misc: resolved goreleaser hardcoded version

Merge pull request #1960 from Infisical/misc/hardcoded-goreleaser-version-for-cli
misc: hardcoded goreleaser version
2025-07-29 22:37:44 +00:00 · 2024-06-12 22:00:14 +08:00 · 2024-06-12 09:57:37 -04:00 · 2024-06-12 21:54:35 +08:00 · 2024-06-12 08:52:58 -04:00 · 2024-06-12 20:45:57 +08:00
72 changed files with 891 additions and 359 deletions
--- a/.env.example
+++ b/.env.example
@@ -63,3 +63,7 @@ CLIENT_SECRET_GITHUB_LOGIN=

 CLIENT_ID_GITLAB_LOGIN=
 CLIENT_SECRET_GITLAB_LOGIN=
+
+CAPTCHA_SECRET=
+
+NEXT_PUBLIC_CAPTCHA_SITE_KEY=
--- a/.github/workflows/check-api-for-breaking-changes.yml
+++ b/.github/workflows/check-api-for-breaking-changes.yml
@@ -47,7 +47,7 @@ jobs:
      - name: Wait for container to be stable and check logs
        run: |
          SECONDS=0
- r        HEALTHY=0
+          HEALTHY=0
          while [ $SECONDS -lt 60 ]; do
            if docker ps | grep infisical-api | grep -q healthy; then
              echo "Container is healthy."
--- a/.github/workflows/release_build_infisical_cli.yml
+++ b/.github/workflows/release_build_infisical_cli.yml
@@ -22,6 +22,9 @@ jobs:
            CLI_TESTS_SERVICE_TOKEN: ${{ secrets.CLI_TESTS_SERVICE_TOKEN }}
            CLI_TESTS_PROJECT_ID: ${{ secrets.CLI_TESTS_PROJECT_ID }}
            CLI_TESTS_ENV_SLUG: ${{ secrets.CLI_TESTS_ENV_SLUG }}
+            CLI_TESTS_USER_EMAIL: ${{ secrets.CLI_TESTS_USER_EMAIL }}
+            CLI_TESTS_USER_PASSWORD: ${{ secrets.CLI_TESTS_USER_PASSWORD }}
+            CLI_TESTS_INFISICAL_VAULT_FILE_PASSPHRASE: ${{ secrets.CLI_TESTS_INFISICAL_VAULT_FILE_PASSPHRASE }}

    goreleaser:
        runs-on: ubuntu-20.04
@@ -56,7 +59,7 @@ jobs:
            - uses: goreleaser/goreleaser-action@v4
              with:
                  distribution: goreleaser-pro
-                  version: latest
+                  version: v1.26.2-pro
                  args: release --clean
              env:
                  GITHUB_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
--- a/.github/workflows/run-cli-tests.yml
+++ b/.github/workflows/run-cli-tests.yml
@@ -20,7 +20,12 @@ on:
                required: true
            CLI_TESTS_ENV_SLUG:
                required: true
-
+            CLI_TESTS_USER_EMAIL:
+                required: true
+            CLI_TESTS_USER_PASSWORD:
+                required: true
+            CLI_TESTS_INFISICAL_VAULT_FILE_PASSPHRASE:
+                required: true
 jobs:
    test:
        defaults:
@@ -43,5 +48,8 @@ jobs:
                  CLI_TESTS_SERVICE_TOKEN: ${{ secrets.CLI_TESTS_SERVICE_TOKEN }}
                  CLI_TESTS_PROJECT_ID: ${{ secrets.CLI_TESTS_PROJECT_ID }}
                  CLI_TESTS_ENV_SLUG: ${{ secrets.CLI_TESTS_ENV_SLUG }}
+                  CLI_TESTS_USER_EMAIL: ${{ secrets.CLI_TESTS_USER_EMAIL }}
+                  CLI_TESTS_USER_PASSWORD: ${{ secrets.CLI_TESTS_USER_PASSWORD }}
+                  INFISICAL_VAULT_FILE_PASSPHRASE: ${{ secrets.CLI_TESTS_INFISICAL_VAULT_FILE_PASSPHRASE }}

              run: go test -v -count=1 ./test
--- a/Dockerfile.standalone-infisical
+++ b/Dockerfile.standalone-infisical
@@ -1,6 +1,7 @@
 ARG POSTHOG_HOST=https://app.posthog.com
 ARG POSTHOG_API_KEY=posthog-api-key
 ARG INTERCOM_ID=intercom-id
+ARG CAPTCHA_SITE_KEY=captcha-site-key

 FROM  node:20-alpine AS base

@@ -34,7 +35,9 @@ ENV NEXT_PUBLIC_POSTHOG_API_KEY $POSTHOG_API_KEY
 ARG INTERCOM_ID
 ENV NEXT_PUBLIC_INTERCOM_ID $INTERCOM_ID
 ARG INFISICAL_PLATFORM_VERSION
-ENV NEXT_PUBLIC_INFISICAL_PLATFORM_VERSION $INFISICAL_PLATFORM_VERSION 
+ENV NEXT_PUBLIC_INFISICAL_PLATFORM_VERSION $INFISICAL_PLATFORM_VERSION
+ARG CAPTCHA_SITE_KEY
+ENV NEXT_PUBLIC_CAPTCHA_SITE_KEY $CAPTCHA_SITE_KEY 

 # Build
 RUN npm run build
@@ -110,6 +113,9 @@ ENV NEXT_PUBLIC_POSTHOG_API_KEY=$POSTHOG_API_KEY \
 ARG INTERCOM_ID=intercom-id
 ENV NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID \
  BAKED_NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID
+ARG CAPTCHA_SITE_KEY
+ENV NEXT_PUBLIC_CAPTCHA_SITE_KEY=$CAPTCHA_SITE_KEY \
+  BAKED_NEXT_PUBLIC_CAPTCHA_SITE_KEY=$CAPTCHA_SITE_KEY

 WORKDIR / 

--- a/README.md
+++ b/README.md
@@ -85,13 +85,13 @@ To set up and run Infisical locally, make sure you have Git and Docker installed
 Linux/macOS:

 ```console
-git clone https://github.com/Infisical/infisical && cd "$(basename $_ .git)" && cp .env.example .env && docker-compose -f docker-compose.prod.yml up
+git clone https://github.com/Infisical/infisical && cd "$(basename $_ .git)" && cp .env.example .env && docker compose -f docker-compose.prod.yml up
 ```

 Windows Command Prompt:

 ```console
-git clone https://github.com/Infisical/infisical && cd infisical && copy .env.example .env && docker-compose -f docker-compose.prod.yml up
+git clone https://github.com/Infisical/infisical && cd infisical && copy .env.example .env && docker compose -f docker-compose.prod.yml up
 ```

 Create an account at `http://localhost:80`
--- a/backend/src/db/migrations/20240610181521_add-consecutive-failed-password-attempts-user.ts
+++ b/backend/src/db/migrations/20240610181521_add-consecutive-failed-password-attempts-user.ts
@@ -0,0 +1,29 @@
+import { Knex } from "knex";
+
+import { TableName } from "../schemas";
+
+export async function up(knex: Knex): Promise<void> {
+  const hasConsecutiveFailedPasswordAttempts = await knex.schema.hasColumn(
+    TableName.Users,
+    "consecutiveFailedPasswordAttempts"
+  );
+
+  await knex.schema.alterTable(TableName.Users, (tb) => {
+    if (!hasConsecutiveFailedPasswordAttempts) {
+      tb.integer("consecutiveFailedPasswordAttempts").defaultTo(0);
+    }
+  });
+}
+
+export async function down(knex: Knex): Promise<void> {
+  const hasConsecutiveFailedPasswordAttempts = await knex.schema.hasColumn(
+    TableName.Users,
+    "consecutiveFailedPasswordAttempts"
+  );
+
+  await knex.schema.alterTable(TableName.Users, (tb) => {
+    if (hasConsecutiveFailedPasswordAttempts) {
+      tb.dropColumn("consecutiveFailedPasswordAttempts");
+    }
+  });
+}
--- a/backend/src/db/schemas/users.ts
+++ b/backend/src/db/schemas/users.ts
@@ -25,7 +25,8 @@ export const UsersSchema = z.object({
  isEmailVerified: z.boolean().default(false).nullable().optional(),
  consecutiveFailedMfaAttempts: z.number().default(0).nullable().optional(),
  isLocked: z.boolean().default(false).nullable().optional(),
-  temporaryLockDateEnd: z.date().nullable().optional()
+  temporaryLockDateEnd: z.date().nullable().optional(),
+  consecutiveFailedPasswordAttempts: z.number().default(0).nullable().optional()
 });

 export type TUsers = z.infer<typeof UsersSchema>;
--- a/backend/src/ee/routes/v1/scim-router.ts
+++ b/backend/src/ee/routes/v1/scim-router.ts
@@ -362,6 +362,7 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
      const groups = await req.server.services.scim.listScimGroups({
        orgId: req.permission.orgId,
        startIndex: req.query.startIndex,
+        filter: req.query.filter,
        limit: req.query.count
      });

--- a/backend/src/ee/routes/v1/secret-approval-policy-router.ts
+++ b/backend/src/ee/routes/v1/secret-approval-policy-router.ts
@@ -1,6 +1,7 @@
 import { nanoid } from "nanoid";
 import { z } from "zod";

+import { removeTrailingSlash } from "@app/lib/fn";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { sapPubSchema } from "@app/server/routes/sanitizedSchemas";
@@ -19,7 +20,11 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
          workspaceId: z.string(),
          name: z.string().optional(),
          environment: z.string(),
-          secretPath: z.string().optional().nullable(),
+          secretPath: z
+            .string()
+            .optional()
+            .nullable()
+            .transform((val) => (val ? removeTrailingSlash(val) : val)),
          approvers: z.string().array().min(1),
          approvals: z.number().min(1).default(1)
        })
@@ -63,7 +68,11 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
          name: z.string().optional(),
          approvers: z.string().array().min(1),
          approvals: z.number().min(1).default(1),
-          secretPath: z.string().optional().nullable()
+          secretPath: z
+            .string()
+            .optional()
+            .nullable()
+            .transform((val) => (val ? removeTrailingSlash(val) : val))
        })
        .refine((data) => data.approvals <= data.approvers.length, {
          path: ["approvals"],
@@ -157,7 +166,7 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
      querystring: z.object({
        workspaceId: z.string().trim(),
        environment: z.string().trim(),
-        secretPath: z.string().trim()
+        secretPath: z.string().trim().transform(removeTrailingSlash)
      }),
      response: {
        200: z.object({
--- a/backend/src/ee/services/ldap-config/ldap-config-service.ts
+++ b/backend/src/ee/services/ldap-config/ldap-config-service.ts
@@ -77,7 +77,7 @@ type TLdapConfigServiceFactoryDep = {
  >;
  userAliasDAL: Pick<TUserAliasDALFactory, "create" | "findOne">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
+  licenseService: Pick<TLicenseServiceFactory, "getPlan" | "updateSubscriptionOrgMemberCount">;
 };

 export type TLdapConfigServiceFactory = ReturnType<typeof ldapConfigServiceFactory>;
@@ -510,6 +510,7 @@ export const ldapConfigServiceFactory = ({
        return newUserAlias;
      });
    }
+    await licenseService.updateSubscriptionOrgMemberCount(organization.id);

    const user = await userDAL.transaction(async (tx) => {
      const newUser = await userDAL.findOne({ id: userAlias.userId }, tx);
--- a/backend/src/ee/services/saml-config/saml-config-service.ts
+++ b/backend/src/ee/services/saml-config/saml-config-service.ts
@@ -50,7 +50,7 @@ type TSamlConfigServiceFactoryDep = {
  orgMembershipDAL: Pick<TOrgMembershipDALFactory, "create">;
  orgBotDAL: Pick<TOrgBotDALFactory, "findOne" | "create" | "transaction">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
-  licenseService: Pick<TLicenseServiceFactory, "getPlan">;
+  licenseService: Pick<TLicenseServiceFactory, "getPlan" | "updateSubscriptionOrgMemberCount">;
  tokenService: Pick<TAuthTokenServiceFactory, "createTokenForUser">;
  smtpService: Pick<TSmtpService, "sendMail">;
 };
@@ -449,6 +449,7 @@ export const samlConfigServiceFactory = ({
        return newUser;
      });
    }
+    await licenseService.updateSubscriptionOrgMemberCount(organization.id);

    const isUserCompleted = Boolean(user.isAccepted);
    const providerAuthToken = jwt.sign(
--- a/backend/src/ee/services/scim/scim-fns.ts
+++ b/backend/src/ee/services/scim/scim-fns.ts
@@ -18,6 +18,20 @@ export const buildScimUserList = ({
  };
 };

+export const parseScimFilter = (filterToParse: string | undefined) => {
+  if (!filterToParse) return {};
+  const [parsedName, parsedValue] = filterToParse.split("eq").map((s) => s.trim());
+
+  let attributeName = parsedName;
+  if (parsedName === "userName") {
+    attributeName = "email";
+  } else if (parsedName === "displayName") {
+    attributeName = "name";
+  }
+
+  return { [attributeName]: parsedValue.replace(/"/g, "") };
+};
+
 export const buildScimUser = ({
  orgMembershipId,
  username,
--- a/backend/src/ee/services/scim/scim-service.ts
+++ b/backend/src/ee/services/scim/scim-service.ts
@@ -30,7 +30,7 @@ import { UserAliasType } from "@app/services/user-alias/user-alias-types";
 import { TLicenseServiceFactory } from "../license/license-service";
 import { OrgPermissionActions, OrgPermissionSubjects } from "../permission/org-permission";
 import { TPermissionServiceFactory } from "../permission/permission-service";
-import { buildScimGroup, buildScimGroupList, buildScimUser, buildScimUserList } from "./scim-fns";
+import { buildScimGroup, buildScimGroupList, buildScimUser, buildScimUserList, parseScimFilter } from "./scim-fns";
 import {
  TCreateScimGroupDTO,
  TCreateScimTokenDTO,
@@ -184,18 +184,6 @@ export const scimServiceFactory = ({
        status: 403
      });

-    const parseFilter = (filterToParse: string | undefined) => {
-      if (!filterToParse) return {};
-      const [parsedName, parsedValue] = filterToParse.split("eq").map((s) => s.trim());
-
-      let attributeName = parsedName;
-      if (parsedName === "userName") {
-        attributeName = "email";
-      }
-
-      return { [attributeName]: parsedValue.replace(/"/g, "") };
-    };
-
    const findOpts = {
      ...(startIndex && { offset: startIndex - 1 }),
      ...(limit && { limit })
@@ -204,7 +192,7 @@ export const scimServiceFactory = ({
    const users = await orgDAL.findMembership(
      {
        [`${TableName.OrgMembership}.orgId` as "id"]: orgId,
-        ...parseFilter(filter)
+        ...parseScimFilter(filter)
      },
      findOpts
    );
@@ -391,7 +379,7 @@ export const scimServiceFactory = ({
          );
        }
      }
-
+      await licenseService.updateSubscriptionOrgMemberCount(org.id);
      return { user, orgMembership };
    });

@@ -557,7 +545,7 @@ export const scimServiceFactory = ({
    return {}; // intentionally return empty object upon success
  };

-  const listScimGroups = async ({ orgId, startIndex, limit }: TListScimGroupsDTO) => {
+  const listScimGroups = async ({ orgId, startIndex, limit, filter }: TListScimGroupsDTO) => {
    const plan = await licenseService.getPlan(orgId);
    if (!plan.groups)
      throw new BadRequestError({
@@ -580,7 +568,8 @@ export const scimServiceFactory = ({

    const groups = await groupDAL.findGroups(
      {
-        orgId
+        orgId,
+        ...(filter && parseScimFilter(filter))
      },
      {
        offset: startIndex - 1,
--- a/backend/src/ee/services/scim/scim-types.ts
+++ b/backend/src/ee/services/scim/scim-types.ts
@@ -66,6 +66,7 @@ export type TDeleteScimUserDTO = {

 export type TListScimGroupsDTO = {
  startIndex: number;
+  filter?: string;
  limit: number;
  orgId: string;
 };
--- a/backend/src/ee/services/secret-approval-policy/secret-approval-policy-service.ts
+++ b/backend/src/ee/services/secret-approval-policy/secret-approval-policy-service.ts
@@ -4,6 +4,7 @@ import picomatch from "picomatch";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { BadRequestError } from "@app/lib/errors";
+import { removeTrailingSlash } from "@app/lib/fn";
 import { containsGlobPatterns } from "@app/lib/picomatch";
 import { TProjectEnvDALFactory } from "@app/services/project-env/project-env-dal";
 import { TProjectMembershipDALFactory } from "@app/services/project-membership/project-membership-dal";
@@ -207,7 +208,8 @@ export const secretApprovalPolicyServiceFactory = ({
    return sapPolicies;
  };

-  const getSecretApprovalPolicy = async (projectId: string, environment: string, secretPath: string) => {
+  const getSecretApprovalPolicy = async (projectId: string, environment: string, path: string) => {
+    const secretPath = removeTrailingSlash(path);
    const env = await projectEnvDAL.findOne({ slug: environment, projectId });
    if (!env) throw new BadRequestError({ message: "Environment not found" });

--- a/backend/src/lib/api-docs/constants.ts
+++ b/backend/src/lib/api-docs/constants.ts
@@ -386,6 +386,8 @@ export const SECRET_IMPORTS = {
    environment: "The slug of the environment to import into.",
    path: "The path to import into.",
    workspaceId: "The ID of the project you are working in.",
+    isReplication:
+      "When true, secrets from the source will be automatically sent to the destination. If approval policies exist at the destination, the secrets will be sent as approval requests instead of being applied immediately.",
    import: {
      environment: "The slug of the environment to import from.",
      path: "The path to import from."
@@ -674,7 +676,10 @@ export const INTEGRATION = {
      secretGCPLabel: "The label for GCP secrets.",
      secretAWSTag: "The tags for AWS secrets.",
      kmsKeyId: "The ID of the encryption key from AWS KMS.",
-      shouldDisableDelete: "The flag to disable deletion of secrets in AWS Parameter Store."
+      shouldDisableDelete: "The flag to disable deletion of secrets in AWS Parameter Store.",
+      shouldMaskSecrets: "Specifies if the secrets synced from Infisical to Gitlab should be marked as 'Masked'.",
+      shouldProtectSecrets: "Specifies if the secrets synced from Infisical to Gitlab should be marked as 'Protected'.",
+      shouldEnableDelete: "The flag to enable deletion of secrets"
    }
  },
  UPDATE: {
--- a/backend/src/lib/config/env.ts
+++ b/backend/src/lib/config/env.ts
@@ -39,7 +39,9 @@ const envSchema = z
    HTTPS_ENABLED: zodStrBool,
    // smtp options
    SMTP_HOST: zpStr(z.string().optional()),
-    SMTP_SECURE: zodStrBool,
+    SMTP_IGNORE_TLS: zodStrBool.default("false"),
+    SMTP_REQUIRE_TLS: zodStrBool.default("true"),
+    SMTP_TLS_REJECT_UNAUTHORIZED: zodStrBool.default("true"),
    SMTP_PORT: z.coerce.number().default(587),
    SMTP_USERNAME: zpStr(z.string().optional()),
    SMTP_PASSWORD: zpStr(z.string().optional()),
@@ -120,7 +122,8 @@ const envSchema = z
      .transform((val) => val === "true")
      .optional(),
    INFISICAL_CLOUD: zodStrBool.default("false"),
-    MAINTENANCE_MODE: zodStrBool.default("false")
+    MAINTENANCE_MODE: zodStrBool.default("false"),
+    CAPTCHA_SECRET: zpStr(z.string().optional())
  })
  .transform((data) => ({
    ...data,
@@ -152,13 +155,20 @@ export const initEnvConfig = (logger: Logger) => {
  return envCfg;
 };

-export const formatSmtpConfig = () => ({
-  host: envCfg.SMTP_HOST,
-  port: envCfg.SMTP_PORT,
-  auth:
-    envCfg.SMTP_USERNAME && envCfg.SMTP_PASSWORD
-      ? { user: envCfg.SMTP_USERNAME, pass: envCfg.SMTP_PASSWORD }
-      : undefined,
-  secure: envCfg.SMTP_SECURE,
-  from: `"${envCfg.SMTP_FROM_NAME}" <${envCfg.SMTP_FROM_ADDRESS}>`
-});
+export const formatSmtpConfig = () => {
+  return {
+    host: envCfg.SMTP_HOST,
+    port: envCfg.SMTP_PORT,
+    auth:
+      envCfg.SMTP_USERNAME && envCfg.SMTP_PASSWORD
+        ? { user: envCfg.SMTP_USERNAME, pass: envCfg.SMTP_PASSWORD }
+        : undefined,
+    secure: envCfg.SMTP_PORT === 465,
+    from: `"${envCfg.SMTP_FROM_NAME}" <${envCfg.SMTP_FROM_ADDRESS}>`,
+    ignoreTLS: envCfg.SMTP_IGNORE_TLS,
+    requireTLS: envCfg.SMTP_REQUIRE_TLS,
+    tls: {
+      rejectUnauthorized: envCfg.SMTP_TLS_REJECT_UNAUTHORIZED
+    }
+  };
+};
--- a/backend/src/server/boot-strap-check.ts
+++ b/backend/src/server/boot-strap-check.ts
@@ -5,7 +5,6 @@ import { createTransport } from "nodemailer";

 import { formatSmtpConfig, getConfig } from "@app/lib/config/env";
 import { logger } from "@app/lib/logger";
-import { getTlsOption } from "@app/services/smtp/smtp-service";
 import { getServerCfg } from "@app/services/super-admin/super-admin-service";

 type BootstrapOpt = {
@@ -44,7 +43,7 @@ export const bootstrapCheck = async ({ db }: BootstrapOpt) => {
  console.info("Testing smtp connection");

  const smtpCfg = formatSmtpConfig();
-  await createTransport({ ...smtpCfg, ...getTlsOption(smtpCfg.host, smtpCfg.secure) })
+  await createTransport(smtpCfg)
    .verify()
    .then(async () => {
      console.info("SMTP successfully connected");
--- a/backend/src/server/routes/v1/integration-router.ts
+++ b/backend/src/server/routes/v1/integration-router.ts
@@ -8,7 +8,7 @@ import { writeLimit } from "@app/server/config/rateLimiter";
 import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
-import { IntegrationMappingBehavior } from "@app/services/integration-auth/integration-list";
+import { IntegrationMetadataSchema } from "@app/services/integration/integration-schema";
 import { PostHogEventTypes, TIntegrationCreatedEvent } from "@app/services/telemetry/telemetry-types";

 export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
@@ -46,36 +46,7 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
        path: z.string().trim().optional().describe(INTEGRATION.CREATE.path),
        region: z.string().trim().optional().describe(INTEGRATION.CREATE.region),
        scope: z.string().trim().optional().describe(INTEGRATION.CREATE.scope),
-        metadata: z
-          .object({
-            secretPrefix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretPrefix),
-            secretSuffix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretSuffix),
-            initialSyncBehavior: z.string().optional().describe(INTEGRATION.CREATE.metadata.initialSyncBehavoir),
-            mappingBehavior: z
-              .nativeEnum(IntegrationMappingBehavior)
-              .optional()
-              .describe(INTEGRATION.CREATE.metadata.mappingBehavior),
-            shouldAutoRedeploy: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldAutoRedeploy),
-            secretGCPLabel: z
-              .object({
-                labelName: z.string(),
-                labelValue: z.string()
-              })
-              .optional()
-              .describe(INTEGRATION.CREATE.metadata.secretGCPLabel),
-            secretAWSTag: z
-              .array(
-                z.object({
-                  key: z.string(),
-                  value: z.string()
-                })
-              )
-              .optional()
-              .describe(INTEGRATION.CREATE.metadata.secretAWSTag),
-            kmsKeyId: z.string().optional().describe(INTEGRATION.CREATE.metadata.kmsKeyId),
-            shouldDisableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldDisableDelete)
-          })
-          .default({})
+        metadata: IntegrationMetadataSchema.default({})
      }),
      response: {
        200: z.object({
@@ -161,33 +132,7 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
        targetEnvironment: z.string().trim().describe(INTEGRATION.UPDATE.targetEnvironment),
        owner: z.string().trim().describe(INTEGRATION.UPDATE.owner),
        environment: z.string().trim().describe(INTEGRATION.UPDATE.environment),
-        metadata: z
-          .object({
-            secretPrefix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretPrefix),
-            secretSuffix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretSuffix),
-            initialSyncBehavior: z.string().optional().describe(INTEGRATION.CREATE.metadata.initialSyncBehavoir),
-            mappingBehavior: z.string().optional().describe(INTEGRATION.CREATE.metadata.mappingBehavior),
-            shouldAutoRedeploy: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldAutoRedeploy),
-            secretGCPLabel: z
-              .object({
-                labelName: z.string(),
-                labelValue: z.string()
-              })
-              .optional()
-              .describe(INTEGRATION.CREATE.metadata.secretGCPLabel),
-            secretAWSTag: z
-              .array(
-                z.object({
-                  key: z.string(),
-                  value: z.string()
-                })
-              )
-              .optional()
-              .describe(INTEGRATION.CREATE.metadata.secretAWSTag),
-            kmsKeyId: z.string().optional().describe(INTEGRATION.CREATE.metadata.kmsKeyId),
-            shouldDisableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldDisableDelete)
-          })
-          .optional()
+        metadata: IntegrationMetadataSchema.optional()
      }),
      response: {
        200: z.object({
--- a/backend/src/server/routes/v1/secret-import-router.ts
+++ b/backend/src/server/routes/v1/secret-import-router.ts
@@ -30,7 +30,7 @@ export const registerSecretImportRouter = async (server: FastifyZodProvider) =>
          environment: z.string().trim().describe(SECRET_IMPORTS.CREATE.import.environment),
          path: z.string().trim().transform(removeTrailingSlash).describe(SECRET_IMPORTS.CREATE.import.path)
        }),
-        isReplication: z.boolean().default(false)
+        isReplication: z.boolean().default(false).describe(SECRET_IMPORTS.CREATE.isReplication)
      }),
      response: {
        200: z.object({
--- a/backend/src/server/routes/v3/login-router.ts
+++ b/backend/src/server/routes/v3/login-router.ts
@@ -80,7 +80,8 @@ export const registerLoginRouter = async (server: FastifyZodProvider) => {
      body: z.object({
        email: z.string().trim(),
        providerAuthToken: z.string().trim().optional(),
-        clientProof: z.string().trim()
+        clientProof: z.string().trim(),
+        captchaToken: z.string().trim().optional()
      }),
      response: {
        200: z.discriminatedUnion("mfaEnabled", [
@@ -106,6 +107,7 @@ export const registerLoginRouter = async (server: FastifyZodProvider) => {
      const appCfg = getConfig();

      const data = await server.services.login.loginExchangeClientProof({
+        captchaToken: req.body.captchaToken,
        email: req.body.email,
        ip: req.realIp,
        userAgent,
--- a/backend/src/services/auth/auth-login-service.ts
+++ b/backend/src/services/auth/auth-login-service.ts
@@ -3,6 +3,7 @@ import jwt from "jsonwebtoken";
 import { TUsers, UserDeviceSchema } from "@app/db/schemas";
 import { isAuthMethodSaml } from "@app/ee/services/permission/permission-fns";
 import { getConfig } from "@app/lib/config/env";
+import { request } from "@app/lib/config/request";
 import { generateSrpServerKey, srpCheckClientProof } from "@app/lib/crypto";
 import { BadRequestError, DatabaseError, UnauthorizedError } from "@app/lib/errors";
 import { getServerCfg } from "@app/services/super-admin/super-admin-service";
@@ -176,12 +177,16 @@ export const authLoginServiceFactory = ({
    clientProof,
    ip,
    userAgent,
-    providerAuthToken
+    providerAuthToken,
+    captchaToken
  }: TLoginClientProofDTO) => {
+    const appCfg = getConfig();
+
    const userEnc = await userDAL.findUserEncKeyByUsername({
      username: email
    });
    if (!userEnc) throw new Error("Failed to find user");
+    const user = await userDAL.findById(userEnc.userId);
    const cfg = getConfig();

    let authMethod = AuthMethod.EMAIL;
@@ -196,6 +201,31 @@ export const authLoginServiceFactory = ({
      }
    }

+    if (
+      user.consecutiveFailedPasswordAttempts &&
+      user.consecutiveFailedPasswordAttempts >= 10 &&
+      Boolean(appCfg.CAPTCHA_SECRET)
+    ) {
+      if (!captchaToken) {
+        throw new BadRequestError({
+          name: "Captcha Required",
+          message: "Accomplish the required captcha by logging in via Web"
+        });
+      }
+
+      // validate captcha token
+      const response = await request.postForm<{ success: boolean }>("https://api.hcaptcha.com/siteverify", {
+        response: captchaToken,
+        secret: appCfg.CAPTCHA_SECRET
+      });
+
+      if (!response.data.success) {
+        throw new BadRequestError({
+          name: "Invalid Captcha"
+        });
+      }
+    }
+
    if (!userEnc.serverPrivateKey || !userEnc.clientPublicKey) throw new Error("Failed to authenticate. Try again?");
    const isValidClientProof = await srpCheckClientProof(
      userEnc.salt,
@@ -204,15 +234,31 @@ export const authLoginServiceFactory = ({
      userEnc.clientPublicKey,
      clientProof
    );
-    if (!isValidClientProof) throw new Error("Failed to authenticate. Try again?");
+
+    if (!isValidClientProof) {
+      await userDAL.update(
+        { id: userEnc.userId },
+        {
+          $incr: {
+            consecutiveFailedPasswordAttempts: 1
+          }
+        }
+      );
+
+      throw new Error("Failed to authenticate. Try again?");
+    }

    await userDAL.updateUserEncryptionByUserId(userEnc.userId, {
      serverPrivateKey: null,
      clientPublicKey: null
    });
+
+    await userDAL.updateById(userEnc.userId, {
+      consecutiveFailedPasswordAttempts: 0
+    });
+
    // send multi factor auth token if they it enabled
    if (userEnc.isMfaEnabled && userEnc.email) {
-      const user = await userDAL.findById(userEnc.userId);
      enforceUserLockStatus(Boolean(user.isLocked), user.temporaryLockDateEnd);

      const mfaToken = jwt.sign(
--- a/backend/src/services/auth/auth-login-type.ts
+++ b/backend/src/services/auth/auth-login-type.ts
@@ -12,6 +12,7 @@ export type TLoginClientProofDTO = {
  providerAuthToken?: string;
  ip: string;
  userAgent: string;
+  captchaToken?: string;
 };

 export type TVerifyMfaTokenDTO = {
--- a/backend/src/services/auth/auth-signup-service.ts
+++ b/backend/src/services/auth/auth-signup-service.ts
@@ -231,7 +231,7 @@ export const authSignupServiceFactory = ({

    const accessToken = jwt.sign(
      {
-        authMethod: AuthMethod.EMAIL,
+        authMethod: authMethod || AuthMethod.EMAIL,
        authTokenType: AuthTokenType.ACCESS_TOKEN,
        userId: updateduser.info.id,
        tokenVersionId: tokenSession.id,
@@ -244,7 +244,7 @@ export const authSignupServiceFactory = ({

    const refreshToken = jwt.sign(
      {
-        authMethod: AuthMethod.EMAIL,
+        authMethod: authMethod || AuthMethod.EMAIL,
        authTokenType: AuthTokenType.REFRESH_TOKEN,
        userId: updateduser.info.id,
        tokenVersionId: tokenSession.id,
--- a/backend/src/services/integration-auth/integration-sync-secret.ts
+++ b/backend/src/services/integration-auth/integration-sync-secret.ts
@@ -31,6 +31,7 @@ import { logger } from "@app/lib/logger";
 import { TCreateManySecretsRawFn, TUpdateManySecretsRawFn } from "@app/services/secret/secret-types";

 import { TIntegrationDALFactory } from "../integration/integration-dal";
+import { IntegrationMetadataSchema } from "../integration/integration-schema";
 import {
  IntegrationInitialSyncBehavior,
  IntegrationMappingBehavior,
@@ -1363,38 +1364,41 @@ const syncSecretsGitHub = async ({
    }
  }

-  for await (const encryptedSecret of encryptedSecrets) {
-    if (
-      !(encryptedSecret.name in secrets) &&
-      !(appendices?.prefix !== undefined && !encryptedSecret.name.startsWith(appendices?.prefix)) &&
-      !(appendices?.suffix !== undefined && !encryptedSecret.name.endsWith(appendices?.suffix))
-    ) {
-      switch (integration.scope) {
-        case GithubScope.Org: {
-          await octokit.request("DELETE /orgs/{org}/actions/secrets/{secret_name}", {
-            org: integration.owner as string,
-            secret_name: encryptedSecret.name
-          });
-          break;
-        }
-        case GithubScope.Env: {
-          await octokit.request(
-            "DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}",
-            {
-              repository_id: Number(integration.appId),
-              environment_name: integration.targetEnvironmentId as string,
+  const metadata = IntegrationMetadataSchema.parse(integration.metadata);
+  if (metadata.shouldEnableDelete) {
+    for await (const encryptedSecret of encryptedSecrets) {
+      if (
+        !(encryptedSecret.name in secrets) &&
+        !(appendices?.prefix !== undefined && !encryptedSecret.name.startsWith(appendices?.prefix)) &&
+        !(appendices?.suffix !== undefined && !encryptedSecret.name.endsWith(appendices?.suffix))
+      ) {
+        switch (integration.scope) {
+          case GithubScope.Org: {
+            await octokit.request("DELETE /orgs/{org}/actions/secrets/{secret_name}", {
+              org: integration.owner as string,
              secret_name: encryptedSecret.name
-            }
-          );
-          break;
-        }
-        default: {
-          await octokit.request("DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}", {
-            owner: integration.owner as string,
-            repo: integration.app as string,
-            secret_name: encryptedSecret.name
-          });
-          break;
+            });
+            break;
+          }
+          case GithubScope.Env: {
+            await octokit.request(
+              "DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}",
+              {
+                repository_id: Number(integration.appId),
+                environment_name: integration.targetEnvironmentId as string,
+                secret_name: encryptedSecret.name
+              }
+            );
+            break;
+          }
+          default: {
+            await octokit.request("DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}", {
+              owner: integration.owner as string,
+              repo: integration.app as string,
+              secret_name: encryptedSecret.name
+            });
+            break;
+          }
        }
      }
    }
@@ -1917,13 +1921,13 @@ const syncSecretsGitLab = async ({
    return allEnvVariables;
  };

+  const metadata = IntegrationMetadataSchema.parse(integration.metadata);
  const allEnvVariables = await getAllEnvVariables(integration?.appId as string, accessToken);
  const getSecretsRes: GitLabSecret[] = allEnvVariables
    .filter((secret: GitLabSecret) => secret.environment_scope === integration.targetEnvironment)
    .filter((gitLabSecret) => {
      let isValid = true;

-      const metadata = z.record(z.any()).parse(integration.metadata);
      if (metadata.secretPrefix && !gitLabSecret.key.startsWith(metadata.secretPrefix)) {
        isValid = false;
      }
@@ -1943,8 +1947,8 @@ const syncSecretsGitLab = async ({
        {
          key,
          value: secrets[key].value,
-          protected: false,
-          masked: false,
+          protected: Boolean(metadata.shouldProtectSecrets),
+          masked: Boolean(metadata.shouldMaskSecrets),
          raw: false,
          environment_scope: integration.targetEnvironment
        },
@@ -1961,7 +1965,9 @@ const syncSecretsGitLab = async ({
        `${gitLabApiUrl}/v4/projects/${integration?.appId}/variables/${existingSecret.key}?filter[environment_scope]=${integration.targetEnvironment}`,
        {
          ...existingSecret,
-          value: secrets[existingSecret.key].value
+          value: secrets[existingSecret.key].value,
+          protected: Boolean(metadata.shouldProtectSecrets),
+          masked: Boolean(metadata.shouldMaskSecrets)
        },
        {
          headers: {
--- a/backend/src/services/integration/integration-schema.ts
+++ b/backend/src/services/integration/integration-schema.ts
@@ -0,0 +1,37 @@
+import { z } from "zod";
+
+import { INTEGRATION } from "@app/lib/api-docs";
+
+import { IntegrationMappingBehavior } from "../integration-auth/integration-list";
+
+export const IntegrationMetadataSchema = z.object({
+  secretPrefix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretPrefix),
+  secretSuffix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretSuffix),
+  initialSyncBehavior: z.string().optional().describe(INTEGRATION.CREATE.metadata.initialSyncBehavoir),
+  mappingBehavior: z
+    .nativeEnum(IntegrationMappingBehavior)
+    .optional()
+    .describe(INTEGRATION.CREATE.metadata.mappingBehavior),
+  shouldAutoRedeploy: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldAutoRedeploy),
+  secretGCPLabel: z
+    .object({
+      labelName: z.string(),
+      labelValue: z.string()
+    })
+    .optional()
+    .describe(INTEGRATION.CREATE.metadata.secretGCPLabel),
+  secretAWSTag: z
+    .array(
+      z.object({
+        key: z.string(),
+        value: z.string()
+      })
+    )
+    .optional()
+    .describe(INTEGRATION.CREATE.metadata.secretAWSTag),
+  kmsKeyId: z.string().optional().describe(INTEGRATION.CREATE.metadata.kmsKeyId),
+  shouldDisableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldDisableDelete),
+  shouldEnableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldEnableDelete),
+  shouldMaskSecrets: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldMaskSecrets),
+  shouldProtectSecrets: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldProtectSecrets)
+});
--- a/backend/src/services/integration/integration-types.ts
+++ b/backend/src/services/integration/integration-types.ts
@@ -29,6 +29,9 @@ export type TCreateIntegrationDTO = {
    }[];
    kmsKeyId?: string;
    shouldDisableDelete?: boolean;
+    shouldMaskSecrets?: boolean;
+    shouldProtectSecrets?: boolean;
+    shouldEnableDelete?: boolean;
  };
 } & Omit<TProjectPermission, "projectId">;

@@ -54,6 +57,7 @@ export type TUpdateIntegrationDTO = {
    }[];
    kmsKeyId?: string;
    shouldDisableDelete?: boolean;
+    shouldEnableDelete?: boolean;
  };
 } & Omit<TProjectPermission, "projectId">;

--- a/backend/src/services/org/org-service.ts
+++ b/backend/src/services/org/org-service.ts
@@ -336,6 +336,7 @@ export const orgServiceFactory = ({
      return org;
    });

+    await licenseService.updateSubscriptionOrgMemberCount(organization.id);
    return organization;
  };

--- a/backend/src/services/secret/secret-fns.ts
+++ b/backend/src/services/secret/secret-fns.ts
@@ -309,7 +309,7 @@ export const interpolateSecrets = ({ projectId, secretEncKey, secretDAL, folderD
  };

  const expandSecrets = async (
-    secrets: Record<string, { value: string; comment?: string; skipMultilineEncoding?: boolean }>
+    secrets: Record<string, { value: string; comment?: string; skipMultilineEncoding?: boolean | null }>
  ) => {
    const expandedSec: Record<string, string> = {};
    const interpolatedSec: Record<string, string> = {};
@@ -329,8 +329,8 @@ export const interpolateSecrets = ({ projectId, secretEncKey, secretDAL, folderD
        // should not do multi line encoding if user has set it to skip
        // eslint-disable-next-line
        secrets[key].value = secrets[key].skipMultilineEncoding
-          ? expandedSec[key]
-          : formatMultiValueEnv(expandedSec[key]);
+          ? formatMultiValueEnv(expandedSec[key])
+          : expandedSec[key];
        // eslint-disable-next-line
        continue;
      }
@@ -347,7 +347,7 @@ export const interpolateSecrets = ({ projectId, secretEncKey, secretDAL, folderD
      );

      // eslint-disable-next-line
-      secrets[key].value = secrets[key].skipMultilineEncoding ? expandedVal : formatMultiValueEnv(expandedVal);
+      secrets[key].value = secrets[key].skipMultilineEncoding ? formatMultiValueEnv(expandedVal) : expandedVal;
    }

    return secrets;
@@ -395,7 +395,8 @@ export const decryptSecretRaw = (
    type: secret.type,
    _id: secret.id,
    id: secret.id,
-    user: secret.userId
+    user: secret.userId,
+    skipMultilineEncoding: secret.skipMultilineEncoding
  };
 };

--- a/backend/src/services/secret/secret-queue.ts
+++ b/backend/src/services/secret/secret-queue.ts
@@ -1,4 +1,6 @@
 /* eslint-disable no-await-in-loop */
+import { AxiosError } from "axios";
+
 import { getConfig } from "@app/lib/config/env";
 import { decryptSymmetric128BitHexKeyUTF8 } from "@app/lib/crypto";
 import { daysToMillisecond, secondsToMillis } from "@app/lib/dates";
@@ -67,7 +69,10 @@ const MAX_SYNC_SECRET_DEPTH = 5;
 export const uniqueSecretQueueKey = (environment: string, secretPath: string) =>
  `secret-queue-dedupe-${environment}-${secretPath}`;

-type TIntegrationSecret = Record<string, { value: string; comment?: string; skipMultilineEncoding?: boolean }>;
+type TIntegrationSecret = Record<
+  string,
+  { value: string; comment?: string; skipMultilineEncoding?: boolean | null | undefined }
+>;
 export const secretQueueFactory = ({
  queueService,
  integrationDAL,
@@ -567,11 +572,14 @@ export const secretQueueFactory = ({
          isSynced: true
        });
      } catch (err: unknown) {
-        logger.info("Secret integration sync error:", err);
+        logger.info("Secret integration sync error: %o", err);
+        const message =
+          err instanceof AxiosError ? JSON.stringify((err as AxiosError)?.response?.data) : (err as Error)?.message;
+
        await integrationDAL.updateById(integration.id, {
          lastSyncJobId: job.id,
          lastUsed: new Date(),
-          syncMessage: (err as Error)?.message,
+          syncMessage: message,
          isSynced: false
        });
      }
--- a/backend/src/services/secret/secret-service.ts
+++ b/backend/src/services/secret/secret-service.ts
@@ -952,15 +952,49 @@ export const secretServiceFactory = ({
    });

    const decryptedSecrets = secrets.map((el) => decryptSecretRaw(el, botKey));
-    const decryptedImports = (imports || [])?.map(({ secrets: importedSecrets, ...el }) => ({
-      ...el,
-      secrets: importedSecrets.map((sec) =>
+    const processedImports = (imports || [])?.map(({ secrets: importedSecrets, ...el }) => {
+      const decryptedImportSecrets = importedSecrets.map((sec) =>
        decryptSecretRaw(
          { ...sec, environment: el.environment, workspace: projectId, secretPath: el.secretPath },
          botKey
        )
-      )
-    }));
+      );
+
+      // secret-override to handle duplicate keys from different import levels
+      // this prioritizes secret values from direct imports
+      const importedKeys = new Set<string>();
+      const importedEntries = decryptedImportSecrets.reduce(
+        (
+          accum: {
+            secretKey: string;
+            secretPath: string;
+            workspace: string;
+            environment: string;
+            secretValue: string;
+            secretComment: string;
+            version: number;
+            type: string;
+            _id: string;
+            id: string;
+            user: string | null | undefined;
+            skipMultilineEncoding: boolean | null | undefined;
+          }[],
+          sec
+        ) => {
+          if (!importedKeys.has(sec.secretKey)) {
+            importedKeys.add(sec.secretKey);
+            return [...accum, sec];
+          }
+          return accum;
+        },
+        []
+      );
+
+      return {
+        ...el,
+        secrets: importedEntries
+      };
+    });

    if (expandSecretReferences) {
      const expandSecrets = interpolateSecrets({
@@ -971,10 +1005,24 @@ export const secretServiceFactory = ({
      });

      const batchSecretsExpand = async (
-        secretBatch: { secretKey: string; secretValue: string; secretComment?: string; secretPath: string }[]
+        secretBatch: {
+          secretKey: string;
+          secretValue: string;
+          secretComment?: string;
+          secretPath: string;
+          skipMultilineEncoding: boolean | null | undefined;
+        }[]
      ) => {
        // Group secrets by secretPath
-        const secretsByPath: Record<string, { secretKey: string; secretValue: string; secretComment?: string }[]> = {};
+        const secretsByPath: Record<
+          string,
+          {
+            secretKey: string;
+            secretValue: string;
+            secretComment?: string;
+            skipMultilineEncoding: boolean | null | undefined;
+          }[]
+        > = {};

        secretBatch.forEach((secret) => {
          if (!secretsByPath[secret.secretPath]) {
@@ -990,11 +1038,15 @@ export const secretServiceFactory = ({
            continue;
          }

-          const secretRecord: Record<string, { value: string; comment?: string; skipMultilineEncoding?: boolean }> = {};
+          const secretRecord: Record<
+            string,
+            { value: string; comment?: string; skipMultilineEncoding: boolean | null | undefined }
+          > = {};
          secretsByPath[secPath].forEach((decryptedSecret) => {
            secretRecord[decryptedSecret.secretKey] = {
              value: decryptedSecret.secretValue,
-              comment: decryptedSecret.secretComment
+              comment: decryptedSecret.secretComment,
+              skipMultilineEncoding: decryptedSecret.skipMultilineEncoding
            };
          });

@@ -1011,12 +1063,12 @@ export const secretServiceFactory = ({
      await batchSecretsExpand(decryptedSecrets);

      // expand imports by batch
-      await Promise.all(decryptedImports.map((decryptedImport) => batchSecretsExpand(decryptedImport.secrets)));
+      await Promise.all(processedImports.map((processedImport) => batchSecretsExpand(processedImport.secrets)));
    }

    return {
      secrets: decryptedSecrets,
-      imports: decryptedImports
+      imports: processedImports
    };
  };

--- a/backend/src/services/smtp/smtp-service.ts
+++ b/backend/src/services/smtp/smtp-service.ts
@@ -41,21 +41,8 @@ export enum SmtpHost {
  Office365 = "smtp.office365.com"
 }

-export const getTlsOption = (host?: SmtpHost | string, secure?: boolean) => {
-  if (!secure) return { secure: false };
-  if (!host) return { secure: true };
-
-  if ((host as SmtpHost) === SmtpHost.Sendgrid) {
-    return { secure: true, port: 465 }; // more details here https://nodemailer.com/smtp/
-  }
-  if (host.includes("amazonaws.com")) {
-    return { tls: { ciphers: "TLSv1.2" } };
-  }
-  return { requireTLS: true, tls: { ciphers: "TLSv1.2" } };
-};
-
 export const smtpServiceFactory = (cfg: TSmtpConfig) => {
-  const smtp = createTransport({ ...cfg, ...getTlsOption(cfg.host, cfg.secure) });
+  const smtp = createTransport(cfg);
  const isSmtpOn = Boolean(cfg.host);

  const sendMail = async ({ substitutions, recipients, template, subjectLine }: TSmtpSendMail) => {
--- a/backend/src/services/user/user-service.ts
+++ b/backend/src/services/user/user-service.ts
@@ -21,6 +21,7 @@ type TUserServiceFactoryDep = {
    | "findOneUserAction"
    | "createUserAction"
    | "findUserEncKeyByUserId"
+    | "delete"
  >;
  userAliasDAL: Pick<TUserAliasDALFactory, "find" | "insertMany">;
  orgMembershipDAL: Pick<TOrgMembershipDALFactory, "find" | "insertMany">;
@@ -85,7 +86,7 @@ export const userServiceFactory = ({
        tx
      );

-      // check if there are users with the same email.
+      // check if there are verified users with the same email.
      const users = await userDAL.find(
        {
          email,
@@ -134,6 +135,15 @@ export const userServiceFactory = ({
          );
        }
      } else {
+        await userDAL.delete(
+          {
+            email,
+            isAccepted: false,
+            isEmailVerified: false
+          },
+          tx
+        );
+
        // update current user's username to [email]
        await userDAL.updateById(
          user.id,
--- a/cli/.gitignore
+++ b/cli/.gitignore
@@ -1,3 +1,4 @@
 .infisical.json
 dist/
 agent-config.test.yaml
+.test.env
--- a/cli/go.mod
+++ b/cli/go.mod
@@ -3,7 +3,9 @@ module github.com/Infisical/infisical-merge
 go 1.21

 require (
+	github.com/bradleyjkemp/cupaloy/v2 v2.8.0
 	github.com/charmbracelet/lipgloss v0.5.0
+	github.com/creack/pty v1.1.21
 	github.com/denisbrodbeck/machineid v1.0.1
 	github.com/fatih/semgroup v1.2.0
 	github.com/gitleaks/go-gitdiff v0.8.0
@@ -29,7 +31,6 @@ require (
 require (
 	github.com/alessio/shellescape v1.4.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
-	github.com/bradleyjkemp/cupaloy/v2 v2.8.0 // indirect
 	github.com/chzyer/readline v1.5.1 // indirect
 	github.com/danieljoos/wincred v1.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
--- a/cli/go.sum
+++ b/cli/go.sum
@@ -74,6 +74,8 @@ github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
+github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=
 github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
--- a/cli/packages/util/common.go
+++ b/cli/packages/util/common.go
@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"net/http"
 	"os"
+
+	"github.com/Infisical/infisical-merge/packages/config"
 )

 func GetHomeDir() (string, error) {
@@ -21,7 +23,7 @@ func WriteToFile(fileName string, dataToWrite []byte, filePerm os.FileMode) erro
 	return nil
 }

-func CheckIsConnectedToInternet() (ok bool) {
-	_, err := http.Get("http://clients3.google.com/generate_204")
+func ValidateInfisicalAPIConnection() (ok bool) {
+	_, err := http.Get(fmt.Sprintf("%v/status", config.INFISICAL_URL))
 	return err == nil
 }
--- a/cli/packages/util/secrets.go
+++ b/cli/packages/util/secrets.go
@@ -307,32 +307,33 @@ func FilterSecretsByTag(plainTextSecrets []models.SingleEnvironmentVariable, tag
 }

 func GetAllEnvironmentVariables(params models.GetAllSecretsParameters, projectConfigFilePath string) ([]models.SingleEnvironmentVariable, error) {
-	isConnected := CheckIsConnectedToInternet()
 	var secretsToReturn []models.SingleEnvironmentVariable
 	// var serviceTokenDetails api.GetServiceTokenDetailsResponse
 	var errorToReturn error

 	if params.InfisicalToken == "" && params.UniversalAuthAccessToken == "" {
-		if isConnected {
-			log.Debug().Msg("GetAllEnvironmentVariables: Connected to internet, checking logged in creds")
-
-			if projectConfigFilePath == "" {
-				RequireLocalWorkspaceFile()
-			} else {
-				ValidateWorkspaceFile(projectConfigFilePath)
-			}
-
-			RequireLogin()
+		if projectConfigFilePath == "" {
+			RequireLocalWorkspaceFile()
+		} else {
+			ValidateWorkspaceFile(projectConfigFilePath)
 		}

+		RequireLogin()
+
 		log.Debug().Msg("GetAllEnvironmentVariables: Trying to fetch secrets using logged in details")

 		loggedInUserDetails, err := GetCurrentLoggedInUserDetails()
+		isConnected := ValidateInfisicalAPIConnection()
+
+		if isConnected {
+			log.Debug().Msg("GetAllEnvironmentVariables: Connected to Infisical instance, checking logged in creds")
+		}
+
 		if err != nil {
 			return nil, err
 		}

-		if loggedInUserDetails.LoginExpired {
+		if isConnected && loggedInUserDetails.LoginExpired {
 			PrintErrorMessageAndExit("Your login session has expired, please run [infisical login] and try again")
 		}

@@ -364,12 +365,12 @@ func GetAllEnvironmentVariables(params models.GetAllSecretsParameters, projectCo

 		backupSecretsEncryptionKey := []byte(loggedInUserDetails.UserCredentials.PrivateKey)[0:32]
 		if errorToReturn == nil {
-			WriteBackupSecrets(infisicalDotJson.WorkspaceId, params.Environment, backupSecretsEncryptionKey, secretsToReturn)
+			WriteBackupSecrets(infisicalDotJson.WorkspaceId, params.Environment, params.SecretsPath, backupSecretsEncryptionKey, secretsToReturn)
 		}

 		// only attempt to serve cached secrets if no internet connection and if at least one secret cached
 		if !isConnected {
-			backedSecrets, err := ReadBackupSecrets(infisicalDotJson.WorkspaceId, params.Environment, backupSecretsEncryptionKey)
+			backedSecrets, err := ReadBackupSecrets(infisicalDotJson.WorkspaceId, params.Environment, params.SecretsPath, backupSecretsEncryptionKey)
 			if len(backedSecrets) > 0 {
 				PrintWarning("Unable to fetch latest secret(s) due to connection error, serving secrets from last successful fetch. For more info, run with --debug")
 				secretsToReturn = backedSecrets
@@ -634,8 +635,9 @@ func GetPlainTextSecrets(key []byte, encryptedSecrets []api.EncryptedSecretV3) (
 	return plainTextSecrets, nil
 }

-func WriteBackupSecrets(workspace string, environment string, encryptionKey []byte, secrets []models.SingleEnvironmentVariable) error {
-	fileName := fmt.Sprintf("secrets_%s_%s", workspace, environment)
+func WriteBackupSecrets(workspace string, environment string, secretsPath string, encryptionKey []byte, secrets []models.SingleEnvironmentVariable) error {
+	formattedPath := strings.ReplaceAll(secretsPath, "/", "-")
+	fileName := fmt.Sprintf("secrets_%s_%s_%s", workspace, environment, formattedPath)
 	secrets_backup_folder_name := "secrets-backup"

 	_, fullConfigFileDirPath, err := GetFullConfigFilePath()
@@ -672,8 +674,9 @@ func WriteBackupSecrets(workspace string, environment string, encryptionKey []by
 	return nil
 }

-func ReadBackupSecrets(workspace string, environment string, encryptionKey []byte) ([]models.SingleEnvironmentVariable, error) {
-	fileName := fmt.Sprintf("secrets_%s_%s", workspace, environment)
+func ReadBackupSecrets(workspace string, environment string, secretsPath string, encryptionKey []byte) ([]models.SingleEnvironmentVariable, error) {
+	formattedPath := strings.ReplaceAll(secretsPath, "/", "-")
+	fileName := fmt.Sprintf("secrets_%s_%s_%s", workspace, environment, formattedPath)
 	secrets_backup_folder_name := "secrets-backup"

 	_, fullConfigFileDirPath, err := GetFullConfigFilePath()
--- a/cli/scripts/export_test_env.sh
+++ b/cli/scripts/export_test_env.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+TEST_ENV_FILE=".test.env"
+
+# Check if the .env file exists
+if [ ! -f "$TEST_ENV_FILE" ]; then
+    echo "$TEST_ENV_FILE does not exist."
+    exit 1
+fi
+
+# Export the variables
+while IFS= read -r line
+do
+    # Skip empty lines and lines starting with #
+    if [[ -z "$line" || "$line" =~ ^\# ]]; then
+        continue
+    fi
+    # Read the key-value pair
+    IFS='=' read -r key value <<< "$line"
+    eval export $key=\$value
+done < "$TEST_ENV_FILE"
+
+echo "Test environment variables set."
--- a/cli/test/.snapshots/test-TestUserAuth_SecretsGetAll
+++ b/cli/test/.snapshots/test-TestUserAuth_SecretsGetAll
@@ -0,0 +1,7 @@
+┌───────────────┬──────────────┬─────────────┐
+│ SECRET NAME   │ SECRET VALUE │ SECRET TYPE │
+├───────────────┼──────────────┼─────────────┤
+│ TEST-SECRET-1 │ test-value-1 │ shared      │
+│ TEST-SECRET-2 │ test-value-2 │ shared      │
+│ TEST-SECRET-3 │ test-value-3 │ shared      │
+└───────────────┴──────────────┴─────────────┘
--- a/cli/test/.snapshots/test-testUserAuth_SecretsGetAllWithoutConnection
+++ b/cli/test/.snapshots/test-testUserAuth_SecretsGetAllWithoutConnection
@@ -0,0 +1,8 @@
+Warning: Unable to fetch latest secret(s) due to connection error, serving secrets from last successful fetch. For more info, run with --debug 
+┌───────────────┬──────────────┬─────────────┐
+│ SECRET NAME   │ SECRET VALUE │ SECRET TYPE │
+├───────────────┼──────────────┼─────────────┤
+│ TEST-SECRET-1 │ test-value-1 │ shared      │
+│ TEST-SECRET-2 │ test-value-2 │ shared      │
+│ TEST-SECRET-3 │ test-value-3 │ shared      │
+└───────────────┴──────────────┴─────────────┘
--- a/cli/test/export_test.go
+++ b/cli/test/export_test.go
@@ -8,7 +8,6 @@ import (

 func TestUniversalAuth_ExportSecretsWithImports(t *testing.T) {
 	MachineIdentityLoginCmd(t)
-	SetupCli(t)

 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "export", "--token", creds.UAAccessToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--silent")

@@ -24,8 +23,6 @@ func TestUniversalAuth_ExportSecretsWithImports(t *testing.T) {
 }

 func TestServiceToken_ExportSecretsWithImports(t *testing.T) {
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "export", "--token", creds.ServiceToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--silent")

 	if err != nil {
@@ -41,8 +38,6 @@ func TestServiceToken_ExportSecretsWithImports(t *testing.T) {

 func TestUniversalAuth_ExportSecretsWithoutImports(t *testing.T) {
 	MachineIdentityLoginCmd(t)
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "export", "--token", creds.UAAccessToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--silent", "--include-imports=false")

 	if err != nil {
@@ -57,8 +52,6 @@ func TestUniversalAuth_ExportSecretsWithoutImports(t *testing.T) {
 }

 func TestServiceToken_ExportSecretsWithoutImports(t *testing.T) {
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "export", "--token", creds.ServiceToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--silent", "--include-imports=false")

 	if err != nil {
--- a/cli/test/helper.go
+++ b/cli/test/helper.go
@@ -2,10 +2,10 @@ package tests

 import (
 	"fmt"
+	"log"
 	"os"
 	"os/exec"
 	"strings"
-	"testing"
 )

 const (
@@ -23,6 +23,8 @@ type Credentials struct {
 	ServiceToken  string
 	ProjectID     string
 	EnvSlug       string
+	UserEmail     string
+	UserPassword  string
 }

 var creds = Credentials{
@@ -32,18 +34,21 @@ var creds = Credentials{
 	ServiceToken:  os.Getenv("CLI_TESTS_SERVICE_TOKEN"),
 	ProjectID:     os.Getenv("CLI_TESTS_PROJECT_ID"),
 	EnvSlug:       os.Getenv("CLI_TESTS_ENV_SLUG"),
+	UserEmail:     os.Getenv("CLI_TESTS_USER_EMAIL"),
+	UserPassword:  os.Getenv("CLI_TESTS_USER_PASSWORD"),
 }

 func ExecuteCliCommand(command string, args ...string) (string, error) {
 	cmd := exec.Command(command, args...)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
+		fmt.Println(fmt.Sprint(err) + ": " + string(output))
 		return strings.TrimSpace(string(output)), err
 	}
 	return strings.TrimSpace(string(output)), nil
 }

-func SetupCli(t *testing.T) {
+func SetupCli() {

 	if creds.ClientID == "" || creds.ClientSecret == "" || creds.ServiceToken == "" || creds.ProjectID == "" || creds.EnvSlug == "" {
 		panic("Missing required environment variables")
@@ -57,7 +62,7 @@ func SetupCli(t *testing.T) {

 	if !alreadyBuilt {
 		if err := exec.Command("go", "build", "../.").Run(); err != nil {
-			t.Fatal(err)
+			log.Fatal(err)
 		}
 	}

--- a/cli/test/login_test.go
+++ b/cli/test/login_test.go
@@ -1,14 +1,124 @@
 package tests

 import (
+	"log"
+	"os/exec"
+	"strings"
 	"testing"

+	"github.com/creack/pty"
 	"github.com/stretchr/testify/assert"
 )

-func MachineIdentityLoginCmd(t *testing.T) {
-	SetupCli(t)
+func UserInitCmd() {
+	c := exec.Command(FORMATTED_CLI_NAME, "init")
+	ptmx, err := pty.Start(c)
+	if err != nil {
+		log.Fatalf("error running CLI command: %v", err)
+    }
+ 	defer func() { _ = ptmx.Close() }()

+	stepChan := make(chan int, 10)
+
+	go func() {
+		buf := make([]byte, 1024)
+		step := -1
+		for {
+			n, err := ptmx.Read(buf)
+			if n > 0 {
+				terminalOut := string(buf)
+				if strings.Contains(terminalOut, "Which Infisical organization would you like to select a project from?") && step < 0  {
+					step += 1
+					stepChan <- step
+				} else if strings.Contains(terminalOut, "Which of your Infisical projects would you like to connect this project to?") && step < 1 {
+					step += 1;
+					stepChan <- step
+				}
+			}
+			if err != nil {
+				close(stepChan)
+				return
+			}
+		}
+	}()
+
+	for i := range stepChan {
+		switch i {
+		case 0: 
+			ptmx.Write([]byte("\n"))
+		case 1:
+			ptmx.Write([]byte("\n"))
+		}
+	}
+}
+
+func UserLoginCmd() {
+	// set vault to file because CI has no keyring
+	vaultCmd := exec.Command(FORMATTED_CLI_NAME, "vault", "set", "file")
+	_, err := vaultCmd.Output()
+	if err != nil {
+		log.Fatalf("error setting vault: %v", err)
+	}
+
+	// Start programmatic interaction with CLI
+	c := exec.Command(FORMATTED_CLI_NAME, "login", "--interactive")
+	ptmx, err := pty.Start(c)
+	if err != nil {
+		log.Fatalf("error running CLI command: %v", err)
+    }
+ 	defer func() { _ = ptmx.Close() }()
+
+	stepChan := make(chan int, 10)
+
+	go func() {
+		buf := make([]byte, 1024)
+		step := -1
+		for {
+			n, err := ptmx.Read(buf)
+			if n > 0 {
+				terminalOut := string(buf)
+				if strings.Contains(terminalOut, "Infisical Cloud") && step < 0 {
+					step += 1;
+					stepChan <- step
+				} else if strings.Contains(terminalOut, "Email") && step < 1 {
+					step += 1;
+					stepChan <- step
+				} else if strings.Contains(terminalOut, "Password") && step < 2 {
+					step += 1;
+					stepChan <- step
+				} else if strings.Contains(terminalOut, "Infisical organization") && step < 3 {
+					step += 1;
+					stepChan <- step
+				} else if strings.Contains(terminalOut, "Enter passphrase") && step < 4 {
+					step += 1;
+					stepChan <- step
+				}
+			}
+			if err != nil {
+				close(stepChan)
+				return
+			}
+		}
+	}()
+
+	for i := range stepChan {
+		switch i {
+		case 0:
+			ptmx.Write([]byte("\n"))
+		case 1:
+			ptmx.Write([]byte(creds.UserEmail))
+			ptmx.Write([]byte("\n"))
+		case 2:
+			ptmx.Write([]byte(creds.UserPassword))
+			ptmx.Write([]byte("\n"))
+		case 3:
+			ptmx.Write([]byte("\n"))
+		}
+	}
+
+}
+
+func MachineIdentityLoginCmd(t *testing.T) {
 	if creds.UAAccessToken != "" {
 		return
 	}
--- a/cli/test/main_test.go
+++ b/cli/test/main_test.go
@@ -0,0 +1,23 @@
+package tests
+
+import (
+	"fmt"
+	"os"
+	"testing"
+)
+
+func TestMain(m *testing.M) {
+    // Setup
+	fmt.Println("Setting up CLI...")
+	SetupCli()
+	fmt.Println("Performing user login...")
+	UserLoginCmd()
+	fmt.Println("Performing infisical init...")
+	UserInitCmd()
+
+    // Run the tests
+    code := m.Run()
+
+    // Exit
+    os.Exit(code)
+}
--- a/cli/test/run_test.go
+++ b/cli/test/run_test.go
@@ -8,8 +8,6 @@ import (
 )

 func TestServiceToken_RunCmdRecursiveAndImports(t *testing.T) {
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "run", "--token", creds.ServiceToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--recursive", "--silent", "--", "echo", "hello world")

 	if err != nil {
@@ -25,8 +23,6 @@ func TestServiceToken_RunCmdRecursiveAndImports(t *testing.T) {
 	}
 }
 func TestServiceToken_RunCmdWithImports(t *testing.T) {
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "run", "--token", creds.ServiceToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--silent", "--", "echo", "hello world")

 	if err != nil {
@@ -44,8 +40,6 @@ func TestServiceToken_RunCmdWithImports(t *testing.T) {

 func TestUniversalAuth_RunCmdRecursiveAndImports(t *testing.T) {
 	MachineIdentityLoginCmd(t)
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "run", "--token", creds.UAAccessToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--recursive", "--silent", "--", "echo", "hello world")

 	if err != nil {
@@ -63,8 +57,6 @@ func TestUniversalAuth_RunCmdRecursiveAndImports(t *testing.T) {

 func TestUniversalAuth_RunCmdWithImports(t *testing.T) {
 	MachineIdentityLoginCmd(t)
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "run", "--token", creds.UAAccessToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--silent", "--", "echo", "hello world")

 	if err != nil {
@@ -83,8 +75,6 @@ func TestUniversalAuth_RunCmdWithImports(t *testing.T) {

 func TestUniversalAuth_RunCmdWithoutImports(t *testing.T) {
 	MachineIdentityLoginCmd(t)
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "run", "--token", creds.UAAccessToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--silent", "--include-imports=false", "--", "echo", "hello world")

 	if err != nil {
@@ -101,8 +91,6 @@ func TestUniversalAuth_RunCmdWithoutImports(t *testing.T) {
 }

 func TestServiceToken_RunCmdWithoutImports(t *testing.T) {
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "run", "--token", creds.ServiceToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--silent", "--include-imports=false", "--", "echo", "hello world")

 	if err != nil {
--- a/cli/test/secrets_by_name_test.go
+++ b/cli/test/secrets_by_name_test.go
@@ -7,8 +7,6 @@ import (
 )

 func TestServiceToken_GetSecretsByNameRecursive(t *testing.T) {
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "get", "TEST-SECRET-1", "TEST-SECRET-2", "FOLDER-SECRET-1", "--token", creds.ServiceToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--recursive", "--silent")

 	if err != nil {
@@ -23,8 +21,6 @@ func TestServiceToken_GetSecretsByNameRecursive(t *testing.T) {
 }

 func TestServiceToken_GetSecretsByNameWithNotFoundSecret(t *testing.T) {
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "get", "TEST-SECRET-1", "TEST-SECRET-2", "FOLDER-SECRET-1", "DOES-NOT-EXIST", "--token", creds.ServiceToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--recursive", "--silent")

 	if err != nil {
@@ -39,8 +35,6 @@ func TestServiceToken_GetSecretsByNameWithNotFoundSecret(t *testing.T) {
 }

 func TestServiceToken_GetSecretsByNameWithImports(t *testing.T) {
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "get", "TEST-SECRET-1", "STAGING-SECRET-2", "FOLDER-SECRET-1", "--token", creds.ServiceToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--recursive", "--silent")

 	if err != nil {
@@ -56,8 +50,6 @@ func TestServiceToken_GetSecretsByNameWithImports(t *testing.T) {

 func TestUniversalAuth_GetSecretsByNameRecursive(t *testing.T) {
 	MachineIdentityLoginCmd(t)
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "get", "TEST-SECRET-1", "TEST-SECRET-2", "FOLDER-SECRET-1", "--token", creds.UAAccessToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--recursive", "--silent")

 	if err != nil {
@@ -73,8 +65,6 @@ func TestUniversalAuth_GetSecretsByNameRecursive(t *testing.T) {

 func TestUniversalAuth_GetSecretsByNameWithNotFoundSecret(t *testing.T) {
 	MachineIdentityLoginCmd(t)
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "get", "TEST-SECRET-1", "TEST-SECRET-2", "FOLDER-SECRET-1", "DOES-NOT-EXIST", "--token", creds.UAAccessToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--recursive", "--silent")

 	if err != nil {
@@ -90,8 +80,6 @@ func TestUniversalAuth_GetSecretsByNameWithNotFoundSecret(t *testing.T) {

 func TestUniversalAuth_GetSecretsByNameWithImports(t *testing.T) {
 	MachineIdentityLoginCmd(t)
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "get", "TEST-SECRET-1", "STAGING-SECRET-2", "FOLDER-SECRET-1", "--token", creds.UAAccessToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--recursive", "--silent")

 	if err != nil {
--- a/cli/test/secrets_test.go
+++ b/cli/test/secrets_test.go
@@ -3,12 +3,12 @@ package tests
 import (
 	"testing"

+	"github.com/Infisical/infisical-merge/packages/util"
 	"github.com/bradleyjkemp/cupaloy/v2"
 )

-func TestServiceToken_SecretsGetWithImportsAndRecursiveCmd(t *testing.T) {
-	SetupCli(t)

+func TestServiceToken_SecretsGetWithImportsAndRecursiveCmd(t *testing.T) {
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "--token", creds.ServiceToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--recursive", "--silent")

 	if err != nil {
@@ -23,8 +23,6 @@ func TestServiceToken_SecretsGetWithImportsAndRecursiveCmd(t *testing.T) {
 }

 func TestServiceToken_SecretsGetWithoutImportsAndWithoutRecursiveCmd(t *testing.T) {
-	SetupCli(t)
-
 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "--token", creds.ServiceToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--include-imports=false", "--silent")

 	if err != nil {
@@ -39,7 +37,6 @@ func TestServiceToken_SecretsGetWithoutImportsAndWithoutRecursiveCmd(t *testing.
 }

 func TestUniversalAuth_SecretsGetWithImportsAndRecursiveCmd(t *testing.T) {
-	SetupCli(t)
 	MachineIdentityLoginCmd(t)

 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "--token", creds.UAAccessToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--recursive", "--silent")
@@ -56,7 +53,6 @@ func TestUniversalAuth_SecretsGetWithImportsAndRecursiveCmd(t *testing.T) {
 }

 func TestUniversalAuth_SecretsGetWithoutImportsAndWithoutRecursiveCmd(t *testing.T) {
-	SetupCli(t)
 	MachineIdentityLoginCmd(t)

 	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "--token", creds.UAAccessToken, "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--include-imports=false", "--silent")
@@ -73,7 +69,6 @@ func TestUniversalAuth_SecretsGetWithoutImportsAndWithoutRecursiveCmd(t *testing
 }

 func TestUniversalAuth_SecretsGetWrongEnvironment(t *testing.T) {
-	SetupCli(t)
 	MachineIdentityLoginCmd(t)

 	output, _ := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "--token", creds.UAAccessToken, "--projectId", creds.ProjectID, "--env", "invalid-env", "--recursive", "--silent")
@@ -85,3 +80,45 @@ func TestUniversalAuth_SecretsGetWrongEnvironment(t *testing.T) {
 	}

 }
+
+func TestUserAuth_SecretsGetAll(t *testing.T) {
+	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--include-imports=false", "--silent")
+	if err != nil {
+		t.Fatalf("error running CLI command: %v", err)
+	}
+
+	// Use cupaloy to snapshot test the output
+	err = cupaloy.Snapshot(output)
+	if err != nil {
+		t.Fatalf("snapshot failed: %v", err)
+	}
+
+	// explicitly called here because it should happen directly after successful secretsGetAll
+	testUserAuth_SecretsGetAllWithoutConnection(t)
+}
+
+func testUserAuth_SecretsGetAllWithoutConnection(t *testing.T) {
+	originalConfigFile, err := util.GetConfigFile()
+	if err != nil {
+		t.Fatalf("error getting config file")
+	}
+	newConfigFile := originalConfigFile
+
+	// set it to a URL that will always be unreachable
+	newConfigFile.LoggedInUserDomain = "http://localhost:4999"
+	util.WriteConfigFile(&newConfigFile)
+	
+	// restore config file
+	defer util.WriteConfigFile(&originalConfigFile)
+
+	output, err := ExecuteCliCommand(FORMATTED_CLI_NAME, "secrets", "--projectId", creds.ProjectID, "--env", creds.EnvSlug, "--include-imports=false", "--silent")
+	if err != nil {
+		t.Fatalf("error running CLI command: %v", err)
+	}
+
+	// Use cupaloy to snapshot test the output
+	err = cupaloy.Snapshot(output)
+	if err != nil {
+		t.Fatalf("snapshot failed: %v", err)
+	}
+}
--- a/docs/self-hosting/configuration/envars.mdx
+++ b/docs/self-hosting/configuration/envars.mdx
@@ -48,44 +48,44 @@ The platform utilizes Postgres to persist all of its data and Redis for caching
 Without email configuration, Infisical's core functions like sign-up/login and secret operations work, but this disables multi-factor authentication, email invites for projects, alerts for suspicious logins, and all other email-dependent features.

 <Accordion title="Generic Configuration">
-  <ParamField query="SMTP_HOST" type="string" default="none" optional>
-    Hostname to connect to for establishing SMTP connections
-  </ParamField>
-
-{" "}
-
-<ParamField query="SMTP_USERNAME" type="string" default="none" optional>
-  Credential to connect to host (e.g. team@infisical.com)
+<ParamField query="SMTP_HOST" type="string" default="none" optional>
+  Hostname to connect to for establishing SMTP connections
 </ParamField>

-{" "}
-
-<ParamField query="SMTP_PASSWORD" type="string" default="none" optional>
-  Credential to connect to host
-</ParamField>
-
-{" "}
-
 <ParamField query="SMTP_PORT" type="string" default="587" optional>
  Port to connect to for establishing SMTP connections
 </ParamField>

-{" "}
-
-<ParamField query="SMTP_SECURE" type="string" default="none" optional>
-  If true, use TLS when connecting to host. If false, TLS will be used if
-  STARTTLS is supported
+<ParamField query="SMTP_USERNAME" type="string" default="none" optional>
+  Credential to connect to host (e.g. team@infisical.com)
 </ParamField>

-{" "}
+<ParamField query="SMTP_PASSWORD" type="string" default="none" optional>
+  Credential to connect to host
+</ParamField>

 <ParamField query="SMTP_FROM_ADDRESS" type="string" default="none" optional>
  Email address to be used for sending emails
 </ParamField>

-  <ParamField query="SMTP_FROM_NAME" type="string" default="none" optional>
-    Name label to be used in From field (e.g. Team)
-  </ParamField>
+<ParamField query="SMTP_FROM_NAME" type="string" default="none" optional>
+  Name label to be used in From field (e.g. Team)
+</ParamField>
+
+<ParamField query="SMTP_IGNORE_TLS" type="bool" default="false" optional>
+  If this is `true` and `SMTP_PORT` is not 465 then TLS is not used even if the
+  server supports STARTTLS extension.
+</ParamField>
+
+<ParamField query="SMTP_REQUIRE_TLS" type="bool" default="true" optional>
+  If this is `true` and `SMTP_PORT` is not 465 then Infisical tries to use
+  STARTTLS even if the server does not advertise support for it. If the
+  connection can not be encrypted then message is not sent.
+</ParamField>
+
+<ParamField query="SMTP_TLS_REJECT_UNAUTHORIZED" type="bool" default="true" optional>
+  If this is `true`, Infisical will validate the server's SSL/TLS certificate and reject the connection if the certificate is invalid or not trusted. If set to `false`, the client will accept the server's certificate regardless of its validity, which can be useful in development or testing environments but is not recommended for production use.
+</ParamField>
 </Accordion>

 <Accordion title="Twilio SendGrid">
@@ -105,7 +105,6 @@ SMTP_HOST=smtp.sendgrid.net
 SMTP_USERNAME=apikey
 SMTP_PASSWORD=SG.rqFsfjxYPiqE1lqZTgD_lz7x8IVLx # your SendGrid API Key from step above
 SMTP_PORT=587
-SMTP_SECURE=true
 SMTP_FROM_ADDRESS=hey@example.com # your email address being used to send out emails
 SMTP_FROM_NAME=Infisical
 ```
@@ -128,7 +127,6 @@ SMTP_HOST=smtp.mailgun.org # obtained from credentials page
 SMTP_USERNAME=postmaster@example.mailgun.org # obtained from credentials page
 SMTP_PASSWORD=password # obtained from credentials page
 SMTP_PORT=587
-SMTP_SECURE=true
 SMTP_FROM_ADDRESS=hey@example.com # your email address being used to send out emails
 SMTP_FROM_NAME=Infisical
 ```
@@ -159,7 +157,6 @@ SMTP_FROM_NAME=Infisical
      SMTP_USERNAME=xxx # your SMTP username
      SMTP_PASSWORD=xxx # your SMTP password
      SMTP_PORT=465
-      SMTP_SECURE=true
      SMTP_FROM_ADDRESS=hey@example.com # your email address being used to send out emails
      SMTP_FROM_NAME=Infisical
      ```
@@ -187,7 +184,6 @@ SMTP_HOST=smtp.socketlabs.com
 SMTP_USERNAME=username # obtained from your credentials
 SMTP_PASSWORD=password # obtained from your credentials
 SMTP_PORT=587
-SMTP_SECURE=true
 SMTP_FROM_ADDRESS=hey@example.com # your email address being used to send out emails
 SMTP_FROM_NAME=Infisical
 ```
@@ -229,7 +225,6 @@ SMTP_HOST=smtp.resend.com
 SMTP_USERNAME=resend
 SMTP_PASSWORD=YOUR_API_KEY
 SMTP_PORT=587
-SMTP_SECURE=true
 SMTP_FROM_ADDRESS=hey@example.com # your email address being used to send out emails
 SMTP_FROM_NAME=Infisical
 ```
@@ -253,7 +248,6 @@ SMTP_HOST=smtp.gmail.com
 SMTP_USERNAME=hey@gmail.com # your email
 SMTP_PASSWORD=password # your password
 SMTP_PORT=587
-SMTP_SECURE=true
 SMTP_FROM_ADDRESS=hey@gmail.com
 SMTP_FROM_NAME=Infisical
 ```
@@ -277,7 +271,6 @@ SMTP_HOST=smtp.office365.com
 SMTP_USERNAME=username@yourdomain.com # your username
 SMTP_PASSWORD=password # your password
 SMTP_PORT=587
-SMTP_SECURE=true
 SMTP_FROM_ADDRESS=username@yourdomain.com
 SMTP_FROM_NAME=Infisical
 ```
@@ -294,7 +287,6 @@ SMTP_HOST=smtp.zoho.com
 SMTP_USERNAME=username # your email
 SMTP_PASSWORD=password # your password
 SMTP_PORT=587
-SMTP_SECURE=true
 SMTP_FROM_ADDRESS=hey@example.com # your personal Zoho email or domain-based email linked to Zoho Mail
 SMTP_FROM_NAME=Infisical
 ```
@@ -320,7 +312,8 @@ To login into Infisical with OAuth providers such as Google, configure the assoc

 <ParamField query="DEFAULT_SAML_ORG_SLUG" type="string">

-  When set, all visits to the Infisical login page will automatically redirect users of your Infisical instance to the SAML identity provider associated with the specified organization slug.
+When set, all visits to the Infisical login page will automatically redirect users of your Infisical instance to the SAML identity provider associated with the specified organization slug.
+
 </ParamField>

 <Accordion title="Google">
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -2,6 +2,7 @@ ARG POSTHOG_HOST=https://app.posthog.com
 ARG POSTHOG_API_KEY=posthog-api-key
 ARG INTERCOM_ID=intercom-id
 ARG NEXT_INFISICAL_PLATFORM_VERSION=next-infisical-platform-version
+ARG CAPTCHA_SITE_KEY=captcha-site-key

 FROM node:16-alpine AS deps
 # Install dependencies only when needed. Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
@@ -31,6 +32,8 @@ ARG POSTHOG_API_KEY
 ENV NEXT_PUBLIC_POSTHOG_API_KEY $POSTHOG_API_KEY
 ARG INTERCOM_ID
 ENV NEXT_PUBLIC_INTERCOM_ID $INTERCOM_ID
+ARG CAPTCHA_SITE_KEY
+ENV NEXT_PUBLIC_CAPTCHA_SITE_KEY $CAPTCHA_SITE_KEY

 # Build
 RUN npm run build
@@ -57,7 +60,9 @@ ENV NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG \
    BAKED_NEXT_PUBLIC_SAML_ORG_SLUG=$SAML_ORG_SLUG
 ARG NEXT_INFISICAL_PLATFORM_VERSION
 ENV NEXT_PUBLIC_INFISICAL_PLATFORM_VERSION=$NEXT_INFISICAL_PLATFORM_VERSION 
-
+ARG CAPTCHA_SITE_KEY
+ENV NEXT_PUBLIC_CAPTCHA_SITE_KEY=$CAPTCHA_SITE_KEY \
+    BAKED_NEXT_PUBLIC_CAPTCHA_SITE_KEY=$CAPTCHA_SITE_KEY
 COPY --chown=nextjs:nodejs --chmod=555 scripts ./scripts
 COPY --from=builder /app/public ./public
 RUN chown nextjs:nodejs ./public/data
--- a/frontend/next.config.js
+++ b/frontend/next.config.js
@@ -1,13 +1,12 @@
-
 const path = require("path");

 const ContentSecurityPolicy = `
 	default-src 'self';
-	script-src 'self' https://app.posthog.com https://js.stripe.com https://api.stripe.com https://widget.intercom.io https://js.intercomcdn.com 'unsafe-inline' 'unsafe-eval';
-	style-src 'self' https://rsms.me 'unsafe-inline';
+	script-src 'self' https://app.posthog.com https://js.stripe.com https://api.stripe.com https://widget.intercom.io https://js.intercomcdn.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' 'unsafe-eval';
+	style-src 'self' https://rsms.me 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com;
 	child-src https://api.stripe.com;
-	frame-src https://js.stripe.com/ https://api.stripe.com https://www.youtube.com/;
-	connect-src 'self' wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://api.heroku.com/ https://id.heroku.com/oauth/authorize https://id.heroku.com/oauth/token https://checkout.stripe.com https://app.posthog.com https://api.stripe.com https://api.pwnedpasswords.com http://127.0.0.1:*;
+	frame-src https://js.stripe.com/ https://api.stripe.com https://www.youtube.com/ https://hcaptcha.com https://*.hcaptcha.com;
+	connect-src 'self' wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://api.heroku.com/ https://id.heroku.com/oauth/authorize https://id.heroku.com/oauth/token https://checkout.stripe.com https://app.posthog.com https://api.stripe.com https://api.pwnedpasswords.com http://127.0.0.1:* https://hcaptcha.com https://*.hcaptcha.com;
 	img-src 'self' https://static.intercomassets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://*.stripe.com https://i.ytimg.com/ data:;
 	media-src https://js.intercomcdn.com;
 	font-src 'self' https://fonts.intercomcdn.com/ https://maxcdn.bootstrapcdn.com https://rsms.me https://fonts.gstatic.com;  
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@@ -4,7 +4,6 @@
  "requires": true,
  "packages": {
    "": {
-      "name": "frontend",
      "dependencies": {
        "@casl/ability": "^6.5.0",
        "@casl/react": "^3.1.0",
@@ -19,6 +18,7 @@
        "@fortawesome/free-regular-svg-icons": "^6.1.1",
        "@fortawesome/free-solid-svg-icons": "^6.1.2",
        "@fortawesome/react-fontawesome": "^0.2.0",
+        "@hcaptcha/react-hcaptcha": "^1.10.1",
        "@headlessui/react": "^1.7.7",
        "@hookform/resolvers": "^2.9.10",
        "@octokit/rest": "^19.0.7",
@@ -3200,6 +3200,24 @@
        "react": ">=16.3"
      }
    },
+    "node_modules/@hcaptcha/loader": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@hcaptcha/loader/-/loader-1.2.4.tgz",
+      "integrity": "sha512-3MNrIy/nWBfyVVvMPBKdKrX7BeadgiimW0AL/a/8TohNtJqxoySKgTJEXOQvYwlHemQpUzFrIsK74ody7JiMYw=="
+    },
+    "node_modules/@hcaptcha/react-hcaptcha": {
+      "version": "1.10.1",
+      "resolved": "https://registry.npmjs.org/@hcaptcha/react-hcaptcha/-/react-hcaptcha-1.10.1.tgz",
+      "integrity": "sha512-P0en4gEZAecah7Pt3WIaJO2gFlaLZKkI0+Tfdg8fNqsDxqT9VytZWSkH4WAkiPRULK1QcGgUZK+J56MXYmPifw==",
+      "dependencies": {
+        "@babel/runtime": "^7.17.9",
+        "@hcaptcha/loader": "^1.2.1"
+      },
+      "peerDependencies": {
+        "react": ">= 16.3.0",
+        "react-dom": ">= 16.3.0"
+      }
+    },
    "node_modules/@headlessui/react": {
      "version": "1.7.18",
      "resolved": "https://registry.npmjs.org/@headlessui/react/-/react-1.7.18.tgz",
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -26,6 +26,7 @@
    "@fortawesome/free-regular-svg-icons": "^6.1.1",
    "@fortawesome/free-solid-svg-icons": "^6.1.2",
    "@fortawesome/react-fontawesome": "^0.2.0",
+    "@hcaptcha/react-hcaptcha": "^1.10.1",
    "@headlessui/react": "^1.7.7",
    "@hookform/resolvers": "^2.9.10",
    "@octokit/rest": "^19.0.7",
--- a/frontend/scripts/initialize-standalone-build.sh
+++ b/frontend/scripts/initialize-standalone-build.sh
@@ -4,6 +4,8 @@ scripts/replace-standalone-build-variable.sh "$BAKED_NEXT_PUBLIC_POSTHOG_API_KEY

 scripts/replace-standalone-build-variable.sh "$BAKED_NEXT_PUBLIC_INTERCOM_ID" "$NEXT_PUBLIC_INTERCOM_ID"

+scripts/replace-standalone-build-variable.sh "$BAKED_NEXT_PUBLIC_CAPTCHA_SITE_KEY" "$NEXT_PUBLIC_CAPTCHA_SITE_KEY"
+
 if [ "$TELEMETRY_ENABLED" != "false" ]; then
    echo "Telemetry is enabled"
    scripts/set-standalone-build-telemetry.sh true
--- a/frontend/scripts/start.sh
+++ b/frontend/scripts/start.sh
@@ -6,6 +6,8 @@ scripts/replace-variable.sh "$BAKED_NEXT_PUBLIC_INTERCOM_ID" "$NEXT_PUBLIC_INTER

 scripts/replace-variable.sh "$BAKED_NEXT_SAML_ORG_SLUG" "$NEXT_PUBLIC_SAML_ORG_SLUG"

+scripts/replace-variable.sh "$BAKED_NEXT_PUBLIC_CAPTCHA_SITE_KEY" "$NEXT_PUBLIC_CAPTCHA_SITE_KEY"
+
 if [ "$TELEMETRY_ENABLED" != "false" ]; then
    echo "Telemetry is enabled"
    scripts/set-telemetry.sh true
--- a/frontend/src/components/utilities/attemptCliLogin.ts
+++ b/frontend/src/components/utilities/attemptCliLogin.ts
@@ -30,11 +30,13 @@ export interface IsCliLoginSuccessful {
 const attemptLogin = async ({
  email,
  password,
-  providerAuthToken
+  providerAuthToken,
+  captchaToken
 }: {
  email: string;
  password: string;
  providerAuthToken?: string;
+  captchaToken?: string;
 }): Promise<IsCliLoginSuccessful> => {
  const telemetry = new Telemetry().getInstance();
  return new Promise((resolve, reject) => {
@@ -70,7 +72,8 @@ const attemptLogin = async ({
          } = await login2({
            email,
            clientProof,
-            providerAuthToken
+            providerAuthToken,
+            captchaToken
          });
          if (mfaEnabled) {
            // case: MFA is enabled
--- a/frontend/src/components/utilities/attemptLogin.ts
+++ b/frontend/src/components/utilities/attemptLogin.ts
@@ -22,11 +22,13 @@ interface IsLoginSuccessful {
 const attemptLogin = async ({
  email,
  password,
-  providerAuthToken
+  providerAuthToken,
+  captchaToken
 }: {
  email: string;
  password: string;
  providerAuthToken?: string;
+  captchaToken?: string;
 }): Promise<IsLoginSuccessful> => {
  const telemetry = new Telemetry().getInstance();
  // eslint-disable-next-line new-cap
@@ -58,6 +60,7 @@ const attemptLogin = async ({
    iv,
    tag
  } = await login2({
+    captchaToken,
    email,
    clientProof,
    providerAuthToken
--- a/frontend/src/components/utilities/config/index.ts
+++ b/frontend/src/components/utilities/config/index.ts
@@ -2,5 +2,6 @@ const ENV = process.env.NEXT_PUBLIC_ENV! || "development"; // investigate
 const POSTHOG_API_KEY = process.env.NEXT_PUBLIC_POSTHOG_API_KEY!;
 const POSTHOG_HOST = process.env.NEXT_PUBLIC_POSTHOG_HOST! || "https://app.posthog.com";
 const INTERCOMid = process.env.NEXT_PUBLIC_INTERCOMid!;
+const CAPTCHA_SITE_KEY = process.env.NEXT_PUBLIC_CAPTCHA_SITE_KEY!;

-export { ENV, INTERCOMid, POSTHOG_API_KEY, POSTHOG_HOST };
+export { CAPTCHA_SITE_KEY, ENV, INTERCOMid, POSTHOG_API_KEY, POSTHOG_HOST };
--- a/frontend/src/components/v2/SecretPathInput/SecretPathInput.tsx
+++ b/frontend/src/components/v2/SecretPathInput/SecretPathInput.tsx
@@ -78,7 +78,8 @@ export const SecretPathInput = ({
    const validPaths = inputValue.split("/");
    validPaths.pop();

-    const newValue = `${validPaths.join("/")}/${suggestions[selectedIndex]}/`;
+    // removed trailing slash
+    const newValue = `${validPaths.join("/")}/${suggestions[selectedIndex]}`;
    onChange?.(newValue);
    setInputValue(newValue);
    setSecretPath(newValue);
--- a/frontend/src/helpers/project.ts
+++ b/frontend/src/helpers/project.ts
@@ -93,27 +93,29 @@ const initProjectHelper = async ({ projectName }: { projectName: string }) => {
  });

  try {
-    secrets?.forEach((secret) => {
-      createSecret({
-        workspaceId: project.id,
-        environment: secret.environment,
-        type: secret.type,
-        secretKey: secret.secretName,
-        secretKeyCiphertext: secret.secretKeyCiphertext,
-        secretKeyIV: secret.secretKeyIV,
-        secretKeyTag: secret.secretKeyTag,
-        secretValueCiphertext: secret.secretValueCiphertext,
-        secretValueIV: secret.secretValueIV,
-        secretValueTag: secret.secretValueTag,
-        secretCommentCiphertext: secret.secretCommentCiphertext,
-        secretCommentIV: secret.secretCommentIV,
-        secretCommentTag: secret.secretCommentTag,
-        secretPath: "/",
-        metadata: {
-          source: "signup"
-        }
-      });
-    });
+    await Promise.allSettled(
+      (secrets || []).map((secret) =>
+        createSecret({
+          workspaceId: project.id,
+          environment: secret.environment,
+          type: secret.type,
+          secretKey: secret.secretName,
+          secretKeyCiphertext: secret.secretKeyCiphertext,
+          secretKeyIV: secret.secretKeyIV,
+          secretKeyTag: secret.secretKeyTag,
+          secretValueCiphertext: secret.secretValueCiphertext,
+          secretValueIV: secret.secretValueIV,
+          secretValueTag: secret.secretValueTag,
+          secretCommentCiphertext: secret.secretCommentCiphertext,
+          secretCommentIV: secret.secretCommentIV,
+          secretCommentTag: secret.secretCommentTag,
+          secretPath: "/",
+          metadata: {
+            source: "signup"
+          }
+        })
+      )
+    );
  } catch (err) {
    console.error("Failed to upload secrets", err);
  }
--- a/frontend/src/hooks/api/auth/types.ts
+++ b/frontend/src/hooks/api/auth/types.ts
@@ -30,6 +30,7 @@ export type Login1DTO = {
 };

 export type Login2DTO = {
+  captchaToken?: string;
  email: string;
  clientProof: string;
  providerAuthToken?: string;
--- a/frontend/src/hooks/api/integrations/queries.tsx
+++ b/frontend/src/hooks/api/integrations/queries.tsx
@@ -73,6 +73,9 @@ export const useCreateIntegration = () => {
        }[];
        kmsKeyId?: string;
        shouldDisableDelete?: boolean;
+        shouldMaskSecrets?: boolean;
+        shouldProtectSecrets?: boolean;
+        shouldEnableDelete?: boolean;
      };
    }) => {
      const {
--- a/frontend/src/hooks/api/secretImports/queries.tsx
+++ b/frontend/src/hooks/api/secretImports/queries.tsx
@@ -264,13 +264,12 @@ export const useGetImportedSecretsAllEnvs = ({
  });

  const isImportedSecretPresentInEnv = useCallback(
-    (secPath: string, envSlug: string, secretName: string) => {
+    (envSlug: string, secretName: string) => {
      const selectedEnvIndex = environments.indexOf(envSlug);

      if (selectedEnvIndex !== -1) {
-        const isPresent = secretImports?.[selectedEnvIndex]?.data?.find(
-          ({ secretPath, secrets }) =>
-            secretPath === secPath && secrets.some((s) => s.key === secretName)
+        const isPresent = secretImports?.[selectedEnvIndex]?.data?.find(({ secrets }) =>
+          secrets.some((s) => s.key === secretName)
        );

        return Boolean(isPresent);
--- a/frontend/src/pages/integrations/github/create.tsx
+++ b/frontend/src/pages/integrations/github/create.tsx
@@ -33,6 +33,7 @@ import {
  Input,
  Select,
  SelectItem,
+  Switch,
  Tab,
  TabList,
  TabPanel,
@@ -59,7 +60,7 @@ const schema = yup.object({
  selectedSourceEnvironment: yup.string().trim().required("Project Environment is required"),
  secretPath: yup.string().trim().required("Secrets Path is required"),
  secretSuffix: yup.string().trim().optional(),
-
+  shouldEnableDelete: yup.boolean().optional(),
  scope: yup.mixed<TargetEnv>().oneOf(targetEnv.slice()).required(),

  repoIds: yup.mixed().when("scope", {
@@ -98,7 +99,6 @@ type FormData = yup.InferType<typeof schema>;
 export default function GitHubCreateIntegrationPage() {
  const router = useRouter();
  const { mutateAsync } = useCreateIntegration();
-  

  const integrationAuthId =
    (queryString.parse(router.asPath.split("?")[1]).integrationAuthId as string) ?? "";
@@ -120,7 +120,8 @@ export default function GitHubCreateIntegrationPage() {
    defaultValues: {
      secretPath: "/",
      scope: "github-repo",
-      repoIds: []
+      repoIds: [],
+      shouldEnableDelete: false
    }
  });

@@ -177,7 +178,8 @@ export default function GitHubCreateIntegrationPage() {
                app: targetApp.name, // repo name
                owner: targetApp.owner, // repo owner
                metadata: {
-                  secretSuffix: data.secretSuffix
+                  secretSuffix: data.secretSuffix,
+                  shouldEnableDelete: data.shouldEnableDelete
                }
              });
            })
@@ -194,7 +196,8 @@ export default function GitHubCreateIntegrationPage() {
            scope: data.scope,
            owner: integrationAuthOrgs?.find((e) => e.orgId === data.orgId)?.name,
            metadata: {
-              secretSuffix: data.secretSuffix
+              secretSuffix: data.secretSuffix,
+              shouldEnableDelete: data.shouldEnableDelete
            }
          });
          break;
@@ -211,7 +214,8 @@ export default function GitHubCreateIntegrationPage() {
            owner: repoOwner,
            targetEnvironmentId: data.envId,
            metadata: {
-              secretSuffix: data.secretSuffix
+              secretSuffix: data.secretSuffix,
+              shouldEnableDelete: data.shouldEnableDelete
            }
          });
          break;
@@ -546,6 +550,21 @@ export default function GitHubCreateIntegrationPage() {
                animate={{ opacity: 1, translateX: 0 }}
                exit={{ opacity: 0, translateX: 30 }}
              >
+                <div className="ml-1 mb-5">
+                  <Controller
+                    control={control}
+                    name="shouldEnableDelete"
+                    render={({ field: { onChange, value } }) => (
+                      <Switch
+                        id="delete-github-option"
+                        onCheckedChange={(isChecked) => onChange(isChecked)}
+                        isChecked={value}
+                      >
+                        Delete secrets in Github that are not in Infisical
+                      </Switch>
+                    )}
+                  />
+                </div>
                <Controller
                  control={control}
                  name="secretSuffix"
--- a/frontend/src/pages/integrations/gitlab/create.tsx
+++ b/frontend/src/pages/integrations/gitlab/create.tsx
@@ -25,6 +25,7 @@ import {
  ModalContent,
  Select,
  SelectItem,
+  Switch,
  Tab,
  TabList,
  TabPanel,
@@ -58,7 +59,9 @@ const schema = yup.object({
  targetAppId: yup.string().required("GitLab project is required"),
  targetEnvironment: yup.string(),
  secretPrefix: yup.string(),
-  secretSuffix: yup.string()
+  secretSuffix: yup.string(),
+  shouldMaskSecrets: yup.boolean(),
+  shouldProtectSecrets: yup.boolean()
 });

 type FormData = yup.InferType<typeof schema>;
@@ -138,7 +141,9 @@ export default function GitLabCreateIntegrationPage() {
    targetAppId,
    targetEnvironment,
    secretPrefix,
-    secretSuffix
+    secretSuffix,
+    shouldMaskSecrets,
+    shouldProtectSecrets
  }: FormData) => {
    try {
      setIsLoading(true);
@@ -156,7 +161,9 @@ export default function GitLabCreateIntegrationPage() {
        secretPath,
        metadata: {
          secretPrefix,
-          secretSuffix
+          secretSuffix,
+          shouldMaskSecrets,
+          shouldProtectSecrets
        }
      });

@@ -390,6 +397,36 @@ export default function GitLabCreateIntegrationPage() {
              exit={{ opacity: 0, translateX: 30 }}
              className="pb-[14.25rem]"
            >
+              <div className="ml-1">
+                <Controller
+                  control={control}
+                  name="shouldMaskSecrets"
+                  render={({ field: { onChange, value } }) => (
+                    <Switch
+                      id="should-mask-secrets"
+                      onCheckedChange={(isChecked) => onChange(isChecked)}
+                      isChecked={value}
+                    >
+                      <div className="max-w-md">Mark Infisical secrets in Gitlab as &apos;Masked&apos; secrets</div>
+                    </Switch>
+                  )}
+                />
+              </div>
+              <div className="ml-1 mt-4 mb-5">
+                <Controller
+                  control={control}
+                  name="shouldProtectSecrets"
+                  render={({ field: { onChange, value } }) => (
+                    <Switch
+                      id="should-protect-secrets"
+                      onCheckedChange={(isChecked) => onChange(isChecked)}
+                      isChecked={value}
+                    >
+                      Mark Infisical secrets in Gitlab as &apos;Protected&apos; secrets
+                    </Switch>
+                  )}
+                />
+              </div>
              <Controller
                control={control}
                name="secretPrefix"
--- a/frontend/src/views/Login/components/InitialStep/InitialStep.tsx
+++ b/frontend/src/views/Login/components/InitialStep/InitialStep.tsx
@@ -1,15 +1,17 @@
-import { FormEvent, useEffect, useState } from "react";
+import { FormEvent, useEffect, useRef, useState } from "react";
 import { useTranslation } from "react-i18next";
 import Link from "next/link";
 import { useRouter } from "next/router";
 import { faGithub, faGitlab, faGoogle } from "@fortawesome/free-brands-svg-icons";
 import { faLock } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import HCaptcha from "@hcaptcha/react-hcaptcha";

 import Error from "@app/components/basic/Error";
 import { createNotification } from "@app/components/notifications";
 import attemptCliLogin from "@app/components/utilities/attemptCliLogin";
 import attemptLogin from "@app/components/utilities/attemptLogin";
+import { CAPTCHA_SITE_KEY } from "@app/components/utilities/config";
 import { Button, Input } from "@app/components/v2";
 import { useServerConfig } from "@app/context";
 import { useFetchServerStatus } from "@app/hooks/api";
@@ -32,6 +34,9 @@ export const InitialStep = ({ setStep, email, setEmail, password, setPassword }:
  const [loginError, setLoginError] = useState(false);
  const { config } = useServerConfig();
  const queryParams = new URLSearchParams(window.location.search);
+  const [captchaToken, setCaptchaToken] = useState("");
+  const [shouldShowCaptcha, setShouldShowCaptcha] = useState(false);
+  const captchaRef = useRef<HCaptcha>(null);
  const { data: serverDetails } = useFetchServerStatus();

  useEffect(() => {
@@ -56,7 +61,8 @@ export const InitialStep = ({ setStep, email, setEmail, password, setPassword }:
        // attemptCliLogin
        const isCliLoginSuccessful = await attemptCliLogin({
          email: email.toLowerCase(),
-          password
+          password,
+          captchaToken
        });

        if (isCliLoginSuccessful && isCliLoginSuccessful.success) {
@@ -78,7 +84,8 @@ export const InitialStep = ({ setStep, email, setEmail, password, setPassword }:
      } else {
        const isLoginSuccessful = await attemptLogin({
          email: email.toLowerCase(),
-          password
+          password,
+          captchaToken
        });

        if (isLoginSuccessful && isLoginSuccessful.success) {
@@ -112,6 +119,12 @@ export const InitialStep = ({ setStep, email, setEmail, password, setPassword }:
        return;
      }

+      if (err.response.data.error === "Captcha Required") {
+        setShouldShowCaptcha(true);
+        setIsLoading(false);
+        return;
+      }
+
      setLoginError(true);
      createNotification({
        text: "Login unsuccessful. Double-check your credentials and try again.",
@@ -119,6 +132,11 @@ export const InitialStep = ({ setStep, email, setEmail, password, setPassword }:
      });
    }

+    if (captchaRef.current) {
+      captchaRef.current.resetCaptcha();
+    }
+
+    setCaptchaToken("");
    setIsLoading(false);
  };

@@ -240,8 +258,19 @@ export const InitialStep = ({ setStep, email, setEmail, password, setPassword }:
          className="select:-webkit-autofill:focus h-10"
        />
      </div>
+      {shouldShowCaptcha && (
+        <div className="mt-4">
+          <HCaptcha
+            theme="dark"
+            sitekey={CAPTCHA_SITE_KEY}
+            onVerify={(token) => setCaptchaToken(token)}
+            ref={captchaRef}
+          />
+        </div>
+      )}
      <div className="mt-3 w-1/4 min-w-[21.2rem] rounded-md text-center md:min-w-[20.1rem] lg:w-1/6">
        <Button
+          disabled={shouldShowCaptcha && captchaToken === ""}
          type="submit"
          size="sm"
          isFullWidth
--- a/frontend/src/views/Login/components/PasswordStep/PasswordStep.tsx
+++ b/frontend/src/views/Login/components/PasswordStep/PasswordStep.tsx
@@ -1,13 +1,15 @@
-import { useState } from "react";
+import { useRef, useState } from "react";
 import { useTranslation } from "react-i18next";
 import Link from "next/link";
 import { useRouter } from "next/router";
+import HCaptcha from "@hcaptcha/react-hcaptcha";
 import axios from "axios";
 import jwt_decode from "jwt-decode";

 import { createNotification } from "@app/components/notifications";
 import attemptCliLogin from "@app/components/utilities/attemptCliLogin";
 import attemptLogin from "@app/components/utilities/attemptLogin";
+import { CAPTCHA_SITE_KEY } from "@app/components/utilities/config";
 import { Button, Input } from "@app/components/v2";
 import { useUpdateUserAuthMethods } from "@app/hooks/api";
 import { useSelectOrganization } from "@app/hooks/api/auth/queries";
@@ -41,6 +43,10 @@ export const PasswordStep = ({
    providerAuthToken
  ) as any;

+  const [captchaToken, setCaptchaToken] = useState("");
+  const [shouldShowCaptcha, setShouldShowCaptcha] = useState(false);
+  const captchaRef = useRef<HCaptcha>(null);
+
  const handleLogin = async (e: React.FormEvent) => {
    e.preventDefault();
    try {
@@ -51,7 +57,8 @@ export const PasswordStep = ({
        const isCliLoginSuccessful = await attemptCliLogin({
          email,
          password,
-          providerAuthToken
+          providerAuthToken,
+          captchaToken
        });

        if (isCliLoginSuccessful && isCliLoginSuccessful.success) {
@@ -99,7 +106,8 @@ export const PasswordStep = ({
        const loginAttempt = await attemptLogin({
          email,
          password,
-          providerAuthToken
+          providerAuthToken,
+          captchaToken
        });

        if (loginAttempt && loginAttempt.success) {
@@ -158,11 +166,21 @@ export const PasswordStep = ({
        return;
      }

+      if (err.response.data.error === "Captcha Required") {
+        setShouldShowCaptcha(true);
+        return;
+      }
+
      createNotification({
        text: "Login unsuccessful. Double-check your master password and try again.",
        type: "error"
      });
    }
+
+    if (captchaRef.current) {
+      captchaRef.current.resetCaptcha();
+    }
+    setCaptchaToken("");
  };

  return (
@@ -194,8 +212,19 @@ export const PasswordStep = ({
          />
        </div>
      </div>
+      {shouldShowCaptcha && (
+        <div className="mx-auto mt-4 flex w-full min-w-[22rem] items-center justify-center lg:w-1/6">
+          <HCaptcha
+            theme="dark"
+            sitekey={CAPTCHA_SITE_KEY}
+            onVerify={(token) => setCaptchaToken(token)}
+            ref={captchaRef}
+          />
+        </div>
+      )}
      <div className="mx-auto mt-4 flex w-1/4 w-full min-w-[22rem] items-center justify-center rounded-md text-center lg:w-1/6">
        <Button
+          disabled={shouldShowCaptcha && captchaToken === ""}
          type="submit"
          colorSchema="primary"
          variant="outline_bg"
--- a/frontend/src/views/SecretMainPage/components/SecretImportListView/SecretImportListView.tsx
+++ b/frontend/src/views/SecretMainPage/components/SecretImportListView/SecretImportListView.tsx
@@ -45,7 +45,6 @@ export const computeImportedSecretRows = (
  if (importedSecIndex === -1) return [];

  const importedSec = importSecrets[importedSecIndex];
-
  const overridenSec: Record<string, { env: string; secretPath: string }> = {};

  for (let i = importedSecIndex + 1; i < importSecrets.length; i += 1) {
@@ -61,11 +60,28 @@ export const computeImportedSecretRows = (
    overridenSec[el.key] = { env: SECRET_IN_DASHBOARD, secretPath: "" };
  });

-  return importedSec.secrets.map(({ key, value }) => ({
-    key,
-    value,
-    overriden: overridenSec?.[key]
-  }));
+  const importedEntry: Record<string, boolean> = {};
+  const importedSecretEntries: {
+    key: string;
+    value: string;
+    overriden: {
+      env: string;
+      secretPath: string;
+    };
+  }[] = [];
+
+  importedSec.secrets.forEach(({ key, value }) => {
+    if (!importedEntry[key]) {
+      importedSecretEntries.push({
+        key,
+        value,
+        overriden: overridenSec?.[key]
+      });
+      importedEntry[key] = true;
+    }
+  });
+
+  return importedSecretEntries;
 };

 type Props = {
@@ -159,8 +175,9 @@ export const SecretImportListView = ({
        importEnv.slug === environment &&
        isReserved &&
        importPath ===
-        `${secretPath === "/" ? "" : secretPath}/${ReservedFolders.SecretReplication
-        }${replicationImportId}`
+          `${secretPath === "/" ? "" : secretPath}/${
+            ReservedFolders.SecretReplication
+          }${replicationImportId}`
    );
    if (reservedImport) {
      setReplicationSecrets((state) => ({
@@ -206,8 +223,9 @@ export const SecretImportListView = ({
        isOpen={popUp.deleteSecretImport.isOpen}
        deleteKey="unlink"
        title="Do you want to remove this secret import?"
-        subTitle={`This will unlink secrets from environment ${(popUp.deleteSecretImport?.data as TSecretImport)?.importEnv
-          } of path ${(popUp.deleteSecretImport?.data as TSecretImport)?.importPath}?`}
+        subTitle={`This will unlink secrets from environment ${
+          (popUp.deleteSecretImport?.data as TSecretImport)?.importEnv
+        } of path ${(popUp.deleteSecretImport?.data as TSecretImport)?.importPath}?`}
        onChange={(isOpen) => handlePopUpToggle("deleteSecretImport", isOpen)}
        onDeleteApproved={handleSecretImportDelete}
      />
--- a/frontend/src/views/SecretMainPage/components/SecretListView/SecretDetaiSidebar.tsx
+++ b/frontend/src/views/SecretMainPage/components/SecretListView/SecretDetaiSidebar.tsx
@@ -393,15 +393,15 @@ export const SecretDetailSidebar = ({
                      {(isAllowed) => (
                        <Switch
                          id="skipmultiencoding-option"
-                          onCheckedChange={(isChecked) => onChange(!isChecked)}
-                          isChecked={!value}
+                          onCheckedChange={(isChecked) => onChange(isChecked)}
+                          isChecked={value}
                          onBlur={onBlur}
                          isDisabled={!isAllowed}
                          className="items-center"
                        >
-                          Enable multi line encoding
+                          Multi line encoding
                          <Tooltip
-                            content="Infisical encodes multiline secrets by escaping newlines and wrapping in quotes. To disable, enable this option"
+                            content="When enabled, multiline secrets will be handled by escaping newlines and enclosing the entire value in double quotes."
                            className="z-[100]"
                          >
                            <FontAwesomeIcon icon={faCircleQuestion} className="ml-1" size="sm" />
--- a/frontend/src/views/SecretOverviewPage/components/SecretOverviewTableRow/SecretOverviewTableRow.tsx
+++ b/frontend/src/views/SecretOverviewPage/components/SecretOverviewTableRow/SecretOverviewTableRow.tsx
@@ -29,7 +29,7 @@ type Props = {
  onSecretCreate: (env: string, key: string, value: string) => Promise<void>;
  onSecretUpdate: (env: string, key: string, value: string, secretId?: string) => Promise<void>;
  onSecretDelete: (env: string, key: string, secretId?: string) => Promise<void>;
-  isImportedSecretPresentInEnv: (name: string, env: string, secretName: string) => boolean;
+  isImportedSecretPresentInEnv: (env: string, secretName: string) => boolean;
 };

 export const SecretOverviewTableRow = ({
@@ -53,9 +53,8 @@ export const SecretOverviewTableRow = ({
    <>
      <Tr isHoverable isSelectable onClick={() => setIsFormExpanded.toggle()} className="group">
        <Td
-          className={`sticky left-0 z-10 bg-mineshaft-800 bg-clip-padding py-0 px-0 group-hover:bg-mineshaft-700 ${
-            isFormExpanded && "border-t-2 border-mineshaft-500"
-          }`}
+          className={`sticky left-0 z-10 bg-mineshaft-800 bg-clip-padding py-0 px-0 group-hover:bg-mineshaft-700 ${isFormExpanded && "border-t-2 border-mineshaft-500"
+            }`}
        >
          <div className="h-full w-full border-r border-mineshaft-600 py-2.5 px-5">
            <div className="flex items-center space-x-5">
@@ -83,7 +82,7 @@ export const SecretOverviewTableRow = ({
        {environments.map(({ slug }, i) => {
          const secret = getSecretByKey(slug, secretKey);

-          const isSecretImported = isImportedSecretPresentInEnv(secretPath, slug, secretKey);
+          const isSecretImported = isImportedSecretPresentInEnv(slug, secretKey);

          const isSecretPresent = Boolean(secret);
          const isSecretEmpty = secret?.value === "";
@@ -108,8 +107,8 @@ export const SecretOverviewTableRow = ({
                        isSecretPresent
                          ? "Present secret"
                          : isSecretImported
-                          ? "Imported secret"
-                          : "Missing secret"
+                            ? "Imported secret"
+                            : "Missing secret"
                      }
                    >
                      <FontAwesomeIcon
@@ -133,9 +132,8 @@ export const SecretOverviewTableRow = ({
        <Tr>
          <Td
            colSpan={totalCols}
-            className={`bg-bunker-600 px-0 py-0 ${
-              isFormExpanded && "border-b-2 border-mineshaft-500"
-            }`}
+            className={`bg-bunker-600 px-0 py-0 ${isFormExpanded && "border-b-2 border-mineshaft-500"
+              }`}
          >
            <div
              className="ml-2 p-2"
@@ -180,11 +178,7 @@ export const SecretOverviewTableRow = ({
                      const secret = getSecretByKey(slug, secretKey);
                      const isCreatable = !secret;

-                      const isImportedSecret = isImportedSecretPresentInEnv(
-                        secretPath,
-                        slug,
-                        secretKey
-                      );
+                      const isImportedSecret = isImportedSecretPresentInEnv(slug, secretKey);

                      return (
                        <tr
--- a/k8-operator/controllers/infisicalsecret_helper.go
+++ b/k8-operator/controllers/infisicalsecret_helper.go
@@ -232,7 +232,6 @@ func (r *InfisicalSecretReconciler) UpdateInfisicalManagedKubeSecret(ctx context
 	}

 	managedKubeSecret.Data = plainProcessedSecrets
-	managedKubeSecret.ObjectMeta.Annotations = map[string]string{}
 	managedKubeSecret.ObjectMeta.Annotations[SECRET_VERSION_ANNOTATION] = ETag

 	err := r.Client.Update(ctx, &managedKubeSecret)
Author	SHA1	Message	Date
Sheen Capadngan	e27d273e8f	misc: resolved goreleaser hardcoded version	2024-06-12 22:00:14 +08:00
Maidul Islam	30dc2d0fcb	Merge pull request #1960 from Infisical/misc/hardcoded-goreleaser-version-for-cli misc: hardcoded goreleaser version	2024-06-12 09:57:37 -04:00
Sheen Capadngan	12e217d200	misc: hardcoded goreleaser version	2024-06-12 21:54:35 +08:00
Maidul Islam	a3a1c9d2e5	Merge pull request #1959 from Infisical/fix/resolved-cli-release-action fix: resolved secret name mismatch for cli release action	2024-06-12 08:52:58 -04:00
Sheen Capadngan	0f266ebe9e	fix: resolved secret name mismatch for cli release action	2024-06-12 20:45:57 +08:00
Maidul Islam	506e0b1342	Merge pull request #1953 from akhilmhdh/main Trailing slash in secret approval policy and overview bug	2024-06-12 08:43:08 -04:00
Akhil Mohan	958ad8236a	Merge pull request #1932 from minuchi/fix/typo-in-gh-actions fix: remove extraneous 'r' causing script error in github actions	2024-06-12 16:04:45 +05:30
Daniel Hougaard	b06b8294e9	Merge pull request #1946 from Infisical/daniel/fix-username-unique-bug Fix: Email confirmation during SAML login failing (edge-case)	2024-06-12 04:39:32 +02:00
Tuan Dang	cb9dabe03f	Delete unaccepted users upon merge user op	2024-06-11 18:41:35 -07:00
Daniel Hougaard	7626dbb96e	Fix: Permission error page displayed after user sign up if organization enforces SAML auth	2024-06-12 00:55:33 +02:00
Daniel Hougaard	869be3c273	Improvements	2024-06-12 00:28:11 +02:00
=	9a2355fe63	feat: removed trailing slash from secret input and fixed overview not showing nested imported secrets	2024-06-12 00:17:42 +05:30
=	3929a82099	feat: resolved approval failing for trailing slash	2024-06-12 00:16:27 +05:30
BlackMagiq	40e5c6ef66	Merge pull request #1945 from Infisical/daniel/scim-fix Fix: SCIM Groups find by filter	2024-06-11 10:42:24 -07:00
Maidul Islam	6c95e75d0d	Merge pull request #1952 from akhilmhdh/feat/fix-signup fix: resolved signup failing in cloud	2024-06-11 11:36:53 -04:00
=	d6c9e6db75	fix: resolved signup failing in cloud	2024-06-11 21:03:06 +05:30
Akhil Mohan	76f87a7708	Merge pull request #1951 from akhilmhdh/fix/password-state-stuck fix: stuck on password step resolved	2024-06-11 20:09:51 +05:30
Sheen Capadngan	366f03080d	Merge pull request #1757 from Infisical/fix/resolved-cli-offline-mode-get fix: resolved cli offline mode get	2024-06-11 22:32:59 +08:00
Sheen Capadngan	dfdd8e95f9	misc: renamed connection check method	2024-06-11 22:14:19 +08:00
=	c4797ea060	fix: stuck on password step resolved	2024-06-11 19:09:12 +05:30
Sheen Capadngan	6e011a0b52	Merge pull request #1950 from Infisical/fix/resolved-import-override-display-1 feat: handled import override in the API layer	2024-06-11 17:41:43 +08:00
Sheen Capadngan	05ed00834a	misc: used set	2024-06-11 17:14:24 +08:00
Sheen Capadngan	38b0edf510	fix: addressed lint issue	2024-06-11 17:07:24 +08:00
Sheen Capadngan	56b9506b39	fix: type fix	2024-06-11 16:48:16 +08:00
Sheen Capadngan	ae34e015db	fix: added missing required property	2024-06-11 16:43:51 +08:00
Sheen Capadngan	7c42768cd8	feat: handled import overwrite in the API layer	2024-06-11 16:27:12 +08:00
Sheen Capadngan	b4a9e0e62d	Merge pull request #1948 from Infisical/fix/resolved-import-override-display fix: resolved import override behavior	2024-06-11 15:55:19 +08:00
BlackMagiq	30606093f4	Merge pull request #1949 from Infisical/streamline-smtp Update SMTP configuration	2024-06-11 00:32:50 -07:00
Tuan Dang	16862a3b33	Fix lint issue	2024-06-11 00:01:58 -07:00
Tuan Dang	e800a455c4	Update SMTP config	2024-06-10 23:45:40 -07:00
Sheen Capadngan	ba0de6afcf	fix: resolved import override behavior	2024-06-11 14:04:59 +08:00
Maidul Islam	bfc82105bd	Merge pull request #1947 from Infisical/patch-multi-line-encoding Patch multi line encoding when expandSecretRef is enabled	2024-06-11 00:55:31 -04:00
Maidul Islam	00fd44b33a	fix type issues	2024-06-11 00:34:54 -04:00
Maidul Islam	e2550d70b5	make skipMultilineEncoding null\|undefined\|bool	2024-06-11 00:28:55 -04:00
Maidul Islam	163d33509b	Patch multi line encoding when expandSecretRef is enabled By default when you create a secret, it will have multi line encoding off but we actually treat this as true in the backend and UI. User’s aren’t expecting their multi line secrets to be double quoted by and made into a single line with/n, however we are doing it by default at the moment. This PR makes multi line encoding opt in and not opt out	2024-06-10 23:42:07 -04:00
Sheen Capadngan	c8a3252c1a	Merge pull request #1929 from Infisical/feat/add-option-to-mask-and-protect-gitlab-secrets feat: add integration option to mask and protect gitlab secrets	2024-06-11 11:38:18 +08:00
Daniel Hougaard	0bba1801b9	Merge pull request #1936 from Infisical/daniel/go-sdk-docs Docs: Go SDK	2024-06-11 04:27:17 +02:00
Daniel Hougaard	985116c6f2	Update user-service.ts	2024-06-11 04:04:42 +02:00
Shubham Palriwala	9945d249d6	Merge pull request #1937 from Infisical/shubham/eng-487-investigate-the-stripedb-inconsistency fix: update org seats whenever membership status is accepted	2024-06-11 07:05:27 +05:30
Daniel Hougaard	8bc9a5efcd	Fix: SCIM Groups find by filter	2024-06-11 00:00:16 +02:00
Maidul Islam	b31d2be3f3	Merge pull request #1931 from minuchi/fix/preserve-annotations-when-updating fix: preserve existing annotations when updating managed secret	2024-06-10 17:14:29 -04:00
Maidul Islam	8329cbf299	update toggle lable	2024-06-10 17:09:20 -04:00
Maidul Islam	9138ab8ed7	update flag describe	2024-06-10 17:01:16 -04:00
Maidul Islam	ea517bc199	Merge pull request #1941 from belikedeep/docker-compose-command-update Fix: Updated docker compose command (from compose V1 to compose v2)	2024-06-10 16:46:10 -04:00
Maidul Islam	a82b813553	describe isReplication flag	2024-06-10 16:20:29 -04:00
Sheen Capadngan	cf9169ad6f	test: resolved test issues	2024-06-11 03:37:51 +08:00
Maidul Islam	af03f706ba	Merge pull request #1943 from Infisical/create-pull-request/patch-1718043322 GH Action: rename new migration file timestamp	2024-06-10 14:15:55 -04:00
github-actions	9cf5bbc5d5	chore: renamed new migration files to latest timestamp (gh-action)	2024-06-10 18:15:21 +00:00
Maidul Islam	9161dd5e13	Merge pull request #1925 from Infisical/feat/add-captcha feat: added captcha to password login	2024-06-10 14:14:57 -04:00
Sheen Capadngan	69b76aea64	misc: added secrets folder path to backup scoping	2024-06-11 01:45:34 +08:00
Sheen Capadngan	c9a95023be	Revert "adjustment: moved backup logic to cmd layer" This reverts commit `8fc4fd64f8`.	2024-06-11 01:03:26 +08:00
Sheen Capadngan	9db5be1c91	Revert "adjustment: moved secret backup logic to cmd layer" This reverts commit `920b9a7dfa`.	2024-06-11 00:58:36 +08:00
Sheen Capadngan	a1b41ca454	Revert "feature: added offline support for infisical export" This reverts commit `88a4fb84e6`.	2024-06-11 00:52:59 +08:00
Sheen Capadngan	6c252b4bfb	misc: revert backup flow modification for run.go	2024-06-11 00:49:57 +08:00
Sheen Capadngan	aafddaa856	misc: finalized option label	2024-06-10 23:08:39 +08:00
Sheen Capadngan	776f464bee	misc: used metadata schema parsing	2024-06-10 22:45:17 +08:00
Sheen Capadngan	104b0d6c60	Merge remote-tracking branch 'origin/main' into feat/add-option-to-mask-and-protect-gitlab-secrets	2024-06-10 22:41:44 +08:00
belikedeep	9303124f5f	Updated docker compose command (from compose V1 to compose v2)	2024-06-10 20:09:08 +05:30
Sheen Capadngan	03c9a5606b	Merge pull request #1928 from Infisical/feat/add-option-for-delete-disabling-github-integ feat: added option for disabling github secret deletion	2024-06-10 22:35:04 +08:00
Sheen Capadngan	120e482c6f	Merge remote-tracking branch 'origin/main' into fix/resolved-cli-offline-mode-get	2024-06-10 14:15:18 +08:00
Sheen Capadngan	f4a1a00b59	misc: improved text of github option	2024-06-10 14:00:56 +08:00
Sheen Capadngan	b9933d711c	misc: addressed schema update	2024-06-10 13:58:40 +08:00
Sheen Capadngan	1abdb531d9	misc: removed comments	2024-06-10 13:36:53 +08:00
Sheen Capadngan	59b3123eb3	adjustment: removed unintended yaml updates	2024-06-10 13:33:42 +08:00
Sheen Capadngan	c1954a6386	Merge branch 'feat/add-captcha' of https://github.com/Infisical/infisical into feat/add-captcha	2024-06-10 13:27:31 +08:00
Sheen Capadngan	0bbb86ee2a	misc: simplified captcha flag and finalized build process	2024-06-10 13:24:44 +08:00
ShubhamPalriwala	7c9c65312b	fix: pass correct id	2024-06-10 09:04:34 +05:30
ShubhamPalriwala	8a46cbd08f	fix: update org seats whenever membership status is accepted	2024-06-10 09:02:11 +05:30
Maidul Islam	429b2a284d	Merge branch 'main' into feat/add-captcha	2024-06-09 17:44:55 -04:00
minuchi	4c0e04528e	fix: remove extraneous 'r' causing script error in github actions	2024-06-09 02:21:57 +09:00
minuchi	6d40d951c6	fix: preserve existing annotations when updating managed secret	2024-06-09 01:43:41 +09:00
Sheen Capadngan	610dd07a57	misc: updated failed password attempt limit for captcha	2024-06-08 00:39:14 +08:00
Sheen Capadngan	9d6d7540dc	misc: removed unnecessary project property	2024-06-08 00:34:33 +08:00
Sheen Capadngan	847c2c67ec	adjustment: made secret-deletion opt in	2024-06-08 00:30:30 +08:00
Sheen Capadngan	2bd9ad0137	feat: add option to maks and protect gitlab secrets	2024-06-07 21:46:34 +08:00
Sheen Capadngan	76a424dcfb	feat: added option for disabling github secret deletion	2024-06-07 19:00:51 +08:00
Sheen Capadngan	15c05b4910	misc: finalized captcha error message	2024-06-06 21:54:35 +08:00
Sheen Capadngan	65d88ef08e	misc: improved ux by requiring captcha entry before submission	2024-06-06 21:24:25 +08:00
Sheen Capadngan	81e4129e51	feat: added base captcha implementation	2024-06-06 20:42:54 +08:00
Sheen Capadngan	88a4fb84e6	feature: added offline support for infisical export	2024-05-02 03:21:20 +08:00
Sheen Capadngan	a1e8f45a86	misc: added new cli secrets to release build gh action	2024-05-02 01:35:19 +08:00
Sheen Capadngan	04dca9432d	misc: updated test comment	2024-05-02 01:09:12 +08:00
Sheen Capadngan	920b9a7dfa	adjustment: moved secret backup logic to cmd layer	2024-05-02 00:59:17 +08:00
Sheen Capadngan	8fc4fd64f8	adjustment: moved backup logic to cmd layer	2024-05-02 00:49:29 +08:00
Sheen Capadngan	24f7ecc548	misc: removed infisical init logs	2024-05-01 21:41:07 +08:00
Sheen Capadngan	a5ca96f2df	test: restructed setup and added scripting for infisical init	2024-05-01 21:39:20 +08:00
Sheen Capadngan	505ccdf8ea	misc: added script for cli-tests env setup	2024-05-01 21:37:18 +08:00
Sheen Capadngan	3897bd70fa	adjustment: removed cli display for pty	2024-05-01 11:08:58 +08:00
Sheen Capadngan	4479e626c7	adjustment: renamed cli vault file phrase env	2024-05-01 01:56:10 +08:00
Sheen Capadngan	6640b55504	misc: added envs required for cli test of infisical login	2024-05-01 01:49:06 +08:00
Sheen Capadngan	85f024c814	test: added scripting for user login	2024-05-01 01:45:24 +08:00
Sheen Capadngan	531fa634a2	feature: add logs for cli execution error	2024-04-30 22:02:22 +08:00
Sheen Capadngan	772dd464f5	test: added integration test for secrets get all and secrets get all without connection	2024-04-30 21:11:29 +08:00
Sheen Capadngan	877b9a409e	adjustment: modified isConnected check to query linked infisical URL	2024-04-30 21:00:34 +08:00
Sheen Capadngan	104a91647c	fix: resolved cli offline mode get	2024-04-29 21:18:13 +08:00