Update project.mdx

(Docs): .NET SDK documentation & updates existing SDK docs

backend/spec.json

@@ -4962,7 +4962,8 @@
         },
         "security": [
           {
-            "apiKeyAuth": []
+            "apiKeyAuth": [],
+            "bearerAuth": []
           }
         ]
       }

backend/src/controllers/v1/integrationAuthController.ts

@@ -2,7 +2,7 @@ import { Request, Response } from "express";
 import { Types } from "mongoose";
 import { standardRequest } from "../../config/request";
 import { getApps, getTeams, revokeAccess } from "../../integrations";
-import { Bot, IntegrationAuth, Workspace } from "../../models";
+import { Bot, IIntegrationAuth, Integration, IntegrationAuth, Workspace } from "../../models";
 import { EventType } from "../../ee/models";
 import { IntegrationService } from "../../services";
 import { EEAuditLogService } from "../../ee/services";
@@ -130,7 +130,6 @@ export const oAuthExchange = async (req: Request, res: Response) => {
 export const saveIntegrationToken = async (req: Request, res: Response) => {
   // TODO: refactor
   // TODO: check if access token is valid for each integration
-  let integrationAuth;
   const {
     body: { workspaceId, integration, url, accessId, namespace, accessToken, refreshToken }
   } = await validateRequest(reqValidator.SaveIntegrationAccessTokenV1, req);
@@ -152,31 +151,21 @@ export const saveIntegrationToken = async (req: Request, res: Response) => {
 
   if (!bot) throw new Error("Bot must be enabled to save integration access token");
 
-  integrationAuth = await IntegrationAuth.findOneAndUpdate(
-    {
-      workspace: new Types.ObjectId(workspaceId),
-      integration
-    },
-    {
-      workspace: new Types.ObjectId(workspaceId),
-      integration,
-      url,
-      namespace,
-      algorithm: ALGORITHM_AES_256_GCM,
-      keyEncoding: ENCODING_SCHEME_UTF8,
-      ...(integration === INTEGRATION_GCP_SECRET_MANAGER
-        ? {
-            metadata: {
-              authMethod: "serviceAccount"
-            }
+  let integrationAuth = await new IntegrationAuth({
+    workspace: new Types.ObjectId(workspaceId),
+    integration,
+    url,
+    namespace,
+    algorithm: ALGORITHM_AES_256_GCM,
+    keyEncoding: ENCODING_SCHEME_UTF8,
+    ...(integration === INTEGRATION_GCP_SECRET_MANAGER
+      ? {
+          metadata: {
+            authMethod: "serviceAccount"
           }
-        : {})
-    },
-    {
-      new: true,
-      upsert: true
-    }
-  );
+        }
+      : {})
+  }).save();
 
   // encrypt and save integration access details
   if (refreshToken) {
@@ -188,12 +177,12 @@ export const saveIntegrationToken = async (req: Request, res: Response) => {
 
   // encrypt and save integration access details
   if (accessId || accessToken) {
-    integrationAuth = await IntegrationService.setIntegrationAuthAccess({
+    integrationAuth = (await IntegrationService.setIntegrationAuthAccess({
       integrationAuthId: integrationAuth._id.toString(),
       accessId,
       accessToken,
       accessExpiresAt: undefined
-    });
+    })) as IIntegrationAuth;
   }
 
   if (!integrationAuth) throw new Error("Failed to save integration access token");
@@ -1208,13 +1197,64 @@ export const getIntegrationAuthTeamCityBuildConfigs = async (req: Request, res:
   });
 };
 
+/**
+ * Delete all integration authorizations and integrations for workspace with id [workspaceId]
+ * with integration name [integration]
+ * @param req
+ * @param res
+ * @returns
+ */
+export const deleteIntegrationAuths = async (req: Request, res: Response) => {
+  const {
+    query: { integration, workspaceId }
+  } = await validateRequest(reqValidator.DeleteIntegrationAuthsV1, req);
+
+  const { permission } = await getAuthDataProjectPermissions({
+    authData: req.authData,
+    workspaceId: new Types.ObjectId(workspaceId)
+  });
+  
+  ForbiddenError.from(permission).throwUnlessCan(
+    ProjectPermissionActions.Delete,
+    ProjectPermissionSub.Integrations
+  );
+  
+  const integrationAuths = await IntegrationAuth.deleteMany({
+    integration,
+    workspace: new Types.ObjectId(workspaceId)
+  });
+
+  const integrations = await Integration.deleteMany({
+    integration,
+    workspace: new Types.ObjectId(workspaceId)
+  });
+
+  await EEAuditLogService.createAuditLog(
+    req.authData,
+    {
+      type: EventType.UNAUTHORIZE_INTEGRATION,
+      metadata: {
+        integration
+      }
+    },
+    {
+      workspaceId: new Types.ObjectId(workspaceId)
+    }
+  );
+
+  return res.status(200).send({
+    integrationAuths,
+    integrations
+  });
+}
+
 /**
  * Delete integration authorization with id [integrationAuthId]
  * @param req
  * @param res
  * @returns
  */
-export const deleteIntegrationAuth = async (req: Request, res: Response) => {
+export const deleteIntegrationAuthById = async (req: Request, res: Response) => {
   const {
     params: { integrationAuthId }
   } = await validateRequest(reqValidator.DeleteIntegrationAuthV1, req);

backend/src/controllers/v1/integrationController.ts

@@ -251,6 +251,21 @@ export const deleteIntegration = async (req: Request, res: Response) => {
   });
 
   if (!deletedIntegration) throw new Error("Failed to find integration");
+ 
+  const numOtherIntegrationsUsingSameAuth = await Integration.countDocuments({
+    integrationAuth: deletedIntegration.integrationAuth,
+    _id: {
+      $nin: [deletedIntegration._id]
+    }
+  });
+  
+  if (numOtherIntegrationsUsingSameAuth === 0) {
+    // no other integrations are using the same integration auth
+    // -> delete integration auth associated with the integration being deleted
+    await IntegrationAuth.deleteOne({
+      _id: deletedIntegration.integrationAuth
+    });
+  }
 
   await EEAuditLogService.createAuditLog(
     req.authData,

backend/src/controllers/v1/universalAuthController.ts

@@ -550,7 +550,7 @@ export const attachIdentityUniversalAuth = async (req: Request, res: Response) =
 
     // validate trusted ips
     const reformattedClientSecretTrustedIps = clientSecretTrustedIps.map((clientSecretTrustedIp) => {
-        if (!plan.ipAllowlisting && clientSecretTrustedIp.ipAddress !== "0.0.0.0/0") return res.status(400).send({
+        if (!plan.ipAllowlisting && (clientSecretTrustedIp.ipAddress !== "0.0.0.0/0" && clientSecretTrustedIp.ipAddress !== "::/0")) return res.status(400).send({
             message: "Failed to add IP access range to service token due to plan restriction. Upgrade plan to add IP access range."
         });
 
@@ -564,7 +564,7 @@ export const attachIdentityUniversalAuth = async (req: Request, res: Response) =
     });
 
     const reformattedAccessTokenTrustedIps = accessTokenTrustedIps.map((accessTokenTrustedIp) => {
-        if (!plan.ipAllowlisting && accessTokenTrustedIp.ipAddress !== "0.0.0.0/0") return res.status(400).send({
+        if (!plan.ipAllowlisting && (accessTokenTrustedIp.ipAddress !== "0.0.0.0/0" && accessTokenTrustedIp.ipAddress !== "::/0")) return res.status(400).send({
             message: "Failed to add IP access range to service token due to plan restriction. Upgrade plan to add IP access range."
         });
 
@@ -750,7 +750,7 @@ export const updateIdentityUniversalAuth = async (req: Request, res: Response) =
     let reformattedClientSecretTrustedIps;
     if (clientSecretTrustedIps) {
         reformattedClientSecretTrustedIps = clientSecretTrustedIps.map((clientSecretTrustedIp) => {
-            if (!plan.ipAllowlisting && clientSecretTrustedIp.ipAddress !== "0.0.0.0/0") return res.status(400).send({
+            if (!plan.ipAllowlisting && (clientSecretTrustedIp.ipAddress !== "0.0.0.0/0" && clientSecretTrustedIp.ipAddress !== "::/0")) return res.status(400).send({
                 message: "Failed to add IP access range to service token due to plan restriction. Upgrade plan to add IP access range."
             });
 
@@ -767,7 +767,7 @@ export const updateIdentityUniversalAuth = async (req: Request, res: Response) =
     let reformattedAccessTokenTrustedIps;
     if (accessTokenTrustedIps) {
         reformattedAccessTokenTrustedIps = accessTokenTrustedIps.map((accessTokenTrustedIp) => {
-            if (!plan.ipAllowlisting && accessTokenTrustedIp.ipAddress !== "0.0.0.0/0") return res.status(400).send({
+            if (!plan.ipAllowlisting && (accessTokenTrustedIp.ipAddress !== "0.0.0.0/0" && accessTokenTrustedIp.ipAddress !== "::/0")) return res.status(400).send({
                 message: "Failed to add IP access range to service token due to plan restriction. Upgrade plan to add IP access range."
             });
 

backend/src/controllers/v2/organizationsController.ts

@@ -1,9 +1,13 @@
 import { Request, Response } from "express";
 import { Types } from "mongoose";
 import { 
-  IdentityMembershipOrg,
-  Membership, 
+  IWorkspace,
+  Identity,
+  IdentityMembership,
+  IdentityMembershipOrg, 
+  Membership,
   MembershipOrg,
+  User,
   Workspace
 } from "../../models";
 import { Role } from "../../ee/models";
@@ -298,7 +302,8 @@ export const getOrganizationWorkspaces = async (req: Request, res: Response) =>
     #swagger.description = 'Return projects in organization that user is part of'
     
     #swagger.security = [{
-        "apiKeyAuth": []
+        "apiKeyAuth": [],
+        "bearerAuth": []
     }]
 
 	#swagger.parameters['organizationId'] = {
@@ -326,6 +331,7 @@ export const getOrganizationWorkspaces = async (req: Request, res: Response) =>
         }
     }   
     */
+  
   const {
     params: { organizationId }
   } = await validateRequest(reqValidator.GetOrgWorkspacesv2, req);
@@ -351,13 +357,27 @@ export const getOrganizationWorkspaces = async (req: Request, res: Response) =>
     ).map((w) => w._id.toString())
   );
 
-  const workspaces = (
-    await Membership.find({
-      user: req.user._id
-    }).populate("workspace")
-  )
-    .filter((m) => workspacesSet.has(m.workspace._id.toString()))
-    .map((m) => m.workspace);
+  let workspaces: IWorkspace[] = [];
+  
+  if (req.authData.authPayload instanceof Identity) {
+    workspaces = (
+      await IdentityMembership.find({
+        identity: req.authData.authPayload._id
+      }).populate<{ workspace: IWorkspace }>("workspace")
+    )
+      .filter((m) => workspacesSet.has(m.workspace._id.toString()))
+      .map((m) => m.workspace);
+  }
+  
+  if (req.authData.authPayload instanceof User) {
+    workspaces = (
+      await Membership.find({
+        user: req.authData.authPayload._id
+      }).populate<{ workspace: IWorkspace }>("workspace")
+    )
+      .filter((m) => workspacesSet.has(m.workspace._id.toString()))
+      .map((m) => m.workspace);
+  }
 
   return res.status(200).send({
     workspaces

backend/src/controllers/v3/secretsController.ts

@@ -348,7 +348,7 @@ export const getSecretByNameRaw = async (req: Request, res: Response) => {
     }
   */
   const {
-    query: { secretPath, environment, workspaceId, type, include_imports },
+    query: { secretPath, environment, workspaceId, type, include_imports, version },
     params: { secretName }
   } = await validateRequest(reqValidator.GetSecretByNameRawV3, req);
 
@@ -371,7 +371,8 @@ export const getSecretByNameRaw = async (req: Request, res: Response) => {
     type,
     secretPath,
     authData: req.authData,
-    include_imports
+    include_imports,
+    version
   });
 
   const key = await BotService.getWorkspaceKeyWithBot({
@@ -865,7 +866,7 @@ export const getSecrets = async (req: Request, res: Response) => {
  */
 export const getSecretByName = async (req: Request, res: Response) => {
   const {
-    query: { secretPath, environment, workspaceId, type, include_imports },
+    query: { secretPath, environment, workspaceId, type, include_imports, version },
     params: { secretName }
   } = await validateRequest(reqValidator.GetSecretByNameV3, req);
 
@@ -888,7 +889,8 @@ export const getSecretByName = async (req: Request, res: Response) => {
     type,
     secretPath,
     authData: req.authData,
-    include_imports
+    include_imports,
+    version
   });
 
   return res.status(200).send({

backend/src/helpers/secrets.ts

@@ -579,7 +579,9 @@ export const getSecretsHelper = async ({
           event: "secrets pulled",
           distinctId: await TelemetryService.getDistinctId({ authData }),
           properties: {
-            numberOfSecrets: shouldRecordK8Event ? approximateForNoneCapturedEvents : secrets.length,
+            numberOfSecrets: shouldRecordK8Event
+              ? approximateForNoneCapturedEvents
+              : secrets.length,
             environment,
             workspaceId,
             folderId,
@@ -611,42 +613,86 @@ export const getSecretHelper = async ({
   type,
   authData,
   secretPath = "/",
-  include_imports = true
+  include_imports = true,
+  version
 }: GetSecretParams) => {
   const secretBlindIndex = await generateSecretBlindIndexHelper({
     secretName,
     workspaceId: new Types.ObjectId(workspaceId)
   });
   let secret: ISecret | null | undefined = null;
+
   // if using service token filter towards the folderId by secretpath
 
   const folderId = await getFolderIdFromServiceToken(workspaceId, environment, secretPath);
 
   // try getting personal secret first (if exists)
-  secret = await Secret.findOne({
-    secretBlindIndex,
-    workspace: new Types.ObjectId(workspaceId),
-    environment,
-    folder: folderId,
-    type: type ?? SECRET_PERSONAL,
-    ...(type === SECRET_PERSONAL ? getAuthDataPayloadUserObj(authData) : {})
-  }).lean();
-
-  if (!secret) {
-    // case: failed to find personal secret matching criteria
-    // -> find shared secret matching criteria
+  if (version === undefined) {
     secret = await Secret.findOne({
       secretBlindIndex,
       workspace: new Types.ObjectId(workspaceId),
       environment,
       folder: folderId,
-      type: SECRET_SHARED
+      type: type ?? SECRET_PERSONAL,
+      ...(type === SECRET_PERSONAL ? getAuthDataPayloadUserObj(authData) : {})
     }).lean();
+  } else {
+    const secretVersion = await SecretVersion.findOne({
+      secretBlindIndex,
+      workspace: new Types.ObjectId(workspaceId),
+      environment,
+      folder: folderId,
+      type: type ?? SECRET_PERSONAL,
+      version
+    }).lean();
+
+    if (secretVersion) {
+      secret = await new Secret({
+        ...secretVersion,
+        _id: secretVersion?.secret
+      });
+    }
+  }
+
+  if (!secret) {
+    // case: failed to find personal secret matching criteria
+    // -> find shared secret matching criteria
+    if (version === undefined) {
+      secret = await Secret.findOne({
+        secretBlindIndex,
+        workspace: new Types.ObjectId(workspaceId),
+        environment,
+        folder: folderId,
+        type: SECRET_SHARED
+      }).lean();
+    } else {
+      const secretVersion = await SecretVersion.findOne({
+        secretBlindIndex,
+        workspace: new Types.ObjectId(workspaceId),
+        environment,
+        folder: folderId,
+        type: SECRET_SHARED,
+        version
+      }).lean();
+
+      if (secretVersion) {
+        secret = await new Secret({
+          ...secretVersion,
+          _id: secretVersion?.secret
+        });
+      }
+    }
   }
 
   if (!secret && include_imports) {
     // if still no secret found search in imported secret and retreive
-    secret = await getAnImportedSecret(secretName, workspaceId.toString(), environment, folderId);
+    secret = await getAnImportedSecret(
+      secretName,
+      workspaceId.toString(),
+      environment,
+      folderId,
+      version
+    );
   }
 
   if (!secret) throw SecretNotFoundError();
@@ -1141,11 +1187,12 @@ const recursivelyExpandSecret = async (
         const secRefKey = entities[entities.length - 1];
 
         const val = await fetchCrossEnv(secRefEnv, secRefPath, secRefKey);
-        interpolatedValue = interpolatedValue.replaceAll(interpolationSyntax, val);
+        if (val !== undefined) {
+          interpolatedValue = interpolatedValue.replaceAll(interpolationSyntax, val);
+        }
       }
     }
   }
-
   expandedSec[key] = interpolatedValue;
   return interpolatedValue;
 };

backend/src/interfaces/services/SecretService/index.ts

@@ -38,6 +38,7 @@ export interface GetSecretParams {
   type?: "shared" | "personal";
   authData: AuthData;
   include_imports?: boolean;
+  version?: number;
 }
 
 export interface UpdateSecretParams {

backend/src/routes/v1/integrationAuth.ts

@@ -156,12 +156,20 @@ router.get(
   integrationAuthController.getIntegrationAuthTeamCityBuildConfigs
 );
 
+router.delete(
+  "/",
+  requireAuth({
+    acceptedAuthModes: [AuthMode.JWT]
+  }),
+  integrationAuthController.deleteIntegrationAuths
+);
+
 router.delete(
   "/:integrationAuthId",
   requireAuth({
     acceptedAuthModes: [AuthMode.JWT]
   }),
-  integrationAuthController.deleteIntegrationAuth
+  integrationAuthController.deleteIntegrationAuthById
 );
 
 export default router;

backend/src/services/SecretImportService.ts

@@ -1,5 +1,6 @@
 import { Types } from "mongoose";
 import { generateSecretBlindIndexHelper } from "../helpers";
+import { SecretVersion } from "../ee/models";
 import { Folder, ISecret, Secret, SecretImport } from "../models";
 import { getFolderByPath } from "./FolderService";
 
@@ -9,7 +10,8 @@ export const getAnImportedSecret = async (
   secretName: string,
   workspaceId: string,
   environment: string,
-  folderId = "root"
+  folderId = "root",
+  version?: number
 ) => {
   const secretBlindIndex = await generateSecretBlindIndexHelper({
     secretName,
@@ -48,10 +50,26 @@ export const getAnImportedSecret = async (
   });
   if (importedSecByFid.length === 0) return;
 
-  const secret = await Secret.findOne({
-    workspace: workspaceId,
-    secretBlindIndex
-  }).or(importedSecByFid.map(({ environment, folderId }) => ({ environment, folder: folderId }))).lean()
+  let secret;
+  if (version === undefined) {
+    secret = await Secret.findOne({
+      workspace: workspaceId,
+      secretBlindIndex
+    }).or(importedSecByFid.map(({ environment, folderId }) => ({ environment, folder: folderId }))).lean()
+  } else {
+    const secretVersion = await SecretVersion.findOne({
+      workspace: workspaceId,
+      secretBlindIndex,
+      version
+    }).or(importedSecByFid.map(({ environment, folderId }) => ({ environment, folder: folderId }))).lean();
+    
+    if (secretVersion) {
+      secret = await new Secret({
+        ...secretVersion,
+        _id: secretVersion.secret,
+      });
+    }
+  }
 
   return secret;
 };

backend/src/validation/auth.ts

@@ -108,14 +108,14 @@ export const AddUniversalAuthToIdentityV1 = z.object({
       })
       .array()
       .min(1)
-      .default([{ ipAddress: "0.0.0.0/0" }]),
+      .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]),
     accessTokenTrustedIps: z
       .object({
         ipAddress: z.string().trim(),
       })
       .array()
       .min(1)
-      .default([{ ipAddress: "0.0.0.0/0" }]),
+      .default([{ ipAddress: "0.0.0.0/0" }, { ipAddress: "::/0" }]),
     accessTokenTTL: z.number().int().min(1).refine(value => value !== 0, {
       message: "accessTokenTTL must have a non zero number",
     }).default(2592000),

backend/src/validation/integrationAuth.ts

@@ -192,6 +192,13 @@ export const GetIntegrationAuthNorthflankSecretGroupsV1 = z.object({
   })
 });
 
+export const DeleteIntegrationAuthsV1 = z.object({
+  query: z.object({
+    integration: z.string().trim(),
+    workspaceId: z.string().trim()
+  })
+});
+
 export const DeleteIntegrationAuthV1 = z.object({
   params: z.object({
     integrationAuthId: z.string().trim()

backend/src/validation/secrets.ts

@@ -246,7 +246,15 @@ export const GetSecretByNameRawV3 = z.object({
     include_imports: z
       .enum(["true", "false"])
       .default("true")
-      .transform((value) => value === "true")
+      .transform((value) => value === "true"),
+    version: z
+      .string()
+      .trim()
+      .optional()
+      .transform((value) => value === undefined ? undefined : parseInt(value, 10))
+      .refine((value) => value === undefined || !isNaN(value), {
+        message: "Version must be a number",
+      })
   })
 });
 
@@ -318,7 +326,15 @@ export const GetSecretByNameV3 = z.object({
     include_imports: z
       .enum(["true", "false"])
       .default("true")
-      .transform((value) => value === "true")
+      .transform((value) => value === "true"),
+    version: z
+      .string()
+      .trim()
+      .optional()
+      .transform((value) => value === undefined ? undefined : parseInt(value, 10))
+      .refine((value) => value === undefined || !isNaN(value), {
+        message: "Version must be a number",
+      })
   }),
   params: z.object({
     secretName: z.string().trim()

cli/packages/cmd/agent.go

@@ -5,6 +5,7 @@ package cmd
 
 import (
 	"bytes"
+	"encoding/base64"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -37,7 +38,8 @@ type Config struct {
 }
 
 type InfisicalConfig struct {
-	Address string `yaml:"address"`
+	Address       string `yaml:"address"`
+	ExitAfterAuth bool   `yaml:"exit-after-auth"`
 }
 
 type AuthConfig struct {
@@ -66,8 +68,9 @@ type SinkDetails struct {
 }
 
 type Template struct {
-	SourcePath      string `yaml:"source-path"`
-	DestinationPath string `yaml:"destination-path"`
+	SourcePath            string `yaml:"source-path"`
+	Base64TemplateContent string `yaml:"base64-template-content"`
+	DestinationPath       string `yaml:"destination-path"`
 }
 
 func ReadFile(filePath string) ([]byte, error) {
@@ -107,12 +110,7 @@ func appendAPIEndpoint(address string) string {
 	return address + "/api"
 }
 
-func ParseAgentConfig(filePath string) (*Config, error) {
-	data, err := ioutil.ReadFile(filePath)
-	if err != nil {
-		return nil, err
-	}
-
+func ParseAgentConfig(configFile []byte) (*Config, error) {
 	var rawConfig struct {
 		Infisical InfisicalConfig `yaml:"infisical"`
 		Auth      struct {
@@ -123,7 +121,7 @@ func ParseAgentConfig(filePath string) (*Config, error) {
 		Templates []Template `yaml:"templates"`
 	}
 
-	if err := yaml.Unmarshal(data, &rawConfig); err != nil {
+	if err := yaml.Unmarshal(configFile, &rawConfig); err != nil {
 		return nil, err
 	}
 
@@ -205,6 +203,35 @@ func ProcessTemplate(templatePath string, data interface{}, accessToken string)
 	return &buf, nil
 }
 
+func ProcessBase64Template(encodedTemplate string, data interface{}, accessToken string) (*bytes.Buffer, error) {
+	// custom template function to fetch secrets from Infisical
+	decoded, err := base64.StdEncoding.DecodeString(encodedTemplate)
+	if err != nil {
+		return nil, err
+	}
+
+	templateString := string(decoded)
+
+	secretFunction := secretTemplateFunction(accessToken)
+	funcs := template.FuncMap{
+		"secret": secretFunction,
+	}
+
+	templateName := "base64Template"
+
+	tmpl, err := template.New(templateName).Funcs(funcs).Parse(templateString)
+	if err != nil {
+		return nil, err
+	}
+
+	var buf bytes.Buffer
+	if err := tmpl.Execute(&buf, data); err != nil {
+		return nil, err
+	}
+
+	return &buf, nil
+}
+
 type TokenManager struct {
 	accessToken                    string
 	accessTokenTTL                 time.Duration
@@ -219,10 +246,11 @@ type TokenManager struct {
 	newAccessTokenNotificationChan chan bool
 	removeClientSecretOnRead       bool
 	cachedClientSecret             string
+	exitAfterAuth                  bool
 }
 
-func NewTokenManager(fileDeposits []Sink, templates []Template, clientIdPath string, clientSecretPath string, newAccessTokenNotificationChan chan bool, removeClientSecretOnRead bool) *TokenManager {
-	return &TokenManager{filePaths: fileDeposits, templates: templates, clientIdPath: clientIdPath, clientSecretPath: clientSecretPath, newAccessTokenNotificationChan: newAccessTokenNotificationChan, removeClientSecretOnRead: removeClientSecretOnRead}
+func NewTokenManager(fileDeposits []Sink, templates []Template, clientIdPath string, clientSecretPath string, newAccessTokenNotificationChan chan bool, removeClientSecretOnRead bool, exitAfterAuth bool) *TokenManager {
+	return &TokenManager{filePaths: fileDeposits, templates: templates, clientIdPath: clientIdPath, clientSecretPath: clientSecretPath, newAccessTokenNotificationChan: newAccessTokenNotificationChan, removeClientSecretOnRead: removeClientSecretOnRead, exitAfterAuth: exitAfterAuth}
 }
 
 func (tm *TokenManager) SetToken(token string, accessTokenTTL time.Duration, accessTokenMaxTTL time.Duration) {
@@ -245,18 +273,26 @@ func (tm *TokenManager) GetToken() string {
 
 // Fetches a new access token using client credentials
 func (tm *TokenManager) FetchNewAccessToken() error {
-	clientIDAsByte, err := ReadFile(tm.clientIdPath)
-	if err != nil {
-		return fmt.Errorf("unable to read client id from file path '%s' due to error: %v", tm.clientIdPath, err)
+	clientID := os.Getenv("INFISICAL_UNIVERSAL_AUTH_CLIENT_ID")
+	if clientID == "" {
+		clientIDAsByte, err := ReadFile(tm.clientIdPath)
+		if err != nil {
+			return fmt.Errorf("unable to read client id from file path '%s' due to error: %v", tm.clientIdPath, err)
+		}
+		clientID = string(clientIDAsByte)
 	}
 
-	clientSecretAsByte, err := ReadFile(tm.clientSecretPath)
-	if err != nil {
-		if len(tm.cachedClientSecret) == 0 {
-			return fmt.Errorf("unable to read client secret from file and no cached client secret found: %v", err)
-		} else {
-			clientSecretAsByte = []byte(tm.cachedClientSecret)
+	clientSecret := os.Getenv("INFISICAL_UNIVERSAL_CLIENT_SECRET")
+	if clientSecret == "" {
+		clientSecretAsByte, err := ReadFile(tm.clientSecretPath)
+		if err != nil {
+			if len(tm.cachedClientSecret) == 0 {
+				return fmt.Errorf("unable to read client secret from file and no cached client secret found: %v", err)
+			} else {
+				clientSecretAsByte = []byte(tm.cachedClientSecret)
+			}
 		}
+		clientSecret = string(clientSecretAsByte)
 	}
 
 	// remove client secret after first read
@@ -264,13 +300,10 @@ func (tm *TokenManager) FetchNewAccessToken() error {
 		os.Remove(tm.clientSecretPath)
 	}
 
-	clientId := string(clientIDAsByte)
-	clientSecret := string(clientSecretAsByte)
-
 	// save as cache in memory
 	tm.cachedClientSecret = clientSecret
 
-	err, loginResponse := universalAuthLogin(clientId, clientSecret)
+	err, loginResponse := universalAuthLogin(clientID, clientSecret)
 	if err != nil {
 		return err
 	}
@@ -354,6 +387,11 @@ func (tm *TokenManager) ManageTokenLifecycle() {
 			}
 		}
 
+		if tm.exitAfterAuth {
+			time.Sleep(25 * time.Second)
+			os.Exit(0)
+		}
+
 		if accessTokenRefreshedTime.IsZero() {
 			accessTokenRefreshedTime = tm.accessTokenFetchedTime
 		} else {
@@ -396,7 +434,14 @@ func (tm *TokenManager) FetchSecrets() {
 		token := tm.GetToken()
 		if token != "" {
 			for _, secretTemplate := range tm.templates {
-				processedTemplate, err := ProcessTemplate(secretTemplate.SourcePath, nil, token)
+				var processedTemplate *bytes.Buffer
+				var err error
+				if secretTemplate.SourcePath != "" {
+					processedTemplate, err = ProcessTemplate(secretTemplate.SourcePath, nil, token)
+				} else {
+					processedTemplate, err = ProcessBase64Template(secretTemplate.Base64TemplateContent, nil, token)
+				}
+
 				if err != nil {
 					log.Error().Msgf("template engine: unable to render secrets because %s. Will try again on next cycle", err)
 
@@ -449,12 +494,37 @@ var agentCmd = &cobra.Command{
 			util.HandleError(err, "Unable to parse flag config")
 		}
 
-		if !FileExists(configPath) {
-			log.Error().Msgf("Unable to locate %s. The provided agent config file path is either missing or incorrect", configPath)
+		var agentConfigInBytes []byte
+
+		agentConfigInBase64 := os.Getenv("INFISICAL_AGENT_CONFIG_BASE64")
+
+		if agentConfigInBase64 == "" {
+			data, err := ioutil.ReadFile(configPath)
+			if err != nil {
+				if !FileExists(configPath) {
+					log.Error().Msgf("Unable to locate %s. The provided agent config file path is either missing or incorrect", configPath)
+					return
+				}
+			}
+			agentConfigInBytes = data
+		}
+
+		if agentConfigInBase64 != "" {
+			decodedAgentConfig, err := base64.StdEncoding.DecodeString(agentConfigInBase64)
+			if err != nil {
+				log.Error().Msgf("Unable to decode base64 config file because %v", err)
+				return
+			}
+
+			agentConfigInBytes = decodedAgentConfig
+		}
+
+		if !FileExists(configPath) && agentConfigInBase64 == "" {
+			log.Error().Msgf("No agent config file provided. Please provide a agent config file", configPath)
 			return
 		}
 
-		agentConfig, err := ParseAgentConfig(configPath)
+		agentConfig, err := ParseAgentConfig(agentConfigInBytes)
 		if err != nil {
 			log.Error().Msgf("Unable to prase %s because %v. Please ensure that is follows the Infisical Agent config structure", configPath, err)
 			return
@@ -471,7 +541,7 @@ var agentCmd = &cobra.Command{
 		signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
 
 		filePaths := agentConfig.Sinks
-		tm := NewTokenManager(filePaths, agentConfig.Templates, configUniversalAuthType.ClientIDPath, configUniversalAuthType.ClientSecretPath, tokenRefreshNotifier, configUniversalAuthType.RemoveClientSecretOnRead)
+		tm := NewTokenManager(filePaths, agentConfig.Templates, configUniversalAuthType.ClientIDPath, configUniversalAuthType.ClientSecretPath, tokenRefreshNotifier, configUniversalAuthType.RemoveClientSecretOnRead, agentConfig.Infisical.ExitAfterAuth)
 
 		go tm.ManageTokenLifecycle()
 		go tm.FetchSecrets()

docs/api-reference/endpoints/organizations/workspaces.mdx

@@ -1,10 +1,4 @@
 ---
 title: "Get Projects"
 openapi: "GET /api/v2/organizations/{organizationId}/workspaces"
----
-
-<Warning>
-    This endpoint will be deprecated in the near future in Q1/Q2 2024.
-
-    We recommend switching to using [identities](/documentation/platform/identities/overview).
-</Warning>
+---

docs/contributing/sdk/developing.mdx

@@ -76,7 +76,7 @@ If the command handler fails to validate the input, an error will be returned to
 
 
 <Frame caption="Execution flow diagram for the SDK from the target language to the base SDK. The execution flow is the same for all target languages.">
-  <img height="640" width="520" src="images/sdk-flow.png" />
+  <img height="640" width="520" src="/images/sdk-flow.png" />
 </Frame>
 
 

docs/documentation/platform/project.mdx

@@ -89,6 +89,10 @@ Then:
 - If user A fetches the secret D back, they get the value F.
 - If users B and C fetch the secret D back, they both get the value E.
 
+<Info>
+    Please keep in mind that secret reminders won't work with personal overrides.
+</Info>
+
 ![project override secret](../../images/platform/project/project-secrets-override.png)
 
 ### Drawer

docs/sdks/languages/csharp.mdx

@@ -0,0 +1,391 @@
+---
+title: "C#"
+icon: "C#"
+---
+
+If you're working with C#, the official [Infisical C# SDK](https://github.com/Infisical/sdk/tree/main/languages/csharp) package is the easiest way to fetch and work with secrets for your application.
+
+## Basic Usage
+
+```cs
+using Infisical.Sdk;
+
+namespace Example
+{
+    class Program
+    {
+        static void Main(string[] args)
+        {
+
+            var settings = new ClientSettings
+            {
+                ClientId = "CLIENT_ID",
+                ClientSecret = "CLIENT_SECRET",
+                // SiteUrl = "http://localhost:8080", <-- This line can be omitted if you're using Infisical Cloud.
+            };
+            var infisical = new InfisicalClient(settings);
+
+            var options = new GetSecretOptions
+            {
+                SecretName = "TEST",
+                ProjectId = "PROJECT_ID",
+                Environment = "dev",
+            };
+            var secret = infisical.GetSecret(options);
+
+
+            Console.WriteLine($"The value of secret '{secret.SecretKey}', is: {secret.SecretValue}");
+        }
+    }
+}
+```
+
+This example demonstrates how to use the Infisical C# SDK in a C# application. The application retrieves a secret named `TEST` from the `dev` environment of the `PROJECT_ID` project.
+
+<Warning>
+    We do not recommend hardcoding your [Machine Identity Tokens](/platform/identities/overview). Setting it as an environment variable would be best.
+</Warning>
+
+# Installation
+
+Run `npm` to add `@infisical/sdk` to your project.
+
+```console
+$ dotnet add package Infisical.Sdk
+```
+# Configuration
+
+Import the SDK and create a client instance with your [Machine Identity](/platform/identities/universal-auth).
+
+```cs
+using Infisical.Sdk;
+
+namespace Example
+{
+    class Program
+    {
+        static void Main(string[] args)
+        {
+
+            var settings = new ClientSettings
+            {
+                ClientId = "CLIENT_ID",
+                ClientSecret = "CLIENT_SECRET",
+            };
+
+            var infisical = new InfisicalClient(settings); // <-- Your SDK instance!
+        }
+    }
+}
+```
+
+### ClientSettings methods
+
+<ParamField query="options" type="object">
+    <Expandable title="properties">
+        <ParamField query="ClientId" type="string" optional>
+            Your machine identity client ID.
+        </ParamField>
+          <ParamField query="ClientSecret" type="string" optional>
+            Your machine identity client secret.
+        </ParamField>
+
+         <ParamField query="AccessToken" type="string" optional>
+            An access token obtained from the machine identity login endpoint.
+        </ParamField>
+
+        <ParamField query="CacheTtl" type="number" default="300" optional>
+            Time-to-live (in seconds) for refreshing cached secrets.
+            If manually set to 0, caching will be disabled, this is not recommended.
+        </ParamField>
+
+        <ParamField query="SiteUrl()" type="string" default="https://app.infisical.com" optional>
+            Your self-hosted absolute site URL including the protocol (e.g. `https://app.infisical.com`)
+        </ParamField>
+    </Expandable>
+
+</ParamField>
+
+### Caching
+
+To reduce the number of API requests, the SDK temporarily stores secrets it retrieves. By default, a secret remains cached for 5 minutes after it's first fetched. Each time it's fetched again, this 5-minute timer resets. You can adjust this caching duration by setting the "cacheTTL" option when creating the client.
+
+## Working with Secrets
+
+### client.ListSecrets(options)
+
+```cs
+var options = new ListSecretsOptions
+{
+    ProjectId = "PROJECT_ID",
+    Environment = "dev",
+    Path = "/foo/bar",
+    AttachToProcessEnv = false,
+};
+
+var secrets = infisical.ListSecrets(options);
+```
+
+Retrieve all secrets within the Infisical project and environment that client is connected to
+
+#### Parameters
+
+<ParamField query="Parameters" type="object">
+    <Expandable title="properties">
+        <ParamField query="Environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+
+        <ParamField query="ProjectId" type="string">
+            The project ID where the secret lives in.
+        </ParamField>
+
+         <ParamField query="Path" type="string" optional>
+            The path from where secrets should be fetched from.
+        </ParamField>
+
+        <ParamField query="AttachToProcessEnv" type="boolean" default="false" optional>
+             Whether or not to set the fetched secrets to the process environment. If true, you can access the secrets like so `System.getenv("SECRET_NAME")`.
+        </ParamField>
+
+        <ParamField query="IncludeImports" type="boolean" default="false" optional>
+             Whether or not to include imported secrets from the current path. Read about [secret import](/documentation/platform/secret-reference)
+        </ParamField>
+    </Expandable>
+
+</ParamField>
+
+### client.GetSecret(options)
+
+```cs
+var options = new GetSecretOptions
+    {
+        SecretName = "AAAA",
+        ProjectId = "659c781eb2d4fe3e307b77bd",
+        Environment = "dev",
+    };
+var secret = infisical.GetSecret(options);
+```
+
+Retrieve a secret from Infisical.
+
+By default, `GetSecret()` fetches and returns a shared secret.
+
+#### Parameters
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="SecretName" type="string" required>
+            The key of the secret to retrieve.
+        </ParamField>
+        <ParamField query="ProjectId" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="Environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="Path" type="string" optional>
+            The path from where secret should be fetched from.
+        </ParamField>
+        <ParamField query="Type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+### client.CreateSecret(options)
+
+```cs
+var options = new CreateSecretOptions {
+    Environment = "dev",
+    ProjectId = "PROJECT_ID",
+
+    SecretName = "NEW_SECRET",
+    SecretValue = "NEW_SECRET_VALUE",
+    SecretComment = "This is a new secret",
+};
+
+var newSecret = infisical.CreateSecret(options);
+```
+
+Create a new secret in Infisical.
+
+#### Parameters
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="SecretName" type="string" required>
+            The key of the secret to create.
+        </ParamField>
+        <ParamField query="SecretValue" type="string" required>
+            The value of the secret.
+        </ParamField>
+        <ParamField query="ProjectId" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="Environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="Path" type="string" optional>
+            The path from where secret should be created.
+        </ParamField>
+        <ParamField query="Type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+### client.UpdateSecret(options)
+
+```cs
+var options = new UpdateSecretOptions {
+    Environment = "dev",
+    ProjectId = "PROJECT_ID",
+
+    SecretName = "SECRET_TO_UPDATE",
+    SecretValue = "NEW VALUE"
+};
+
+var updatedSecret = infisical.UpdateSecret(options);
+```
+
+Update an existing secret in Infisical.
+
+#### Parameters
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="SecretName" type="string" required>
+            The key of the secret to update.
+        </ParamField>
+        <ParamField query="SecretValue" type="string" required>
+            The new value of the secret.
+        </ParamField>
+        <ParamField query="ProjectId" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="Environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="Path" type="string" optional>
+            The path from where secret should be updated.
+        </ParamField>
+        <ParamField query="Type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+### client.DeleteSecret(options)
+
+```cs
+var options = new DeleteSecretOptions
+{
+    Environment = "dev",
+    ProjectId = "PROJECT_ID",
+    SecretName = "NEW_SECRET",
+};
+
+var deletedSecret = infisical.DeleteSecret(options);
+```
+
+Delete a secret in Infisical.
+
+#### Parameters
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="SecretName" type="string">
+            The key of the secret to update.
+        </ParamField>
+        <ParamField query="ProjectId" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="Environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="Path" type="string" optional>
+            The path from where secret should be deleted.
+        </ParamField>
+        <ParamField query="Type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+## Cryptography
+
+### Create a symmetric key
+
+Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.
+
+```cs
+var key = infisical.CreateSymmetricKey();
+```
+
+#### Returns (string)
+`key` (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.
+
+### Encrypt symmetric
+```cs
+var options = new EncryptSymmetricOptions
+{
+    Plaintext = "Infisical is awesome!",
+    Key = key,
+};
+
+var encryptedData = infisical.EncryptSymmetric(options);
+```
+
+#### Parameters
+
+<ParamField query="Parameters" type="object" required>
+    <Expandable title="properties">
+        <ParamField query="Plaintext" type="string">
+            The plaintext you want to encrypt.
+        </ParamField>
+        <ParamField query="Key" type="string" required>
+            The symmetric key to use for encryption.
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+#### Returns (object)
+`Tag` (string): A base64-encoded, 128-bit authentication tag.
+`Iv` (string): A base64-encoded, 96-bit initialization vector.
+`CipherText` (string): A base64-encoded, encrypted ciphertext.
+
+### Decrypt symmetric
+```cs
+var decryptOptions = new DecryptSymmetricOptions
+{
+    Key = key,
+    Ciphertext = encryptedData.Ciphertext,
+    Iv = encryptedData.Iv,
+    Tag = encryptedData.Tag,
+};
+
+var decryptedPlaintext = infisical.DecryptSymmetric(decryptOptions);
+```
+
+#### Parameters
+<ParamField query="Parameters" type="object" required>
+    <Expandable title="properties">
+        <ParamField query="Ciphertext" type="string">
+            The ciphertext you want to decrypt.
+        </ParamField>
+        <ParamField query="Key" type="string" required>
+            The symmetric key to use for encryption.
+        </ParamField>
+        <ParamField query="Iv" type="string" required>
+            The initialization vector to use for decryption.
+        </ParamField>
+        <ParamField query="Tag" type="string" required>
+            The authentication tag to use for decryption.
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+#### Returns (string)
+`Plaintext` (string): The decrypted plaintext.
+

docs/sdks/languages/go.mdx

@@ -1,8 +0,0 @@
----
-title: "Go"
-icon: "golang"
----
-
-Coming soon.
-
-Star our GitHub repository to stay updated [cross-language SDK](https://github.com/Infisical/sdk) GitHub repository to stay updated.

docs/sdks/languages/java.mdx

@@ -121,7 +121,7 @@ SecretElement[] secrets = client.listSecrets(options);
 
 Retrieve all secrets within the Infisical project and environment that client is connected to
 
-### Methods
+#### Methods
 
 <ParamField query="Parameters" type="object">
     <Expandable title="properties">
@@ -165,7 +165,7 @@ Retrieve a secret from Infisical.
 
 By default, `getSecret()` fetches and returns a shared secret.
 
-### Methods
+#### Methods
 
 <ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
@@ -203,7 +203,7 @@ CreateSecretResponseSecret newSecret = client.createSecret(createOptions);
 
 Create a new secret in Infisical.
 
-### Methods
+#### Methods
 
 <ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
@@ -245,7 +245,7 @@ UpdateSecretResponseSecret updatedSecret = client.updateSecret(options);
 
 Update an existing secret in Infisical.
 
-### Methods
+#### Methods
 
 <ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
@@ -286,7 +286,7 @@ DeleteSecretResponseSecret deletedSecret = client.deleteSecret(options);
 
 Delete a secret in Infisical.
 
-### Methods
+#### Methods
 
 <ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
@@ -307,3 +307,76 @@ Delete a secret in Infisical.
         </ParamField>
     </Expandable>
 </ParamField>
+
+## Cryptography
+
+### Create a symmetric key
+
+Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.
+
+```java
+String key = client.createSymmetricKey();
+```
+
+#### Returns (string)
+`key` (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.
+
+### Encrypt symmetric
+```java
+EncryptSymmetricOptions options = new EncryptSymmetricOptions();
+options.setKey(key);
+options.setPlaintext("Infisical is awesome!");
+
+EncryptSymmetricResponse encryptedData = client.encryptSymmetric(options);
+```
+
+#### Methods
+
+<ParamField query="Parameters" type="object" required>
+    <Expandable title="properties">
+        <ParamField query="setPlaintext()" type="string">
+            The plaintext you want to encrypt.
+        </ParamField>
+        <ParamField query="setKey()" type="string" required>
+            The symmetric key to use for encryption.
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+#### Returns (object)
+`tag (getTag())` (string): A base64-encoded, 128-bit authentication tag.
+`iv (getIv())` (string): A base64-encoded, 96-bit initialization vector.
+`ciphertext (getCipherText())` (string): A base64-encoded, encrypted ciphertext.
+
+
+### Decrypt symmetric
+```java
+DecryptSymmetricOptions decryptOptions = new DecryptSymmetricOptions();
+decryptOptions.setKey(key);
+decryptOptions.setCiphertext(encryptedData.getCiphertext());
+decryptOptions.setIv(encryptedData.getIv());
+decryptOptions.setTag(encryptedData.getTag());
+
+String decryptedString = client.decryptSymmetric(decryptOptions);
+```
+
+#### Methods
+<ParamField query="Parameters" type="object" required>
+    <Expandable title="properties">
+        <ParamField query="setCiphertext()" type="string">
+            The ciphertext you want to decrypt.
+        </ParamField>
+        <ParamField query="setKey()" type="string" required>
+            The symmetric key to use for encryption.
+        </ParamField>
+        <ParamField query="setIv()" type="string" required>
+            The initialization vector to use for decryption.
+        </ParamField>
+        <ParamField query="setTag()" type="string" required>
+            The authentication tag to use for decryption.
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+#### Returns (string)
+`Plaintext` (string): The decrypted plaintext.

docs/sdks/languages/node.mdx

@@ -84,12 +84,12 @@ Import the SDK and create a client instance with your [Machine Identity](/docume
         clientSecret: "YOUR_CLIENT_SECRET",
         logLevel: LogLevel.Error
     });
-    ````
+    ```
 
   </Tab>
 </Tabs>
 
-### Parameters
+#### Parameters
 
 <ParamField query="options" type="object">
     <Expandable title="properties">
@@ -138,7 +138,7 @@ const secrets = await client.listSecrets({
 
 Retrieve all secrets within the Infisical project and environment that client is connected to
 
-### Parameters
+#### Parameters
 
 <ParamField query="Parameters" type="object">
     <Expandable title="properties">
@@ -180,7 +180,7 @@ Retrieve a secret from Infisical.
 
 By default, `getSecret()` fetches and returns a shared secret.
 
-### Parameters
+#### Parameters
 
 <ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
@@ -255,7 +255,7 @@ const updatedApiKey = await client.updateSecret({
 
 Update an existing secret in Infisical.
 
-### Parameters
+#### Parameters
 
 <ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
@@ -315,3 +315,73 @@ Delete a secret in Infisical.
         </ParamField>
     </Expandable>
 </ParamField>
+
+## Cryptography
+
+### Create a symmetric key
+
+Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.
+
+```js
+const key = client.createSymmetricKey();
+```
+
+#### Returns (string)
+`key` (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.
+
+### Encrypt symmetric
+```js
+const { iv, tag, ciphertext } = await client.encryptSymmetric({
+    key: key,
+    plaintext: "Infisical is awesome!",
+})
+```
+
+#### Parameters
+
+<ParamField query="Parameters" type="object" required>
+    <Expandable title="properties">
+        <ParamField query="plaintext" type="string">
+            The plaintext you want to encrypt.
+        </ParamField>
+        <ParamField query="key" type="string" required>
+            The symmetric key to use for encryption.
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+#### Returns (object)
+`tag` (string): A base64-encoded, 128-bit authentication tag.
+`iv` (string): A base64-encoded, 96-bit initialization vector.
+`ciphertext` (string): A base64-encoded, encrypted ciphertext.
+
+### Decrypt symmetric
+```js
+const decryptedString = await client.decryptSymmetric({
+    key: key,
+    iv: iv,
+    tag: tag,
+    ciphertext: ciphertext,
+});
+```
+
+#### Parameters
+<ParamField query="Parameters" type="object" required>
+    <Expandable title="properties">
+        <ParamField query="ciphertext" type="string">
+            The ciphertext you want to decrypt.
+        </ParamField>
+        <ParamField query="key" type="string" required>
+            The symmetric key to use for encryption.
+        </ParamField>
+        <ParamField query="iv" type="string" required>
+            The initialization vector to use for decryption.
+        </ParamField>
+        <ParamField query="tag" type="string" required>
+            The authentication tag to use for decryption.
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+#### Returns (string)
+`plaintext` (string): The decrypted plaintext.

docs/sdks/languages/php.mdx

@@ -1,8 +0,0 @@
----
-title: "PHP"
-icon: "php"
----
-
-Coming soon.
-
-Star our GitHub repository to stay updated [cross-language SDK](https://github.com/Infisical/sdk) GitHub repository to stay updated.

docs/sdks/languages/python.mdx

@@ -60,7 +60,7 @@ client = InfisicalClient(ClientSettings(
 ))
 ```
 
-### Parameters
+#### Parameters
 
 <ParamField query="options" type="object">
     <Expandable title="properties">
@@ -110,7 +110,7 @@ client.listSecrets(options=ListSecretsOptions(
 
 Retrieve all secrets within the Infisical project and environment that client is connected to
 
-### Parameters
+#### Parameters
 
 <ParamField query="Parameters" type="object">
     <Expandable title="properties">
@@ -149,7 +149,7 @@ value = secret.secret_value # get its value
 
 By default, `getSecret()` fetches and returns a shared secret. If not found, it returns a personal secret.
 
-### Parameters
+#### Parameters
 
 <ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
@@ -187,7 +187,7 @@ api_key = client.createSecret(options=CreateSecretOptions(
 
 Create a new secret in Infisical.
 
-### Parameters
+#### Parameters
 
 <ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
@@ -225,7 +225,7 @@ client.updateSecret(options=UpdateSecretOptions(
 
 Update an existing secret in Infisical.
 
-### Parameters
+#### Parameters
 
 <ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
@@ -262,7 +262,7 @@ client.deleteSecret(options=DeleteSecretOptions(
 
 Delete a secret in Infisical.
 
-### Parameters
+#### Parameters
 
 <ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
@@ -283,3 +283,79 @@ Delete a secret in Infisical.
         </ParamField>
     </Expandable>
 </ParamField>
+
+## Cryptography
+
+### Create a symmetric key
+
+Create a base64-encoded, 256-bit symmetric key to be used for encryption/decryption.
+
+```py
+key = client.createSymmetricKey()
+```
+
+#### Returns (string)
+`key` (string): A base64-encoded, 256-bit symmetric key, that can be used for encryption/decryption purposes.
+
+### Encrypt symmetric
+```py
+encryptOptions = EncryptSymmetricOptions(
+    key=key,
+    plaintext="Infisical is awesome!"
+)
+
+encryptedData = client.encryptSymmetric(encryptOptions)
+```
+
+#### Parameters
+
+<ParamField query="Parameters" type="object" required>
+    <Expandable title="properties">
+        <ParamField query="plaintext" type="string">
+            The plaintext you want to encrypt.
+        </ParamField>
+        <ParamField query="key" type="string" required>
+            The symmetric key to use for encryption.
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+#### Returns (object)
+`tag` (string): A base64-encoded, 128-bit authentication tag.
+`iv` (string): A base64-encoded, 96-bit initialization vector.
+`ciphertext` (string): A base64-encoded, encrypted ciphertext.
+
+### Decrypt symmetric
+```py
+decryptOptions = DecryptSymmetricOptions(
+    ciphertext=encryptedData.ciphertext,
+    iv=encryptedData.iv,
+    tag=encryptedData.tag,
+    key=key
+)
+
+decryptedString = client.decryptSymmetric(decryptOptions)
+
+
+```
+
+#### Parameters
+<ParamField query="Parameters" type="object" required>
+    <Expandable title="properties">
+        <ParamField query="ciphertext" type="string">
+            The ciphertext you want to decrypt.
+        </ParamField>
+        <ParamField query="key" type="string" required>
+            The symmetric key to use for encryption.
+        </ParamField>
+        <ParamField query="iv" type="string" required>
+            The initialization vector to use for decryption.
+        </ParamField>
+        <ParamField query="tag" type="string" required>
+            The authentication tag to use for decryption.
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+#### Returns (string)
+`plaintext` (string): The decrypted plaintext.

docs/sdks/languages/ruby.mdx

@@ -1,8 +0,0 @@
----
-title: "Ruby"
-icon: "gem"
----
-
-Coming soon.
-
-Star our GitHub repository to stay updated [cross-language SDK](https://github.com/Infisical/sdk) GitHub repository to stay updated.

docs/sdks/languages/rust.mdx

@@ -1,8 +0,0 @@
----
-title: "Rust"
-icon: "rust"
----
-
-Coming soon.
-
-Star our GitHub repository to stay updated [cross-language SDK](https://github.com/Infisical/sdk) GitHub repository to stay updated.

docs/sdks/overview.mdx

@@ -18,17 +18,8 @@ From local development to production, Infisical SDKs provide the easiest way for
     <Card href="/sdks/languages/java" title="Java" icon="java" color="#e41f23">
         Manage secrets for your Java application on demand
     </Card>
-    <Card href="/sdks/languages/ruby" title="Ruby" icon="gem" color="#ac0d01">
-        Manage secrets for your Ruby application on demand
-    </Card>
-    <Card href="/sdks/languages/go" title="Golang" icon="golang" color="#00add8">
-        Manage secrets for your Go application on demand
-    </Card>
-    <Card href="/sdks/languages/rust" title="Rust" icon="rust" color="#cd412b">
-        Manage secrets for your Rust application on demand
-    </Card>
-    <Card href="/sdks/languages/php" title="PHP" icon="php" color="#787cb4">
-        Manage secrets for your PHP application on demand
+    <Card href="/sdks/languages/csharp" title="C#" icon="bars" color="#368833">
+        Manage secrets for your C#/.NET application on demand
     </Card>
 </CardGroup>
 

docs/spec.yaml

@@ -3133,6 +3133,7 @@ paths:
                     description: Projects of organization
       security:
         - apiKeyAuth: []
+          bearerAuth: []
   /api/v2/organizations/:
     post:
       description: ''

frontend/src/hooks/api/integrationAuth/index.tsx

@@ -1,6 +1,7 @@
 export {
   useAuthorizeIntegration,
   useDeleteIntegrationAuth,
+  useDeleteIntegrationAuths,
   useGetIntegrationAuthApps,
   useGetIntegrationAuthBitBucketWorkspaces,
   useGetIntegrationAuthById,

frontend/src/hooks/api/integrationAuth/queries.tsx

@@ -297,6 +297,7 @@ const fetchIntegrationAuthRailwayEnvironments = async ({
   integrationAuthId: string;
   appId: string;
 }) => {
+  if (appId === "none") return [];
   const {
     data: { environments }
   } = await apiRequest.get<{ environments: Environment[] }>(
@@ -318,6 +319,7 @@ const fetchIntegrationAuthRailwayServices = async ({
   integrationAuthId: string;
   appId: string;
 }) => {
+  if (appId === "none") return [];
   const {
     data: { services }
   } = await apiRequest.get<{ services: Service[] }>(
@@ -697,7 +699,22 @@ export const useSaveIntegrationAccessToken = () => {
   });
 };
 
-export const useDeleteIntegrationAuth = () => {
+export const useDeleteIntegrationAuths = () => {
+  const queryClient = useQueryClient();
+
+  return useMutation<{}, {}, { integration: string; workspaceId: string }>({
+    mutationFn: ({ integration, workspaceId }) => apiRequest.delete(`/api/v1/integration-auth?${new URLSearchParams({
+      integration,
+      workspaceId
+    })}`),
+    onSuccess: (_, { workspaceId }) => {
+      queryClient.invalidateQueries(workspaceKeys.getWorkspaceAuthorization(workspaceId));
+      queryClient.invalidateQueries(workspaceKeys.getWorkspaceIntegrations(workspaceId));
+    }
+  });
+};
+
+export const useDeleteIntegrationAuth = () => { // not used
   const queryClient = useQueryClient();
 
   return useMutation<{}, {}, { id: string; workspaceId: string }>({

frontend/src/hooks/api/integrations/queries.tsx

@@ -96,6 +96,7 @@ export const useDeleteIntegration = () => {
     mutationFn: ({ id }) => apiRequest.delete(`/api/v1/integration/${id}`),
     onSuccess: (_, { workspaceId }) => {
       queryClient.invalidateQueries(workspaceKeys.getWorkspaceIntegrations(workspaceId));
+      queryClient.invalidateQueries(workspaceKeys.getWorkspaceAuthorization(workspaceId));
     }
   });
 };

frontend/src/hooks/api/workspace/queries.tsx

@@ -126,6 +126,7 @@ const fetchWorkspaceAuthorization = async (workspaceId: string) => {
   const { data } = await apiRequest.get<{ authorizations: IntegrationAuth[] }>(
     `/api/v1/workspace/${workspaceId}/authorizations`
   );
+
   return data.authorizations;
 };
 

frontend/src/pages/integrations/railway/create.tsx

@@ -76,10 +76,15 @@ export default function RailwayCreateIntegrationPage() {
     }
   }, [targetEnvironments]);
 
-  const filteredServices = targetServices?.concat({
-    name: "",
-    serviceId: ""
-  });
+  useEffect(() => {
+    if (targetServices) {
+      if (targetServices.length > 0) {
+        setTargetServiceId(targetServices[0].serviceId);
+      } else {
+        setTargetServiceId("none");
+      }
+    }
+  }, [targetServices]);
 
   const handleButtonClick = async () => {
     try {
@@ -125,7 +130,7 @@ export default function RailwayCreateIntegrationPage() {
     selectedSourceEnvironment &&
     integrationAuthApps &&
     targetEnvironments &&
-    filteredServices ? (
+    targetServices ? (
     <div className="flex h-full w-full items-center justify-center">
       <Card className="max-w-md rounded-md p-8">
         <CardTitle className="text-center">Railway Integration</CardTitle>
@@ -180,6 +185,7 @@ export default function RailwayCreateIntegrationPage() {
             value={targetEnvironmentId}
             onValueChange={(val) => setTargetEnvironmentId(val)}
             className="w-full border border-mineshaft-500"
+            isDisabled={targetEnvironments.length === 0}
           >
             {targetEnvironments.length > 0 ? (
               targetEnvironments.map((targetEnvironment) => (
@@ -202,15 +208,22 @@ export default function RailwayCreateIntegrationPage() {
             value={targetServiceId}
             onValueChange={(val) => setTargetServiceId(val)}
             className="w-full border border-mineshaft-500"
+            isDisabled={targetServices.length === 0}
           >
-            {filteredServices.map((targetService) => (
-              <SelectItem
-                value={targetService.serviceId as string}
-                key={`target-service-${targetService.serviceId as string}`}
-              >
-                {targetService.name}
+            {targetServices.length > 0 ? (
+              targetServices.map((targetService) => (
+                <SelectItem
+                  value={targetService.serviceId as string}
+                  key={`target-service-${targetService.serviceId as string}`}
+                >
+                  {targetService.name}
+                </SelectItem>
+              ))
+            ) : (
+              <SelectItem value="none" key="target-service-none">
+                No services found
               </SelectItem>
-            ))}
+            )}
           </Select>
         </FormControl>
         <Button

frontend/src/views/IntegrationsPage/IntegrationsPage.tsx

@@ -1,6 +1,5 @@
 import { useCallback, useEffect } from "react";
 import { useTranslation } from "react-i18next";
-import { useRouter } from "next/router";
 
 import { useNotificationContext } from "@app/components/context/Notifications/NotificationProvider";
 import { Button, Modal, ModalContent } from "@app/components/v2";
@@ -9,7 +8,7 @@ import { withProjectPermission } from "@app/hoc";
 import { usePopUp } from "@app/hooks";
 import {
   useDeleteIntegration,
-  useDeleteIntegrationAuth,
+  useDeleteIntegrationAuths,
   useGetCloudIntegrations,
   useGetUserWsKey,
   useGetWorkspaceAuthorizations,
@@ -24,8 +23,7 @@ import { FrameworkIntegrationSection } from "./components/FrameworkIntegrationSe
 import { IntegrationsSection } from "./components/IntegrationsSection";
 import {
   generateBotKey,
-  redirectForProviderAuth,
-  redirectToIntegrationAppConfigScreen
+  redirectForProviderAuth
 } from "./IntegrationPage.utils";
 
 type Props = {
@@ -36,7 +34,6 @@ export const IntegrationsPage = withProjectPermission(
   ({ frameworkIntegrations }: Props) => {
     const { t } = useTranslation();
     const { createNotification } = useNotificationContext();
-    const router = useRouter();
 
     const { currentWorkspace } = useWorkspace();
     const workspaceId = currentWorkspace?._id || "";
@@ -65,6 +62,7 @@ export const IntegrationsPage = withProjectPermission(
         return groupBy;
       }, [])
     );
+
     // mutation
     const {
       data: integrations,
@@ -78,11 +76,11 @@ export const IntegrationsPage = withProjectPermission(
     const { mutateAsync: updateBotActiveStatus, mutate: updateBotActiveStatusSync } =
       useUpdateBotActiveStatus();
     const { mutateAsync: deleteIntegration } = useDeleteIntegration();
-    const {
-      mutateAsync: deleteIntegrationAuth,
+    const { 
+      mutateAsync: deleteIntegrationAuths,
       isSuccess: isDeleteIntegrationAuthSuccess,
-      reset: resetDeleteIntegrationAuth
-    } = useDeleteIntegrationAuth();
+      reset: resetDeleteIntegrationAuths
+    } = useDeleteIntegrationAuths();
 
     const isIntegrationsAuthorizedEmpty = !Object.keys(integrationAuths || {}).length;
     const isIntegrationsEmpty = !integrations?.length;
@@ -103,7 +101,7 @@ export const IntegrationsPage = withProjectPermission(
             botId: bot._id,
             workspaceId
           });
-        resetDeleteIntegrationAuth();
+        resetDeleteIntegrationAuths();
       }
     }, [
       isIntegrationFetching,
@@ -116,7 +114,7 @@ export const IntegrationsPage = withProjectPermission(
     const handleProviderIntegration = async (provider: string) => {
       const selectedCloudIntegration = cloudIntegrations?.find(({ slug }) => provider === slug);
       if (!selectedCloudIntegration) return;
-
+      
       try {
         if (bot && !bot.isActive) {
           const botKey = generateBotKey(bot.publicKey, latestWsKey!);
@@ -127,14 +125,8 @@ export const IntegrationsPage = withProjectPermission(
             botId: bot._id
           });
         }
-        const integrationAuthForProvider = integrationAuths?.[provider];
-        if (!integrationAuthForProvider) {
-          redirectForProviderAuth(selectedCloudIntegration);
-          return;
-        }
 
-        const url = redirectToIntegrationAppConfigScreen(provider, integrationAuthForProvider._id);
-        router.push(url);
+        redirectForProviderAuth(selectedCloudIntegration);
       } catch (error) {
         console.error(error);
       }
@@ -176,9 +168,10 @@ export const IntegrationsPage = withProjectPermission(
     const handleIntegrationAuthRevoke = async (provider: string, cb?: () => void) => {
       const integrationAuthForProvider = integrationAuths?.[provider];
       if (!integrationAuthForProvider) return;
+
       try {
-        await deleteIntegrationAuth({
-          id: integrationAuthForProvider._id,
+        await deleteIntegrationAuths({
+          integration: provider,
           workspaceId
         });
         if (cb) cb();

frontend/src/views/Org/MembersPage/components/OrgIdentityTab/components/IdentitySection/IdentitySection.tsx

@@ -72,9 +72,9 @@ export const IdentitySection = withPermission(
                     </p>
                     <div className="flex justify-end w-full pr-4">
                         <Link href="https://infisical.com/docs/documentation/platform/identities/overview">
-                            <span className="rounded-md px-4 py-2 w-max text-mineshaft-200 hover:text-white bg-mineshaft-600 border border-mineshaft-500 hover:bg-primary/10 hover:border-primary/40 duration-200 cursor-pointer">
+                            <a target="_blank" rel="noopener noreferrer" className="rounded-md px-4 py-2 w-max text-mineshaft-200 hover:text-white bg-mineshaft-600 border border-mineshaft-500 hover:bg-primary/10 hover:border-primary/40 duration-200 cursor-pointer">
                             Documentation <FontAwesomeIcon icon={faArrowUpRightFromSquare} className="text-xs mb-[0.06rem] ml-1"/>
-                            </span>
+                            </a>
                         </Link> 
                     </div>
                     <OrgPermissionCan

frontend/src/views/Org/MembersPage/components/OrgIdentityTab/components/IdentitySection/IdentityTable.tsx

@@ -98,6 +98,7 @@ export const IdentityTable = ({
                 <THead>
                     <Tr>
                         <Th>Name</Th>
+                        <Th>ID</Th>
                         <Th>Role</Th>
                         <Th>Auth Method</Th>
                         <Th className="w-5" />
@@ -120,6 +121,7 @@ export const IdentityTable = ({
                         return (
                             <Tr className="h-10" key={`identity-${_id}`}>
                                 <Td>{name}</Td>
+                                <Td>{_id}</Td>
                                 <Td>
                                     <OrgPermissionCan
                                         I={OrgPermissionActions.Edit}

frontend/src/views/Org/MembersPage/components/OrgIdentityTab/components/IdentitySection/IdentityUniversalAuthForm.tsx

@@ -91,12 +91,14 @@ export const IdentityUniversalAuthForm = ({
             accessTokenTTL: "2592000",
             accessTokenMaxTTL: "2592000",
             accessTokenNumUsesLimit: "0",
-            clientSecretTrustedIps: [{
-                ipAddress: "0.0.0.0/0"
-            }],
-            accessTokenTrustedIps: [{
-                ipAddress: "0.0.0.0/0"
-            }],
+            clientSecretTrustedIps: [
+                { ipAddress: "0.0.0.0/0" },
+                { ipAddress: "::/0" }
+            ],
+            accessTokenTrustedIps: [
+                { ipAddress: "0.0.0.0/0" },
+                { ipAddress: "::/0" }
+            ],
         }
     });
 
@@ -139,12 +141,14 @@ export const IdentityUniversalAuthForm = ({
                 accessTokenTTL: "2592000",
                 accessTokenMaxTTL: "2592000",
                 accessTokenNumUsesLimit: "0",
-                clientSecretTrustedIps: [{
-                    ipAddress: "0.0.0.0/0"
-                }],
-                accessTokenTrustedIps: [{
-                    ipAddress: "0.0.0.0/0"
-                }]
+                clientSecretTrustedIps: [
+                    { ipAddress: "0.0.0.0/0" },
+                    { ipAddress: "::/0" }
+                ],
+                accessTokenTrustedIps: [
+                    { ipAddress: "0.0.0.0/0" },
+                    { ipAddress: "::/0" }
+                ]
             });
         }
     }, [data]);