterStoreSyncInput
@@ -179,8 +171,7 @@ export type TSecretSyncInput =
   | TOnePassSyncInput
   | THerokuSyncInput
   | TRenderSyncInput
-  | TFlyioSyncInput
-  | TCloudflarePagesSyncInput;
+  | TFlyioSyncInput;
 
 export type TSecretSyncListItem =
   | TAwsParameterStoreSyncListItem
@@ -202,8 +193,7 @@ export type TSecretSyncListItem =
   | TOnePassSyncListItem
   | THerokuSyncListItem
   | TRenderSyncListItem
-  | TFlyioSyncListItem
-  | TCloudflarePagesSyncListItem;
+  | TFlyioSyncListItem;
 
 export type TSyncOptionsConfig = {
   canImportSecrets: boolean;

backend/src/services/secret/secret-service.ts

@@ -1543,8 +1543,9 @@ export const secretServiceFactory = ({
     actor,
     environment,
     viewSecretValue,
-    projectId,
+    projectId: workspaceId,
     expandSecretReferences,
+    projectSlug,
     actorId,
     actorOrgId,
     actorAuthMethod,
@@ -1552,6 +1553,7 @@ export const secretServiceFactory = ({
     includeImports,
     version
   }: TGetASecretRawDTO) => {
+    const projectId = workspaceId || (await projectDAL.findProjectBySlug(projectSlug as string, actorOrgId)).id;
     const { botKey, shouldUseSecretV2Bridge } = await projectBotService.getBotKey(projectId);
     if (shouldUseSecretV2Bridge) {
       const secret = await secretV2BridgeService.getSecretByName({

backend/src/services/secret/secret-types.ts

@@ -229,7 +229,8 @@ export type TGetASecretRawDTO = {
   type: "shared" | "personal";
   includeImports?: boolean;
   version?: number;
-  projectId: string;
+  projectSlug?: string;
+  projectId?: string;
 } & Omit<TProjectPermission, "projectId">;
 
 export type TGetASecretByIdRawDTO = {

backend/src/services/telemetry/telemetry-queue.ts

@@ -7,13 +7,18 @@ import { QueueJobs, QueueName, TQueueServiceFactory } from "@app/queue";
 
 import { getServerCfg } from "../super-admin/super-admin-service";
 import { TTelemetryDALFactory } from "./telemetry-dal";
-import { TELEMETRY_SECRET_OPERATIONS_KEY, TELEMETRY_SECRET_PROCESSED_KEY } from "./telemetry-service";
+import {
+  TELEMETRY_SECRET_OPERATIONS_KEY,
+  TELEMETRY_SECRET_PROCESSED_KEY,
+  TTelemetryServiceFactory
+} from "./telemetry-service";
 import { PostHogEventTypes } from "./telemetry-types";
 
 type TTelemetryQueueServiceFactoryDep = {
   queueService: TQueueServiceFactory;
   keyStore: Pick<TKeyStoreFactory, "getItem" | "deleteItem">;
   telemetryDAL: TTelemetryDALFactory;
+  telemetryService: TTelemetryServiceFactory;
 };
 
 export type TTelemetryQueueServiceFactory = ReturnType<typeof telemetryQueueServiceFactory>;
@@ -21,7 +26,8 @@ export type TTelemetryQueueServiceFactory = ReturnType<typeof telemetryQueueServ
 export const telemetryQueueServiceFactory = ({
   queueService,
   keyStore,
-  telemetryDAL
+  telemetryDAL,
+  telemetryService
 }: TTelemetryQueueServiceFactoryDep) => {
   const appCfg = getConfig();
   const postHog =
@@ -48,6 +54,10 @@ export const telemetryQueueServiceFactory = ({
     await keyStore.deleteItem(TELEMETRY_SECRET_OPERATIONS_KEY);
   });
 
+  queueService.start(QueueName.TelemetryAggregatedEvents, async () => {
+    await telemetryService.processAggregatedEvents();
+  });
+
   // every day at midnight a telemetry job executes on self-hosted instances
   // this sends some telemetry information like instance id secrets operated etc
   const startTelemetryCheck = async () => {
@@ -60,11 +70,26 @@ export const telemetryQueueServiceFactory = ({
       { pattern: "0 0 * * *", utc: true },
       QueueName.TelemetryInstanceStats // just a job id
     );
+
+    // clear previous aggregated events job
+    await queueService.stopRepeatableJob(
+      QueueName.TelemetryAggregatedEvents,
+      QueueJobs.TelemetryAggregatedEvents,
+      { pattern: "*/5 * * * *", utc: true },
+      QueueName.TelemetryAggregatedEvents // just a job id
+    );
+
     if (postHog) {
       await queueService.queue(QueueName.TelemetryInstanceStats, QueueJobs.TelemetryInstanceStats, undefined, {
         jobId: QueueName.TelemetryInstanceStats,
         repeat: { pattern: "0 0 * * *", utc: true }
       });
+
+      // Start aggregated events job (runs every five minutes)
+      await queueService.queue(QueueName.TelemetryAggregatedEvents, QueueJobs.TelemetryAggregatedEvents, undefined, {
+        jobId: QueueName.TelemetryAggregatedEvents,
+        repeat: { pattern: "*/5 * * * *", utc: true }
+      });
     }
   };
 
@@ -72,6 +97,10 @@ export const telemetryQueueServiceFactory = ({
     logger.error(err?.failedReason, `${QueueName.TelemetryInstanceStats}: failed`);
   });
 
+  queueService.listen(QueueName.TelemetryAggregatedEvents, "failed", (err) => {
+    logger.error(err?.failedReason, `${QueueName.TelemetryAggregatedEvents}: failed`);
+  });
+
   return {
     startTelemetryCheck
   };

backend/src/services/telemetry/telemetry-service.ts

@@ -1,3 +1,4 @@
+import { createHash, randomUUID } from "crypto";
 import { PostHog } from "posthog-node";
 
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
@@ -12,12 +13,49 @@ import { PostHogEventTypes, TPostHogEvent, TSecretModifiedEvent } from "./teleme
 export const TELEMETRY_SECRET_PROCESSED_KEY = "telemetry-secret-processed";
 export const TELEMETRY_SECRET_OPERATIONS_KEY = "telemetry-secret-operations";
 
+export const POSTHOG_AGGREGATED_EVENTS = [PostHogEventTypes.SecretPulled];
+const TELEMETRY_AGGREGATED_KEY_EXP = 900; // 15mins
+
+// Bucket configuration
+const TELEMETRY_BUCKET_COUNT = 30;
+const TELEMETRY_BUCKET_NAMES = Array.from(
+  { length: TELEMETRY_BUCKET_COUNT },
+  (_, i) => `bucket-${i.toString().padStart(2, "0")}`
+);
+
+type AggregatedEventData = Record<string, unknown>;
+type SingleEventData = {
+  distinctId: string;
+  event: string;
+  properties: unknown;
+  organizationId: string;
+};
+
 export type TTelemetryServiceFactory = ReturnType<typeof telemetryServiceFactory>;
 export type TTelemetryServiceFactoryDep = {
-  keyStore: Pick<TKeyStoreFactory, "getItem" | "incrementBy">;
+  keyStore: Pick<
+    TKeyStoreFactory,
+    "incrementBy" | "deleteItemsByKeyIn" | "setItemWithExpiry" | "getKeysByPattern" | "getItems"
+  >;
   licenseService: Pick<TLicenseServiceFactory, "getInstanceType">;
 };
 
+const getBucketForDistinctId = (distinctId: string): string => {
+  // Use SHA-256 hash for consistent distribution
+  const hash = createHash("sha256").update(distinctId).digest("hex");
+
+  // Take first 8 characters and convert to number for better distribution
+  const hashNumber = parseInt(hash.substring(0, 8), 16);
+  const bucketIndex = hashNumber % TELEMETRY_BUCKET_COUNT;
+
+  return TELEMETRY_BUCKET_NAMES[bucketIndex];
+};
+
+export const createTelemetryEventKey = (event: string, distinctId: string): string => {
+  const bucketId = getBucketForDistinctId(distinctId);
+  return `telemetry-event-${event}-${bucketId}-${distinctId}-${randomUUID()}`;
+};
+
 export const telemetryServiceFactory = ({ keyStore, licenseService }: TTelemetryServiceFactoryDep) => {
   const appCfg = getConfig();
 
@@ -64,11 +102,33 @@ To opt into telemetry, you can set "TELEMETRY_ENABLED=true" within the environme
       const instanceType = licenseService.getInstanceType();
       // capture posthog only when its cloud or signup event happens in self-hosted
       if (instanceType === InstanceType.Cloud || event.event === PostHogEventTypes.UserSignedUp) {
-        postHog.capture({
-          event: event.event,
-          distinctId: event.distinctId,
-          properties: event.properties
-        });
+        if (event.organizationId) {
+          try {
+            postHog.groupIdentify({ groupType: "organization", groupKey: event.organizationId });
+          } catch (error) {
+            logger.error(error, "Failed to identify PostHog organization");
+          }
+        }
+        if (POSTHOG_AGGREGATED_EVENTS.includes(event.event)) {
+          const eventKey = createTelemetryEventKey(event.event, event.distinctId);
+          await keyStore.setItemWithExpiry(
+            eventKey,
+            TELEMETRY_AGGREGATED_KEY_EXP,
+            JSON.stringify({
+              distinctId: event.distinctId,
+              event: event.event,
+              properties: event.properties,
+              organizationId: event.organizationId
+            })
+          );
+        } else {
+          postHog.capture({
+            event: event.event,
+            distinctId: event.distinctId,
+            properties: event.properties,
+            ...(event.organizationId ? { groups: { organization: event.organizationId } } : {})
+          });
+        }
         return;
       }
 
@@ -89,6 +149,160 @@ To opt into telemetry, you can set "TELEMETRY_ENABLED=true" within the environme
     }
   };
 
+  const aggregateGroupProperties = (events: SingleEventData[]): AggregatedEventData => {
+    const aggregatedData: AggregatedEventData = {};
+
+    // Set the total count
+    aggregatedData.count = events.length;
+
+    events.forEach((event) => {
+      if (!event.properties) return;
+
+      Object.entries(event.properties as Record<string, unknown>).forEach(([key, value]: [string, unknown]) => {
+        if (Array.isArray(value)) {
+          // For arrays, count occurrences of each item
+          const existingCounts =
+            aggregatedData[key] &&
+            typeof aggregatedData[key] === "object" &&
+            aggregatedData[key]?.constructor === Object
+              ? (aggregatedData[key] as Record<string, number>)
+              : {};
+
+          value.forEach((item) => {
+            const itemKey = typeof item === "object" ? JSON.stringify(item) : String(item);
+            existingCounts[itemKey] = (existingCounts[itemKey] || 0) + 1;
+          });
+
+          aggregatedData[key] = existingCounts;
+        } else if (typeof value === "object" && value?.constructor === Object) {
+          // For objects, count occurrences of each field value
+          const existingCounts =
+            aggregatedData[key] &&
+            typeof aggregatedData[key] === "object" &&
+            aggregatedData[key]?.constructor === Object
+              ? (aggregatedData[key] as Record<string, number>)
+              : {};
+
+          if (value) {
+            Object.values(value).forEach((fieldValue) => {
+              const valueKey = typeof fieldValue === "object" ? JSON.stringify(fieldValue) : String(fieldValue);
+              existingCounts[valueKey] = (existingCounts[valueKey] || 0) + 1;
+            });
+          }
+          aggregatedData[key] = existingCounts;
+        } else if (typeof value === "number") {
+          // For numbers, add to existing sum
+          aggregatedData[key] = ((aggregatedData[key] as number) || 0) + value;
+        } else if (value !== undefined && value !== null) {
+          // For other types (strings, booleans, etc.), count occurrences
+          const stringValue = String(value);
+          const existingValue = aggregatedData[key];
+
+          if (!existingValue) {
+            aggregatedData[key] = { [stringValue]: 1 };
+          } else if (existingValue && typeof existingValue === "object" && existingValue.constructor === Object) {
+            const countObject = existingValue as Record<string, number>;
+            countObject[stringValue] = (countObject[stringValue] || 0) + 1;
+          } else {
+            const oldValue = String(existingValue);
+            aggregatedData[key] = {
+              [oldValue]: 1,
+              [stringValue]: 1
+            };
+          }
+        }
+      });
+    });
+
+    return aggregatedData;
+  };
+
+  const processBucketEvents = async (eventType: string, bucketId: string) => {
+    if (!postHog) return 0;
+
+    try {
+      const bucketPattern = `telemetry-event-${eventType}-${bucketId}-*`;
+      const bucketKeys = await keyStore.getKeysByPattern(bucketPattern);
+
+      if (bucketKeys.length === 0) return 0;
+
+      const bucketEvents = await keyStore.getItems(bucketKeys);
+      let bucketEventsParsed: SingleEventData[] = [];
+
+      try {
+        bucketEventsParsed = bucketEvents
+          .filter((event) => event !== null)
+          .map((event) => JSON.parse(event as string) as SingleEventData);
+      } catch (error) {
+        logger.error(error, `Failed to parse bucket events for ${eventType} in ${bucketId}`);
+        return 0;
+      }
+
+      const eventsGrouped = new Map<string, SingleEventData[]>();
+
+      bucketEventsParsed.forEach((event) => {
+        const key = JSON.stringify({ id: event.distinctId, org: event.organizationId });
+        if (!eventsGrouped.has(key)) {
+          eventsGrouped.set(key, []);
+        }
+        eventsGrouped.get(key)!.push(event);
+      });
+
+      if (eventsGrouped.size === 0) return 0;
+
+      for (const [eventsKey, events] of eventsGrouped) {
+        const key = JSON.parse(eventsKey) as { id: string; org?: string };
+        if (key.org) {
+          try {
+            postHog.groupIdentify({ groupType: "organization", groupKey: key.org });
+          } catch (error) {
+            logger.error(error, "Failed to identify PostHog organization");
+          }
+        }
+        const properties = aggregateGroupProperties(events);
+
+        postHog.capture({
+          event: `${eventType} aggregated`,
+          distinctId: key.id,
+          properties,
+          ...(key.org ? { groups: { organization: key.org } } : {})
+        });
+      }
+
+      // Clean up processed data for this bucket
+      await keyStore.deleteItemsByKeyIn(bucketKeys);
+
+      logger.info(`Processed ${bucketEventsParsed.length} events from bucket ${bucketId} for ${eventType}`);
+      return bucketEventsParsed.length;
+    } catch (error) {
+      logger.error(error, `Failed to process bucket ${bucketId} for ${eventType}`);
+      return 0;
+    }
+  };
+
+  const processAggregatedEvents = async () => {
+    if (!postHog) return;
+
+    for (const eventType of POSTHOG_AGGREGATED_EVENTS) {
+      let totalProcessed = 0;
+
+      logger.info(`Starting bucket processing for ${eventType}`);
+
+      // Process each bucket sequentially to control memory usage
+      for (const bucketId of TELEMETRY_BUCKET_NAMES) {
+        try {
+          // eslint-disable-next-line no-await-in-loop
+          const processed = await processBucketEvents(eventType, bucketId);
+          totalProcessed += processed;
+        } catch (error) {
+          logger.error(error, `Failed to process bucket ${bucketId} for ${eventType}`);
+        }
+      }
+
+      logger.info(`Completed processing ${totalProcessed} total events for ${eventType}`);
+    }
+  };
+
   const flushAll = async () => {
     if (postHog) {
       await postHog.shutdownAsync();
@@ -98,6 +312,8 @@ To opt into telemetry, you can set "TELEMETRY_ENABLED=true" within the environme
   return {
     sendLoopsEvent,
     sendPostHogEvents,
-    flushAll
+    processAggregatedEvents,
+    flushAll,
+    getBucketForDistinctId
   };
 };

backend/src/services/telemetry/telemetry-types.ts

@@ -1,3 +1,13 @@
+import {
+  IdentityActor,
+  KmipClientActor,
+  PlatformActor,
+  ScimClientActor,
+  ServiceActor,
+  UnknownUserActor,
+  UserActor
+} from "@app/ee/services/audit-log/audit-log-types";
+
 export enum PostHogEventTypes {
   SecretPush = "secrets pushed",
   SecretPulled = "secrets pulled",
@@ -40,6 +50,14 @@ export type TSecretModifiedEvent = {
     secretPath: string;
     channel?: string;
     userAgent?: string;
+    actor?:
+      | UserActor
+      | IdentityActor
+      | ServiceActor
+      | ScimClientActor
+      | PlatformActor
+      | UnknownUserActor
+      | KmipClientActor;
   };
 };
 
@@ -214,7 +232,7 @@ export type TInvalidateCacheEvent = {
   };
 };
 
-export type TPostHogEvent = { distinctId: string } & (
+export type TPostHogEvent = { distinctId: string; organizationId?: string } & (
   | TSecretModifiedEvent
   | TAdminInitEvent
   | TUserSignedUpEvent

docs/api-reference/endpoints/app-connections/cloudflare/available.mdx

@@ -1,4 +0,0 @@
----
-title: "Available"
-openapi: "GET /api/v1/app-connections/cloudflare/available"
----

docs/api-reference/endpoints/app-connections/cloudflare/create.mdx

@@ -1,10 +0,0 @@
----
-title: "Create"
-openapi: "POST /api/v1/app-connections/cloudflare"
----
-
-<Note>
-  Check out the configuration docs for [Cloudflare
-  Connections](/integrations/app-connections/cloudflare) to learn how to obtain
-  the required credentials.
-</Note>

docs/api-reference/endpoints/app-connections/cloudflare/delete.mdx

@@ -1,4 +0,0 @@
----
-title: "Delete"
-openapi: "DELETE /api/v1/app-connections/cloudflare/{connectionId}"
----

docs/api-reference/endpoints/app-connections/cloudflare/get-by-id.mdx

@@ -1,4 +0,0 @@
----
-title: "Get by ID"
-openapi: "GET /api/v1/app-connections/cloudflare/{connectionId}"
----

docs/api-reference/endpoints/app-connections/cloudflare/get-by-name.mdx

@@ -1,4 +0,0 @@
----
-title: "Get by Name"
-openapi: "GET /api/v1/app-connections/cloudflare/connection-name/{connectionName}"
----

docs/api-reference/endpoints/app-connections/cloudflare/list.mdx

@@ -1,4 +0,0 @@
----
-title: "List"
-openapi: "GET /api/v1/app-connections/cloudflare"
----

docs/api-reference/endpoints/app-connections/cloudflare/update.mdx

@@ -1,10 +0,0 @@
----
-title: "Update"
-openapi: "PATCH /api/v1/app-connections/cloudflare/{connectionId}"
----
-
-<Note>
-  Check out the configuration docs for [Cloudflare
-  Connections](/integrations/app-connections/cloudflare) to learn how to obtain
-  the required credentials.
-</Note>

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/create.mdx

@@ -1,4 +0,0 @@
----
-title: "Create"
-openapi: "POST /api/v1/secret-syncs/cloudflare-pages"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/delete.mdx

@@ -1,4 +0,0 @@
----
-title: "Delete"
-openapi: "DELETE /api/v1/secret-syncs/cloudflare-pages/{syncId}"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/get-by-id.mdx

@@ -1,4 +0,0 @@
----
-title: "Get by ID"
-openapi: "GET /api/v1/secret-syncs/cloudflare-pages/{syncId}"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/get-by-name.mdx

@@ -1,4 +0,0 @@
----
-title: "Get by Name"
-openapi: "GET /api/v1/secret-syncs/cloudflare-pages/sync-name/{syncName}"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/list.mdx

@@ -1,4 +0,0 @@
----
-title: "List"
-openapi: "GET /api/v1/secret-syncs/cloudflare-pages"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/remove-secrets.mdx

@@ -1,4 +0,0 @@
----
-title: "Remove Secrets"
-openapi: "POST /api/v1/secret-syncs/cloudflare-pages/{syncId}/remove-secrets"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/sync-secrets.mdx

@@ -1,4 +0,0 @@
----
-title: "Sync Secrets"
-openapi: "POST /api/v1/secret-syncs/cloudflare-pages/{syncId}/sync-secrets"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/update.mdx

@@ -1,4 +0,0 @@
----
-title: "Update"
-openapi: "PATCH /api/v1/secret-syncs/cloudflare-pages/{syncId}"
----

docs/docs.json

@@ -469,7 +469,6 @@
                   "integrations/app-connections/azure-devops",
                   "integrations/app-connections/azure-key-vault",
                   "integrations/app-connections/camunda",
-                  "integrations/app-connections/cloudflare",
                   "integrations/app-connections/databricks",
                   "integrations/app-connections/flyio",
                   "integrations/app-connections/gcp",
@@ -507,7 +506,6 @@
                   "integrations/secret-syncs/azure-devops",
                   "integrations/secret-syncs/azure-key-vault",
                   "integrations/secret-syncs/camunda",
-                  "integrations/secret-syncs/cloudflare-pages",
                   "integrations/secret-syncs/databricks",
                   "integrations/secret-syncs/flyio",
                   "integrations/secret-syncs/gcp-secret-manager",
@@ -1257,18 +1255,6 @@
                       "api-reference/endpoints/app-connections/camunda/delete"
                     ]
                   },
-                  {
-                    "group": "Cloudflare",
-                    "pages": [
-                      "api-reference/endpoints/app-connections/cloudflare/list",
-                      "api-reference/endpoints/app-connections/cloudflare/available",
-                      "api-reference/endpoints/app-connections/cloudflare/get-by-id",
-                      "api-reference/endpoints/app-connections/cloudflare/get-by-name",
-                      "api-reference/endpoints/app-connections/cloudflare/create",
-                      "api-reference/endpoints/app-connections/cloudflare/update",
-                      "api-reference/endpoints/app-connections/cloudflare/delete"
-                    ]
-                  },
                   {
                     "group": "Databricks",
                     "pages": [
@@ -1601,19 +1587,6 @@
                       "api-reference/endpoints/secret-syncs/camunda/remove-secrets"
                     ]
                   },
-                  {
-                    "group": "Cloudflare Pages",
-                    "pages": [
-                      "api-reference/endpoints/secret-syncs/cloudflare-pages/list",
-                      "api-reference/endpoints/secret-syncs/cloudflare-pages/get-by-id",
-                      "api-reference/endpoints/secret-syncs/cloudflare-pages/get-by-name",
-                      "api-reference/endpoints/secret-syncs/cloudflare-pages/create",
-                      "api-reference/endpoints/secret-syncs/cloudflare-pages/update",
-                      "api-reference/endpoints/secret-syncs/cloudflare-pages/delete",
-                      "api-reference/endpoints/secret-syncs/cloudflare-pages/sync-secrets",
-                      "api-reference/endpoints/secret-syncs/cloudflare-pages/remove-secrets"
-                    ]
-                  },
                   {
                     "group": "Databricks",
                     "pages": [
@@ -2018,7 +1991,7 @@
         "tab": "SDKs",
         "groups": [
           {
-            "group": "Overview",
+            "group": "",
             "pages": ["sdks/overview"]
           },
           {
@@ -2038,7 +2011,7 @@
         "tab": "Changelog",
         "groups": [
           {
-            "group": "Overview",
+            "group": "",
             "pages": ["changelog/overview"]
           }
         ]

docs/integrations/app-connections/cloudflare.mdx

@@ -1,94 +0,0 @@
----
-title: "Cloudflare Connection"
-description: "Learn how to configure a Cloudflare Connection for Infisical."
----
-
-Infisical supports connecting to Cloudflare using API tokens and Account ID for secure access to your Cloudflare services.
-
-## Configure API Token and Account ID for Infisical
-
-<Steps>
-  <Step title="Create API Token">
-    Navigate to your Cloudflare dashboard and go to **Profile**.
-
-    ![Navigate Cloudflare Profile](/images/app-connections/cloudflare/cloudflare-navigate-profile.png)
-
-    Click **API Tokens > Create Token** to generate a new API token.
-
-    ![Create API Token](/images/app-connections/cloudflare/cloudflare-create-token.png)
-
-  </Step>
-  <Step title="Configure Token Permissions">
-    Configure your API token with the necessary permissions for your Cloudflare services.
-
-    Depending on your use case, add one or more of the following permission sets to your API token:
-
-    <Tabs>
-      <Tab title="Secret Sync">
-        <AccordionGroup>
-          <Accordion title="Cloudflare Pages">
-            Use the following permissions to grant Infisical access to sync secrets to Cloudflare Pages:
-
-            ![Configure Token](/images/app-connections/cloudflare/cloudflare-pages-configure-permissions.png)
-
-            **Required Permissions:**
-            - **Account** - **Cloudflare Pages** - **Edit**
-            - **Account** - **Account Settings** - **Read**
-
-            Add these permissions to your API token and click **Continue to summary**, then **Create Token** to generate your API token.
-          </Accordion>
-        </AccordionGroup>
-      </Tab>
-    </Tabs>
-
-  </Step>
-  <Step title="Save Your API Token">
-    After creation, copy and securely store your API token as it will not be shown again.
-    
-    ![Generated API Token](/images/app-connections/cloudflare/cloudflare-generated-token.png)
-
-    <Warning>
-      Keep your API token secure and do not share it. Anyone with access to this token can manage your Cloudflare resources based on the permissions granted.
-    </Warning>
-
-  </Step>
-  <Step title="Get Account ID">
-    From your Cloudflare Account Home page, click on the account information dropdown and select **Copy account ID**.
-
-    ![Account ID](/images/app-connections/cloudflare/cloudflare-account-id.png)
-
-    Save your Account ID for use in the next step.
-
-  </Step>
-</Steps>
-
-## Setup Cloudflare Connection in Infisical
-
-<Steps>
-  <Step title="Navigate to App Connections">
-    Navigate to the **App Connections** tab on the **Organization Settings**
-    page. ![App Connections
-    Tab](/images/app-connections/general/add-connection.png)
-  </Step>
-  <Step title="Add Connection">
-    Select the **Cloudflare Connection** option from the connection options
-    modal. ![Select Cloudflare
-    Connection](/images/app-connections/cloudflare/cloudflare-app-connection-select.png)
-  </Step>
-  <Step title="Input Credentials">
-    Enter your Cloudflare API token and Account ID in the provided fields and
-    click **Connect to Cloudflare** to establish the connection. ![Connect to
-    Cloudflare](/images/app-connections/cloudflare/cloudflare-app-connection-form.png)
-  </Step>
-  <Step title="Connection Created">
-    Your **Cloudflare Connection** is now available for use in your Infisical
-    projects. ![Cloudflare Connection
-    Created](/images/app-connections/cloudflare/cloudflare-app-connection-created.png)
-  </Step>
-</Steps>
-
-<Info>
-  API token connections require manual token rotation when your Cloudflare API
-  token expires or is regenerated. Monitor your connection status and update the
-  token as needed.
-</Info>

docs/integrations/secret-syncs/cloudflare-pages.mdx

@@ -1,133 +0,0 @@
----
-title: "Cloudflare Pages Sync"
-description: "Learn how to configure a Cloudflare Pages Sync for Infisical."
----
-
-**Prerequisites:**
-
-- Set up and add secrets to [Infisical Cloud](https://app.infisical.com)
-- Create a [Cloudflare Connection](/integrations/app-connections/cloudflare)
-
-<Tabs>
-  <Tab title="Infisical UI">
-    1. Navigate to **Project** > **Integrations** and select the **Secret Syncs** tab. Click on the **Add Sync** button.
-    ![Secret Syncs Tab](/images/secret-syncs/general/secret-sync-tab.png)
-
-    2. Select the **Cloudflare Pages** option.
-    ![Select Cloudflare Pages](/images/secret-syncs/cloudflare-pages/select-cloudflare-pages-option.png)
-
-    3. Configure the **Source** from where secrets should be retrieved, then click **Next**.
-    ![Configure Source](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-source.png)
-
-      - **Environment**: The project environment to retrieve secrets from.
-      - **Secret Path**: The folder path to retrieve secrets from.
-
-      <Tip>
-        If you need to sync secrets from multiple folder locations, check out [secret imports](/documentation/platform/secret-reference#secret-imports).
-      </Tip>
-
-    4. Configure the **Destination** to where secrets should be deployed, then click **Next**.
-    ![Configure Destination](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-destination.png)
-
-      - **Cloudflare Connection**: The Cloudflare Connection to authenticate with.
-      - **Cloudflare Pages Project**: Choose the Cloudflare Pages project you want to sync secrets to.
-      - **Environment**: Select the deployment environment (preview or production).
-
-    5. Configure the **Sync Options** to specify how secrets should be synced, then click **Next**.
-    ![Configure Options](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-options.png)
-
-      - **Initial Sync Behavior**: Determines how Infisical should resolve the initial sync.
-        - **Overwrite Destination Secrets**: Removes any secrets at the destination endpoint not present in Infisical.
-      - **Key Schema**: Template that determines how secret names are transformed when syncing, using `{{secretKey}}` as a placeholder for the original secret name and `{{environment}}` for the environment.
-      - **Auto-Sync Enabled**: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
-      - **Disable Secret Deletion**: If enabled, Infisical will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Infisical.
-
-    6. Configure the **Details** of your Cloudflare Pages Sync, then click **Next**.
-    ![Configure Details](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-details.png)
-
-      - **Name**: The name of your sync. Must be slug-friendly.
-      - **Description**: An optional description for your sync.
-
-    7. Review your Cloudflare Pages Sync configuration, then click **Create Sync**.
-    ![Confirm Configuration](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-review.png)
-
-    8. If enabled, your Cloudflare Pages Sync will begin syncing your secrets to the destination endpoint.
-    ![Sync Secrets](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-created.png)
-
-  </Tab>
-  <Tab title="API">
-    To create a **Cloudflare Pages Sync**, make an API request to the [Create Cloudflare Pages Sync](/api-reference/endpoints/secret-syncs/cloudflare-pages/create) API endpoint.
-
-    ### Sample request
-
-    ```bash Request
-    curl --request POST \
-      --url https://app.infisical.com/api/v1/secret-syncs/cloudflare-pages \
-      --header 'Content-Type: application/json' \
-      --data '{
-        "name": "my-cloudflare-pages-sync",
-        "projectId": "your-project-id",
-        "description": "an example sync",
-        "connectionId": "your-cloudflare-connection-id",
-        "environment": "production",
-        "secretPath": "/my-secrets",
-        "isEnabled": true,
-        "syncOptions": {
-          "initialSyncBehavior": "overwrite-destination"
-        },
-        "destinationConfig": {
-          "projectId": "your-cloudflare-pages-project-id",
-          "projectName": "my-pages-project",
-          "environment": "production"
-        }
-      }'
-    ```
-
-    ### Sample response
-
-    ```bash Response
-    {
-      "secretSync": {
-        "id": "your-sync-id",
-        "name": "my-cloudflare-pages-sync",
-        "description": "an example sync",
-        "isEnabled": true,
-        "version": 1,
-        "folderId": "your-folder-id",
-        "connectionId": "your-cloudflare-connection-id",
-        "createdAt": "2024-05-01T12:00:00Z",
-        "updatedAt": "2024-05-01T12:00:00Z",
-        "syncStatus": "succeeded",
-        "lastSyncJobId": "123",
-        "lastSyncMessage": null,
-        "lastSyncedAt": "2024-05-01T12:00:00Z",
-        "syncOptions": {
-          "initialSyncBehavior": "overwrite-destination"
-        },
-        "projectId": "your-project-id",
-        "connection": {
-          "app": "cloudflare",
-          "name": "my-cloudflare-connection",
-          "id": "your-cloudflare-connection-id"
-        },
-        "environment": {
-          "slug": "production",
-          "name": "Production",
-          "id": "your-env-id"
-        },
-        "folder": {
-          "id": "your-folder-id",
-          "path": "/my-secrets"
-        },
-        "destination": "cloudflare-pages",
-        "destinationConfig": {
-          "projectId": "your-cloudflare-pages-project-id",
-          "projectName": "my-pages-project",
-          "environment": "production"
-        }
-      }
-    }
-    ```
-
-  </Tab>
-</Tabs>

docs/sdks/languages/java.mdx

@@ -1,7 +1,7 @@
 ---
 title: "Infisical Java SDK"
 sidebarTitle: "Java"
-url: "https://github.com/Infisical/java-sdk?tab=readme-ov-file#infisical-java-sdk"
+url: "https://github.com/Infisical/java-sdk?tab=readme-ov-file#infisical-nodejs-sdk"
 icon: "java"
 ---
 

docs/sdks/languages/node.mdx

@@ -1,7 +1,7 @@
 ---
 title: "Infisical Node.js SDK"
 sidebarTitle: "Node.js"
-url: "https://github.com/Infisical/node-sdk-v2?tab=readme-ov-file#infisical-nodejs-sdk"
+url: "https://github.com/Infisical/node-sdk-v2"
 icon: "node"
 ---
 

docs/sdks/languages/python.mdx

@@ -43,7 +43,7 @@ def hello_world():
 This example demonstrates how to use the Infisical Python SDK with a Flask application. The application retrieves a secret named "NAME" and responds to requests with a greeting that includes the secret value.
 
 <Warning>
-  We do not recommend hardcoding your [Machine Identity Tokens](/platform/identities/overview). Setting it as an environment variable would be best.
+	We do not recommend hardcoding your [Machine Identity Tokens](/platform/identities/overview). Setting it as an environment variable would be best.
 </Warning>
 
 ## Installation
@@ -314,32 +314,32 @@ By default, `getSecret()` fetches and returns a shared secret. If not found, it
 #### Parameters
 
 <ParamField query="Parameters" type="object" optional>
-  <Expandable title="properties">
-    <ParamField query="secret_name" type="string" required>
-      The key of the secret to retrieve
-    </ParamField>
+	<Expandable title="properties">
+		<ParamField query="secret_name" type="string" required>
+			The key of the secret to retrieve
+		</ParamField>
     <ParamField query="include_imports" type="boolean">
           Whether or not to include imported secrets from the current path. Read about [secret import](/documentation/platform/secret-reference)
     </ParamField>
-    <ParamField query="environment" type="string" required>
-      The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
-    </ParamField>
-    <ParamField query="project_id" type="string" required>
-      The project ID where the secret lives in.
-    </ParamField>
-    <ParamField query="path" type="string" optional>
-      The path from where secret should be fetched from.
-    </ParamField>
-    <ParamField query="type" type="string" optional>
-      The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "personal".
-    </ParamField>
-    <ParamField query="include_imports" type="boolean" default="false" optional>
-      Whether or not to include imported secrets from the current path. Read about [secret import](/documentation/platform/secret-reference)
-    </ParamField>
+		<ParamField query="environment" type="string" required>
+			The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+		</ParamField>
+		<ParamField query="project_id" type="string" required>
+			The project ID where the secret lives in.
+		</ParamField>
+		<ParamField query="path" type="string" optional>
+			The path from where secret should be fetched from.
+		</ParamField>
+		<ParamField query="type" type="string" optional>
+			The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "personal".
+		</ParamField>
+		<ParamField query="include_imports" type="boolean" default="false" optional>
+			Whether or not to include imported secrets from the current path. Read about [secret import](/documentation/platform/secret-reference)
+		</ParamField>
     <ParamField query="expand_secret_references" type="boolean" default="true" optional>
       Whether or not to expand secret references in the fetched secrets. Read about [secret reference](/documentation/platform/secret-reference)
     </ParamField>
-  </Expandable>
+	</Expandable>
 </ParamField>
 
 ### client.createSecret(options)
@@ -358,26 +358,26 @@ Create a new secret in Infisical.
 #### Parameters
 
 <ParamField query="Parameters" type="object" optional>
-  <Expandable title="properties">
-    <ParamField query="secret_name" type="string" required>
-      The key of the secret to create.
-    </ParamField>
-    <ParamField query="secret_value" type="string" required>
-      The value of the secret.
-    </ParamField>
-    <ParamField query="project_id" type="string" required>
-      The project ID where the secret lives in.
-    </ParamField>
-    <ParamField query="environment" type="string" required>
-      The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
-    </ParamField>
-    <ParamField query="path" type="string" optional>
-      The path from where secret should be created.
-    </ParamField>
-    <ParamField query="type" type="string" optional>
-      The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
-    </ParamField>
-  </Expandable>
+	<Expandable title="properties">
+		<ParamField query="secret_name" type="string" required>
+			The key of the secret to create.
+		</ParamField>
+		<ParamField query="secret_value" type="string" required>
+			The value of the secret.
+		</ParamField>
+		<ParamField query="project_id" type="string" required>
+			The project ID where the secret lives in.
+		</ParamField>
+		<ParamField query="environment" type="string" required>
+			The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+		</ParamField>
+		<ParamField query="path" type="string" optional>
+			The path from where secret should be created.
+		</ParamField>
+		<ParamField query="type" type="string" optional>
+			The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+		</ParamField>
+	</Expandable>
 </ParamField>
 
 ### client.updateSecret(options)
@@ -396,26 +396,26 @@ Update an existing secret in Infisical.
 #### Parameters
 
 <ParamField query="Parameters" type="object" optional>
-  <Expandable title="properties">
-    <ParamField query="secret_name" type="string" required>
-      The key of the secret to update.
-    </ParamField>
-    <ParamField query="secret_value" type="string" required>
-      The new value of the secret.
-    </ParamField>
-    <ParamField query="project_id" type="string" required>
-      The project ID where the secret lives in.
-    </ParamField>
-    <ParamField query="environment" type="string" required>
-      The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
-    </ParamField>
-    <ParamField query="path" type="string" optional>
-      The path from where secret should be updated.
-    </ParamField>
-    <ParamField query="type" type="string" optional>
-      The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
-    </ParamField>
-  </Expandable>
+	<Expandable title="properties">
+		<ParamField query="secret_name" type="string" required>
+			The key of the secret to update.
+		</ParamField>
+		<ParamField query="secret_value" type="string" required>
+			The new value of the secret.
+		</ParamField>
+		<ParamField query="project_id" type="string" required>
+			The project ID where the secret lives in.
+		</ParamField>
+		<ParamField query="environment" type="string" required>
+			The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+		</ParamField>
+		<ParamField query="path" type="string" optional>
+			The path from where secret should be updated.
+		</ParamField>
+		<ParamField query="type" type="string" optional>
+			The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+		</ParamField>
+	</Expandable>
 </ParamField>
 
 ### client.deleteSecret(options)
@@ -433,23 +433,23 @@ Delete a secret in Infisical.
 #### Parameters
 
 <ParamField query="Parameters" type="object" optional>
-  <Expandable title="properties">
-    <ParamField query="secret_name" type="string">
-      The key of the secret to update.
-    </ParamField>
-    <ParamField query="project_id" type="string" required>
-      The project ID where the secret lives in.
-    </ParamField>
-    <ParamField query="environment" type="string" required>
-      The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
-    </ParamField>
-    <ParamField query="path" type="string" optional>
-      The path from where secret should be deleted.
-    </ParamField>
-    <ParamField query="type" type="string" optional>
-      The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
-    </ParamField>
-  </Expandable>
+	<Expandable title="properties">
+		<ParamField query="secret_name" type="string">
+			The key of the secret to update.
+		</ParamField>
+		<ParamField query="project_id" type="string" required>
+			The project ID where the secret lives in.
+		</ParamField>
+		<ParamField query="environment" type="string" required>
+			The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+		</ParamField>
+		<ParamField query="path" type="string" optional>
+			The path from where secret should be deleted.
+		</ParamField>
+		<ParamField query="type" type="string" optional>
+			The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+		</ParamField>
+	</Expandable>
 </ParamField>
 
 ## Cryptography
@@ -480,14 +480,14 @@ encryptedData = client.encryptSymmetric(encryptOptions)
 #### Parameters
 
 <ParamField query="Parameters" type="object" required>
-  <Expandable title="properties">
-    <ParamField query="plaintext" type="string">
-      The plaintext you want to encrypt.
-    </ParamField>
-    <ParamField query="key" type="string" required>
-      The symmetric key to use for encryption.
-    </ParamField>
-  </Expandable>
+	<Expandable title="properties">
+		<ParamField query="plaintext" type="string">
+			The plaintext you want to encrypt.
+		</ParamField>
+		<ParamField query="key" type="string" required>
+			The symmetric key to use for encryption.
+		</ParamField>
+	</Expandable>
 </ParamField>
 
 #### Returns (object)
@@ -512,20 +512,20 @@ decryptedString = client.decryptSymmetric(decryptOptions)
 #### Parameters
 
 <ParamField query="Parameters" type="object" required>
-  <Expandable title="properties">
-    <ParamField query="ciphertext" type="string">
-      The ciphertext you want to decrypt.
-    </ParamField>
-    <ParamField query="key" type="string" required>
-      The symmetric key to use for encryption.
-    </ParamField>
-    <ParamField query="iv" type="string" required>
-      The initialization vector to use for decryption.
-    </ParamField>
-    <ParamField query="tag" type="string" required>
-      The authentication tag to use for decryption.
-    </ParamField>
-  </Expandable>
+	<Expandable title="properties">
+		<ParamField query="ciphertext" type="string">
+			The ciphertext you want to decrypt.
+		</ParamField>
+		<ParamField query="key" type="string" required>
+			The symmetric key to use for encryption.
+		</ParamField>
+		<ParamField query="iv" type="string" required>
+			The initialization vector to use for decryption.
+		</ParamField>
+		<ParamField query="tag" type="string" required>
+			The authentication tag to use for decryption.
+		</ParamField>
+	</Expandable>
 </ParamField>
 
 #### Returns (string)

docs/sdks/overview.mdx

@@ -10,23 +10,24 @@ From local development to production, Infisical SDKs provide the easiest way for
 -   Fetch secrets on demand
 
 <CardGroup cols={2}>
-    <Card title="Node.js" href="https://github.com/Infisical/node-sdk-v2?tab=readme-ov-file#infisical-nodejs-sdk" icon="node" color="#68a063">
-      Manage secrets for your Node application on demand
+    <Card title="Node" href="https://github.com/Infisical/node-sdk-v2" icon="node" color="#68a063">
+        Manage secrets for your Node application on demand
     </Card>
-    <Card href="https://github.com/Infisical/python-sdk-official?tab=readme-ov-file#infisical-python-sdk" title="Python" icon="python" color="#4c8abe">
-      Manage secrets for your Python application on demand
+    <Card href="https://github.com/Infisical/python-sdk-official" title="Python" icon="python" color="#4c8abe">
+        Manage secrets for your Python application on demand
     </Card>
-    <Card href="https://github.com/Infisical/java-sdk?tab=readme-ov-file#infisical-java-sdk" title="Java" icon="java" color="#e41f23">
-      Manage secrets for your Java application on demand
+    <Card href="https://github.com/Infisical/java-sdk?tab=readme-ov-file#infisical-nodejs-sdk" title="Java" icon="java" color="#e41f23">
+        Manage secrets for your Java application on demand
     </Card>
     <Card href="/sdks/languages/go" title="Go" icon="golang" color="#367B99">
-      Manage secrets for your Go application on demand
+        Manage secrets for your Go application on demand
     </Card>
-    <Card href="https://github.com/Infisical/infisical-dotnet-sdk?tab=readme-ov-file#infisical-net-sdk" title=".NET" icon="bars" color="#368833">
-      Manage secrets for your .NET application on demand
+    <Card href="/sdks/languages/csharp" title="C#" icon="bars" color="#368833">
+        Manage secrets for your C#/.NET application on demand
     </Card>
-    <Card href="/sdks/languages/ruby" title="Ruby" icon="diamond" color="#367B99">
-      Manage secrets for your Ruby application on demand
+
+      <Card href="/sdks/languages/ruby" title="Ruby" icon="diamond" color="#367B99">
+        Manage secrets for your Ruby application on demand
     </Card>
 </CardGroup>
 

frontend/src/components/secret-syncs/CreateSecretSyncModal.tsx

@@ -59,6 +59,7 @@ export const CreateSecretSyncModal = ({ onOpenChange, selectSync = null, ...prop
         onPointerDownOutside={(e) => e.preventDefault()}
         className="max-w-2xl"
         subTitle={selectedSync ? undefined : "Select a third-party service to sync secrets to."}
+        bodyClassName="overflow-visible"
       >
         <Content
           onComplete={() => {

frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/CloudflarePagesSyncFields.tsx

@@ -1,95 +0,0 @@
-import { Controller, useFormContext, useWatch } from "react-hook-form";
-import { SingleValue } from "react-select";
-
-import { SecretSyncConnectionField } from "@app/components/secret-syncs/forms/SecretSyncConnectionField";
-import { FilterableSelect, FormControl, Select, SelectItem } from "@app/components/v2";
-import {
-  TCloudflareProject,
-  useCloudflareConnectionListPagesProjects
-} from "@app/hooks/api/appConnections/cloudflare";
-import { SecretSync } from "@app/hooks/api/secretSyncs";
-
-import { TSecretSyncForm } from "../schemas";
-
-const CLOUDFLARE_ENVIRONMENTS = [
-  {
-    name: "Preview",
-    value: "preview"
-  },
-  {
-    name: "Production",
-    value: "production"
-  }
-];
-
-export const CloudflarePagesSyncFields = () => {
-  const { control, setValue } = useFormContext<
-    TSecretSyncForm & { destination: SecretSync.CloudflarePages }
-  >();
-
-  const connectionId = useWatch({ name: "connection.id", control });
-
-  const { data: projects = [], isPending: isProjectsPending } =
-    useCloudflareConnectionListPagesProjects(connectionId, {
-      enabled: Boolean(connectionId)
-    });
-
-  return (
-    <>
-      <SecretSyncConnectionField
-        onChange={() => {
-          setValue("destinationConfig.projectName", "");
-          setValue("destinationConfig.environment", "preview");
-        }}
-      />
-      <Controller
-        name="destinationConfig.projectName"
-        control={control}
-        render={({ field: { value, onChange }, fieldState: { error } }) => (
-          <FormControl errorText={error?.message} isError={Boolean(error?.message)} label="Project">
-            <FilterableSelect
-              isLoading={isProjectsPending && Boolean(connectionId)}
-              isDisabled={!connectionId}
-              value={projects ? (projects.find((project) => project.name === value) ?? []) : []}
-              onChange={(option) => {
-                onChange((option as SingleValue<TCloudflareProject>)?.name ?? null);
-              }}
-              options={projects}
-              placeholder="Select a project..."
-              getOptionLabel={(option) => option.name}
-              getOptionValue={(option) => option.id.toString()}
-            />
-          </FormControl>
-        )}
-      />
-      <Controller
-        name="destinationConfig.environment"
-        control={control}
-        defaultValue="preview"
-        render={({ field: { value, onChange }, fieldState: { error } }) => (
-          <FormControl
-            errorText={error?.message}
-            isError={Boolean(error?.message)}
-            label="Environment"
-            tooltipClassName="max-w-lg py-3"
-          >
-            <Select
-              value={value}
-              onValueChange={(val) => onChange(val)}
-              className="w-full border border-mineshaft-500 capitalize"
-              position="popper"
-              placeholder="Select an environment..."
-              dropdownContainerClassName="max-w-none"
-            >
-              {CLOUDFLARE_ENVIRONMENTS.map(({ name, value: envValue }) => (
-                <SelectItem className="capitalize" value={envValue} key={envValue}>
-                  {name}
-                </SelectItem>
-              ))}
-            </Select>
-          </FormControl>
-        )}
-      />
-    </>
-  );
-};

frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/SecretSyncDestinationFields.tsx

@@ -10,7 +10,6 @@ import { AzureAppConfigurationSyncFields } from "./AzureAppConfigurationSyncFiel
 import { AzureDevOpsSyncFields } from "./AzureDevOpsSyncFields";
 import { AzureKeyVaultSyncFields } from "./AzureKeyVaultSyncFields";
 import { CamundaSyncFields } from "./CamundaSyncFields";
-import { CloudflarePagesSyncFields } from "./CloudflarePagesSyncFields";
 import { DatabricksSyncFields } from "./DatabricksSyncFields";
 import { FlyioSyncFields } from "./FlyioSyncFields";
 import { GcpSyncFields } from "./GcpSyncFields";
@@ -71,8 +70,6 @@ export const SecretSyncDestinationFields = () => {
       return <RenderSyncFields />;
     case SecretSync.Flyio:
       return <FlyioSyncFields />;
-    case SecretSync.CloudflarePages:
-      return <CloudflarePagesSyncFields />;
     default:
       throw new Error(`Unhandled Destination Config Field: ${destination}`);
   }

frontend/src/components/secret-syncs/forms/SecretSyncOptionsFields/SecretSyncOptionsFields.tsx

@@ -55,7 +55,6 @@ export const SecretSyncOptionsFields = ({ hideInitialSync }: Props) => {
     case SecretSync.Heroku:
     case SecretSync.Render:
     case SecretSync.Flyio:
-    case SecretSync.CloudflarePages:
       AdditionalSyncOptionsFieldsComponent = null;
       break;
     default:

frontend/src/components/secret-syncs/forms/SecretSyncReviewFields/CloudflarePagesReviewFields.tsx

@@ -1,18 +0,0 @@
-import { useFormContext } from "react-hook-form";
-
-import { TSecretSyncForm } from "@app/components/secret-syncs/forms/schemas";
-import { GenericFieldLabel } from "@app/components/v2";
-import { SecretSync } from "@app/hooks/api/secretSyncs";
-
-export const CloudflarePagesSyncReviewFields = () => {
-  const { watch } = useFormContext<TSecretSyncForm & { destination: SecretSync.CloudflarePages }>();
-  const projectName = watch("destinationConfig.projectName");
-  const environment = watch("destinationConfig.environment");
-
-  return (
-    <>
-      <GenericFieldLabel label="Project">{projectName}</GenericFieldLabel>
-      <GenericFieldLabel label="Environment">{environment}</GenericFieldLabel>
-    </>
-  );
-};

frontend/src/components/secret-syncs/forms/SecretSyncReviewFields/SecretSyncReviewFields.tsx

@@ -19,7 +19,6 @@ import { AzureAppConfigurationSyncReviewFields } from "./AzureAppConfigurationSy
 import { AzureDevOpsSyncReviewFields } from "./AzureDevOpsSyncReviewFields";
 import { AzureKeyVaultSyncReviewFields } from "./AzureKeyVaultSyncReviewFields";
 import { CamundaSyncReviewFields } from "./CamundaSyncReviewFields";
-import { CloudflarePagesSyncReviewFields } from "./CloudflarePagesReviewFields";
 import { DatabricksSyncReviewFields } from "./DatabricksSyncReviewFields";
 import { FlyioSyncReviewFields } from "./FlyioSyncReviewFields";
 import { GcpSyncReviewFields } from "./GcpSyncReviewFields";
@@ -117,9 +116,6 @@ export const SecretSyncReviewFields = () => {
     case SecretSync.Flyio:
       DestinationFieldsComponent = <FlyioSyncReviewFields />;
       break;
-    case SecretSync.CloudflarePages:
-      DestinationFieldsComponent = <CloudflarePagesSyncReviewFields />;
-      break;
     default:
       throw new Error(`Unhandled Destination Review Fields: ${destination}`);
   }

frontend/src/components/secret-syncs/forms/schemas/cloudflare-pages-sync-destination-schema.ts

@@ -1,14 +0,0 @@
-import { z } from "zod";
-
-import { BaseSecretSyncSchema } from "@app/components/secret-syncs/forms/schemas/base-secret-sync-schema";
-import { SecretSync } from "@app/hooks/api/secretSyncs";
-
-export const CloudflarePagesSyncDestinationSchema = BaseSecretSyncSchema().merge(
-  z.object({
-    destination: z.literal(SecretSync.CloudflarePages),
-    destinationConfig: z.object({
-      projectName: z.string().trim().min(1, "Project name is required"),
-      environment: z.string().trim().min(1, "Environment is required")
-    })
-  })
-);

frontend/src/components/secret-syncs/forms/schemas/secret-sync-schema.ts

@@ -7,7 +7,6 @@ import { AzureAppConfigurationSyncDestinationSchema } from "./azure-app-configur
 import { AzureDevOpsSyncDestinationSchema } from "./azure-devops-sync-destination-schema";
 import { AzureKeyVaultSyncDestinationSchema } from "./azure-key-vault-sync-destination-schema";
 import { CamundaSyncDestinationSchema } from "./camunda-sync-destination-schema";
-import { CloudflarePagesSyncDestinationSchema } from "./cloudflare-pages-sync-destination-schema";
 import { DatabricksSyncDestinationSchema } from "./databricks-sync-destination-schema";
 import { FlyioSyncDestinationSchema } from "./flyio-sync-destination-schema";
 import { GcpSyncDestinationSchema } from "./gcp-sync-destination-schema";
@@ -42,8 +41,7 @@ const SecretSyncUnionSchema = z.discriminatedUnion("destination", [
   OnePassSyncDestinationSchema,
   HerokuSyncDestinationSchema,
   RenderSyncDestinationSchema,
-  FlyioSyncDestinationSchema,
-  CloudflarePagesSyncDestinationSchema
+  FlyioSyncDestinationSchema
 ]);
 
 export const SecretSyncFormSchema = SecretSyncUnionSchema;

frontend/src/helpers/appConnections.ts

@@ -18,7 +18,6 @@ import {
   AzureDevOpsConnectionMethod,
   AzureKeyVaultConnectionMethod,
   CamundaConnectionMethod,
-  CloudflareConnectionMethod,
   DatabricksConnectionMethod,
   FlyioConnectionMethod,
   GcpConnectionMethod,
@@ -85,8 +84,7 @@ export const APP_CONNECTION_MAP: Record<
   [AppConnection.OnePass]: { name: "1Password", image: "1Password.png" },
   [AppConnection.Heroku]: { name: "Heroku", image: "Heroku.png" },
   [AppConnection.Render]: { name: "Render", image: "Render.png" },
-  [AppConnection.Flyio]: { name: "Fly.io", image: "Flyio.svg" },
-  [AppConnection.Cloudflare]: { name: "Cloudflare", image: "Cloudflare.png" }
+  [AppConnection.Flyio]: { name: "Fly.io", image: "Flyio.svg" }
 };
 
 export const getAppConnectionMethodDetails = (method: TAppConnection["method"]) => {
@@ -116,7 +114,6 @@ export const getAppConnectionMethodDetails = (method: TAppConnection["method"])
     case TerraformCloudConnectionMethod.ApiToken:
     case VercelConnectionMethod.ApiToken:
     case OnePassConnectionMethod.ApiToken:
-    case CloudflareConnectionMethod.ApiToken:
       return { name: "API Token", icon: faKey };
     case PostgresConnectionMethod.UsernameAndPassword:
     case MsSqlConnectionMethod.UsernameAndPassword:

frontend/src/helpers/secretSyncs.ts

@@ -73,10 +73,6 @@ export const SECRET_SYNC_MAP: Record<SecretSync, { name: string; image: string }
   [SecretSync.Flyio]: {
     name: "Fly.io",
     image: "Flyio.svg"
-  },
-  [SecretSync.CloudflarePages]: {
-    name: "Cloudflare Pages",
-    image: "Cloudflare.png"
   }
 };
 
@@ -100,8 +96,7 @@ export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
   [SecretSync.OnePass]: AppConnection.OnePass,
   [SecretSync.Heroku]: AppConnection.Heroku,
   [SecretSync.Render]: AppConnection.Render,
-  [SecretSync.Flyio]: AppConnection.Flyio,
-  [SecretSync.CloudflarePages]: AppConnection.Cloudflare
+  [SecretSync.Flyio]: AppConnection.Flyio
 };
 
 export const SECRET_SYNC_INITIAL_SYNC_BEHAVIOR_MAP: Record<

frontend/src/hooks/api/appConnections/cloudflare/index.ts

@@ -1,2 +0,0 @@
-export * from "./queries";
-export * from "./types";