add helm with postgres + docs

Merge pull request #1454 from Infisical/snyk-upgrade-adb30694539efb19ffe3e73890bb6b8e
[Snyk] Upgrade aws-sdk from 2.1545.0 to 2.1549.0
2025-07-20 01:48:03 +00:00 · 2024-02-23 21:20:58 -05:00 · 2024-02-23 13:39:50 -05:00 · 2024-02-23 13:39:43 -05:00 · 2024-02-23 13:38:39 -05:00 · 2024-02-23 13:38:24 -05:00
36 changed files with 706 additions and 557 deletions
--- a/.gitignore
+++ b/.gitignore
@ -63,3 +63,5 @@ yarn-error.log*
 .vscode/*
 frontend-build
 *.tgz
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@ -9,10 +9,10 @@
      "version": "1.0.0",
      "license": "ISC",
      "dependencies": {
-        "@aws-sdk/client-secrets-manager": "^3.502.0",
+        "@aws-sdk/client-secrets-manager": "^3.504.0",
        "@casl/ability": "^6.5.0",
        "@fastify/cookie": "^9.2.0",
-        "@fastify/cors": "^8.4.1",
+        "@fastify/cors": "^8.5.0",
        "@fastify/etag": "^5.1.0",
        "@fastify/formbody": "^7.4.0",
        "@fastify/helmet": "^11.1.1",
@ -29,12 +29,12 @@
        "@ucast/mongo2js": "^1.3.4",
        "ajv": "^8.12.0",
        "argon2": "^0.31.2",
-        "aws-sdk": "^2.1545.0",
+        "aws-sdk": "^2.1549.0",
-        "axios": "^1.6.4",
+        "axios": "^1.6.7",
        "axios-retry": "^4.0.0",
        "bcrypt": "^5.1.1",
        "bullmq": "^5.1.6",
-        "dotenv": "^16.3.1",
+        "dotenv": "^16.4.1",
        "fastify": "^4.26.0",
        "fastify-plugin": "^4.5.1",
        "handlebars": "^4.7.8",
@ -661,15 +661,15 @@
      }
    },
    "node_modules/@aws-sdk/client-secrets-manager": {
-      "version": "3.502.0",
+      "version": "3.504.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/client-secrets-manager/-/client-secrets-manager-3.502.0.tgz",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-secrets-manager/-/client-secrets-manager-3.504.0.tgz",
-      "integrity": "sha512-ICU084A/EbYMqca6NVFqeMtHh+KCdn0H7UjARUy5ur1yOlXXvxqAJGtKZDYFjuEO08F30zbv7+4HCOy6yjOJ0Q==",
+      "integrity": "sha512-JPwsYfQMjs5t74JmA4r1AjpiOG/LEw74d4a8vEdSy3pe2lhl/sSsxSdQtbI30wlJJramngtLNZjxn2+BGDphbg==",
      "dependencies": {
        "@aws-crypto/sha256-browser": "3.0.0",
        "@aws-crypto/sha256-js": "3.0.0",
-        "@aws-sdk/client-sts": "3.502.0",
+        "@aws-sdk/client-sts": "3.504.0",
        "@aws-sdk/core": "3.496.0",
-        "@aws-sdk/credential-provider-node": "3.502.0",
+        "@aws-sdk/credential-provider-node": "3.504.0",
        "@aws-sdk/middleware-host-header": "3.502.0",
        "@aws-sdk/middleware-logger": "3.502.0",
        "@aws-sdk/middleware-recursion-detection": "3.502.0",
@ -767,13 +767,13 @@
      }
    },
    "node_modules/@aws-sdk/client-sso-oidc": {
-      "version": "3.502.0",
+      "version": "3.504.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.502.0.tgz",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.504.0.tgz",
-      "integrity": "sha512-Yc9tZqTOMWtdgpkrdjKShgWb9oKNsFQrItfoiN1xWDllaFFRPi2KTiZiR0AbSTrNasJy13d210DOxrIdte+kWQ==",
+      "integrity": "sha512-ODA33/nm2srhV08EW0KZAP577UgV0qjyr7Xp2yEo8MXWL4ZqQZprk1c+QKBhjr4Djesrm0VPmSD/np0mtYP68A==",
      "dependencies": {
        "@aws-crypto/sha256-browser": "3.0.0",
        "@aws-crypto/sha256-js": "3.0.0",
-        "@aws-sdk/client-sts": "3.502.0",
+        "@aws-sdk/client-sts": "3.504.0",
        "@aws-sdk/core": "3.496.0",
        "@aws-sdk/middleware-host-header": "3.502.0",
        "@aws-sdk/middleware-logger": "3.502.0",
@ -815,13 +815,13 @@
        "node": ">=14.0.0"
      },
      "peerDependencies": {
-        "@aws-sdk/credential-provider-node": "*"
+        "@aws-sdk/credential-provider-node": "^3.504.0"
      }
    },
    "node_modules/@aws-sdk/client-sts": {
-      "version": "3.502.0",
+      "version": "3.504.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.502.0.tgz",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.504.0.tgz",
-      "integrity": "sha512-0q08gsvn6nuRqjK+i/e30PT/t7vvYwmGJS0PhJikZWv5yRDNSUxSYG0uDwKSbLDzmc2UX5+mLeyjPHlL4hbGlA==",
+      "integrity": "sha512-IESs8FkL7B/uY+ml4wgoRkrr6xYo4PizcNw6JX17eveq1gRBCPKeGMjE6HTDOcIYZZ8rqz/UeuH3JD4UhrMOnA==",
      "dependencies": {
        "@aws-crypto/sha256-browser": "3.0.0",
        "@aws-crypto/sha256-js": "3.0.0",
@ -867,7 +867,7 @@
        "node": ">=14.0.0"
      },
      "peerDependencies": {
-        "@aws-sdk/credential-provider-node": "*"
+        "@aws-sdk/credential-provider-node": "^3.504.0"
      }
    },
    "node_modules/@aws-sdk/core": {
@ -900,16 +900,35 @@
        "node": ">=14.0.0"
      }
    },
-    "node_modules/@aws-sdk/credential-provider-ini": {
+    "node_modules/@aws-sdk/credential-provider-http": {
-      "version": "3.502.0",
+      "version": "3.503.1",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.502.0.tgz",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.503.1.tgz",
-      "integrity": "sha512-1wB/escbspUY6uRDEMp9AMMyypUSyuQ0AMO1yQNtXviV8cPf+CuRbqP/UVnimHO1RuX0n5BmjDVVjUIEU6kuGA==",
+      "integrity": "sha512-rTdlFFGoPPFMF2YjtlfRuSgKI+XsF49u7d98255hySwhsbwd3Xp+utTTPquxP+CwDxMHbDlI7NxDzFiFdsoZug==",
      "dependencies": {
-        "@aws-sdk/client-sts": "3.502.0",
+        "@aws-sdk/types": "3.502.0",
        "@smithy/fetch-http-handler": "^2.4.1",
        "@smithy/node-http-handler": "^2.3.1",
        "@smithy/property-provider": "^2.1.1",
        "@smithy/protocol-http": "^3.1.1",
        "@smithy/smithy-client": "^2.3.1",
        "@smithy/types": "^2.9.1",
        "@smithy/util-stream": "^2.1.1",
        "tslib": "^2.5.0"
      },
      "engines": {
        "node": ">=14.0.0"
      }
    },
    "node_modules/@aws-sdk/credential-provider-ini": {
      "version": "3.504.0",
      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.504.0.tgz",
      "integrity": "sha512-ODICLXfr8xTUd3wweprH32Ge41yuBa+u3j0JUcLdTUO1N9ldczSMdo8zOPlP0z4doqD3xbnqMkjNQWgN/Q+5oQ==",
      "dependencies": {
        "@aws-sdk/client-sts": "3.504.0",
        "@aws-sdk/credential-provider-env": "3.502.0",
        "@aws-sdk/credential-provider-process": "3.502.0",
-        "@aws-sdk/credential-provider-sso": "3.502.0",
+        "@aws-sdk/credential-provider-sso": "3.504.0",
-        "@aws-sdk/credential-provider-web-identity": "3.502.0",
+        "@aws-sdk/credential-provider-web-identity": "3.504.0",
        "@aws-sdk/types": "3.502.0",
        "@smithy/credential-provider-imds": "^2.2.1",
        "@smithy/property-provider": "^2.1.1",
@ -922,15 +941,16 @@
      }
    },
    "node_modules/@aws-sdk/credential-provider-node": {
-      "version": "3.502.0",
+      "version": "3.504.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.502.0.tgz",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.504.0.tgz",
-      "integrity": "sha512-qg71UpYeFrjhu5hD+vdRqZ+EYFB11BeszsbfEJGaHhOMHmmTHNBaDAexW+bUnJSXcJL0a8vniCvca+rElbcAHQ==",
+      "integrity": "sha512-6+V5hIh+tILmUjf2ZQWQINR3atxQVgH/bFrGdSR/sHSp/tEgw3m0xWL3IRslWU1e4/GtXrfg1iYnMknXy68Ikw==",
      "dependencies": {
        "@aws-sdk/credential-provider-env": "3.502.0",
-        "@aws-sdk/credential-provider-ini": "3.502.0",
+        "@aws-sdk/credential-provider-http": "3.503.1",
        "@aws-sdk/credential-provider-ini": "3.504.0",
        "@aws-sdk/credential-provider-process": "3.502.0",
-        "@aws-sdk/credential-provider-sso": "3.502.0",
+        "@aws-sdk/credential-provider-sso": "3.504.0",
-        "@aws-sdk/credential-provider-web-identity": "3.502.0",
+        "@aws-sdk/credential-provider-web-identity": "3.504.0",
        "@aws-sdk/types": "3.502.0",
        "@smithy/credential-provider-imds": "^2.2.1",
        "@smithy/property-provider": "^2.1.1",
@ -958,12 +978,12 @@
      }
    },
    "node_modules/@aws-sdk/credential-provider-sso": {
-      "version": "3.502.0",
+      "version": "3.504.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.502.0.tgz",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.504.0.tgz",
-      "integrity": "sha512-/2Nyvo+cWQpH283lmZBimTJ9JDhES9FzQUkhUXZgxQo3Ez4sguLVi2V9xoFFyG0cMff5fuNivdKHfj4FeMGjZw==",
+      "integrity": "sha512-4MgH2or2SjPzaxM08DCW+BjaX4DSsEGJlicHKmz6fh+w9JmLh750oXcTnbvgUeVz075jcs6qTKjvUcsdGM/t8Q==",
      "dependencies": {
        "@aws-sdk/client-sso": "3.502.0",
-        "@aws-sdk/token-providers": "3.502.0",
+        "@aws-sdk/token-providers": "3.504.0",
        "@aws-sdk/types": "3.502.0",
        "@smithy/property-provider": "^2.1.1",
        "@smithy/shared-ini-file-loader": "^2.3.1",
@ -975,11 +995,11 @@
      }
    },
    "node_modules/@aws-sdk/credential-provider-web-identity": {
-      "version": "3.502.0",
+      "version": "3.504.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.502.0.tgz",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.504.0.tgz",
-      "integrity": "sha512-veBAjDqjMMgA2Qxxf9ywDfHYLeJpaeHWLWCQ9XCHwJJ6ZIGWmAZPTq3he/UMr5JIQXooIccqqyqXMDIXPenXpA==",
+      "integrity": "sha512-L1ljCvGpIEFdJk087ijf2ohg7HBclOeB1UgBxUBBzf4iPRZTQzd2chGaKj0hm2VVaXz7nglswJeURH5PFcS5oA==",
      "dependencies": {
-        "@aws-sdk/client-sts": "3.502.0",
+        "@aws-sdk/client-sts": "3.504.0",
        "@aws-sdk/types": "3.502.0",
        "@smithy/property-provider": "^2.1.1",
        "@smithy/types": "^2.9.1",
@ -1079,11 +1099,11 @@
      }
    },
    "node_modules/@aws-sdk/token-providers": {
-      "version": "3.502.0",
+      "version": "3.504.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.502.0.tgz",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.504.0.tgz",
-      "integrity": "sha512-RQgMgIXYlSf0xGl6EUeD+pqIPBlb7e29dbqHOBFc66hJVYUC2ULZX7Y+jLvcGIEaMiIaTPyvntZRFip+U+9hag==",
+      "integrity": "sha512-YIJWWsZi2ClUiILS1uh5L6VjmCUSTI6KKMuL9DkGjYqJ0aI6M8bd8fT9Wm7QmXCyjcArTgr/Atkhia4T7oKvzQ==",
      "dependencies": {
-        "@aws-sdk/client-sso-oidc": "3.502.0",
+        "@aws-sdk/client-sso-oidc": "3.504.0",
        "@aws-sdk/types": "3.502.0",
        "@smithy/property-provider": "^2.1.1",
        "@smithy/shared-ini-file-loader": "^2.3.1",
@ -1676,12 +1696,12 @@
      }
    },
    "node_modules/@fastify/cors": {
-      "version": "8.4.1",
+      "version": "8.5.0",
-      "resolved": "https://registry.npmjs.org/@fastify/cors/-/cors-8.4.1.tgz",
+      "resolved": "https://registry.npmjs.org/@fastify/cors/-/cors-8.5.0.tgz",
-      "integrity": "sha512-iYQJtrY3pFiDS5mo5zRaudzg2OcUdJ96PD6xfkKOOEilly5nnrFZx/W6Sce2T79xxlEn2qpU3t5+qS2phS369w==",
+      "integrity": "sha512-/oZ1QSb02XjP0IK1U0IXktEsw/dUBTxJOW7IpIeO8c/tNalw/KjoNSJv1Sf6eqoBPO+TDGkifq6ynFK3v68HFQ==",
      "dependencies": {
        "fastify-plugin": "^4.0.0",
-        "mnemonist": "0.39.5"
+        "mnemonist": "0.39.6"
      }
    },
    "node_modules/@fastify/deepmerge": {
@ -5169,9 +5189,9 @@
      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
    },
    "node_modules/aws-sdk": {
-      "version": "2.1545.0",
+      "version": "2.1549.0",
-      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1545.0.tgz",
+      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1549.0.tgz",
-      "integrity": "sha512-iDUv6ksG7lTA0l/HlOgYdO6vfYFA1D2/JzAEXSdgKY0C901WgJqBtfs2CncOkCgDe2CjmlMuqciBzAfxCIiKFA==",
+      "integrity": "sha512-SoVfrrV3A2mxH+NV2tA0eMtG301glhewvhL3Ob4107qLWjvwjy/CoWLclMLmfXniTGxbI8tsgN0r5mLZUKey3Q==",
      "dependencies": {
        "buffer": "4.9.2",
        "events": "1.1.1",
@ -5250,9 +5270,9 @@
      }
    },
    "node_modules/axios": {
-      "version": "1.6.4",
+      "version": "1.6.7",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.4.tgz",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.7.tgz",
-      "integrity": "sha512-heJnIs6N4aa1eSthhN9M5ioILu8Wi8vmQW9iHQ9NUvfkJb0lEEDUiIdQNAuBtfUt3FxReaKdpQA5DbmMOqzF/A==",
+      "integrity": "sha512-/hDJGff6/c7u0hDkvkGxR/oy6CbCs8ziCsC7SqmhjfozqiJGc8Z11wrv9z9lYfY4K8l+H9TpjcMDX0xOZmx+RA==",
      "dependencies": {
        "follow-redirects": "^1.15.4",
        "form-data": "^4.0.0",
@ -5995,9 +6015,9 @@
      }
    },
    "node_modules/dotenv": {
-      "version": "16.3.1",
+      "version": "16.4.1",
-      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.3.1.tgz",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.1.tgz",
-      "integrity": "sha512-IPzF4w4/Rd94bA9imS68tZBaYyBWSCE47V1RGuMrB94iyTOIEwRmVL2x/4An+6mETpLrKJ5hQkB8W4kFAadeIQ==",
+      "integrity": "sha512-CjA3y+Dr3FyFDOAMnxZEGtnW9KBR2M0JvvUtXNW+dYJL5ROWxP9DUHCwgFqpMk0OXCc0ljhaNTr2w/kutYIcHQ==",
      "engines": {
        "node": ">=12"
      },
@ -9064,9 +9084,9 @@
      }
    },
    "node_modules/mnemonist": {
-      "version": "0.39.5",
+      "version": "0.39.6",
-      "resolved": "https://registry.npmjs.org/mnemonist/-/mnemonist-0.39.5.tgz",
+      "resolved": "https://registry.npmjs.org/mnemonist/-/mnemonist-0.39.6.tgz",
-      "integrity": "sha512-FPUtkhtJ0efmEFGpU14x7jGbTB+s18LrzRL2KgoWz9YvcY3cPomz8tih01GbHwnGk/OmkOKfqd/RAQoc8Lm7DQ==",
+      "integrity": "sha512-A/0v5Z59y63US00cRSLiloEIw3t5G+MiKz4BhX21FI+YBJXBOGW0ohFxTxO08dsOYlzxo87T7vGfZKYp2bcAWA==",
      "dependencies": {
        "obliterator": "^2.0.1"
      }
--- a/backend/package.json
+++ b/backend/package.json
@ -70,10 +70,10 @@
    "vitest": "^1.2.2"
  },
  "dependencies": {
-    "@aws-sdk/client-secrets-manager": "^3.502.0",
+    "@aws-sdk/client-secrets-manager": "^3.504.0",
    "@casl/ability": "^6.5.0",
    "@fastify/cookie": "^9.2.0",
-    "@fastify/cors": "^8.4.1",
+    "@fastify/cors": "^8.5.0",
    "@fastify/etag": "^5.1.0",
    "@fastify/formbody": "^7.4.0",
    "@fastify/helmet": "^11.1.1",
@ -90,12 +90,12 @@
    "@ucast/mongo2js": "^1.3.4",
    "ajv": "^8.12.0",
    "argon2": "^0.31.2",
-    "aws-sdk": "^2.1545.0",
+    "aws-sdk": "^2.1549.0",
-    "axios": "^1.6.4",
+    "axios": "^1.6.7",
    "axios-retry": "^4.0.0",
    "bcrypt": "^5.1.1",
    "bullmq": "^5.1.6",
-    "dotenv": "^16.3.1",
+    "dotenv": "^16.4.1",
    "fastify": "^4.26.0",
    "fastify-plugin": "^4.5.1",
    "handlebars": "^4.7.8",
--- a/backend/src/server/lib/telemetry.ts
+++ b/backend/src/server/lib/telemetry.ts
@ -0,0 +1,17 @@
 import { FastifyRequest } from "fastify";
 import { ActorType } from "@app/services/auth/auth-type";
 // this is a unique id for sending posthog event
 export const getTelemetryDistinctId = (req: FastifyRequest) => {
  if (req.auth.actor === ActorType.USER) {
    return req.auth.user.email;
  }
  if (req.auth.actor === ActorType.IDENTITY) {
    return `identity-${req.auth.identityId}`;
  }
  if (req.auth.actor === ActorType.SERVICE) {
    return req.auth.serviceToken.createdByEmail || `service-token-null-creator-${req.auth.serviceTokenId}`; // when user gets removed from system
  }
  return "unknown-auth-data";
 };
--- a/backend/src/server/routes/index.ts
+++ b/backend/src/server/routes/index.ts
@ -585,4 +585,8 @@ export const registerRoutes = async (
  );
  await server.register(registerV2Routes, { prefix: "/api/v2" });
  await server.register(registerV3Routes, { prefix: "/api/v3" });
  server.addHook("onClose", async () => {
    await telemetryService.flushAll();
  });
 };
--- a/backend/src/server/routes/v1/identity-router.ts
+++ b/backend/src/server/routes/v1/identity-router.ts
@ -2,8 +2,10 @@ import { z } from "zod";
 import { IdentitiesSchema, OrgMembershipRole } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 import { PostHogEventTypes } from "@app/services/telemetry/telemetry-types";
 export const registerIdentityRouter = async (server: FastifyZodProvider) => {
  server.route({
@ -49,6 +51,17 @@ export const registerIdentityRouter = async (server: FastifyZodProvider) => {
        }
      });
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.MachineIdentityCreated,
        distinctId: getTelemetryDistinctId(req),
        properties: {
          orgId: req.body.organizationId,
          name: identity.name,
          identityId: identity.id,
          ...req.auditLogInfo
        }
      });
      return { identity };
    }
  });
--- a/backend/src/server/routes/v1/integration-router.ts
+++ b/backend/src/server/routes/v1/integration-router.ts
@ -3,8 +3,10 @@ import { z } from "zod";
 import { IntegrationsSchema } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { removeTrailingSlash, shake } from "@app/lib/fn";
 import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 import { PostHogEventTypes, TIntegrationCreatedEvent } from "@app/services/telemetry/telemetry-types";
 export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
  server.route({
@ -53,28 +55,40 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
        actorOrgId: req.permission.orgId,
        ...req.body
      });
      const createIntegrationEventProperty = shake({
        integrationId: integration.id.toString(),
        integration: integration.integration,
        environment: req.body.sourceEnvironment,
        secretPath: req.body.secretPath,
        url: integration.url,
        app: integration.app,
        appId: integration.appId,
        targetEnvironment: integration.targetEnvironment,
        targetEnvironmentId: integration.targetEnvironmentId,
        targetService: integration.targetService,
        targetServiceId: integration.targetServiceId,
        path: integration.path,
        region: integration.region
      }) as TIntegrationCreatedEvent["properties"];
      await server.services.auditLog.createAuditLog({
        ...req.auditLogInfo,
        projectId: integrationAuth.projectId,
        event: {
          type: EventType.CREATE_INTEGRATION,
          // eslint-disable-next-line
-          metadata: shake({
+          metadata: createIntegrationEventProperty
-            integrationId: integration.id.toString(),
+        }
-            integration: integration.integration,
+      });
-            environment: req.body.sourceEnvironment,
+
-            secretPath: req.body.secretPath,
+      server.services.telemetry.sendPostHogEvents({
-            url: integration.url,
+        event: PostHogEventTypes.IntegrationCreated,
-            app: integration.app,
+        distinctId: getTelemetryDistinctId(req),
-            appId: integration.appId,
+        properties: {
-            targetEnvironment: integration.targetEnvironment,
+          ...createIntegrationEventProperty,
-            targetEnvironmentId: integration.targetEnvironmentId,
+          projectId: integrationAuth.projectId,
-            targetService: integration.targetService,
+          ...req.auditLogInfo
            targetServiceId: integration.targetServiceId,
            path: integration.path,
            region: integration.region
            // eslint-disable-next-line
          }) as any
        }
      });
      return { integration };
--- a/backend/src/server/routes/v1/invite-org-router.ts
+++ b/backend/src/server/routes/v1/invite-org-router.ts
@ -1,8 +1,10 @@
 import { z } from "zod";
 import { UsersSchema } from "@app/db/schemas";
 import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { ActorType, AuthMode } from "@app/services/auth/auth-type";
 import { PostHogEventTypes } from "@app/services/telemetry/telemetry-types";
 export const registerInviteOrgRouter = async (server: FastifyZodProvider) => {
  server.route({
@ -30,6 +32,15 @@ export const registerInviteOrgRouter = async (server: FastifyZodProvider) => {
        actorOrgId: req.permission.orgId
      });
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.UserOrgInvitation,
        distinctId: getTelemetryDistinctId(req),
        properties: {
          inviteeEmail: req.body.inviteeEmail,
          ...req.auditLogInfo
        }
      });
      return {
        completeInviteLink,
        message: `Send an invite link to ${req.body.inviteeEmail}`
--- a/backend/src/server/routes/v2/project-router.ts
+++ b/backend/src/server/routes/v2/project-router.ts
@ -4,8 +4,10 @@ import { z } from "zod";
 import { ProjectKeysSchema, ProjectsSchema } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { authRateLimit } from "@app/server/config/rateLimiter";
 import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 import { PostHogEventTypes } from "@app/services/telemetry/telemetry-types";
 const projectWithEnv = ProjectsSchema.merge(
  z.object({
@ -152,6 +154,16 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
        slug: req.body.slug
      });
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.ProjectCreated,
        distinctId: getTelemetryDistinctId(req),
        properties: {
          orgId: req.body.organizationId,
          name: project.name,
          ...req.auditLogInfo
        }
      });
      return { project };
    }
  });
--- a/backend/src/server/routes/v3/secret-router.ts
+++ b/backend/src/server/routes/v3/secret-router.ts
@ -1,4 +1,3 @@
 import { FastifyRequest } from "fastify";
 import picomatch from "picomatch";
 import { z } from "zod";
@ -13,6 +12,7 @@ import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { CommitType } from "@app/ee/services/secret-approval-request/secret-approval-request-types";
 import { BadRequestError } from "@app/lib/errors";
 import { removeTrailingSlash } from "@app/lib/fn";
 import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { getUserAgentType } from "@app/server/plugins/audit-log";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { ActorType, AuthMode } from "@app/services/auth/auth-type";
@ -20,19 +20,6 @@ import { PostHogEventTypes } from "@app/services/telemetry/telemetry-types";
 import { secretRawSchema } from "../sanitizedSchemas";
 const getDistinctId = (req: FastifyRequest) => {
  if (req.auth.actor === ActorType.USER) {
    return req.auth.user.email;
  }
  if (req.auth.actor === ActorType.IDENTITY) {
    return `identity-${req.auth.identityId}`;
  }
  if (req.auth.actor === ActorType.SERVICE) {
    return req.auth.serviceToken.createdByEmail || `service-token-null-creator-${req.auth.serviceTokenId}`; // when user gets removed from system
  }
  return "unknown-auth-data";
 };
 export const registerSecretRouter = async (server: FastifyZodProvider) => {
  server.route({
    url: "/raw",
@ -110,7 +97,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretPulled,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: secrets.length,
          workspaceId,
@ -200,7 +187,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretPulled,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: 1,
          workspaceId,
@ -276,7 +263,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretCreated,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: 1,
          workspaceId: req.body.workspaceId,
@ -351,7 +338,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretUpdated,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: 1,
          workspaceId: req.body.workspaceId,
@ -421,7 +408,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretDeleted,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: 1,
          workspaceId: req.body.workspaceId,
@ -527,7 +514,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      if (shouldCapture) {
        server.services.telemetry.sendPostHogEvents({
          event: PostHogEventTypes.SecretPulled,
-          distinctId: getDistinctId(req),
+          distinctId: getTelemetryDistinctId(req),
          properties: {
            numberOfSecrets: shouldRecordK8Event ? approximateNumberTotalSecrets : secrets.length,
            workspaceId: req.query.workspaceId,
@ -604,7 +591,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretPulled,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: 1,
          workspaceId: req.query.workspaceId,
@ -767,7 +754,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretCreated,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: 1,
          workspaceId: req.body.workspaceId,
@ -949,7 +936,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretUpdated,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: 1,
          workspaceId: req.body.workspaceId,
@ -1067,7 +1054,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretDeleted,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: 1,
          workspaceId: req.body.workspaceId,
@ -1187,7 +1174,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretCreated,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: secrets.length,
          workspaceId: req.body.workspaceId,
@ -1307,7 +1294,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretUpdated,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: secrets.length,
          workspaceId: req.body.workspaceId,
@ -1415,7 +1402,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretDeleted,
-        distinctId: getDistinctId(req),
+        distinctId: getTelemetryDistinctId(req),
        properties: {
          numberOfSecrets: secrets.length,
          workspaceId: req.body.workspaceId,
--- a/backend/src/services/telemetry/telemetry-service.ts
+++ b/backend/src/services/telemetry/telemetry-service.ts
@ -61,8 +61,15 @@ To opt into telemetry, you can set "TELEMETRY_ENABLED=true" within the environme
    }
  };
  const flushAll = async () => {
    if (postHog) {
      await postHog.shutdownAsync();
    }
  };
  return {
    sendLoopsEvent,
-    sendPostHogEvents
+    sendPostHogEvents,
    flushAll
  };
 };
--- a/backend/src/services/telemetry/telemetry-types.ts
+++ b/backend/src/services/telemetry/telemetry-types.ts
@ -8,7 +8,11 @@ export enum PostHogEventTypes {
  UserSignedUp = "User Signed Up",
  SecretRotated = "secrets rotated",
  SecretScannerFull = "historical cloud secret scan",
-  SecretScannerPush = "cloud secret scan"
+  SecretScannerPush = "cloud secret scan",
  ProjectCreated = "Project Created",
  IntegrationCreated = "Integration Created",
  MachineIdentityCreated = "Machine Identity Created",
  UserOrgInvitation = "User Org Invitation"
 }
 export type TSecretModifiedEvent = {
@ -53,9 +57,57 @@ export type TSecretScannerEvent = {
  };
 };
 export type TProjectCreateEvent = {
  event: PostHogEventTypes.ProjectCreated;
  properties: {
    name: string;
    orgId: string;
  };
 };
 export type TMachineIdentityCreatedEvent = {
  event: PostHogEventTypes.MachineIdentityCreated;
  properties: {
    name: string;
    orgId: string;
    identityId: string;
  };
 };
 export type TIntegrationCreatedEvent = {
  event: PostHogEventTypes.IntegrationCreated;
  properties: {
    projectId: string;
    integrationId: string;
    integration: string; // TODO: fix type
    environment: string;
    secretPath: string;
    url?: string;
    app?: string;
    appId?: string;
    targetEnvironment?: string;
    targetEnvironmentId?: string;
    targetService?: string;
    targetServiceId?: string;
    path?: string;
    region?: string;
  };
 };
 export type TUserOrgInvitedEvent = {
  event: PostHogEventTypes.UserOrgInvitation;
  properties: {
    inviteeEmail: string;
  };
 };
 export type TPostHogEvent = { distinctId: string } & (
  | TSecretModifiedEvent
  | TAdminInitEvent
  | TUserSignedUpEvent
  | TSecretScannerEvent
  | TUserOrgInvitedEvent
  | TMachineIdentityCreatedEvent
  | TIntegrationCreatedEvent
  | TProjectCreateEvent
 );
--- a/docs/images/self-hosting/applicable-to-all/selfhost-signup.png
+++ b/docs/images/self-hosting/applicable-to-all/selfhost-signup.png
--- a/docs/mint.json
+++ b/docs/mint.json
@ -171,15 +171,7 @@
          "pages": [
            "self-hosting/deployment-options/standalone-infisical",
            "self-hosting/deployment-options/docker-compose",
-            "self-hosting/deployment-options/kubernetes-helm",
+            "self-hosting/deployment-options/kubernetes-helm"
            "self-hosting/deployment-options/aws-ec2",
            "self-hosting/deployment-options/aws-lightsail",
            "self-hosting/deployment-options/gcp-cloud-run",
            "self-hosting/deployment-options/azure-app-services",
            "self-hosting/deployment-options/azure-container-instances",
            "self-hosting/deployment-options/digital-ocean-marketplace",
            "self-hosting/deployment-options/fly.io",
            "self-hosting/deployment-options/railway"
          ]
        },
        "self-hosting/configuration/envars",
@ -224,10 +216,6 @@
        "infisical-agent/overview"
      ]
    },
    {
      "group": "Integrations",
      "pages": ["integrations/overview"]
    },
    {
      "group": "Infrastructure Integrations",
      "pages": [
@ -247,7 +235,7 @@
      ]
    },
    {
-      "group": "3rd-party Integrations",
+      "group": "Native Integrations",
      "pages": [
        {
          "group": "AWS",
@ -260,39 +248,49 @@
          "group": "Digital Ocean",
          "pages": ["integrations/cloud/digital-ocean-app-platform"]
        },
        "integrations/cloud/heroku",
        "integrations/cloud/vercel",
        "integrations/cloud/netlify",
        "integrations/cloud/render",
        "integrations/cloud/railway",
        "integrations/cloud/flyio",
        "integrations/cloud/laravel-forge",
        "integrations/cloud/supabase",
        "integrations/cloud/northflank",
        "integrations/cloud/hasura-cloud",
        "integrations/cloud/terraform-cloud",
        "integrations/cloud/cloudflare-pages",
        "integrations/cloud/cloudflare-workers",
        "integrations/cloud/qovery",
        "integrations/cloud/hashicorp-vault",
        "integrations/cloud/azure-key-vault",
        "integrations/cloud/gcp-secret-manager",
-        "integrations/cloud/cloud-66",
+        {
-        "integrations/cloud/windmill"
+          "group": "View more",
          "pages": [
            "integrations/cloud/heroku",
            "integrations/cloud/netlify",
            "integrations/cloud/render",
            "integrations/cloud/railway",
            "integrations/cloud/flyio",
            "integrations/cloud/laravel-forge",
            "integrations/cloud/supabase",
            "integrations/cloud/northflank",
            "integrations/cloud/hasura-cloud",
            "integrations/cloud/terraform-cloud",
            "integrations/cloud/cloudflare-pages",
            "integrations/cloud/cloudflare-workers",
            "integrations/cloud/qovery",
            "integrations/cloud/hashicorp-vault",
            "integrations/cloud/cloud-66",
            "integrations/cloud/windmill"
          ]
        }
      ]
    },
    {
      "group": "CI/CD Integrations",
      "pages": [
        "integrations/cloud/teamcity",
        "integrations/cloud/checkly",
        "integrations/cicd/githubactions",
        "integrations/cicd/gitlab",
-        "integrations/cicd/circleci",
+        {
-        "integrations/cicd/travisci",
+          "group": "View more",
-        "integrations/cicd/bitbucket",
+          "pages": [
-        "integrations/cicd/codefresh",
+            "integrations/cicd/circleci",
-        "integrations/cicd/jenkins"
+            "integrations/cicd/travisci",
            "integrations/cicd/bitbucket",
            "integrations/cicd/codefresh",
            "integrations/cicd/jenkins",
            "integrations/cloud/checkly"
          ]
        }
      ]
    },
    {
@ -302,20 +300,25 @@
        "integrations/frameworks/react",
        "integrations/frameworks/vue",
        "integrations/frameworks/express",
-        "integrations/frameworks/nextjs",
+        {
-        "integrations/frameworks/nestjs",
+          "group": "View more",
-        "integrations/frameworks/sveltekit",
+          "pages": [
-        "integrations/frameworks/nuxt",
+            "integrations/frameworks/nextjs",
-        "integrations/frameworks/gatsby",
+            "integrations/frameworks/nestjs",
-        "integrations/frameworks/remix",
+            "integrations/frameworks/sveltekit",
-        "integrations/frameworks/vite",
+            "integrations/frameworks/nuxt",
-        "integrations/frameworks/fiber",
+            "integrations/frameworks/gatsby",
-        "integrations/frameworks/django",
+            "integrations/frameworks/remix",
-        "integrations/frameworks/flask",
+            "integrations/frameworks/vite",
-        "integrations/frameworks/laravel",
+            "integrations/frameworks/fiber",
-        "integrations/frameworks/rails",
+            "integrations/frameworks/django",
-        "integrations/frameworks/dotnet",
+            "integrations/frameworks/flask",
-        "integrations/platforms/pm2"
+            "integrations/frameworks/laravel",
            "integrations/frameworks/rails",
            "integrations/frameworks/dotnet",
            "integrations/platforms/pm2"
          ]
        }
      ]
    },
    {
--- a/docs/self-hosting/deployment-options/docker-compose.mdx
+++ b/docs/self-hosting/deployment-options/docker-compose.mdx
@ -78,4 +78,6 @@ Run the command below to start Infisical and all related services.
 docker-compose -f docker-compose.prod.yml up
 ```
-Your Infisical instance should now be running on port `80`. To access your instance, visit `http://localhost:80`.
+Your Infisical instance should now be running on port `80`. To access your instance, visit `http://localhost:80`.
 ![self host sign up](images/self-hosting/applicable-to-all/selfhost-signup.png)
--- a/docs/self-hosting/deployment-options/kubernetes-helm.mdx
+++ b/docs/self-hosting/deployment-options/kubernetes-helm.mdx
@ -1,163 +1,183 @@
 ---
 title: "Kubernetes via Helm Chart"
-description: "Use our Helm chart to Install Infisical on your Kubernetes cluster"
+description: "Use Helm chart to install Infisical on your Kubernetes cluster"
 --- 
 **Prerequisites**
- You have understanding of [Kubernetes](https://kubernetes.io/)
+- You have extensive understanding of [Kubernetes](https://kubernetes.io/)
 - Installed [Helm package manager](https://helm.sh/) version v3.11.3 or greater
 - You have [kubectl](https://kubernetes.io/docs/reference/kubectl/kubectl/) installed and connected to your kubernetes cluster
-By deploying Infisical on Kubernetes, you can take advantage of its features to ensure that the application is fault-tolerant, highly available, and scalable.
+<Steps>
-To make the installation process easier and more streamlined, we have created a Helm chart that you can use to install Infisical on Kubernetes. 
+  <Step title="Install Infisical Helm repository ">
-
+    ```bash
-Helm is a package manager for Kubernetes that simplifies the installation and management of Kubernetes applications. 
+    helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/' 
-With our Helm chart, you can easily install Infisical on Kubernetes, configure it to your liking, and scale it up or down as needed. 
+    ```
-
+    ```
-## Install Infisical Helm repository 
+    helm repo update
-
+    ```
-```bash
+  </Step>
-helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/' 
+  <Step title="Add Helm values">
-  
+    Create a `values.yaml` file. This will be used to configure settings for the Infisical Helm chart.
-helm repo update
+    To explore all configurable properties for your values file, [visit this page](https://raw.githubusercontent.com/Infisical/infisical/main/helm-charts/infisical-standalone-postgres/values.yaml).
-```
+  </Step>
-
+  <Step title="Select Infisical version">
-## Add Helm values 
+    By default, the Infisical version set in your helm chart will likely be outdated. 
-
+    Choose the latest Infisical docker image tag from here [here](https://hub.docker.com/r/infisical/infisical/tags).
 Create a values.yaml file to configure various installation settings, such as the docker image tags and environment variables. To explore all configurable properties for your values file, [visit this page](https://github.com/Infisical/infisical/tree/main/helm-charts/infisical).
 #### Set image tags
 By default, the application will use the `latest` docker image tag. This is okay for test environments; however, for production deployments it is important to pin your deployment to a particular docker image tag to prevent receiving unintended changes.
 <Tip>
  To find the latest version number of Infisical, click [here](https://hub.docker.com/r/infisical/infisical/tags)
 </Tip>
 ```yaml simple-values-example.yaml 
 backend:
  replicaCount: 2
  image:
    tag: "v0.39.5" # <--- update to the newest version found here https://hub.docker.com/r/infisical/infisical/tags
    pullPolicy: Always
 ```
 #### Configure environment variables
 You can configure environment variables for your instance of Infisical though the Helm values file under the property `backendEnvironmentVariables`. View configurable [environment variables](../configuration/envars).
 Infisical requires the following backend environment variables to be defined: _`ENCRYPTION_KEY`_, _`JWT_SIGNUP_SECRET`_, _`JWT_REFRESH_SECRET`_, _`JWT_AUTH_SECRET`_, _`JWT_MFA_SECRET`_ and _`JWT_SERVICE_SECRET`_. 
 <Info>
 Each of the above environment variables can be generated by running the command `openssl rand -hex 16` in your terminal. 
 </Info>
 However, when the above environment variables are not defined, the Helm chart 
 will automatically generate these environment variables for you. The generated environment variables will be saved to a Kubernetes secret and will be preserved between upgrades or uninstalls. 
 ```yaml simple-values-example.yaml 
 ...
 backendEnvironmentVariables:
  HTTPS_ENABLED: true
  INVITE_ONLY_SIGNUP: false
  ...
 ```
 <Info>
  Infisical assumes that you have configured HTTPS. If you didn't configure HTTPS, set `HTTPS_ENABLED` to `false` in the backend environment variable to avoid frequent logouts.
 </Info>
 #### Routing external traffic
 By default, Infisical takes all traffic coming to your external load balancer's IP address and routes them Infisical's services. 
 Infisical uses Nginx to route external traffic. You can install Nginx along with Infisical by setting `ingress.enabled` to `true` in the Helm values file. View all [properties for ingress](https://github.com/Infisical/infisical/tree/main/helm-charts/infisical).
 ```yaml simple-values-example.yaml 
 ...
 ingress:
  nginx:
    enabled: true #<-- if you would like to install nginx along with Infisical
 ```
 #### Database 
 Infisical uses a MongoDB as its persistence layer. With this Helm chart, a MongoDB instance is automatically spun up for use with Infisical. 
 When persistence is enabled, the data will be stored as Kubernetes Persistence Volume. View all [properties for mongodb](https://github.com/Infisical/infisical/tree/main/helm-charts/infisical).
 ```yaml simple-values-example.yaml 
 mongodb:
  enabled: true
  persistence:
    enabled: false
 ```
 To achieve high availability and data redundancy, we recommend that you use a managed document database service such as AWS Document DB, MongoDB or similar services instead of the in cluster database. 
 Managed database connection string can be set in the `backendEnvironmentVariables`.
 #### Example helm values
 ```yaml simple-values-example.yaml 
 backend:
  replicaCount: 2
  image:
    tag: "v0.39.5"
    pullPolicy: Always
 backendEnvironmentVariables:
  HTTPS_ENABLED: true
 ingress:
  nginx:
    enabled: true
 ```
 <Accordion title="Full helm values example">
  ```yaml values.yaml 
  ingress:
    nginx:
      enabled: true
  backend:
    enabled: true
    name: backend
    podAnnotations: {}
    deploymentAnnotations: {}
    replicaCount: 4
    image:
      tag: "v0.39.5"
      pullPolicy: IfNotPresent
    kubeSecretRef: null
    service:
      annotations: {}
      type: ClusterIP
      nodePort: ""
  # View all environment variables https://infisical.com/docs/self-hosting/configuration/envars
  backendEnvironmentVariables:
    MONGO_URL: <>
    HTTPS_ENABLED: <>
-  ## Mongo DB persistence 
+    ```yaml values.yaml
-  mongodb:
+    infisical:
-    enabled: true
+      image:
-    persistence:
+        repository: infisical/infisical
-      enabled: true
+        tag: "v0.46.2-postgres" #<-- update
-  ```
+        pullPolicy: IfNotPresent
-</Accordion>
+    ```
    <Warning>
      Do you not use the latest docker image tag in production deployments as they can introduce unexpected changes
    </Warning>
  </Step>
-## Install the Helm chart 
+  <Step title="Configure environment variables">
-By default, the helm chart will be installed on your default namespace. If you wish to install the Chart on a different namespace, you may specify
+    To deploy this Helm chart, a Kubernetes secret named `infisical-secrets` must be present in the same namespace where the chart is being deployed.
 that by adding the `--namespace <namespace-to-install-to>` to your `helm install` command.
-```bash
+    For a minimal installation of Infisical, you need to configure `ENCRYPTION_KEY`, `AUTH_SECRET`, `DB_CONNECTION_URI`, and `REDIS_URL`. [Learn more about configuration settings](/self-hosting/configuration/envars).
 ## Installs to default namespace
 helm install infisical-helm-charts/infisical --generate-name --values /path/to/values.yaml
 ```
 ## Access Infisical
 Allow 3-5 minutes for the deployment to complete. Once done, you should now be able to access Infisical on the IP address exposed via Ingress on your load balancer. If you are not sure what the IP address is run `kubectl get ingress` to view the external IP address exposing Infisical.
 <Info>
 Once installation is complete, you will have to create the first account. No default account is provided.
 </Info>
-## Related blogs
+    <Tabs>
- [Set up Infisical in a development cluster](https://iamunnip.hashnode.dev/infisical-open-source-secretops-kubernetes-setup)
+      <Tab title="Proof of concept deployment">
          For test or proof-of-concept purposes, you may omit `DB_CONNECTION_URI` and `REDIS_URL` from `infisical-secrets`. This is because the Helm chart will automatically provision and connect to the in-cluster instances of Postgres and Redis by default.
      </Tab>
      <Tab title="Production deployment">
        For production environments, we recommend using Cloud-based Platform as a Service (PaaS) solutions for PostgreSQL and Redis to ensure high availability. In on-premise setups, it's recommended to configure Redis and Postgres for high availability, either by using Bitnami charts or a custom configuration.
      </Tab>
    </Tabs>
    ```yaml simple-values-example.yaml 
      apiVersion: v1
      kind: Secret
      metadata:
        name: infisical-secrets
      type: Opaque
      stringData:
        AUTH_SECRET: <>
        ENCRYPTION_KEY: <>
        REDIS_URL: <>
        DB_CONNECTION_URI: <>
    ```
  </Step>
  <Step title="Database schema migration ">
    Infisical relies a relational database, which means that database schemas need to be migrated before the instance can become operational. 
    To automate this process, the chart includes a option named `infisical.autoDatabaseSchemaMigration`.
    When this option is enabled, a deployment/upgrade will only occur _after_ a successful schema migration.
    <Info>
      If you are using in-cluster Postgres, you may notice the migration job failing initially.
      This is expected as it is waiting for the database to be in ready state.
    </Info>
  </Step>
  <Step title="Routing traffic to Infisical">
    By default, this chart uses Nginx as its Ingress controller to direct traffic to Infisical services.
    ```yaml values.yaml 
    ingress:
      nginx:
        enabled: true 
    ```
  </Step>
  <Step title="Install the Helm chart ">
    Once you are done configuring your `values.yaml` file, run the command below.
    ```bash
    helm upgrade --install infisical infisical-helm-charts/infisical-standalone --values /path/to/values.yaml
    ```
    <Accordion title="Full helm values example">
      ```yaml values.yaml
      nameOverride: "infisical"
      fullnameOverride: "infisical"
      infisical:
        enabled: true
        name: infisical
        autoDatabaseSchemaMigration: true
        fullnameOverride: ""
        podAnnotations: {}
        deploymentAnnotations: {}
        replicaCount: 6
        image:
          repository: infisical/infisical
          tag: "v0.46.2-postgres"
          pullPolicy: IfNotPresent
        affinity: {}
        kubeSecretRef: "infisical-secrets"
        service:
          annotations: {}
          type: ClusterIP
          nodePort: ""
        resources:
          limits:
            memory: 210Mi
          requests:
            cpu: 200m
      ingress:
        enabled: true
        hostName: ""
        ingressClassName: nginx
        nginx:
          enabled: true
        annotations: {}
        tls: []
      postgresql:
        enabled: true
        name: "postgresql"
        fullnameOverride: "postgresql"
        auth:
          username: infisical
          password: root
          database: infisicalDB
      redis:
        enabled: true
        name: "redis"
        fullnameOverride: "redis"
        cluster:
          enabled: false
        usePassword: true
        auth:
          password: "mysecretpassword"
        architecture: standalone
      ```
      </Accordion>
  </Step>
  <Step title="Access Infisical">
    After deployment, please wait for 2-5 minutes for all pods to reach a running state. Once a significant number of pods are operational, access the IP address revealed through Ingress by your load balancer. 
    You can find the IP address/hostname by executing the command `kubectl get ingress`.
    ![self host sign up](images/self-hosting/applicable-to-all/selfhost-signup.png)
  </Step>
  <Step title="Upgrade your instance">
    To upgrade your instance of Infisical simply update the docker image tag in your Halm values and rerun the command below.
    ```bash
    helm upgrade --install infisical infisical-helm-charts/infisical-standalone --values /path/to/values.yaml
    ```
    <Tip>
      Always back up your database before each upgrade, especially in a production environment
    </Tip>
  </Step>
 </Steps>
--- a/docs/self-hosting/deployment-options/standalone-infisical.mdx
+++ b/docs/self-hosting/deployment-options/standalone-infisical.mdx
@ -28,9 +28,11 @@ The following guide provides a detailed step-by-step walkthrough on how you can
  </Step>
  <Step title="Start Infisical">
-    For a minimal installation of Infisical, you must configure `ENCRYPTION_KEY`, `AUTH_SECRET`, `DB_CONNECTION_URI`, and `REDIS_URL`.
+    For a minimal installation of Infisical, you must configure `ENCRYPTION_KEY`, `AUTH_SECRET`, `DB_CONNECTION_URI`, and `REDIS_URL`.     [View all available configurations](/self-hosting/configuration/envars).
    [View all available configurations](/self-hosting/configuration/envars).
    We recommend using Cloud-based Platform as a Service (PaaS) solutions for PostgreSQL and Redis to ensure high availability. 
    Once you have added the required environment variables to your docker run command, execute it in your terminal to get Infisical up and running.
    For example:
@ -48,7 +50,9 @@ The following guide provides a detailed step-by-step walkthrough on how you can
      The above environment variable values are only to be used as an example and should not be used in production 
    </Warning>
-    Once the container is running, verify the installation by opening your web browser and navigating to `http://localhost:80`.
+      Once the container is running, verify the installation by opening your web browser and navigating to `http://localhost:80`.
      ![self host sign up](images/self-hosting/applicable-to-all/selfhost-signup.png)
  </Step>
 </Steps>
--- a/docs/self-hosting/faq.mdx
+++ b/docs/self-hosting/faq.mdx
@ -15,13 +15,3 @@ However, in the event you choose to use Infisical without SSL, you can do so by
 [Learn more about secure cookies](https://really-simple-ssl.com/definition/what-are-secure-cookies/)
 </Accordion>
 <Accordion title="Is self hosted Infisical HA?">
 Infisical leverages the robust container orchestration capabilities of Kubernetes and the inherent high availability features of Bitnami MongoDB to ensure resilience and fault tolerance. 
 By deploying multiple replicas of Infisical application on Kubernetes, operations can continue even if a single instance fails. 
 Additionally, Bitnami MongoDB supports replica sets, which provide data redundancy and automatic failover for the underlying database. 
 Kubernetes Services facilitate load balancing, effectively distributing traffic across your application's instances and ensuring optimal performance. 
 The combination of Kubernetes' self-healing mechanisms and Bitnami MongoDB's failover capabilities work together to create a highly available and fault-tolerant application capable of recovering gracefully from unexpected failures.
 To further increase data redundancy, we recommend that you use a managed MongoDB service for your self hosted instance of Infisical.
 </Accordion>
--- a/docs/self-hosting/overview.mdx
+++ b/docs/self-hosting/overview.mdx
@ -14,13 +14,6 @@ Choose from a variety of deployment options listed below to get started.
  Use the fully packaged docker image to deploy Infisical anywhere
 </Card>
 <CardGroup cols={2}>
  <Card
    title="Digital Ocean"
    color="#16a34a"
    href="deployment-options/digital-ocean-marketplace"
  >
    Automatically create and deploy Infisical on to a Kubernetes cluster
  </Card>
  <Card
    title="Docker Compose"
    color="#0285c7"
@ -35,53 +28,4 @@ Choose from a variety of deployment options listed below to get started.
  >
  Use our Helm chart to Install Infisical on your Kubernetes cluster
  </Card>
  <Card 
    title="AWS EC2" 
    color="#0285c7" 
    href="deployment-options/aws-ec2"
  >
    Install infisical with just a few clicks using our Cloud Formation template
  </Card>
  <Card 
    title="AWS Lightsail" 
    color="#0285c7" 
    href="deployment-options/aws-lightsail"
  >
    Deploy Infisical with AWS Lightsail
  </Card>
  <Card
    title="GCP Cloud Run"
    color="#ea5a0c"
    href="deployment-options/gcp-cloud-run"
  >
    Deploy Infisical with GCP Cloud Run
  </Card>
  <Card
    title="Azure App Services"
    color="#ea5a0c"
    href="deployment-options/azure-app-services"
  >
    Deploy Infisical with Azure App Services
  </Card>
  <Card
    title="Azure Container Instances"
    color="#ea5a0c"
    href="deployment-options/azure-container-instances"
  >
    Deploy Infisical with Azure Container Instances
  </Card>
  <Card
    title="Fly.io"
    color="#ea5a0c"
    href="deployment-options/fly.io"
  >
    Deploy Infisical with Fly.io
  </Card>
  <Card
    title="Railway"
    color="#ea5a0c"
    href="deployment-options/railway"
  >
    Deploy Infisical with Railway
  </Card>
 </CardGroup>
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@ -1,5 +1,5 @@
 {
-  "name": "npm-proj-1708142380787-0.9952765718063858vJAsWg",
+  "name": "npm-proj-1708687711895-0.8280111363176879xoEiUg",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
@ -82,7 +82,7 @@
        "react-markdown": "^8.0.3",
        "react-redux": "^8.0.2",
        "react-table": "^7.8.0",
-        "sanitize-html": "^2.11.0",
+        "sanitize-html": "^2.12.1",
        "set-cookie-parser": "^2.5.1",
        "sharp": "^0.33.2",
        "styled-components": "^5.3.7",
@ -21111,9 +21111,9 @@
      "dev": true
    },
    "node_modules/sanitize-html": {
-      "version": "2.11.0",
+      "version": "2.12.1",
-      "resolved": "https://registry.npmjs.org/sanitize-html/-/sanitize-html-2.11.0.tgz",
+      "resolved": "https://registry.npmjs.org/sanitize-html/-/sanitize-html-2.12.1.tgz",
-      "integrity": "sha512-BG68EDHRaGKqlsNjJ2xUB7gpInPA8gVx/mvjO743hZaeMCZ2DwzW7xvsqZ+KNU4QKwj86HJ3uu2liISf2qBBUA==",
+      "integrity": "sha512-Plh+JAn0UVDpBRP/xEjsk+xDCoOvMBwQUf/K+/cBAVuTbtX8bj2VB7S1sL1dssVpykqp0/KPSesHrqXtokVBpA==",
      "dependencies": {
        "deepmerge": "^4.2.2",
        "escape-string-regexp": "^4.0.0",
--- a/frontend/package.json
+++ b/frontend/package.json
@ -90,7 +90,7 @@
    "react-markdown": "^8.0.3",
    "react-redux": "^8.0.2",
    "react-table": "^7.8.0",
-    "sanitize-html": "^2.11.0",
+    "sanitize-html": "^2.12.1",
    "set-cookie-parser": "^2.5.1",
    "sharp": "^0.33.2",
    "styled-components": "^5.3.7",
--- a/frontend/src/components/v2/UpgradeOverlay/UpgradeOverlay.tsx
+++ b/frontend/src/components/v2/UpgradeOverlay/UpgradeOverlay.tsx
@ -33,9 +33,7 @@ export const UpgradeOverlay = () => {
    return null;
  }
-  // for non admin this would throw an error
+  return !isUpgradeStatusLoading && isUpgrading ? (
  // so no need to render
  return !isUpgradeStatusLoading && isUpgrading ? ( // isUpgrading
    <div className="absolute top-0 left-0 z-50 flex h-screen w-screen items-center justify-center bg-bunker-500 bg-opacity-80">
      <Spinner size="lg" className="text-primary" />
      <div className="ml-4 flex flex-col space-y-1">
--- a/frontend/src/components/v2/UpgradeProjectAlert/UpgradeProjectAlert.tsx
+++ b/frontend/src/components/v2/UpgradeProjectAlert/UpgradeProjectAlert.tsx
@ -2,6 +2,7 @@ import { useCallback, useState } from "react";
 import { useRouter } from "next/router";
 import { faWarning } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { twMerge } from "tailwind-merge";
 import { useNotificationContext } from "@app/components/context/Notifications/NotificationProvider";
 import { useProjectPermission } from "@app/context";
@ -10,6 +11,7 @@ import { Workspace } from "@app/hooks/api/types";
 import { ProjectVersion } from "@app/hooks/api/workspace/types";
 import { Button } from "../Button";
 import { Tooltip } from "../Tooltip";
 export type UpgradeProjectAlertProps = {
  project: Workspace;
@ -83,20 +85,44 @@ export const UpgradeProjectAlert = ({ project }: UpgradeProjectAlertProps): JSX.
      projectStatus?.status !== "FAILED");
  if (project.version !== ProjectVersion.V1) return null;
  if (membership.role !== "admin") return null;
  return (
-    <div className="mt-4 flex w-full flex-row items-center rounded-md border border-primary-600/70 bg-primary/[.07] p-4 text-base text-white">
+    <div
      className={twMerge(
        "mt-4 flex w-full flex-row items-center rounded-md border border-primary-600/70 bg-primary/[.07] p-4 text-base text-white",
        membership.role !== "admin" && "opacity-80"
      )}
    >
      <FontAwesomeIcon icon={faWarning} className="pr-6 text-6xl text-white/80" />
      <div className="flex w-full flex-col text-sm">
        <span className="mb-2 text-lg font-semibold">Upgrade your project</span>
-        Upgrade your project version to continue receiving the latest improvements and patches.
+        {membership.role === "admin" ? (
          <p>
            Upgrade your project version to continue receiving the latest improvements and patches.
          </p>
        ) : (
          <p>
            <span className="font-bold">Please ask a project admin to upgrade the project.</span>
            <br />
            Upgrading the project version is required to continue receiving the latest improvements
            and patches.
          </p>
        )}
        {currentStatus && <p className="mt-2 opacity-80">Status: {currentStatus}</p>}
      </div>
      <div className="my-2">
-        <Button isLoading={isLoading} isDisabled={isLoading} onClick={onUpgradeProject}>
+        <Tooltip
-          Upgrade
+          className={twMerge(membership.role === "admin" && "hidden")}
-        </Button>
+          content="You need to be an admin to upgrade the project."
        >
          <Button
            isLoading={isLoading}
            isDisabled={isLoading || membership.role !== "admin"}
            onClick={onUpgradeProject}
          >
            Upgrade
          </Button>
        </Tooltip>
      </div>
    </div>
  );
--- a/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersTable.tsx
+++ b/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgMembersTable.tsx
@ -141,10 +141,10 @@ export const OrgMembersTable = ({ handlePopUpOpen, setCompleteInviteLink }: Prop
    () =>
      members?.filter(
        ({ user: u, inviteEmail }) =>
-          u?.firstName?.toLowerCase().includes(searchMemberFilter) ||
+          u?.firstName?.toLowerCase().includes(searchMemberFilter.toLowerCase()) ||
-          u?.lastName?.toLowerCase().includes(searchMemberFilter) ||
+          u?.lastName?.toLowerCase().includes(searchMemberFilter.toLowerCase()) ||
-          u?.email?.toLowerCase().includes(searchMemberFilter) ||
+          u?.email?.toLowerCase().includes(searchMemberFilter.toLowerCase()) ||
-          inviteEmail?.includes(searchMemberFilter)
+          inviteEmail?.includes(searchMemberFilter.toLowerCase())
      ),
    [members, searchMemberFilter]
  );
--- a/frontend/src/views/Project/MembersPage/components/MemberListTab/MemberListTab.tsx
+++ b/frontend/src/views/Project/MembersPage/components/MemberListTab/MemberListTab.tsx
@ -218,10 +218,10 @@ export const MemberListTab = () => {
    () =>
      members?.filter(
        ({ user: u, inviteEmail }) =>
-          u?.firstName?.toLowerCase().includes(searchMemberFilter) ||
+          u?.firstName?.toLowerCase().includes(searchMemberFilter.toLowerCase()) ||
-          u?.lastName?.toLowerCase().includes(searchMemberFilter) ||
+          u?.lastName?.toLowerCase().includes(searchMemberFilter.toLowerCase()) ||
-          u?.email?.toLowerCase().includes(searchMemberFilter) ||
+          u?.email?.toLowerCase().includes(searchMemberFilter.toLowerCase()) ||
-          inviteEmail?.includes(searchMemberFilter)
+          inviteEmail?.includes(searchMemberFilter.toLowerCase())
      ),
    [members, searchMemberFilter]
  );
--- a/helm-charts/infisical-standalone-postgres/.gitignore
+++ b/helm-charts/infisical-standalone-postgres/.gitignore
@ -1,4 +0,0 @@
 charts/
 node_modules/
 package*.json
 *.bak
--- a/helm-charts/infisical-standalone-postgres/.helmignore
+++ b/helm-charts/infisical-standalone-postgres/.helmignore
@ -1,23 +0,0 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
--- a/helm-charts/infisical-standalone-postgres/Chart.lock
+++ b/helm-charts/infisical-standalone-postgres/Chart.lock
@ -1,6 +1,12 @@
 dependencies:
- name: ingress-nginx
+  - name: ingress-nginx
-  repository: https://kubernetes.github.io/ingress-nginx
+    repository: https://kubernetes.github.io/ingress-nginx
-  version: 4.0.13
+    version: 4.0.13
-digest: sha256:5d15260ba09f284ec40b254d79cd16bb80abd641fe14809a2de19d24c7920221
+  - name: postgresql
-generated: "2024-01-26T20:15:50.215645-05:00"
+    repository: https://charts.bitnami.com/bitnami
    version: 14.1.3
  - name: redis
    repository: https://charts.bitnami.com/bitnami
    version: 18.14.0
 digest: sha256:296e0ef65914eea70af7e7904188b2efa37089c785305109abc70b7bed42306b
 generated: "2024-02-20T01:25:47.224526-05:00"
--- a/helm-charts/infisical-standalone-postgres/Chart.yaml
+++ b/helm-charts/infisical-standalone-postgres/Chart.yaml
@ -7,16 +7,24 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
+version: 1.0.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.0.1"
+appVersion: "1.0.0"
 dependencies:
  - name: ingress-nginx
    version: 4.0.13
    repository: https://kubernetes.github.io/ingress-nginx
    condition: ingress.nginx.enabled
  - name: postgresql
    version: 14.1.3
    repository: https://charts.bitnami.com/bitnami
    condition: postgresql.enabled
  - name: redis
    version: 18.14.0
    repository: https://charts.bitnami.com/bitnami
    condition: redis.enabled
--- a/helm-charts/infisical-standalone-postgres/templates/NOTES.txt
+++ b/helm-charts/infisical-standalone-postgres/templates/NOTES.txt
@ -20,6 +20,8 @@
 │   Current installation (infisical) :
 │   • infisical          : {{ .Values.infisical.enabled }}
 |   • nginx              : {{ .Values.ingress.nginx.enabled }}
 |   • Postgres DB        : {{ .Values.postgresql.enabled }}
 |   • Redis              : {{ .Values.redis.enabled }}
 │
 ╰―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――┤
--- a/helm-charts/infisical-standalone-postgres/templates/_helpers.tpl
+++ b/helm-charts/infisical-standalone-postgres/templates/_helpers.tpl
@ -30,7 +30,6 @@ heritage: {{ .Release.Service }}
 {{ include "infisical.common.metaLabels" . }}
 {{- end -}}
 {{- define "infisical.labels" -}}
 {{ include "infisical.matchLabels" . }}
 {{ include "infisical.common.metaLabels" . }}
@ -57,3 +56,52 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{- define "infisical.postgresService" -}}
 {{- if .Values.postgresql.fullnameOverride -}}
 {{- .Values.postgresql.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-postgresql" .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- define "infisical.postgresDBConnectionString" -}}
 {{- $dbUsername := .Values.postgresql.auth.username -}}
 {{- $dbPassword := .Values.postgresql.auth.password -}}
 {{- $dbName := .Values.postgresql.auth.database -}}
 {{- $serviceName := include "infisical.postgresService" . -}}
 {{- printf "postgresql://%s:%s@%s:5432/%s" $dbUsername $dbPassword $serviceName $dbName -}}
 {{- end -}}
 {{/*
 Create a fully qualified redis name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "infisical.redis.fullname" -}}
 {{- if .Values.redis.fullnameOverride -}}
 {{- .Values.redis.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- printf "%s-%s" .Release.Name .Values.redis.name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s-%s" .Release.Name $name .Values.redis.name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{- define "infisical.redisServiceName" -}}
 {{- if .Values.redis.fullnameOverride -}}
 {{- printf "%s-master" .Values.redis.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-master" .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- define "infisical.redisConnectionString" -}}
 {{- $password := .Values.redis.auth.password -}}
 {{- $serviceName := include "infisical.redisServiceName" . -}}
 {{- printf "redis://default:%s@%s:6379" $password "redis-master" -}}
 {{- end -}}
--- a/helm-charts/infisical-standalone-postgres/templates/infisical-deployment.yaml
+++ b/helm-charts/infisical-standalone-postgres/templates/infisical-deployment.yaml
@ -28,10 +28,19 @@ spec:
    {{- with $infisicalValues.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- if $infisicalValues.autoDatabaseSchemaMigration }}
      initContainers:
      - name: "migration-init"
        image: "groundnuty/k8s-wait-for:1.3"
        imagePullPolicy: {{ $infisicalValues.image.pullPolicy }}
        args: 
        - "job"
        - "{{ .Release.Name }}-schema-migration-{{ .Release.Revision }}"
    {{- end }}
      containers:
      - name: {{ template "infisical.name" . }}-{{ $infisicalValues.name }}
-        image: "{{ $infisicalValues.image.repository }}:{{ $infisicalValues.image.tag | default "latest" }}"
+        image: "{{ $infisicalValues.image.repository }}:{{ $infisicalValues.image.tag }}"
        imagePullPolicy: {{ $infisicalValues.image.pullPolicy }}
        readinessProbe:
          httpGet:
@ -41,9 +50,18 @@ spec:
          periodSeconds: 5
        ports: 
        - containerPort: 8080
        env:
        {{- if .Values.postgresql.enabled }}
        - name: DB_CONNECTION_URI
          value: {{ include "infisical.postgresDBConnectionString" . }}
        {{- end }}
        {{- if .Values.redis.enabled }}
        - name: REDIS_URL
          value: {{ include "infisical.redisConnectionString" . }}
        {{- end }}
        envFrom:
        - secretRef:
-            name: {{ $infisicalValues.kubeSecretRef | default (include "infisical.fullname" .) }}
+            name: {{ $infisicalValues.kubeSecretRef }}
        {{- if  $infisicalValues.resources }}
        resources: {{- toYaml $infisicalValues.resources | nindent 12 }}
        {{- end }}
@ -66,7 +84,7 @@ spec:
  ports:
    - protocol: TCP
      port: 8080
-      targetPort: 8080 # container port 
+      targetPort: 8080
      {{- if eq $infisicalValues.service.type "NodePort" }}
      nodePort: {{ $infisicalValues.service.nodePort }}
      {{- end }}
--- a/helm-charts/infisical-standalone-postgres/templates/ingress.yaml
+++ b/helm-charts/infisical-standalone-postgres/templates/ingress.yaml
@ -1,50 +0,0 @@
 {{ if .Values.ingress.enabled }}
 {{- $ingress := .Values.ingress }}
 {{- if and $ingress.ingressClassName (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
  {{- if not (hasKey $ingress.annotations "kubernetes.io/ingress.class") }}
  {{- $_ := set $ingress.annotations "kubernetes.io/ingress.class" $ingress.ingressClassName}}
  {{- end }}
 {{- end }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: infisical-ingress
  {{- with $ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  {{- if and $ingress.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
  ingressClassName: {{ $ingress.ingressClassName | default "nginx" }}
  {{- end }}
 {{- if $ingress.tls }}
  tls:
  {{- range $ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
    - http:
        paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: {{ include "infisical.fullname" . }}
              port:
                number: 8080
        - path: /ss-webhook
          pathType: Exact
          backend:
            service:
              name: {{ include "infisical.fullname" . }}
              port:
                number: 8080
      {{- if $ingress.hostName }}
      host: {{ $ingress.hostName }}
      {{- end }}
 {{ end }}
--- a/helm-charts/infisical-standalone-postgres/templates/jobs-rbac.yaml
+++ b/helm-charts/infisical-standalone-postgres/templates/jobs-rbac.yaml
@ -0,0 +1,20 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: k8s-wait-for-infisical-schema-migration
 rules:
  - apiGroups: ["batch"]
    resources: ["jobs"]
    verbs: ["get", "watch", "list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: default
 subjects:
  - kind: ServiceAccount
    name: {{ .Release.Namespace }}
 roleRef:
  kind: Role
  name: k8s-wait-for-infisical-schema-migration
  apiGroup: rbac.authorization.k8s.io
--- a/helm-charts/infisical-standalone-postgres/templates/schema-migration-job.yaml
+++ b/helm-charts/infisical-standalone-postgres/templates/schema-migration-job.yaml
@ -0,0 +1,32 @@
 {{- $infisicalValues := .Values.infisical }}
 {{- if $infisicalValues.autoDatabaseSchemaMigration }}
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: "{{ .Release.Name }}-schema-migration-{{ .Release.Revision }}"
  labels:
    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
 spec:
  backoffLimit: 10
  template:
    metadata:
      name: "{{ .Release.Name }}-create-tables"
      labels:
        app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
        app.kubernetes.io/instance: {{ .Release.Name | quote }}
        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    spec:
      restartPolicy: OnFailure
      containers:
        - name: infisical-schema-migration
          image: "{{ $infisicalValues.image.repository }}:{{ $infisicalValues.image.tag }}"
          command: ["npm", "run", "migration:latest"]
          env:
          {{- if .Values.postgresql.enabled }}
          - name: DB_CONNECTION_URI
            value: {{ include "infisical.postgresDBConnectionString" . }}
          {{- end }}
          envFrom:
          - secretRef:
              name: {{ $infisicalValues.kubeSecretRef }}
 {{- end }}
--- a/helm-charts/infisical-standalone-postgres/values.yaml
+++ b/helm-charts/infisical-standalone-postgres/values.yaml
@ -1,96 +1,62 @@
 ## @section Common parameters
 ##
 ## @param nameOverride Override release name
 ##
 nameOverride: ""
 ## @param fullnameOverride Override release fullname
 ##
 fullnameOverride: ""
 ## @section Infisical backend parameters
 ## Documentation : https://infisical.com/docs/self-hosting/deployments/kubernetes
 ##
 infisical:
  ## @param backend.enabled Enable backend
  ##
  enabled: true
  ## @param backend.name Backend name
  ##
  name: infisical
-  ## @param backend.fullnameOverride Backend fullnameOverride
+  autoDatabaseSchemaMigration: true
  ##
  fullnameOverride: ""
  ## @param backend.podAnnotations Backend pod annotations
  ##
  podAnnotations: {}
  ## @param backend.deploymentAnnotations Backend deployment annotations
  ##
  deploymentAnnotations: {}
  ## @param backend.replicaCount Backend replica count
  ##
  replicaCount: 2
-  ## Backend image parameters
+
  ##
  image:
-    ## @param backend.image.repository Backend image repository
+    repository: infisical/infisical
-    ##
+    tag: "v0.46.3-postgres"
    repository: akhilmhdh/destruction
    ## @param backend.image.tag Backend image tag
    ##
    tag: "latest"
    ## @param backend.image.pullPolicy Backend image pullPolicy
    ##
    pullPolicy: IfNotPresent
-  ## @param backend.affinity Backend pod affinity
+
  ##
  affinity: {}
-  ## @param backend.kubeSecretRef Backend secret resource reference name (containing required [backend configuration variables](https://infisical.com/docs/self-hosting/configuration/envars))
+  kubeSecretRef: "infisical-secrets"
  ##
  kubeSecretRef: ""
  ## Backend service
  ##
  service:
    ## @param backend.service.annotations Backend service annotations
    ##
    annotations: {}
    ## @param backend.service.type Backend service type
    ##
    type: ClusterIP
    ## @param backend.service.nodePort Backend service nodePort (used if above type is `NodePort`)
    ##
    nodePort: ""
-## @section Ingress parameters
+  resources:
-##
+    limits:
      memory: 210Mi
    requests:
      cpu: 200m
 ingress:
  ## @param ingress.enabled Enable ingress
  ##
  enabled: true
-  ## @param ingress.ingressClassName Ingress class name
+  hostName: ""
  ##
  ingressClassName: nginx
  ## @param ingress.nginx.enabled Ingress controller
  ##
  nginx:
    enabled: true
-  ## @param ingress.annotations Ingress annotations
+  annotations: {}
  ##
  annotations:
    {}
    # kubernetes.io/ingress.class: "nginx"
    # cert-manager.io/issuer: letsencrypt-nginx
  ## @param ingress.hostName Ingress hostname (your custom domain name, e.g. `infisical.example.org`)
  ## Replace with your own domain
  ##
  hostName: ""
  ## @param ingress.tls Ingress TLS hosts (matching above hostName)
  ## Replace with your own domain
  ##
  tls:
    []
    # - secretName: letsencrypt-prod
    #   hosts:
    #     - some.domain.com
 postgresql:
  enabled: true
  name: "postgresql"
  fullnameOverride: "postgresql"
  auth:
    username: infisical
    password: root
    database: infisicalDB
 redis:
  enabled: true
  name: "redis"
  fullnameOverride: "redis"
  cluster:
    enabled: false
  usePassword: true
  auth:
    password: "mysecretpassword"
  architecture: standalone
Author	SHA1	Message	Date
Maidul Islam	46f0fb7a41	add helm with postgres + docs	2024-02-23 21:20:58 -05:00
Maidul Islam	2142f5736c	Merge pull request #1454 from Infisical/snyk-upgrade-adb30694539efb19ffe3e73890bb6b8e [Snyk] Upgrade aws-sdk from 2.1545.0 to 2.1549.0	2024-02-23 13:39:50 -05:00
Maidul Islam	ce764d70ad	Merge branch 'main' into snyk-upgrade-adb30694539efb19ffe3e73890bb6b8e	2024-02-23 13:39:43 -05:00
Maidul Islam	c2d0ddb2fc	Merge pull request #1455 from Infisical/snyk-upgrade-d2de299aecc7f7e0bc3f4806027b63db [Snyk] Upgrade @aws-sdk/client-secrets-manager from 3.502.0 to 3.504.0	2024-02-23 13:38:39 -05:00
Maidul Islam	7ba9588509	Merge pull request #1456 from Infisical/snyk-upgrade-321e83ad66200d3a9986ba215332d07e [Snyk] Upgrade axios from 1.6.4 to 1.6.7	2024-02-23 13:38:24 -05:00
Maidul Islam	cddb09e031	Merge pull request #1457 from Infisical/snyk-upgrade-ef9af10ff1fb4ccb502ef71e8db6e32a [Snyk] Upgrade dotenv from 16.3.1 to 16.4.1	2024-02-23 13:38:13 -05:00
Maidul Islam	046dc83638	Merge pull request #1458 from Infisical/snyk-upgrade-79bce0f7942398d32958cc208d2bf3d9 [Snyk] Upgrade @fastify/cors from 8.4.1 to 8.5.0	2024-02-23 13:38:00 -05:00
snyk-bot	320074ef6c	fix: upgrade @fastify/cors from 8.4.1 to 8.5.0 Snyk has created this PR to upgrade @fastify/cors from 8.4.1 to 8.5.0. See this package in npm: https://www.npmjs.com/package/@fastify/cors See this project in Snyk: https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr	2024-02-23 17:54:12 +00:00
snyk-bot	e780ee6573	fix: upgrade dotenv from 16.3.1 to 16.4.1 Snyk has created this PR to upgrade dotenv from 16.3.1 to 16.4.1. See this package in npm: https://www.npmjs.com/package/dotenv See this project in Snyk: https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr	2024-02-23 17:54:08 +00:00
snyk-bot	a5a881c382	fix: upgrade axios from 1.6.4 to 1.6.7 Snyk has created this PR to upgrade axios from 1.6.4 to 1.6.7. See this package in npm: https://www.npmjs.com/package/axios See this project in Snyk: https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr	2024-02-23 17:54:04 +00:00
snyk-bot	200d4a5af6	fix: upgrade @aws-sdk/client-secrets-manager from 3.502.0 to 3.504.0 Snyk has created this PR to upgrade @aws-sdk/client-secrets-manager from 3.502.0 to 3.504.0. See this package in npm: https://www.npmjs.com/package/@aws-sdk/client-secrets-manager See this project in Snyk: https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr	2024-02-23 17:54:00 +00:00
snyk-bot	07318ec54b	fix: upgrade aws-sdk from 2.1545.0 to 2.1549.0 Snyk has created this PR to upgrade aws-sdk from 2.1545.0 to 2.1549.0. See this package in npm: https://www.npmjs.com/package/aws-sdk See this project in Snyk: https://app.snyk.io/org/maidul98/project/35057e82-ed7d-4e19-ba4d-719a42135cd6?utm_source=github&utm_medium=referral&page=upgrade-pr	2024-02-23 17:53:57 +00:00
Maidul Islam	92d237a714	Merge pull request #1452 from Infisical/snyk-fix-619f8d103918c8185c0381a3771a208f [Snyk] Security upgrade sanitize-html from 2.11.0 to 2.12.1	2024-02-23 09:49:03 -05:00
Maidul Islam	6ef988fa86	Merge pull request #1444 from akhilmhdh/feat/telemetry-new-fields feat(telemetry): added new telemetry events	2024-02-23 09:48:42 -05:00
snyk-bot	70822d0d98	fix: frontend/package.json & frontend/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334	2024-02-23 11:28:36 +00:00
Akhil Mohan	e91499b301	feat(telemetry): updated telemetry distinct id to use service token from secrets one	2024-02-23 13:22:53 +05:30
Akhil Mohan	92acb4d943	feat(telemetry): fixed typo in filename lib/telemetry and capitalized new posthog event names	2024-02-23 13:19:16 +05:30
Akhil Mohan	76daa20d69	feat(telemetry): added telemetry events for creation of integration,project,machine identity and user invitation to org	2024-02-23 13:19:16 +05:30
Maidul Islam	a231813f01	Merge pull request #1445 from Nithishvb/fix-uppercase-member-search	2024-02-23 01:02:01 -05:00
Maidul Islam	3eb2bdb191	Merge pull request #1447 from Infisical/daniel/show-upgrade-to-everyone (style): Show upgrade alert to all users	2024-02-22 22:31:05 -05:00
Daniel Hougaard	cadf6e1157	Update UpgradeOverlay.tsx	2024-02-23 01:13:26 +01:00
Daniel Hougaard	ceb7fafc06	Update UpgradeProjectAlert.tsx	2024-02-23 01:12:22 +01:00
Daniel Hougaard	3063bb9982	Update UpgradeProjectAlert.tsx	2024-02-23 01:12:02 +01:00
Maidul Islam	3d82a43615	Merge pull request #1446 from Infisical/daniel/ghost-users-fixes (Fix): Project upgrade	2024-02-22 17:20:44 -05:00
Nithish	f1f2d62993	fix: access member returns empty results when search using upper case letters.	2024-02-22 22:32:58 +05:30