Revert "misc: audit log migration + special handing"

2025-03-25 14:05:03 +00:00 · 2024-10-08 15:21:56 +08:00
1219 changed files with 19663 additions and 71479 deletions
--- a/.env.example
+++ b/.env.example
@ -36,22 +36,16 @@ CLIENT_ID_HEROKU=
 CLIENT_ID_VERCEL=
 CLIENT_ID_NETLIFY=
 CLIENT_ID_GITHUB=
-CLIENT_ID_GITHUB_APP=
-CLIENT_SLUG_GITHUB_APP=
 CLIENT_ID_GITLAB=
 CLIENT_ID_BITBUCKET=
 CLIENT_SECRET_HEROKU=
 CLIENT_SECRET_VERCEL=
 CLIENT_SECRET_NETLIFY=
 CLIENT_SECRET_GITHUB=
-CLIENT_SECRET_GITHUB_APP=
 CLIENT_SECRET_GITLAB=
 CLIENT_SECRET_BITBUCKET=
 CLIENT_SLUG_VERCEL=

-CLIENT_PRIVATE_KEY_GITHUB_APP=
-CLIENT_APP_ID_GITHUB_APP=
-
 # Sentry (optional) for monitoring errors
 SENTRY_DSN=

@ -74,17 +68,7 @@ CAPTCHA_SECRET=

 NEXT_PUBLIC_CAPTCHA_SITE_KEY=

-OTEL_TELEMETRY_COLLECTION_ENABLED=false
-OTEL_EXPORT_TYPE=prometheus
-OTEL_EXPORT_OTLP_ENDPOINT=
-OTEL_OTLP_PUSH_INTERVAL=
-
-OTEL_COLLECTOR_BASIC_AUTH_USERNAME=
-OTEL_COLLECTOR_BASIC_AUTH_PASSWORD=
-
 PLAIN_API_KEY=
 PLAIN_WISH_LABEL_IDS=

 SSL_CLIENT_CERTIFICATE_HEADER_KEY=
-
-ENABLE_MSSQL_SECRET_ROTATION_ENCRYPT=true
--- a/.env.migration.example
+++ b/.env.migration.example
@ -1,2 +1 @@
 DB_CONNECTION_URI=
-AUDIT_LOGS_DB_CONNECTION_URI=
--- a/.github/workflows/build-binaries.yml
+++ b/.github/workflows/build-binaries.yml
@ -7,6 +7,7 @@ on:
                description: "Version number"
                required: true
                type: string
+
 defaults:
    run:
        working-directory: ./backend
@ -48,9 +49,9 @@ jobs:
            - name: Package into node binary
              run: |
                  if [ "${{ matrix.os }}" != "linux" ]; then
-                    pkg --no-bytecode --public-packages "*" --public --compress GZip --target ${{ matrix.target }}-${{ matrix.arch }} --output ./binary/infisical-core-${{ matrix.os }}-${{ matrix.arch }} .
+                    pkg --no-bytecode --public-packages "*" --public --target ${{ matrix.target }}-${{ matrix.arch }} --output ./binary/infisical-core-${{ matrix.os }}-${{ matrix.arch }} .
                  else
-                    pkg --no-bytecode --public-packages "*" --public --compress GZip --target ${{ matrix.target }}-${{ matrix.arch }} --output ./binary/infisical-core .
+                    pkg --no-bytecode --public-packages "*" --public --target ${{ matrix.target }}-${{ matrix.arch }} --output ./binary/infisical-core .
                  fi

            # Set up .deb package structure (Debian/Ubuntu only)
@ -82,86 +83,6 @@ jobs:
                  dpkg-deb --build infisical-core
                  mv infisical-core.deb ./binary/infisical-core-${{matrix.arch}}.deb

-            ### RPM
-
-            # Set up .rpm package structure
-            - name: Set up .rpm package structure
-              if: matrix.os == 'linux'
-              run: |
-                  mkdir -p infisical-core-rpm/usr/local/bin
-                  cp ./binary/infisical-core infisical-core-rpm/usr/local/bin/
-                  chmod +x infisical-core-rpm/usr/local/bin/infisical-core
-
-            # Install RPM build tools
-            - name: Install RPM build tools
-              if: matrix.os == 'linux'
-              run: sudo apt-get update && sudo apt-get install -y rpm
-
-            # Create .spec file for RPM
-            - name: Create .spec file for RPM
-              if: matrix.os == 'linux'
-              run: |
-                  cat <<EOF > infisical-core.spec
-
-                  %global _enable_debug_package 0
-                  %global debug_package %{nil}
-                  %global __os_install_post /usr/lib/rpm/brp-compress %{nil}
-
-                  Name:           infisical-core
-                  Version:        ${{ github.event.inputs.version }}
-                  Release:        1%{?dist}
-                  Summary:        Infisical Core standalone executable
-                  License:        Proprietary
-                  URL:            https://app.infisical.com
-
-                  %description
-                  Infisical Core standalone executable (app.infisical.com)
-
-                  %install
-                  mkdir -p %{buildroot}/usr/local/bin
-                  cp %{_sourcedir}/infisical-core %{buildroot}/usr/local/bin/
-
-                  %files
-                  /usr/local/bin/infisical-core
-
-                  %pre
-
-                  %post
-
-                  %preun
-
-                  %postun
-                  EOF
-
-            # Build .rpm file
-            - name: Build .rpm package
-              if: matrix.os == 'linux'
-              run: |
-                  # Create necessary directories
-                  mkdir -p rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
-
-                  # Copy the binary directly to SOURCES
-                  cp ./binary/infisical-core rpmbuild/SOURCES/
-
-                  # Run rpmbuild with verbose output
-                  rpmbuild -vv -bb \
-                    --define "_topdir $(pwd)/rpmbuild" \
-                    --define "_sourcedir $(pwd)/rpmbuild/SOURCES" \
-                    --define "_rpmdir $(pwd)/rpmbuild/RPMS" \
-                    --target ${{ matrix.arch == 'x64' && 'x86_64' || 'aarch64' }} \
-                    infisical-core.spec
-
-                  # Try to find the RPM file
-                  find rpmbuild -name "*.rpm"
-
-                  # Move the RPM file if found
-                  if [ -n "$(find rpmbuild -name '*.rpm')" ]; then
-                    mv $(find rpmbuild -name '*.rpm') ./binary/infisical-core-${{matrix.arch}}.rpm
-                  else
-                    echo "RPM file not found!"
-                    exit 1
-                  fi
-
            - uses: actions/setup-python@v4
              with:
                  python-version: "3.x" # Specify the Python version you need
@ -176,12 +97,6 @@ jobs:
              working-directory: ./backend
              run: cloudsmith push deb --republish --no-wait-for-sync --api-key=${{ secrets.CLOUDSMITH_API_KEY }} infisical/infisical-core/any-distro/any-version ./binary/infisical-core-${{ matrix.arch }}.deb

-            # Publish .rpm file to Cloudsmith (Red Hat-based systems only)
-            - name: Publish .rpm to Cloudsmith
-              if: matrix.os == 'linux'
-              working-directory: ./backend
-              run: cloudsmith push rpm --republish --no-wait-for-sync --api-key=${{ secrets.CLOUDSMITH_API_KEY }} infisical/infisical-core/any-distro/any-version ./binary/infisical-core-${{ matrix.arch }}.rpm
-
            # Publish .exe file to Cloudsmith (Windows only)
            - name: Publish to Cloudsmith (Windows)
              if: matrix.os == 'win'
--- a/.github/workflows/build-staging-and-deploy-aws.yml
+++ b/.github/workflows/build-staging-and-deploy-aws.yml
@ -7,12 +7,12 @@ permissions:

 jobs:
  infisical-tests:
-    name: Integration tests
+    name: Run tests before deployment
    # https://docs.github.com/en/actions/using-workflows/reusing-workflows#overview
    uses: ./.github/workflows/run-backend-tests.yml
    
  infisical-image:
-    name: Build
+    name: Build backend image
    runs-on: ubuntu-latest
    needs: [infisical-tests]
    steps:
@ -104,8 +104,8 @@ jobs:
          cluster: infisical-gamma-stage
          wait-for-service-stability: true

-  production-us:
-    name: US production deploy 
+  production-postgres-deployment:
+    name: Deploy to production
    runs-on: ubuntu-latest
    needs: [gamma-deployment]
    environment:
@ -127,7 +127,6 @@ jobs:
      - name: Change directory to backend and install dependencies
        env:
          DB_CONNECTION_URI: ${{ secrets.DB_CONNECTION_URI }}
-          AUDIT_LOGS_DB_CONNECTION_URI: ${{ secrets.AUDIT_LOGS_DB_CONNECTION_URI }}
        run: |
          cd backend
          npm install
@ -159,54 +158,3 @@ jobs:
          service: infisical-core-platform
          cluster: infisical-core-platform
          wait-for-service-stability: true
-
-  production-eu:
-      name: EU production deploy
-      runs-on: ubuntu-latest
-      needs: [production-us]
-      environment:
-        name: production-eu
-      steps:
-        - uses: twingate/github-action@v1
-          with:
-            service-key: ${{ secrets.TWINGATE_SERVICE_KEY }}
-        - name: Configure AWS Credentials 
-          uses: aws-actions/configure-aws-credentials@v4
-          with:
-            audience: sts.amazonaws.com
-            aws-region: eu-central-1
-            role-to-assume: arn:aws:iam::345594589636:role/gha-make-prod-deployment
-        - name: Checkout code
-          uses: actions/checkout@v2
-        - name: Setup Node.js environment
-          uses: actions/setup-node@v2
-          with:
-            node-version: "20"
-        - name: Change directory to backend and install dependencies
-          env:
-            DB_CONNECTION_URI: ${{ secrets.DB_CONNECTION_URI }}
-          run: |
-            cd backend
-            npm install
-            npm run migration:latest
-        - name: Save commit hashes for tag
-          id: commit
-          uses: pr-mpt/actions-commit-hash@v2
-        - name: Download task definition
-          run: |
-            aws ecs describe-task-definition --task-definition infisical-core-platform --query taskDefinition > task-definition.json
-        - name: Render Amazon ECS task definition
-          id: render-web-container
-          uses: aws-actions/amazon-ecs-render-task-definition@v1
-          with:
-            task-definition: task-definition.json
-            container-name: infisical-core-platform
-            image: infisical/staging_infisical:${{ steps.commit.outputs.short }}
-            environment-variables: "LOG_LEVEL=info"
-        - name: Deploy to Amazon ECS service
-          uses: aws-actions/amazon-ecs-deploy-task-definition@v1
-          with:
-            task-definition: ${{ steps.render-web-container.outputs.task-definition }}
-            service: infisical-core-platform
-            cluster: infisical-core-platform
-            wait-for-service-stability: true
--- a/.github/workflows/release-standalone-docker-img-postgres-offical.yml
+++ b/.github/workflows/release-standalone-docker-img-postgres-offical.yml
@ -1,115 +1,62 @@
 name: Release standalone docker image
 on:
-    push:
-        tags:
-            - "infisical/v*.*.*-postgres"
+  push:
+    tags:
+      - "infisical/v*.*.*-postgres"

 jobs:
-    infisical-tests:
-        name: Run tests before deployment
-        # https://docs.github.com/en/actions/using-workflows/reusing-workflows#overview
-        uses: ./.github/workflows/run-backend-tests.yml
-
-    infisical-standalone:
-        name: Build infisical standalone image postgres
-        runs-on: ubuntu-latest
-        needs: [infisical-tests]
-        steps:
-            - name: Extract version from tag
-              id: extract_version
-              run: echo "::set-output name=version::${GITHUB_REF_NAME#infisical/}"
-            - name: ☁️ Checkout source
-              uses: actions/checkout@v3
-              with:
-                  fetch-depth: 0
-            - name: 📦 Install dependencies to test all dependencies
-              run: npm ci --only-production
-              working-directory: backend
-            - name: version output
-              run: |
-                  echo "Output Value: ${{ steps.version.outputs.major }}"
-                  echo "Output Value: ${{ steps.version.outputs.minor }}"
-                  echo "Output Value: ${{ steps.version.outputs.patch }}"
-                  echo "Output Value: ${{ steps.version.outputs.version }}"
-                  echo "Output Value: ${{ steps.version.outputs.version_type }}"
-                  echo "Output Value: ${{ steps.version.outputs.increment }}"
-            - name: Save commit hashes for tag
-              id: commit
-              uses: pr-mpt/actions-commit-hash@v2
-            - name: 🔧 Set up Docker Buildx
-              uses: docker/setup-buildx-action@v2
-            - name: 🐋 Login to Docker Hub
-              uses: docker/login-action@v2
-              with:
-                  username: ${{ secrets.DOCKERHUB_USERNAME }}
-                  password: ${{ secrets.DOCKERHUB_TOKEN }}
-            - name: Set up Depot CLI
-              uses: depot/setup-action@v1
-            - name: 📦 Build backend and export to Docker
-              uses: depot/build-push-action@v1
-              with:
-                  project: 64mmf0n610
-                  token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-                  push: true
-                  context: .
-                  tags: |
-                      infisical/infisical:latest-postgres
-                      infisical/infisical:${{ steps.commit.outputs.short }}
-                      infisical/infisical:${{ steps.extract_version.outputs.version }}
-                  platforms: linux/amd64,linux/arm64
-                  file: Dockerfile.standalone-infisical
-                  build-args: |
-                      POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
-                      INFISICAL_PLATFORM_VERSION=${{ steps.extract_version.outputs.version }}
-
-    infisical-fips-standalone:
-        name: Build infisical standalone image postgres
-        runs-on: ubuntu-latest
-        needs: [infisical-tests]
-        steps:
-            - name: Extract version from tag
-              id: extract_version
-              run: echo "::set-output name=version::${GITHUB_REF_NAME#infisical/}"
-            - name: ☁️ Checkout source
-              uses: actions/checkout@v3
-              with:
-                  fetch-depth: 0
-            - name: 📦 Install dependencies to test all dependencies
-              run: npm ci --only-production
-              working-directory: backend
-            - name: version output
-              run: |
-                  echo "Output Value: ${{ steps.version.outputs.major }}"
-                  echo "Output Value: ${{ steps.version.outputs.minor }}"
-                  echo "Output Value: ${{ steps.version.outputs.patch }}"
-                  echo "Output Value: ${{ steps.version.outputs.version }}"
-                  echo "Output Value: ${{ steps.version.outputs.version_type }}"
-                  echo "Output Value: ${{ steps.version.outputs.increment }}"
-            - name: Save commit hashes for tag
-              id: commit
-              uses: pr-mpt/actions-commit-hash@v2
-            - name: 🔧 Set up Docker Buildx
-              uses: docker/setup-buildx-action@v2
-            - name: 🐋 Login to Docker Hub
-              uses: docker/login-action@v2
-              with:
-                  username: ${{ secrets.DOCKERHUB_USERNAME }}
-                  password: ${{ secrets.DOCKERHUB_TOKEN }}
-            - name: Set up Depot CLI
-              uses: depot/setup-action@v1
-            - name: 📦 Build backend and export to Docker
-              uses: depot/build-push-action@v1
-              with:
-                  project: 64mmf0n610
-                  token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-                  push: true
-                  context: .
-                  tags: |
-                      infisical/infisical-fips:latest-postgres
-                      infisical/infisical-fips:${{ steps.commit.outputs.short }}
-                      infisical/infisical-fips:${{ steps.extract_version.outputs.version }}
-                  platforms: linux/amd64,linux/arm64
-                  file: Dockerfile.fips.standalone-infisical
-                  build-args: |
-                      POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
-                      INFISICAL_PLATFORM_VERSION=${{ steps.extract_version.outputs.version }}
+  infisical-tests:
+    name: Run tests before deployment
+    # https://docs.github.com/en/actions/using-workflows/reusing-workflows#overview
+    uses: ./.github/workflows/run-backend-tests.yml
+  infisical-standalone:
+    name: Build infisical standalone image postgres
+    runs-on: ubuntu-latest
+    needs: [infisical-tests]
+    steps:
+      - name: Extract version from tag
+        id: extract_version
+        run: echo "::set-output name=version::${GITHUB_REF_NAME#infisical/}"
+      - name: ☁️ Checkout source
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: 📦 Install dependencies to test all dependencies
+        run: npm ci --only-production
+        working-directory: backend
+      - name: version output
+        run: |
+          echo "Output Value: ${{ steps.version.outputs.major }}"
+          echo "Output Value: ${{ steps.version.outputs.minor }}"
+          echo "Output Value: ${{ steps.version.outputs.patch }}"
+          echo "Output Value: ${{ steps.version.outputs.version }}"
+          echo "Output Value: ${{ steps.version.outputs.version_type }}"
+          echo "Output Value: ${{ steps.version.outputs.increment }}"
+      - name: Save commit hashes for tag
+        id: commit
+        uses: pr-mpt/actions-commit-hash@v2
+      - name: 🔧 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: 🐋 Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Set up Depot CLI
+        uses: depot/setup-action@v1
+      - name: 📦 Build backend and export to Docker
+        uses: depot/build-push-action@v1
+        with:
+          project: 64mmf0n610
+          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
+          push: true
+          context: .
+          tags: |
+            infisical/infisical:latest-postgres
+            infisical/infisical:${{ steps.commit.outputs.short }}
+            infisical/infisical:${{ steps.extract_version.outputs.version }}
+          platforms: linux/amd64,linux/arm64
+          file: Dockerfile.standalone-infisical
+          build-args: |
+            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
+            INFISICAL_PLATFORM_VERSION=${{ steps.extract_version.outputs.version }}
--- a/.github/workflows/release_build_infisical_cli.yml
+++ b/.github/workflows/release_build_infisical_cli.yml
@ -10,7 +10,8 @@ on:

 permissions:
    contents: write
-
+    # packages: write
+    # issues: write
 jobs:
    cli-integration-tests:
        name: Run tests before deployment
@ -25,63 +26,6 @@ jobs:
            CLI_TESTS_USER_PASSWORD: ${{ secrets.CLI_TESTS_USER_PASSWORD }}
            CLI_TESTS_INFISICAL_VAULT_FILE_PASSPHRASE: ${{ secrets.CLI_TESTS_INFISICAL_VAULT_FILE_PASSPHRASE }}

-    npm-release:
-        runs-on: ubuntu-20.04
-        env:
-            working-directory: ./npm
-        needs:
-            - cli-integration-tests
-            - goreleaser
-        steps:
-            - uses: actions/checkout@v3
-              with:
-                  fetch-depth: 0
-
-            - name: Extract version
-              run: |
-                  VERSION=$(echo ${{ github.ref_name }} | sed 's/infisical-cli\/v//')
-                  echo "Version extracted: $VERSION"
-                  echo "CLI_VERSION=$VERSION" >> $GITHUB_ENV
-
-            - name: Print version
-              run: echo ${{ env.CLI_VERSION }}
-
-            - name: Setup Node
-              uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
-              with:
-                  node-version: 20
-                  cache: "npm"
-                  cache-dependency-path: ./npm/package-lock.json
-            - name: Install dependencies
-              working-directory: ${{ env.working-directory }}
-              run: npm install --ignore-scripts
-
-            - name: Set NPM version
-              working-directory: ${{ env.working-directory }}
-              run: npm version ${{ env.CLI_VERSION }} --allow-same-version --no-git-tag-version
-
-            - name: Setup NPM
-              working-directory: ${{ env.working-directory }}
-              run: |
-                  echo 'registry="https://registry.npmjs.org/"' > ./.npmrc
-                  echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc
-
-                  echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc
-                  echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
-              env:
-                  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-
-            - name: Pack NPM
-              working-directory: ${{ env.working-directory }}
-              run: npm pack
-
-            - name: Publish NPM
-              working-directory: ${{ env.working-directory }}
-              run: npm publish --tarball=./infisical-sdk-${{github.ref_name}} --access public --registry=https://registry.npmjs.org/
-              env:
-                  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-                  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-
    goreleaser:
        runs-on: ubuntu-20.04
        needs: [cli-integration-tests]
--- a/.gitignore
+++ b/.gitignore
@ -71,5 +71,3 @@ frontend-build
 cli/infisical-merge
 cli/test/infisical-merge
 /backend/binary
-
-/npm/bin
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@ -1,12 +1,6 @@
 #!/usr/bin/env sh
 . "$(dirname -- "$0")/_/husky.sh"

-# Check if infisical is installed
-if ! command -v infisical >/dev/null 2>&1; then
-    echo "\nError: Infisical CLI is not installed. Please install the Infisical CLI before comitting.\n You can refer to the documentation at https://infisical.com/docs/cli/overview\n\n"
-    exit 1
-fi
-
 npx lint-staged

 infisical scan git-changes --staged -v
--- a/.infisicalignore
+++ b/.infisicalignore
@ -6,4 +6,3 @@ frontend/src/views/Project/MembersPage/components/MemberListTab/MemberRoleForm/S
 docs/self-hosting/configuration/envars.mdx:generic-api-key:106
 frontend/src/views/Project/MembersPage/components/MemberListTab/MemberRoleForm/SpecificPrivilegeSection.tsx:generic-api-key:451
 docs/mint.json:generic-api-key:651
-backend/src/ee/services/hsm/hsm-service.ts:generic-api-key:134
--- a/Dockerfile.fips.standalone-infisical
+++ b/Dockerfile.fips.standalone-infisical
@ -1,194 +0,0 @@
-ARG POSTHOG_HOST=https://app.posthog.com
-ARG POSTHOG_API_KEY=posthog-api-key
-ARG INTERCOM_ID=intercom-id
-ARG CAPTCHA_SITE_KEY=captcha-site-key
-
-FROM node:20-slim AS base
-
-FROM base AS frontend-dependencies
-WORKDIR /app
-
-COPY frontend/package.json frontend/package-lock.json frontend/next.config.js ./
-
-# Install dependencies
-RUN npm ci --only-production --ignore-scripts
-
-# Rebuild the source code only when needed
-FROM base AS frontend-builder
-WORKDIR /app
-
-# Copy dependencies
-COPY --from=frontend-dependencies /app/node_modules ./node_modules
-# Copy all files 
-COPY /frontend .
-
-ENV NODE_ENV production
-ENV NEXT_PUBLIC_ENV production
-ARG POSTHOG_HOST
-ENV NEXT_PUBLIC_POSTHOG_HOST $POSTHOG_HOST
-ARG POSTHOG_API_KEY
-ENV NEXT_PUBLIC_POSTHOG_API_KEY $POSTHOG_API_KEY
-ARG INTERCOM_ID
-ENV NEXT_PUBLIC_INTERCOM_ID $INTERCOM_ID
-ARG INFISICAL_PLATFORM_VERSION
-ENV NEXT_PUBLIC_INFISICAL_PLATFORM_VERSION $INFISICAL_PLATFORM_VERSION
-ARG CAPTCHA_SITE_KEY
-ENV NEXT_PUBLIC_CAPTCHA_SITE_KEY $CAPTCHA_SITE_KEY 
-
-# Build
-RUN npm run build
-
-# Production image
-FROM base AS frontend-runner
-WORKDIR /app
-
-RUN groupadd -r -g 1001 nodejs && useradd -r -u 1001 -g nodejs non-root-user
-
-RUN mkdir -p /app/.next/cache/images && chown non-root-user:nodejs /app/.next/cache/images
-VOLUME /app/.next/cache/images
-
-COPY --chown=non-root-user:nodejs --chmod=555 frontend/scripts ./scripts
-COPY --from=frontend-builder /app/public ./public
-RUN chown non-root-user:nodejs ./public/data
-
-COPY --from=frontend-builder --chown=non-root-user:nodejs /app/.next/standalone ./
-COPY --from=frontend-builder --chown=non-root-user:nodejs /app/.next/static ./.next/static
-
-USER non-root-user
-
-ENV NEXT_TELEMETRY_DISABLED 1
-
-##
-## BACKEND
-##
-FROM base AS backend-build
-
-ENV ChrystokiConfigurationPath=/usr/safenet/lunaclient/
-
-RUN groupadd -r -g 1001 nodejs && useradd -r -u 1001 -g nodejs non-root-user
-
-WORKDIR /app
-
-# Required for pkcs11js and ODBC
-RUN apt-get update && apt-get install -y \
-    python3 \
-    make \
-    g++ \
-    unixodbc \
-    unixodbc-dev \
-    freetds-dev \
-    freetds-bin \
-    tdsodbc \
-    && rm -rf /var/lib/apt/lists/*
-
-# Configure ODBC
-RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so\nFileUsage = 1\n" > /etc/odbcinst.ini
-
-COPY backend/package*.json ./
-RUN npm ci --only-production
-
-COPY /backend .
-COPY --chown=non-root-user:nodejs standalone-entrypoint.sh standalone-entrypoint.sh
-RUN npm i -D tsconfig-paths
-RUN npm run build
-
-# Production stage
-FROM base AS backend-runner
-
-ENV ChrystokiConfigurationPath=/usr/safenet/lunaclient/
-
-WORKDIR /app
-
-# Required for pkcs11js and ODBC
-RUN apt-get update && apt-get install -y \
-    python3 \
-    make \
-    g++ \
-    unixodbc \
-    unixodbc-dev \
-    freetds-dev \
-    freetds-bin \
-    tdsodbc \
-    && rm -rf /var/lib/apt/lists/*
-
-# Configure ODBC
-RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so\nFileUsage = 1\n" > /etc/odbcinst.ini
-
-COPY backend/package*.json ./
-RUN npm ci --only-production
-
-COPY --from=backend-build /app .
-
-RUN mkdir frontend-build
-
-# Production stage
-FROM base AS production
-
-# Install necessary packages including ODBC
-RUN apt-get update && apt-get install -y \
-    ca-certificates \
-    curl \
-    git \
-    python3 \
-    make \
-    g++ \
-    unixodbc \
-    unixodbc-dev \
-    freetds-dev \
-    freetds-bin \
-    tdsodbc \
-    && rm -rf /var/lib/apt/lists/*
-
-# Configure ODBC in production
-RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/x86_64-linux-gnu/odbc/libtdsodbc.so\nSetup = /usr/lib/x86_64-linux-gnu/odbc/libtdsS.so\nFileUsage = 1\n" > /etc/odbcinst.ini
-
-# Install Infisical CLI
-RUN curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash \
-    && apt-get update && apt-get install -y infisical=0.31.1 \
-    && rm -rf /var/lib/apt/lists/*
-
-RUN groupadd -r -g 1001 nodejs && useradd -r -u 1001 -g nodejs non-root-user
-
-# Give non-root-user permission to update SSL certs
-RUN chown -R non-root-user /etc/ssl/certs
-RUN chown non-root-user /etc/ssl/certs/ca-certificates.crt
-RUN chmod -R u+rwx /etc/ssl/certs
-RUN chmod u+rw /etc/ssl/certs/ca-certificates.crt
-RUN chown non-root-user /usr/sbin/update-ca-certificates
-RUN chmod u+rx /usr/sbin/update-ca-certificates
-
-## set pre baked keys
-ARG POSTHOG_API_KEY
-ENV NEXT_PUBLIC_POSTHOG_API_KEY=$POSTHOG_API_KEY \
-    BAKED_NEXT_PUBLIC_POSTHOG_API_KEY=$POSTHOG_API_KEY
-ARG INTERCOM_ID=intercom-id
-ENV NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID \
-    BAKED_NEXT_PUBLIC_INTERCOM_ID=$INTERCOM_ID
-ARG CAPTCHA_SITE_KEY
-ENV NEXT_PUBLIC_CAPTCHA_SITE_KEY=$CAPTCHA_SITE_KEY \
-    BAKED_NEXT_PUBLIC_CAPTCHA_SITE_KEY=$CAPTCHA_SITE_KEY
-
-WORKDIR / 
-
-COPY --from=backend-runner /app /backend
-
-COPY --from=frontend-runner /app ./backend/frontend-build
-
-ENV PORT 8080
-ENV HOST=0.0.0.0
-ENV HTTPS_ENABLED false 
-ENV NODE_ENV production
-ENV STANDALONE_BUILD true 
-ENV STANDALONE_MODE true
-ENV ChrystokiConfigurationPath=/usr/safenet/lunaclient/
-
-WORKDIR /backend
-
-ENV TELEMETRY_ENABLED true
-
-EXPOSE 8080
-EXPOSE 443
-
-USER non-root-user
-
-CMD ["./standalone-entrypoint.sh"]
--- a/Dockerfile.standalone-infisical
+++ b/Dockerfile.standalone-infisical
@ -72,17 +72,6 @@ RUN addgroup --system --gid 1001 nodejs \

 WORKDIR /app

-# Install all required dependencies for build
-RUN apk --update add \
-    python3 \
-    make \
-    g++ \
-    unixodbc \
-    freetds \
-    unixodbc-dev \
-    libc-dev \
-    freetds-dev
-
 COPY backend/package*.json ./
 RUN npm ci --only-production

@ -96,20 +85,6 @@ FROM base AS backend-runner

 WORKDIR /app

-# Install all required dependencies for runtime
-RUN apk --update add \
-    python3 \
-    make \
-    g++ \
-    unixodbc \
-    freetds \
-    unixodbc-dev \
-    libc-dev \
-    freetds-dev
-
-# Configure ODBC
-RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/libtdsodbc.so\nSetup = /usr/lib/libtdsodbc.so\nFileUsage = 1\n" > /etc/odbcinst.ini
-
 COPY backend/package*.json ./
 RUN npm ci --only-production

@ -119,32 +94,7 @@ RUN mkdir frontend-build

 # Production stage
 FROM base AS production
-
 RUN apk add --upgrade --no-cache ca-certificates
-RUN apk add --no-cache bash curl && curl -1sLf \
-  'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
-  && apk add infisical=0.31.1 && apk add --no-cache git
-
-WORKDIR /
-
-# Install all required runtime dependencies
-RUN apk --update add \
-    python3 \
-    make \
-    g++ \
-    unixodbc \
-    freetds \
-    unixodbc-dev \
-    libc-dev \
-    freetds-dev \
-    bash \
-    curl \
-    git
-
-# Configure ODBC in production
-RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/libtdsodbc.so\nSetup = /usr/lib/libtdsodbc.so\nFileUsage = 1\n" > /etc/odbcinst.ini
-
-# Setup user permissions
 RUN addgroup --system --gid 1001 nodejs \
  && adduser --system --uid 1001 non-root-user

@ -167,6 +117,7 @@ ARG CAPTCHA_SITE_KEY
 ENV NEXT_PUBLIC_CAPTCHA_SITE_KEY=$CAPTCHA_SITE_KEY \
  BAKED_NEXT_PUBLIC_CAPTCHA_SITE_KEY=$CAPTCHA_SITE_KEY

+WORKDIR / 

 COPY --from=backend-runner /app /backend

@ -188,4 +139,4 @@ EXPOSE 443

 USER non-root-user

-CMD ["./standalone-entrypoint.sh"]
+CMD ["./standalone-entrypoint.sh"]
--- a/4
+++ b/4
@ -10,9 +10,6 @@ up-dev:
 up-dev-ldap:
 	docker compose -f docker-compose.dev.yml --profile ldap up --build

-up-dev-metrics:
-	docker compose -f docker-compose.dev.yml --profile metrics up --build
-
 up-prod:
 	docker-compose -f docker-compose.prod.yml up --build

@ -30,3 +27,4 @@ reviewable-api:
 	npm run type:check

 reviewable: reviewable-ui reviewable-api
+
--- a/README.md
+++ b/README.md
@ -14,6 +14,15 @@
  <a href="https://infisical.com/careers">Hiring (Remote/SF)</a>
 </h4>

+<p align="center">
+  <a href="https://infisical.com/docs/self-hosting/deployment-options/aws-ec2">
+    <img src=".github/images/deploy-to-aws.png" width="137" />
+  </a>
+  <a href="https://infisical.com/docs/self-hosting/deployment-options/digital-ocean-marketplace" alt="Deploy to DigitalOcean">
+     <img width="200" alt="Deploy to DO" src="https://www.deploytodo.com/do-btn-blue.svg"/>
+  </a>
+</p>
+
 <h4 align="center">
  <a href="https://github.com/Infisical/infisical/blob/main/LICENSE">
    <img src="https://img.shields.io/badge/license-MIT-blue.svg" alt="Infisical is released under the MIT license." />
@ -66,7 +75,7 @@ We're on a mission to make security tooling more accessible to everyone, not jus

 ### Key Management (KMS):

- **[Cryptographic Keys](https://infisical.com/docs/documentation/platform/kms)**: Centrally manage keys across projects through a user-friendly interface or via the API.
+- **[Cryptograhic Keys](https://infisical.com/docs/documentation/platform/kms)**: Centrally manage keys across projects through a user-friendly interface or via the API.
 - **[Encrypt and Decrypt Data](https://infisical.com/docs/documentation/platform/kms#guide-to-encrypting-data)**: Use symmetric keys to encrypt and decrypt data.

 ### General Platform:
@ -126,7 +135,9 @@ Lean about Infisical's code scanning feature [here](https://infisical.com/docs/c

 This repo available under the [MIT expat license](https://github.com/Infisical/infisical/blob/main/LICENSE), with the exception of the `ee` directory which will contain premium enterprise features requiring a Infisical license.

-If you are interested in managed Infisical Cloud of self-hosted Enterprise Offering, take a look at [our website](https://infisical.com/) or [book a meeting with us](https://infisical.cal.com/vlad/infisical-demo).
+If you are interested in managed Infisical Cloud of self-hosted Enterprise Offering, take a look at [our website](https://infisical.com/) or [book a meeting with us](https://infisical.cal.com/vlad/infisical-demo):
+
+<a href="[https://infisical.cal.com/vlad/infisical-demo](https://infisical.cal.com/vlad/infisical-demo)"><img alt="Schedule a meeting" src="https://cal.com/book-with-cal-dark.svg" /></a>

 ## Security

@ -152,3 +163,4 @@ Not sure where to get started? You can:
 - [Twitter](https://twitter.com/infisical) for fast news
 - [YouTube](https://www.youtube.com/@infisical_os) for videos on secret management
 - [Blog](https://infisical.com/blog) for secret management insights, articles, tutorials, and updates
+- [Roadmap](https://www.notion.so/infisical/be2d2585a6694e40889b03aef96ea36b?v=5b19a8127d1a4060b54769567a8785fa) for planned features
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@ -3,22 +3,6 @@ FROM node:20-alpine AS build

 WORKDIR /app

-# Required for pkcs11js
-RUN apk --update add \
-        python3 \
-        make \
-        g++ \
-        openssh
-
-# install dependencies for TDS driver (required for SAP ASE dynamic secrets)
-RUN apk add --no-cache \
-    unixodbc \
-    freetds \
-    unixodbc-dev \
-    libc-dev \
-    freetds-dev
-
-
 COPY package*.json ./
 RUN npm ci --only-production

@ -27,28 +11,12 @@ RUN npm run build

 # Production stage
 FROM node:20-alpine
+
 WORKDIR /app

 ENV npm_config_cache /home/node/.npm

 COPY package*.json ./
-
-RUN apk --update add \
-        python3 \
-        make \
-        g++
-
-# install dependencies for TDS driver (required for SAP ASE dynamic secrets)
-RUN apk add --no-cache \
-    unixodbc \
-    freetds \
-    unixodbc-dev \
-    libc-dev \
-    freetds-dev
-
-
-RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/libtdsodbc.so\nSetup = /usr/lib/libtdsodbc.so\nFileUsage = 1\n" > /etc/odbcinst.ini
-
 RUN npm ci --only-production && npm cache clean --force

 COPY --from=build /app .
--- a/backend/Dockerfile.dev
+++ b/backend/Dockerfile.dev
@ -1,57 +1,5 @@
 FROM node:20-alpine

-# ? Setup a test SoftHSM module. In production a real HSM is used.
-
-ARG SOFTHSM2_VERSION=2.5.0
-
-ENV SOFTHSM2_VERSION=${SOFTHSM2_VERSION} \
-    SOFTHSM2_SOURCES=/tmp/softhsm2
-
-# install build dependencies including python3 (required for pkcs11js and partially TDS driver)
-RUN apk --update add \
-        alpine-sdk \
-        autoconf \
-        automake \
-        git \
-        libtool \
-        openssl-dev \
-        python3 \
-        make \
-        g++ \
-        openssh
-
-# install dependencies for TDS driver (required for SAP ASE dynamic secrets)
-RUN apk add --no-cache \
-    unixodbc \
-    freetds \
-    unixodbc-dev \
-    libc-dev \
-    freetds-dev
-
-
-RUN printf "[FreeTDS]\nDescription = FreeTDS Driver\nDriver = /usr/lib/libtdsodbc.so\nSetup = /usr/lib/libtdsodbc.so\nFileUsage = 1\n" > /etc/odbcinst.ini
-
-# build and install SoftHSM2
-
-RUN git clone https://github.com/opendnssec/SoftHSMv2.git ${SOFTHSM2_SOURCES}
-WORKDIR ${SOFTHSM2_SOURCES}
-
-RUN git checkout ${SOFTHSM2_VERSION} -b ${SOFTHSM2_VERSION} \
-    && sh autogen.sh \
-    && ./configure --prefix=/usr/local --disable-gost \
-    && make \
-    && make install
-
-WORKDIR /root
-RUN rm -fr ${SOFTHSM2_SOURCES}
-
-# install pkcs11-tool
-RUN apk --update add opensc
-
-RUN softhsm2-util --init-token --slot 0 --label "auth-app" --pin 1234 --so-pin 0000
-
-# ? App setup
-
 RUN apk add --no-cache bash curl && curl -1sLf \
  'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
  && apk add infisical=0.8.1 && apk add --no-cache git
--- a/backend/e2e-test/mocks/queue.ts
+++ b/backend/e2e-test/mocks/queue.ts
@ -10,22 +10,17 @@ export const mockQueue = (): TQueueServiceFactory => {
    queue: async (name, jobData) => {
      job[name] = jobData;
    },
-    queuePg: async () => {},
-    initialize: async () => {},
    shutdown: async () => undefined,
    stopRepeatableJob: async () => true,
    start: (name, jobFn) => {
      queues[name] = jobFn;
      workers[name] = jobFn;
    },
-    startPg: async () => {},
    listen: (name, event) => {
      events[name] = event;
    },
-    getRepeatableJobs: async () => [],
    clearQueue: async () => {},
    stopJobById: async () => {},
-    stopRepeatableJobByJobId: async () => true,
-    stopRepeatableJobByKey: async () => true
+    stopRepeatableJobByJobId: async () => true
  };
 };
--- a/backend/e2e-test/mocks/smtp.ts
+++ b/backend/e2e-test/mocks/smtp.ts
@ -5,9 +5,6 @@ export const mockSmtpServer = (): TSmtpService => {
  return {
    sendMail: async (data) => {
      storage.push(data);
-    },
-    verify: async () => {
-      return true;
    }
  };
 };
--- a/backend/e2e-test/routes/v1/identity.spec.ts
+++ b/backend/e2e-test/routes/v1/identity.spec.ts
@ -34,7 +34,7 @@ describe("Identity v1", async () => {
  test("Create identity", async () => {
    const newIdentity = await createIdentity("mac1", OrgMembershipRole.Admin);
    expect(newIdentity.name).toBe("mac1");
-    expect(newIdentity.authMethods).toEqual([]);
+    expect(newIdentity.authMethod).toBeNull();

    await deleteIdentity(newIdentity.id);
  });
@ -42,7 +42,7 @@ describe("Identity v1", async () => {
  test("Update identity", async () => {
    const newIdentity = await createIdentity("mac1", OrgMembershipRole.Admin);
    expect(newIdentity.name).toBe("mac1");
-    expect(newIdentity.authMethods).toEqual([]);
+    expect(newIdentity.authMethod).toBeNull();

    const updatedIdentity = await testServer.inject({
      method: "PATCH",
--- a/backend/e2e-test/routes/v1/login.spec.ts
+++ b/backend/e2e-test/routes/v1/login.spec.ts
@ -39,6 +39,8 @@ describe("Login V1 Router", async () => {
    });
    expect(res.statusCode).toBe(200);
    const payload = JSON.parse(res.payload);
+    expect(payload).toHaveProperty("mfaEnabled");
    expect(payload).toHaveProperty("token");
+    expect(payload.mfaEnabled).toBeFalsy();
  });
 });
--- a/backend/e2e-test/routes/v1/secret-replication.spec.ts
+++ b/backend/e2e-test/routes/v1/secret-replication.spec.ts
@ -118,9 +118,9 @@ describe.each([{ secretPath: "/" }, { secretPath: "/deep" }])(
        value: "stage-value"
      });

-      // wait for 10 second for  replication to finish
+      // wait for 5 second for  replication to finish
      await new Promise((resolve) => {
-        setTimeout(resolve, 10000); // time to breathe for db
+        setTimeout(resolve, 5000); // time to breathe for db
      });

      const secret = await getSecretByNameV2({
@ -173,9 +173,9 @@ describe.each([{ secretPath: "/" }, { secretPath: "/deep" }])(
        value: "prod-value"
      });

-      // wait for 10 second for  replication to finish
+      // wait for 5 second for  replication to finish
      await new Promise((resolve) => {
-        setTimeout(resolve, 10000); // time to breathe for db
+        setTimeout(resolve, 5000); // time to breathe for db
      });

      const secret = await getSecretByNameV2({
@ -343,9 +343,9 @@ describe.each([{ path: "/" }, { path: "/deep" }])(
        value: "prod-value"
      });

-      // wait for 10 second for  replication to finish
+      // wait for 5 second for  replication to finish
      await new Promise((resolve) => {
-        setTimeout(resolve, 10000); // time to breathe for db
+        setTimeout(resolve, 5000); // time to breathe for db
      });

      const secret = await getSecretByNameV2({
--- a/backend/e2e-test/routes/v3/secret-recursive.spec.ts
+++ b/backend/e2e-test/routes/v3/secret-recursive.spec.ts
@ -1,86 +0,0 @@
-import { createFolder, deleteFolder } from "e2e-test/testUtils/folders";
-import { createSecretV2, deleteSecretV2, getSecretsV2 } from "e2e-test/testUtils/secrets";
-
-import { seedData1 } from "@app/db/seed-data";
-
-describe("Secret Recursive Testing", async () => {
-  const projectId = seedData1.projectV3.id;
-  const folderAndSecretNames = [
-    { name: "deep1", path: "/", expectedSecretCount: 4 },
-    { name: "deep21", path: "/deep1", expectedSecretCount: 2 },
-    { name: "deep3", path: "/deep1/deep2", expectedSecretCount: 1 },
-    { name: "deep22", path: "/deep2", expectedSecretCount: 1 }
-  ];
-
-  beforeAll(async () => {
-    const rootFolderIds: string[] = [];
-    for (const folder of folderAndSecretNames) {
-      // eslint-disable-next-line no-await-in-loop
-      const createdFolder = await createFolder({
-        authToken: jwtAuthToken,
-        environmentSlug: "prod",
-        workspaceId: projectId,
-        secretPath: folder.path,
-        name: folder.name
-      });
-
-      if (folder.path === "/") {
-        rootFolderIds.push(createdFolder.id);
-      }
-      // eslint-disable-next-line no-await-in-loop
-      await createSecretV2({
-        secretPath: folder.path,
-        authToken: jwtAuthToken,
-        environmentSlug: "prod",
-        workspaceId: projectId,
-        key: folder.name,
-        value: folder.name
-      });
-    }
-
-    return async () => {
-      await Promise.all(
-        rootFolderIds.map((id) =>
-          deleteFolder({
-            authToken: jwtAuthToken,
-            secretPath: "/",
-            id,
-            workspaceId: projectId,
-            environmentSlug: "prod"
-          })
-        )
-      );
-
-      await deleteSecretV2({
-        authToken: jwtAuthToken,
-        secretPath: "/",
-        workspaceId: projectId,
-        environmentSlug: "prod",
-        key: folderAndSecretNames[0].name
-      });
-    };
-  });
-
-  test.each(folderAndSecretNames)("$path recursive secret fetching", async ({ path, expectedSecretCount }) => {
-    const secrets = await getSecretsV2({
-      authToken: jwtAuthToken,
-      secretPath: path,
-      workspaceId: projectId,
-      environmentSlug: "prod",
-      recursive: true
-    });
-
-    expect(secrets.secrets.length).toEqual(expectedSecretCount);
-    expect(secrets.secrets.sort((a, b) => a.secretKey.localeCompare(b.secretKey))).toEqual(
-      folderAndSecretNames
-        .filter((el) => el.path.startsWith(path))
-        .sort((a, b) => a.name.localeCompare(b.name))
-        .map((el) =>
-          expect.objectContaining({
-            secretKey: el.name,
-            secretValue: el.name
-          })
-        )
-    );
-  });
-});
--- a/backend/e2e-test/routes/v3/secret-reference.spec.ts
+++ b/backend/e2e-test/routes/v3/secret-reference.spec.ts
@ -56,10 +56,7 @@ describe("Secret expansion", () => {
      }
    ];

-    for (const secret of secrets) {
-      // eslint-disable-next-line no-await-in-loop
-      await createSecretV2(secret);
-    }
+    await Promise.all(secrets.map((el) => createSecretV2(el)));

    const expandedSecret = await getSecretByNameV2({
      environmentSlug: seedData1.environment.slug,
@ -126,10 +123,7 @@ describe("Secret expansion", () => {
      }
    ];

-    for (const secret of secrets) {
-      // eslint-disable-next-line no-await-in-loop
-      await createSecretV2(secret);
-    }
+    await Promise.all(secrets.map((el) => createSecretV2(el)));

    const expandedSecret = await getSecretByNameV2({
      environmentSlug: seedData1.environment.slug,
@ -196,11 +190,7 @@ describe("Secret expansion", () => {
      }
    ];

-    for (const secret of secrets) {
-      // eslint-disable-next-line no-await-in-loop
-      await createSecretV2(secret);
-    }
-
+    await Promise.all(secrets.map((el) => createSecretV2(el)));
    const secretImportFromProdToDev = await createSecretImport({
      environmentSlug: seedData1.environment.slug,
      workspaceId: projectId,
@ -285,11 +275,7 @@ describe("Secret expansion", () => {
        }
      ];

-      for (const secret of secrets) {
-        // eslint-disable-next-line no-await-in-loop
-        await createSecretV2(secret);
-      }
-
+      await Promise.all(secrets.map((el) => createSecretV2(el)));
      const secretImportFromProdToDev = await createSecretImport({
        environmentSlug: seedData1.environment.slug,
        workspaceId: projectId,
--- a/backend/e2e-test/testUtils/secrets.ts
+++ b/backend/e2e-test/testUtils/secrets.ts
@ -97,7 +97,6 @@ export const getSecretsV2 = async (dto: {
  environmentSlug: string;
  secretPath: string;
  authToken: string;
-  recursive?: boolean;
 }) => {
  const getSecretsResponse = await testServer.inject({
    method: "GET",
@ -110,8 +109,7 @@ export const getSecretsV2 = async (dto: {
      environment: dto.environmentSlug,
      secretPath: dto.secretPath,
      expandSecretReferences: "true",
-      include_imports: "true",
-      recursive: String(dto.recursive || false)
+      include_imports: "true"
    }
  });
  expect(getSecretsResponse.statusCode).toBe(200);
--- a/backend/e2e-test/vitest-environment-knex.ts
+++ b/backend/e2e-test/vitest-environment-knex.ts
@ -16,7 +16,6 @@ import { initDbConnection } from "@app/db";
 import { queueServiceFactory } from "@app/queue";
 import { keyStoreFactory } from "@app/keystore/keystore";
 import { Redis } from "ioredis";
-import { initializeHsmModule } from "@app/ee/services/hsm/hsm-fns";

 dotenv.config({ path: path.join(__dirname, "../../.env.test"), debug: true });
 export default {
@ -53,14 +52,9 @@ export default {
        extension: "ts"
      });
      const smtp = mockSmtpServer();
-      const queue = queueServiceFactory(cfg.REDIS_URL, { dbConnectionUrl: cfg.DB_CONNECTION_URI });
+      const queue = queueServiceFactory(cfg.REDIS_URL);
      const keyStore = keyStoreFactory(cfg.REDIS_URL);
-
-      const hsmModule = initializeHsmModule();
-      hsmModule.initialize();
-
-      const server = await main({ db, smtp, logger, queue, keyStore, hsmModule: hsmModule.getModule(), redis });
-
+      const server = await main({ db, smtp, logger, queue, keyStore });
      // @ts-expect-error type
      globalThis.testServer = server;
      // @ts-expect-error type
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
--- a/backend/package.json
+++ b/backend/package.json
@ -44,23 +44,14 @@
    "test:e2e-watch": "vitest -c vitest.e2e.config.ts --bail=1",
    "test:e2e-coverage": "vitest run --coverage -c vitest.e2e.config.ts",
    "generate:component": "tsx ./scripts/create-backend-file.ts",
-    "generate:schema": "tsx ./scripts/generate-schema-types.ts && eslint --fix --ext ts ./src/db/schemas",
-    "auditlog-migration:latest": "knex --knexfile ./src/db/auditlog-knexfile.ts --client pg migrate:latest",
-    "auditlog-migration:up": "knex --knexfile ./src/db/auditlog-knexfile.ts --client pg migrate:up",
-    "auditlog-migration:down": "knex --knexfile ./src/db/auditlog-knexfile.ts --client pg migrate:down",
-    "auditlog-migration:list": "knex --knexfile ./src/db/auditlog-knexfile.ts --client pg migrate:list",
-    "auditlog-migration:status": "knex --knexfile ./src/db/auditlog-knexfile.ts --client pg migrate:status",
-    "auditlog-migration:unlock": "knex --knexfile ./src/db/auditlog-knexfile.ts migrate:unlock",
-    "auditlog-migration:rollback": "knex --knexfile ./src/db/auditlog-knexfile.ts migrate:rollback",
+    "generate:schema": "tsx ./scripts/generate-schema-types.ts",
    "migration:new": "tsx ./scripts/create-migration.ts",
-    "migration:up": "npm run auditlog-migration:up && knex --knexfile ./src/db/knexfile.ts --client pg migrate:up",
-    "migration:down": "npm run auditlog-migration:down && knex --knexfile ./src/db/knexfile.ts --client pg migrate:down",
-    "migration:list": "npm run auditlog-migration:list && knex --knexfile ./src/db/knexfile.ts --client pg migrate:list",
-    "migration:latest": "npm run auditlog-migration:latest && knex --knexfile ./src/db/knexfile.ts --client pg migrate:latest",
-    "migration:status": "npm run auditlog-migration:status && knex --knexfile ./src/db/knexfile.ts --client pg migrate:status",
-    "migration:rollback": "npm run auditlog-migration:rollback && knex --knexfile ./src/db/knexfile.ts migrate:rollback",
-    "migration:unlock": "npm run auditlog-migration:unlock && knex --knexfile ./src/db/knexfile.ts migrate:unlock",
-    "migrate:org": "tsx ./scripts/migrate-organization.ts",
+    "migration:up": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:up",
+    "migration:down": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:down",
+    "migration:list": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:list",
+    "migration:latest": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:latest",
+    "migration:status": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:status",
+    "migration:rollback": "knex --knexfile ./src/db/knexfile.ts migrate:rollback",
    "seed:new": "tsx ./scripts/create-seed-file.ts",
    "seed": "knex --knexfile ./src/db/knexfile.ts --client pg seed:run",
    "db:reset": "npm run migration:rollback -- --all && npm run migration:latest"
@ -86,7 +77,6 @@
    "@types/passport-google-oauth20": "^2.0.14",
    "@types/pg": "^8.10.9",
    "@types/picomatch": "^2.3.3",
-    "@types/pkcs11js": "^1.0.4",
    "@types/prompt-sync": "^4.2.3",
    "@types/resolve": "^1.20.6",
    "@types/safe-regex": "^1.1.6",
@ -129,34 +119,22 @@
    "@fastify/etag": "^5.1.0",
    "@fastify/formbody": "^7.4.0",
    "@fastify/helmet": "^11.1.1",
-    "@fastify/multipart": "8.3.0",
    "@fastify/passport": "^2.4.0",
    "@fastify/rate-limit": "^9.0.0",
-    "@fastify/request-context": "^5.1.0",
    "@fastify/session": "^10.7.0",
    "@fastify/swagger": "^8.14.0",
    "@fastify/swagger-ui": "^2.1.0",
-    "@google-cloud/kms": "^4.5.0",
    "@node-saml/passport-saml": "^4.0.4",
-    "@octokit/auth-app": "^7.1.1",
    "@octokit/plugin-retry": "^5.0.5",
    "@octokit/rest": "^20.0.2",
    "@octokit/webhooks-types": "^7.3.1",
-    "@octopusdeploy/api-client": "^3.4.1",
-    "@opentelemetry/api": "^1.9.0",
-    "@opentelemetry/auto-instrumentations-node": "^0.53.0",
-    "@opentelemetry/exporter-metrics-otlp-proto": "^0.55.0",
-    "@opentelemetry/exporter-prometheus": "^0.55.0",
-    "@opentelemetry/instrumentation": "^0.55.0",
-    "@opentelemetry/resources": "^1.28.0",
-    "@opentelemetry/sdk-metrics": "^1.28.0",
-    "@opentelemetry/semantic-conventions": "^1.27.0",
    "@peculiar/asn1-schema": "^2.3.8",
    "@peculiar/x509": "^1.12.1",
    "@serdnam/pino-cloudwatch-transport": "^1.0.4",
    "@sindresorhus/slugify": "1.1.0",
    "@slack/oauth": "^3.0.1",
    "@slack/web-api": "^7.3.4",
+    "@team-plain/typescript-sdk": "^4.6.1",
    "@ucast/mongo2js": "^1.3.4",
    "ajv": "^8.12.0",
    "argon2": "^0.31.2",
@ -169,12 +147,11 @@
    "connect-redis": "^7.1.1",
    "cron": "^3.1.7",
    "dotenv": "^16.4.1",
-    "fastify": "^4.28.1",
+    "fastify": "^4.26.0",
    "fastify-plugin": "^4.5.1",
    "google-auth-library": "^9.9.0",
    "googleapis": "^137.1.0",
    "handlebars": "^4.7.8",
-    "hdb": "^0.19.10",
    "ioredis": "^5.3.2",
    "jmespath": "^0.16.0",
    "jsonwebtoken": "^9.0.2",
@ -190,21 +167,17 @@
    "mysql2": "^3.9.8",
    "nanoid": "^3.3.4",
    "nodemailer": "^6.9.9",
-    "odbc": "^2.4.9",
    "openid-client": "^5.6.5",
    "ora": "^7.0.1",
    "oracledb": "^6.4.0",
-    "otplib": "^12.0.1",
    "passport-github": "^1.1.0",
    "passport-gitlab2": "^5.0.0",
    "passport-google-oauth20": "^2.0.0",
    "passport-ldapauth": "^3.0.1",
    "pg": "^8.11.3",
-    "pg-boss": "^10.1.5",
    "pg-query-stream": "^4.5.3",
    "picomatch": "^3.0.1",
    "pino": "^8.16.2",
-    "pkcs11js": "^2.1.6",
    "pkijs": "^3.2.4",
    "posthog-node": "^3.6.2",
    "probot": "^13.3.8",
@ -213,7 +186,6 @@
    "scim2-parse-filter": "^0.2.10",
    "sjcl": "^1.0.8",
    "smee-client": "^2.0.0",
-    "snowflake-sdk": "^1.14.0",
    "tedious": "^18.2.1",
    "tweetnacl": "^1.0.3",
    "tweetnacl-util": "^0.15.1",
--- a/backend/scripts/generate-schema-types.ts
+++ b/backend/scripts/generate-schema-types.ts
@ -90,12 +90,7 @@ const main = async () => {
      .whereRaw("table_schema =  current_schema()")
      .select<{ tableName: string }[]>("table_name as tableName")
      .orderBy("table_name")
-  ).filter(
-    (el) =>
-      !el.tableName.includes("_migrations") &&
-      !el.tableName.includes("audit_logs_") &&
-      el.tableName !== "intermediate_audit_logs"
-  );
+  ).filter((el) => !el.tableName.includes("_migrations"));

  for (let i = 0; i < tables.length; i += 1) {
    const { tableName } = tables[i];
--- a/backend/scripts/migrate-organization.ts
+++ b/backend/scripts/migrate-organization.ts
@ -1,103 +0,0 @@
-/* eslint-disable */
-import promptSync from "prompt-sync";
-import { execSync } from "child_process";
-import path from "path";
-import { existsSync } from "fs";
-
-const prompt = promptSync({
-  sigint: true
-});
-
-const sanitizeInputParam = (value: string) => {
-  // Escape double quotes and wrap the entire value in double quotes
-  if (value) {
-    return `"${value.replace(/"/g, '\\"')}"`;
-  }
-  return '""';
-};
-
-const exportDb = () => {
-  const exportHost = sanitizeInputParam(prompt("Enter your Postgres Host to migrate from: "));
-  const exportPort = sanitizeInputParam(
-    prompt("Enter your Postgres Port to migrate from [Default = 5432]: ") ?? "5432"
-  );
-  const exportUser = sanitizeInputParam(
-    prompt("Enter your Postgres User to migrate from: [Default = infisical]: ") ?? "infisical"
-  );
-  const exportPassword = sanitizeInputParam(prompt("Enter your Postgres Password to migrate from: "));
-  const exportDatabase = sanitizeInputParam(
-    prompt("Enter your Postgres Database to migrate from [Default = infisical]: ") ?? "infisical"
-  );
-
-  // we do not include the audit_log and secret_sharing entries
-  execSync(
-    `PGDATABASE=${exportDatabase} PGPASSWORD=${exportPassword} PGHOST=${exportHost} PGPORT=${exportPort} PGUSER=${exportUser} pg_dump -Fc infisical --exclude-table-data="secret_sharing" --exclude-table-data="audit_log*" > ${path.join(
-      __dirname,
-      "../src/db/backup.dump"
-    )}`,
-    { stdio: "inherit" }
-  );
-};
-
-const importDbForOrg = () => {
-  const importHost = sanitizeInputParam(prompt("Enter your Postgres Host to migrate to: "));
-  const importPort = sanitizeInputParam(prompt("Enter your Postgres Port to migrate to [Default = 5432]: ") ?? "5432");
-  const importUser = sanitizeInputParam(
-    prompt("Enter your Postgres User to migrate to: [Default = infisical]: ") ?? "infisical"
-  );
-  const importPassword = sanitizeInputParam(prompt("Enter your Postgres Password to migrate to: "));
-  const importDatabase = sanitizeInputParam(
-    prompt("Enter your Postgres Database to migrate to [Default = infisical]: ") ?? "infisical"
-  );
-  const orgId = sanitizeInputParam(prompt("Enter the organization ID to migrate: "));
-
-  if (!existsSync(path.join(__dirname, "../src/db/backup.dump"))) {
-    console.log("File not found, please export the database first.");
-    return;
-  }
-
-  execSync(
-    `PGDATABASE=${importDatabase} PGPASSWORD=${importPassword} PGHOST=${importHost} PGPORT=${importPort} PGUSER=${importUser} pg_restore -d ${importDatabase} --verbose ${path.join(
-      __dirname,
-      "../src/db/backup.dump"
-    )}`,
-    { maxBuffer: 1024 * 1024 * 4096 }
-  );
-
-  execSync(
-    `PGDATABASE=${importDatabase} PGPASSWORD=${importPassword} PGHOST=${importHost} PGPORT=${importPort} PGUSER=${importUser} psql -c "DELETE FROM public.organizations WHERE id != '${orgId}'"`
-  );
-
-  // delete global/instance-level resources not relevant to the organization to migrate
-  // users
-  execSync(
-    `PGDATABASE=${importDatabase} PGPASSWORD=${importPassword} PGHOST=${importHost} PGPORT=${importPort} PGUSER=${importUser} psql -c 'DELETE FROM users WHERE users.id NOT IN (SELECT org_memberships."userId" FROM org_memberships)'`
-  );
-
-  // identities
-  execSync(
-    `PGDATABASE=${importDatabase} PGPASSWORD=${importPassword} PGHOST=${importHost} PGPORT=${importPort} PGUSER=${importUser} psql -c 'DELETE FROM identities WHERE id NOT IN (SELECT "identityId" FROM identity_org_memberships)'`
-  );
-
-  // reset slack configuration in superAdmin
-  execSync(
-    `PGDATABASE=${importDatabase} PGPASSWORD=${importPassword} PGHOST=${importHost} PGPORT=${importPort} PGUSER=${importUser} psql -c 'UPDATE super_admin SET "encryptedSlackClientId" = null, "encryptedSlackClientSecret" = null'`
-  );
-
-  console.log("Organization migrated successfully.");
-};
-
-const main = () => {
-  const action = prompt(
-    "Enter the action to perform\n 1. Export from existing instance.\n 2. Import org to instance.\n \n Action: "
-  );
-  if (action === "1") {
-    exportDb();
-  } else if (action === "2") {
-    importDbForOrg();
-  } else {
-    console.log("Invalid action");
-  }
-};
-
-main();
--- a/backend/src/@types/fastify-request-context.d.ts
+++ b/backend/src/@types/fastify-request-context.d.ts
@ -1,7 +0,0 @@
-import "@fastify/request-context";
-
-declare module "@fastify/request-context" {
-  interface RequestContextData {
-    reqId: string;
-  }
-}
--- a/backend/src/@types/fastify-zod.d.ts
+++ b/backend/src/@types/fastify-zod.d.ts
@ -1,6 +1,6 @@
 import { FastifyInstance, RawReplyDefaultExpression, RawRequestDefaultExpression, RawServerDefault } from "fastify";
+import { Logger } from "pino";

-import { CustomLogger } from "@app/lib/logger/logger";
 import { ZodTypeProvider } from "@app/server/plugins/fastify-zod";

 declare global {
@ -8,7 +8,7 @@ declare global {
    RawServerDefault,
    RawRequestDefaultExpression<RawServerDefault>,
    RawReplyDefaultExpression<RawServerDefault>,
-    Readonly<CustomLogger>,
+    Readonly<Logger>,
    ZodTypeProvider
  >;

--- a/backend/src/@types/fastify.d.ts
+++ b/backend/src/@types/fastify.d.ts
@ -1,7 +1,5 @@
 import "fastify";

-import { Redis } from "ioredis";
-
 import { TUsers } from "@app/db/schemas";
 import { TAccessApprovalPolicyServiceFactory } from "@app/ee/services/access-approval-policy/access-approval-policy-service";
 import { TAccessApprovalRequestServiceFactory } from "@app/ee/services/access-approval-request/access-approval-request-service";
@ -15,12 +13,10 @@ import { TDynamicSecretLeaseServiceFactory } from "@app/ee/services/dynamic-secr
 import { TExternalKmsServiceFactory } from "@app/ee/services/external-kms/external-kms-service";
 import { TGroupServiceFactory } from "@app/ee/services/group/group-service";
 import { TIdentityProjectAdditionalPrivilegeServiceFactory } from "@app/ee/services/identity-project-additional-privilege/identity-project-additional-privilege-service";
-import { TIdentityProjectAdditionalPrivilegeV2ServiceFactory } from "@app/ee/services/identity-project-additional-privilege-v2/identity-project-additional-privilege-v2-service";
 import { TLdapConfigServiceFactory } from "@app/ee/services/ldap-config/ldap-config-service";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { TOidcConfigServiceFactory } from "@app/ee/services/oidc/oidc-config-service";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
-import { TProjectTemplateServiceFactory } from "@app/ee/services/project-template/project-template-service";
 import { TProjectUserAdditionalPrivilegeServiceFactory } from "@app/ee/services/project-user-additional-privilege/project-user-additional-privilege-service";
 import { TRateLimitServiceFactory } from "@app/ee/services/rate-limit/rate-limit-service";
 import { RateLimitConfiguration } from "@app/ee/services/rate-limit/rate-limit-types";
@ -31,8 +27,6 @@ import { TSecretApprovalRequestServiceFactory } from "@app/ee/services/secret-ap
 import { TSecretRotationServiceFactory } from "@app/ee/services/secret-rotation/secret-rotation-service";
 import { TSecretScanningServiceFactory } from "@app/ee/services/secret-scanning/secret-scanning-service";
 import { TSecretSnapshotServiceFactory } from "@app/ee/services/secret-snapshot/secret-snapshot-service";
-import { TSshCertificateAuthorityServiceFactory } from "@app/ee/services/ssh/ssh-certificate-authority-service";
-import { TSshCertificateTemplateServiceFactory } from "@app/ee/services/ssh-certificate-template/ssh-certificate-template-service";
 import { TTrustedIpServiceFactory } from "@app/ee/services/trusted-ip/trusted-ip-service";
 import { TAuthMode } from "@app/server/plugins/auth/inject-identity";
 import { TApiKeyServiceFactory } from "@app/services/api-key/api-key-service";
@ -45,16 +39,13 @@ import { TCertificateServiceFactory } from "@app/services/certificate/certificat
 import { TCertificateAuthorityServiceFactory } from "@app/services/certificate-authority/certificate-authority-service";
 import { TCertificateTemplateServiceFactory } from "@app/services/certificate-template/certificate-template-service";
 import { TCmekServiceFactory } from "@app/services/cmek/cmek-service";
-import { TExternalGroupOrgRoleMappingServiceFactory } from "@app/services/external-group-org-role-mapping/external-group-org-role-mapping-service";
 import { TExternalMigrationServiceFactory } from "@app/services/external-migration/external-migration-service";
 import { TGroupProjectServiceFactory } from "@app/services/group-project/group-project-service";
-import { THsmServiceFactory } from "@app/services/hsm/hsm-service";
 import { TIdentityServiceFactory } from "@app/services/identity/identity-service";
 import { TIdentityAccessTokenServiceFactory } from "@app/services/identity-access-token/identity-access-token-service";
 import { TIdentityAwsAuthServiceFactory } from "@app/services/identity-aws-auth/identity-aws-auth-service";
 import { TIdentityAzureAuthServiceFactory } from "@app/services/identity-azure-auth/identity-azure-auth-service";
 import { TIdentityGcpAuthServiceFactory } from "@app/services/identity-gcp-auth/identity-gcp-auth-service";
-import { TIdentityJwtAuthServiceFactory } from "@app/services/identity-jwt-auth/identity-jwt-auth-service";
 import { TIdentityKubernetesAuthServiceFactory } from "@app/services/identity-kubernetes-auth/identity-kubernetes-auth-service";
 import { TIdentityOidcAuthServiceFactory } from "@app/services/identity-oidc-auth/identity-oidc-auth-service";
 import { TIdentityProjectServiceFactory } from "@app/services/identity-project/identity-project-service";
@ -84,7 +75,6 @@ import { TServiceTokenServiceFactory } from "@app/services/service-token/service
 import { TSlackServiceFactory } from "@app/services/slack/slack-service";
 import { TSuperAdminServiceFactory } from "@app/services/super-admin/super-admin-service";
 import { TTelemetryServiceFactory } from "@app/services/telemetry/telemetry-service";
-import { TTotpServiceFactory } from "@app/services/totp/totp-service";
 import { TUserDALFactory } from "@app/services/user/user-dal";
 import { TUserServiceFactory } from "@app/services/user/user-service";
 import { TUserEngagementServiceFactory } from "@app/services/user-engagement/user-engagement-service";
@ -92,10 +82,6 @@ import { TWebhookServiceFactory } from "@app/services/webhook/webhook-service";
 import { TWorkflowIntegrationServiceFactory } from "@app/services/workflow-integration/workflow-integration-service";

 declare module "fastify" {
-  interface Session {
-    callbackPort: string;
-  }
-
  interface FastifyRequest {
    realIp: string;
    // used for mfa session authentication
@ -124,7 +110,6 @@ declare module "fastify" {
  }

  interface FastifyInstance {
-    redis: Redis;
    services: {
      login: TAuthLoginFactory;
      password: TAuthPasswordFactory;
@ -165,7 +150,6 @@ declare module "fastify" {
      identityAwsAuth: TIdentityAwsAuthServiceFactory;
      identityAzureAuth: TIdentityAzureAuthServiceFactory;
      identityOidcAuth: TIdentityOidcAuthServiceFactory;
-      identityJwtAuth: TIdentityJwtAuthServiceFactory;
      accessApprovalPolicy: TAccessApprovalPolicyServiceFactory;
      accessApprovalRequest: TAccessApprovalRequestServiceFactory;
      secretApprovalPolicy: TSecretApprovalPolicyServiceFactory;
@ -179,8 +163,6 @@ declare module "fastify" {
      auditLogStream: TAuditLogStreamServiceFactory;
      certificate: TCertificateServiceFactory;
      certificateTemplate: TCertificateTemplateServiceFactory;
-      sshCertificateAuthority: TSshCertificateAuthorityServiceFactory;
-      sshCertificateTemplate: TSshCertificateTemplateServiceFactory;
      certificateAuthority: TCertificateAuthorityServiceFactory;
      certificateAuthorityCrl: TCertificateAuthorityCrlServiceFactory;
      certificateEst: TCertificateEstServiceFactory;
@ -194,20 +176,15 @@ declare module "fastify" {
      dynamicSecretLease: TDynamicSecretLeaseServiceFactory;
      projectUserAdditionalPrivilege: TProjectUserAdditionalPrivilegeServiceFactory;
      identityProjectAdditionalPrivilege: TIdentityProjectAdditionalPrivilegeServiceFactory;
-      identityProjectAdditionalPrivilegeV2: TIdentityProjectAdditionalPrivilegeV2ServiceFactory;
      secretSharing: TSecretSharingServiceFactory;
      rateLimit: TRateLimitServiceFactory;
      userEngagement: TUserEngagementServiceFactory;
      externalKms: TExternalKmsServiceFactory;
-      hsm: THsmServiceFactory;
      orgAdmin: TOrgAdminServiceFactory;
      slack: TSlackServiceFactory;
      workflowIntegration: TWorkflowIntegrationServiceFactory;
      cmek: TCmekServiceFactory;
      migration: TExternalMigrationServiceFactory;
-      externalGroupOrgRoleMapping: TExternalGroupOrgRoleMappingServiceFactory;
-      projectTemplate: TProjectTemplateServiceFactory;
-      totp: TTotpServiceFactory;
    };
    // this is exclusive use for middlewares in which we need to inject data
    // everywhere else access using service layer
--- a/backend/src/@types/hdb.d.ts
+++ b/backend/src/@types/hdb.d.ts
@ -1,4 +0,0 @@
-declare module "hdb" {
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- Untyped, the function returns `any`.
-  function createClient(options): any;
-}
--- a/backend/src/@types/knex.d.ts
+++ b/backend/src/@types/knex.d.ts
@ -98,9 +98,6 @@ import {
  TIdentityGcpAuths,
  TIdentityGcpAuthsInsert,
  TIdentityGcpAuthsUpdate,
-  TIdentityJwtAuths,
-  TIdentityJwtAuthsInsert,
-  TIdentityJwtAuthsUpdate,
  TIdentityKubernetesAuths,
  TIdentityKubernetesAuthsInsert,
  TIdentityKubernetesAuthsUpdate,
@ -202,13 +199,7 @@ import {
  TProjectSlackConfigs,
  TProjectSlackConfigsInsert,
  TProjectSlackConfigsUpdate,
-  TProjectSplitBackfillIds,
-  TProjectSplitBackfillIdsInsert,
-  TProjectSplitBackfillIdsUpdate,
  TProjectsUpdate,
-  TProjectTemplates,
-  TProjectTemplatesInsert,
-  TProjectTemplatesUpdate,
  TProjectUserAdditionalPrivilege,
  TProjectUserAdditionalPrivilegeInsert,
  TProjectUserAdditionalPrivilegeUpdate,
@ -317,27 +308,9 @@ import {
  TSlackIntegrations,
  TSlackIntegrationsInsert,
  TSlackIntegrationsUpdate,
-  TSshCertificateAuthorities,
-  TSshCertificateAuthoritiesInsert,
-  TSshCertificateAuthoritiesUpdate,
-  TSshCertificateAuthoritySecrets,
-  TSshCertificateAuthoritySecretsInsert,
-  TSshCertificateAuthoritySecretsUpdate,
-  TSshCertificateBodies,
-  TSshCertificateBodiesInsert,
-  TSshCertificateBodiesUpdate,
-  TSshCertificates,
-  TSshCertificatesInsert,
-  TSshCertificatesUpdate,
-  TSshCertificateTemplates,
-  TSshCertificateTemplatesInsert,
-  TSshCertificateTemplatesUpdate,
  TSuperAdmin,
  TSuperAdminInsert,
  TSuperAdminUpdate,
-  TTotpConfigs,
-  TTotpConfigsInsert,
-  TTotpConfigsUpdate,
  TTrustedIps,
  TTrustedIpsInsert,
  TTrustedIpsUpdate,
@ -363,11 +336,6 @@ import {
  TWorkflowIntegrationsInsert,
  TWorkflowIntegrationsUpdate
 } from "@app/db/schemas";
-import {
-  TExternalGroupOrgRoleMappings,
-  TExternalGroupOrgRoleMappingsInsert,
-  TExternalGroupOrgRoleMappingsUpdate
-} from "@app/db/schemas/external-group-org-role-mappings";
 import {
  TSecretV2TagJunction,
  TSecretV2TagJunctionInsert,
@ -393,31 +361,6 @@ declare module "knex/types/tables" {
  interface Tables {
    [TableName.Users]: KnexOriginal.CompositeTableType<TUsers, TUsersInsert, TUsersUpdate>;
    [TableName.Groups]: KnexOriginal.CompositeTableType<TGroups, TGroupsInsert, TGroupsUpdate>;
-    [TableName.SshCertificateAuthority]: KnexOriginal.CompositeTableType<
-      TSshCertificateAuthorities,
-      TSshCertificateAuthoritiesInsert,
-      TSshCertificateAuthoritiesUpdate
-    >;
-    [TableName.SshCertificateAuthoritySecret]: KnexOriginal.CompositeTableType<
-      TSshCertificateAuthoritySecrets,
-      TSshCertificateAuthoritySecretsInsert,
-      TSshCertificateAuthoritySecretsUpdate
-    >;
-    [TableName.SshCertificateTemplate]: KnexOriginal.CompositeTableType<
-      TSshCertificateTemplates,
-      TSshCertificateTemplatesInsert,
-      TSshCertificateTemplatesUpdate
-    >;
-    [TableName.SshCertificate]: KnexOriginal.CompositeTableType<
-      TSshCertificates,
-      TSshCertificatesInsert,
-      TSshCertificatesUpdate
-    >;
-    [TableName.SshCertificateBody]: KnexOriginal.CompositeTableType<
-      TSshCertificateBodies,
-      TSshCertificateBodiesInsert,
-      TSshCertificateBodiesUpdate
-    >;
    [TableName.CertificateAuthority]: KnexOriginal.CompositeTableType<
      TCertificateAuthorities,
      TCertificateAuthoritiesInsert,
@ -636,11 +579,6 @@ declare module "knex/types/tables" {
      TIdentityOidcAuthsInsert,
      TIdentityOidcAuthsUpdate
    >;
-    [TableName.IdentityJwtAuth]: KnexOriginal.CompositeTableType<
-      TIdentityJwtAuths,
-      TIdentityJwtAuthsInsert,
-      TIdentityJwtAuthsUpdate
-    >;
    [TableName.IdentityUaClientSecret]: KnexOriginal.CompositeTableType<
      TIdentityUaClientSecrets,
      TIdentityUaClientSecretsInsert,
@ -870,21 +808,5 @@ declare module "knex/types/tables" {
      TWorkflowIntegrationsInsert,
      TWorkflowIntegrationsUpdate
    >;
-    [TableName.ExternalGroupOrgRoleMapping]: KnexOriginal.CompositeTableType<
-      TExternalGroupOrgRoleMappings,
-      TExternalGroupOrgRoleMappingsInsert,
-      TExternalGroupOrgRoleMappingsUpdate
-    >;
-    [TableName.ProjectTemplates]: KnexOriginal.CompositeTableType<
-      TProjectTemplates,
-      TProjectTemplatesInsert,
-      TProjectTemplatesUpdate
-    >;
-    [TableName.TotpConfig]: KnexOriginal.CompositeTableType<TTotpConfigs, TTotpConfigsInsert, TTotpConfigsUpdate>;
-    [TableName.ProjectSplitBackfillIds]: KnexOriginal.CompositeTableType<
-      TProjectSplitBackfillIds,
-      TProjectSplitBackfillIdsInsert,
-      TProjectSplitBackfillIdsUpdate
-    >;
  }
 }
--- a/backend/src/db/auditlog-knexfile.ts
+++ b/backend/src/db/auditlog-knexfile.ts
@ -1,75 +0,0 @@
-// eslint-disable-next-line
-import "ts-node/register";
-
-import dotenv from "dotenv";
-import type { Knex } from "knex";
-import path from "path";
-
-// Update with your config settings. .
-dotenv.config({
-  path: path.join(__dirname, "../../../.env.migration")
-});
-dotenv.config({
-  path: path.join(__dirname, "../../../.env")
-});
-
-if (!process.env.AUDIT_LOGS_DB_CONNECTION_URI && !process.env.AUDIT_LOGS_DB_HOST) {
-  console.info("Dedicated audit log database not found. No further migrations necessary");
-  process.exit(0);
-}
-
-console.info("Executing migration on audit log database...");
-
-export default {
-  development: {
-    client: "postgres",
-    connection: {
-      connectionString: process.env.AUDIT_LOGS_DB_CONNECTION_URI,
-      host: process.env.AUDIT_LOGS_DB_HOST,
-      port: process.env.AUDIT_LOGS_DB_PORT,
-      user: process.env.AUDIT_LOGS_DB_USER,
-      database: process.env.AUDIT_LOGS_DB_NAME,
-      password: process.env.AUDIT_LOGS_DB_PASSWORD,
-      ssl: process.env.AUDIT_LOGS_DB_ROOT_CERT
-        ? {
-            rejectUnauthorized: true,
-            ca: Buffer.from(process.env.AUDIT_LOGS_DB_ROOT_CERT, "base64").toString("ascii")
-          }
-        : false
-    },
-    pool: {
-      min: 2,
-      max: 10
-    },
-    seeds: {
-      directory: "./seeds"
-    },
-    migrations: {
-      tableName: "infisical_migrations"
-    }
-  },
-  production: {
-    client: "postgres",
-    connection: {
-      connectionString: process.env.AUDIT_LOGS_DB_CONNECTION_URI,
-      host: process.env.AUDIT_LOGS_DB_HOST,
-      port: process.env.AUDIT_LOGS_DB_PORT,
-      user: process.env.AUDIT_LOGS_DB_USER,
-      database: process.env.AUDIT_LOGS_DB_NAME,
-      password: process.env.AUDIT_LOGS_DB_PASSWORD,
-      ssl: process.env.AUDIT_LOGS_DB_ROOT_CERT
-        ? {
-            rejectUnauthorized: true,
-            ca: Buffer.from(process.env.AUDIT_LOGS_DB_ROOT_CERT, "base64").toString("ascii")
-          }
-        : false
-    },
-    pool: {
-      min: 2,
-      max: 10
-    },
-    migrations: {
-      tableName: "infisical_migrations"
-    }
-  }
-} as Knex.Config;
--- a/backend/src/db/index.ts
+++ b/backend/src/db/index.ts
@ -1,2 +1,2 @@
 export type { TDbClient } from "./instance";
-export { initAuditLogDbConnection, initDbConnection } from "./instance";
+export { initDbConnection } from "./instance";
--- a/backend/src/db/instance.ts
+++ b/backend/src/db/instance.ts
@ -70,45 +70,3 @@ export const initDbConnection = ({

  return db;
 };
-
-export const initAuditLogDbConnection = ({
-  dbConnectionUri,
-  dbRootCert
-}: {
-  dbConnectionUri: string;
-  dbRootCert?: string;
-}) => {
-  // akhilmhdh: the default Knex is knex.Knex<any, any[]>. but when assigned with knex({<config>}) the value is knex.Knex<any, unknown[]>
-  // this was causing issue with files like `snapshot-dal` `findRecursivelySnapshots` this i am explicitly putting the any and unknown[]
-  // eslint-disable-next-line
-  const db: Knex<any, unknown[]> = knex({
-    client: "pg",
-    connection: {
-      connectionString: dbConnectionUri,
-      host: process.env.AUDIT_LOGS_DB_HOST,
-      // @ts-expect-error I have no clue why only for the port there is a type error
-      // eslint-disable-next-line
-      port: process.env.AUDIT_LOGS_DB_PORT,
-      user: process.env.AUDIT_LOGS_DB_USER,
-      database: process.env.AUDIT_LOGS_DB_NAME,
-      password: process.env.AUDIT_LOGS_DB_PASSWORD,
-      ssl: dbRootCert
-        ? {
-            rejectUnauthorized: true,
-            ca: Buffer.from(dbRootCert, "base64").toString("ascii")
-          }
-        : false
-    }
-  });
-
-  // we add these overrides so that auditLogDb and the primary DB are interchangeable
-  db.primaryNode = () => {
-    return db;
-  };
-
-  db.replicaNode = () => {
-    return db;
-  };
-
-  return db;
-};
--- a/backend/src/db/manual-migrations/partition-audit-logs.ts
+++ b/backend/src/db/manual-migrations/partition-audit-logs.ts
@ -1,161 +0,0 @@
-import kx, { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-const INTERMEDIATE_AUDIT_LOG_TABLE = "intermediate_audit_logs";
-
-const formatPartitionDate = (date: Date) => {
-  const year = date.getFullYear();
-  const month = String(date.getMonth() + 1).padStart(2, "0");
-  const day = String(date.getDate()).padStart(2, "0");
-
-  return `${year}-${month}-${day}`;
-};
-
-const createAuditLogPartition = async (knex: Knex, startDate: Date, endDate: Date) => {
-  const startDateStr = formatPartitionDate(startDate);
-  const endDateStr = formatPartitionDate(endDate);
-
-  const partitionName = `${TableName.AuditLog}_${startDateStr.replace(/-/g, "")}_${endDateStr.replace(/-/g, "")}`;
-
-  await knex.schema.raw(
-    `CREATE TABLE ${partitionName} PARTITION OF ${TableName.AuditLog} FOR VALUES FROM ('${startDateStr}') TO ('${endDateStr}')`
-  );
-};
-
-const up = async (knex: Knex): Promise<void> => {
-  console.info("Dropping primary key of audit log table...");
-  await knex.schema.alterTable(TableName.AuditLog, (t) => {
-    // remove existing keys
-    t.dropPrimary();
-  });
-
-  // Get all indices of the audit log table and drop them
-  const indexNames: { rows: { indexname: string }[] } = await knex.raw(
-    `
-    SELECT indexname
-    FROM pg_indexes
-    WHERE tablename = '${TableName.AuditLog}'
-  `
-  );
-
-  console.log(
-    "Deleting existing audit log indices:",
-    indexNames.rows.map((e) => e.indexname)
-  );
-
-  for await (const row of indexNames.rows) {
-    await knex.raw(`DROP INDEX IF EXISTS ${row.indexname}`);
-  }
-
-  // renaming audit log to intermediate table
-  console.log("Renaming audit log table to the intermediate name");
-  await knex.schema.renameTable(TableName.AuditLog, INTERMEDIATE_AUDIT_LOG_TABLE);
-
-  if (!(await knex.schema.hasTable(TableName.AuditLog))) {
-    const createTableSql = knex.schema
-      .createTable(TableName.AuditLog, (t) => {
-        t.uuid("id").defaultTo(knex.fn.uuid());
-        t.string("actor").notNullable();
-        t.jsonb("actorMetadata").notNullable();
-        t.string("ipAddress");
-        t.string("eventType").notNullable();
-        t.jsonb("eventMetadata");
-        t.string("userAgent");
-        t.string("userAgentType");
-        t.datetime("expiresAt");
-        t.timestamps(true, true, true);
-        t.uuid("orgId");
-        t.string("projectId");
-        t.string("projectName");
-        t.primary(["id", "createdAt"]);
-      })
-      .toString();
-
-    console.info("Creating partition table...");
-    await knex.schema.raw(`
-        ${createTableSql} PARTITION BY RANGE ("createdAt");
-    `);
-
-    console.log("Adding indices...");
-    await knex.schema.alterTable(TableName.AuditLog, (t) => {
-      t.index(["projectId", "createdAt"]);
-      t.index(["orgId", "createdAt"]);
-      t.index("expiresAt");
-      t.index("orgId");
-      t.index("projectId");
-    });
-
-    console.log("Adding GIN indices...");
-
-    await knex.raw(
-      `CREATE INDEX IF NOT EXISTS "audit_logs_actorMetadata_idx" ON ${TableName.AuditLog} USING gin("actorMetadata" jsonb_path_ops)`
-    );
-    console.log("GIN index for actorMetadata done");
-
-    await knex.raw(
-      `CREATE INDEX IF NOT EXISTS "audit_logs_eventMetadata_idx" ON ${TableName.AuditLog} USING gin("eventMetadata" jsonb_path_ops)`
-    );
-    console.log("GIN index for eventMetadata done");
-
-    // create default partition
-    console.log("Creating default partition...");
-    await knex.schema.raw(`CREATE TABLE ${TableName.AuditLog}_default PARTITION OF ${TableName.AuditLog} DEFAULT`);
-
-    const nextDate = new Date();
-    nextDate.setDate(nextDate.getDate() + 1);
-    const nextDateStr = formatPartitionDate(nextDate);
-
-    console.log("Attaching existing audit log table as a partition...");
-    await knex.schema.raw(`
-    ALTER TABLE ${INTERMEDIATE_AUDIT_LOG_TABLE} ADD CONSTRAINT audit_log_old
-    CHECK ( "createdAt" < DATE '${nextDateStr}' );
-
-    ALTER TABLE ${TableName.AuditLog} ATTACH PARTITION ${INTERMEDIATE_AUDIT_LOG_TABLE}
-    FOR VALUES FROM (MINVALUE) TO ('${nextDateStr}' );
-    `);
-
-    // create partition from now until end of month
-    console.log("Creating audit log partitions ahead of time... next date:", nextDateStr);
-    await createAuditLogPartition(knex, nextDate, new Date(nextDate.getFullYear(), nextDate.getMonth() + 1));
-
-    // create partitions 4 years ahead
-    const partitionMonths = 4 * 12;
-    const partitionPromises: Promise<void>[] = [];
-    for (let x = 1; x <= partitionMonths; x += 1) {
-      partitionPromises.push(
-        createAuditLogPartition(
-          knex,
-          new Date(nextDate.getFullYear(), nextDate.getMonth() + x, 1),
-          new Date(nextDate.getFullYear(), nextDate.getMonth() + (x + 1), 1)
-        )
-      );
-    }
-
-    await Promise.all(partitionPromises);
-    console.log("Partition migration complete");
-  }
-};
-
-export const executeMigration = async (url: string) => {
-  console.log("Executing migration...");
-  const knex = kx({
-    client: "pg",
-    connection: url
-  });
-
-  await knex.transaction(async (tx) => {
-    await up(tx);
-  });
-};
-
-const dbUrl = process.env.AUDIT_LOGS_DB_CONNECTION_URI;
-if (!dbUrl) {
-  console.error("Please provide a DB connection URL to the AUDIT_LOGS_DB_CONNECTION_URI env");
-  process.exit(1);
-}
-
-void executeMigration(dbUrl).then(() => {
-  console.log("Migration: partition-audit-logs DONE");
-  process.exit(0);
-});
--- a/backend/src/db/migrations/20231222172455_integration.ts
+++ b/backend/src/db/migrations/20231222172455_integration.ts
@ -9,7 +9,7 @@ export async function up(knex: Knex): Promise<void> {
      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
      t.string("integration").notNullable();
      t.string("teamId"); // vercel-specific
-      t.string("url"); // for self-hosted
+      t.string("url"); // for self hosted
      t.string("namespace"); // hashicorp specific
      t.string("accountId"); // netlify
      t.text("refreshCiphertext");
@ -36,7 +36,7 @@ export async function up(knex: Knex): Promise<void> {
    await knex.schema.createTable(TableName.Integration, (t) => {
      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
      t.boolean("isActive").notNullable();
-      t.string("url"); // self-hosted
+      t.string("url"); // self hosted
      t.string("app"); // name of app in provider
      t.string("appId");
      t.string("targetEnvironment");
--- a/backend/src/db/migrations/20240802181855_ca-cert-version.ts
+++ b/backend/src/db/migrations/20240802181855_ca-cert-version.ts
@ -64,25 +64,23 @@ export async function up(knex: Knex): Promise<void> {
  }

  if (await knex.schema.hasTable(TableName.Certificate)) {
-    const hasCaCertIdColumn = await knex.schema.hasColumn(TableName.Certificate, "caCertId");
-    if (!hasCaCertIdColumn) {
-      await knex.schema.alterTable(TableName.Certificate, (t) => {
-        t.uuid("caCertId").nullable();
-        t.foreign("caCertId").references("id").inTable(TableName.CertificateAuthorityCert);
-      });
+    await knex.schema.alterTable(TableName.Certificate, (t) => {
+      t.uuid("caCertId").nullable();
+      t.foreign("caCertId").references("id").inTable(TableName.CertificateAuthorityCert);
+    });

-      await knex.raw(`
+    await knex.raw(`
        UPDATE "${TableName.Certificate}" cert
        SET "caCertId" = (
          SELECT caCert.id
          FROM "${TableName.CertificateAuthorityCert}" caCert
          WHERE caCert."caId" = cert."caId"
-        )`);
+        )
+      `);

-      await knex.schema.alterTable(TableName.Certificate, (t) => {
-        t.uuid("caCertId").notNullable().alter();
-      });
-    }
+    await knex.schema.alterTable(TableName.Certificate, (t) => {
+      t.uuid("caCertId").notNullable().alter();
+    });
  }
 }

--- a/backend/src/db/migrations/20240925100349_managed-secret-sharing.ts
+++ b/backend/src/db/migrations/20240925100349_managed-secret-sharing.ts
@ -4,40 +4,27 @@ import { TableName } from "../schemas";

 export async function up(knex: Knex): Promise<void> {
  if (await knex.schema.hasTable(TableName.SecretSharing)) {
-    const hasEncryptedSecret = await knex.schema.hasColumn(TableName.SecretSharing, "encryptedSecret");
-    const hasIdentifier = await knex.schema.hasColumn(TableName.SecretSharing, "identifier");
-
    await knex.schema.alterTable(TableName.SecretSharing, (t) => {
      t.string("iv").nullable().alter();
      t.string("tag").nullable().alter();
      t.string("encryptedValue").nullable().alter();

-      if (!hasEncryptedSecret) {
-        t.binary("encryptedSecret").nullable();
-      }
+      t.binary("encryptedSecret").nullable();
      t.string("hashedHex").nullable().alter();

-      if (!hasIdentifier) {
-        t.string("identifier", 64).nullable();
-        t.unique("identifier");
-        t.index("identifier");
-      }
+      t.string("identifier", 64).nullable();
+      t.unique("identifier");
+      t.index("identifier");
    });
  }
 }

 export async function down(knex: Knex): Promise<void> {
-  const hasEncryptedSecret = await knex.schema.hasColumn(TableName.SecretSharing, "encryptedSecret");
-  const hasIdentifier = await knex.schema.hasColumn(TableName.SecretSharing, "identifier");
  if (await knex.schema.hasTable(TableName.SecretSharing)) {
    await knex.schema.alterTable(TableName.SecretSharing, (t) => {
-      if (hasEncryptedSecret) {
-        t.dropColumn("encryptedSecret");
-      }
+      t.dropColumn("encryptedSecret");

-      if (hasIdentifier) {
-        t.dropColumn("identifier");
-      }
+      t.dropColumn("identifier");
    });
  }
 }
--- a/backend/src/db/migrations/20241003220151_kms-key-cmek-alterations.ts
+++ b/backend/src/db/migrations/20241003220151_kms-key-cmek-alterations.ts
@ -7,18 +7,15 @@ export async function up(knex: Knex): Promise<void> {
  if (await knex.schema.hasTable(TableName.KmsKey)) {
    const hasOrgId = await knex.schema.hasColumn(TableName.KmsKey, "orgId");
    const hasSlug = await knex.schema.hasColumn(TableName.KmsKey, "slug");
-    const hasProjectId = await knex.schema.hasColumn(TableName.KmsKey, "projectId");

    // drop constraint if exists (won't exist if rolled back, see below)
    await dropConstraintIfExists(TableName.KmsKey, "kms_keys_orgid_slug_unique", knex);

    // projectId for CMEK functionality
    await knex.schema.alterTable(TableName.KmsKey, (table) => {
-      if (!hasProjectId) {
-        table.string("projectId").nullable().references("id").inTable(TableName.Project).onDelete("CASCADE");
-      }
+      table.string("projectId").nullable().references("id").inTable(TableName.Project).onDelete("CASCADE");

-      if (hasOrgId && hasSlug) {
+      if (hasOrgId) {
        table.unique(["orgId", "projectId", "slug"]);
      }

@ -33,7 +30,6 @@ export async function down(knex: Knex): Promise<void> {
  if (await knex.schema.hasTable(TableName.KmsKey)) {
    const hasOrgId = await knex.schema.hasColumn(TableName.KmsKey, "orgId");
    const hasName = await knex.schema.hasColumn(TableName.KmsKey, "name");
-    const hasProjectId = await knex.schema.hasColumn(TableName.KmsKey, "projectId");

    // remove projectId for CMEK functionality
    await knex.schema.alterTable(TableName.KmsKey, (table) => {
@ -44,9 +40,7 @@ export async function down(knex: Knex): Promise<void> {
      if (hasOrgId) {
        table.dropUnique(["orgId", "projectId", "slug"]);
      }
-      if (hasProjectId) {
-        table.dropColumn("projectId");
-      }
+      table.dropColumn("projectId");
    });
  }
 }
--- a/backend/src/db/migrations/20241007052025_make-audit-log-independent.ts
+++ b/backend/src/db/migrations/20241007052025_make-audit-log-independent.ts
@ -1,48 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  if (await knex.schema.hasTable(TableName.AuditLog)) {
-    const doesProjectIdExist = await knex.schema.hasColumn(TableName.AuditLog, "projectId");
-    const doesOrgIdExist = await knex.schema.hasColumn(TableName.AuditLog, "orgId");
-    const doesProjectNameExist = await knex.schema.hasColumn(TableName.AuditLog, "projectName");
-
-    await knex.schema.alterTable(TableName.AuditLog, (t) => {
-      if (doesOrgIdExist) {
-        t.dropForeign("orgId");
-      }
-
-      if (doesProjectIdExist) {
-        t.dropForeign("projectId");
-      }
-
-      // add normalized field
-      if (!doesProjectNameExist) {
-        t.string("projectName");
-      }
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const doesProjectIdExist = await knex.schema.hasColumn(TableName.AuditLog, "projectId");
-  const doesOrgIdExist = await knex.schema.hasColumn(TableName.AuditLog, "orgId");
-  const doesProjectNameExist = await knex.schema.hasColumn(TableName.AuditLog, "projectName");
-
-  if (await knex.schema.hasTable(TableName.AuditLog)) {
-    await knex.schema.alterTable(TableName.AuditLog, (t) => {
-      if (doesOrgIdExist) {
-        t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      }
-      if (doesProjectIdExist) {
-        t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-      }
-
-      // remove normalized field
-      if (doesProjectNameExist) {
-        t.dropColumn("projectName");
-      }
-    });
-  }
-}
--- a/backend/src/db/migrations/20241007202149_default-org-membership-roles.ts
+++ b/backend/src/db/migrations/20241007202149_default-org-membership-roles.ts
@ -1,29 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "@app/db/schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  // org default role
-  if (await knex.schema.hasTable(TableName.Organization)) {
-    const hasDefaultRoleCol = await knex.schema.hasColumn(TableName.Organization, "defaultMembershipRole");
-
-    if (!hasDefaultRoleCol) {
-      await knex.schema.alterTable(TableName.Organization, (tb) => {
-        tb.string("defaultMembershipRole").notNullable().defaultTo("member");
-      });
-    }
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  // org default role
-  if (await knex.schema.hasTable(TableName.Organization)) {
-    const hasDefaultRoleCol = await knex.schema.hasColumn(TableName.Organization, "defaultMembershipRole");
-
-    if (hasDefaultRoleCol) {
-      await knex.schema.alterTable(TableName.Organization, (tb) => {
-        tb.dropColumn("defaultMembershipRole");
-      });
-    }
-  }
-}
--- a/backend/src/db/migrations/20241008172622_project-permission-split.ts
+++ b/backend/src/db/migrations/20241008172622_project-permission-split.ts
@ -1,101 +0,0 @@
-/* eslint-disable no-await-in-loop */
-import { packRules, unpackRules } from "@casl/ability/extra";
-import { Knex } from "knex";
-
-import {
-  backfillPermissionV1SchemaToV2Schema,
-  ProjectPermissionSub
-} from "@app/ee/services/permission/project-permission";
-
-import { TableName } from "../schemas";
-
-const CHUNK_SIZE = 1000;
-export async function up(knex: Knex): Promise<void> {
-  const hasVersion = await knex.schema.hasColumn(TableName.ProjectRoles, "version");
-  if (!hasVersion) {
-    await knex.schema.alterTable(TableName.ProjectRoles, (t) => {
-      t.integer("version").defaultTo(1).notNullable();
-    });
-
-    const docs = await knex(TableName.ProjectRoles).select("*");
-    const updatedDocs = docs
-      .filter((i) => {
-        const permissionString = JSON.stringify(i.permissions || []);
-        return (
-          !permissionString.includes(ProjectPermissionSub.SecretImports) &&
-          !permissionString.includes(ProjectPermissionSub.DynamicSecrets)
-        );
-      })
-      .map((el) => ({
-        ...el,
-        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-        // @ts-ignore-error this is valid ts
-        permissions: JSON.stringify(packRules(backfillPermissionV1SchemaToV2Schema(unpackRules(el.permissions), true)))
-      }));
-    if (updatedDocs.length) {
-      for (let i = 0; i < updatedDocs.length; i += CHUNK_SIZE) {
-        const chunk = updatedDocs.slice(i, i + CHUNK_SIZE);
-        await knex(TableName.ProjectRoles).insert(chunk).onConflict("id").merge();
-      }
-    }
-
-    // secret permission is split into multiple ones like secrets, folders, imports and dynamic-secrets
-    // so we just find all the privileges with respective mapping and map it as needed
-    const identityPrivileges = await knex(TableName.IdentityProjectAdditionalPrivilege).select("*");
-    const updatedIdentityPrivilegesDocs = identityPrivileges
-      .filter((i) => {
-        const permissionString = JSON.stringify(i.permissions || []);
-        return (
-          !permissionString.includes(ProjectPermissionSub.SecretImports) &&
-          !permissionString.includes(ProjectPermissionSub.DynamicSecrets) &&
-          !permissionString.includes(ProjectPermissionSub.SecretFolders)
-        );
-      })
-      .map((el) => ({
-        ...el,
-        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-        // @ts-ignore-error this is valid ts
-        permissions: JSON.stringify(packRules(backfillPermissionV1SchemaToV2Schema(unpackRules(el.permissions))))
-      }));
-    if (updatedIdentityPrivilegesDocs.length) {
-      for (let i = 0; i < updatedIdentityPrivilegesDocs.length; i += CHUNK_SIZE) {
-        const chunk = updatedIdentityPrivilegesDocs.slice(i, i + CHUNK_SIZE);
-        await knex(TableName.IdentityProjectAdditionalPrivilege).insert(chunk).onConflict("id").merge();
-      }
-    }
-
-    const userPrivileges = await knex(TableName.ProjectUserAdditionalPrivilege).select("*");
-    const updatedUserPrivilegeDocs = userPrivileges
-      .filter((i) => {
-        const permissionString = JSON.stringify(i.permissions || []);
-        return (
-          !permissionString.includes(ProjectPermissionSub.SecretImports) &&
-          !permissionString.includes(ProjectPermissionSub.DynamicSecrets) &&
-          !permissionString.includes(ProjectPermissionSub.SecretFolders)
-        );
-      })
-      .map((el) => ({
-        ...el,
-        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-        // @ts-ignore-error this is valid ts
-        permissions: JSON.stringify(packRules(backfillPermissionV1SchemaToV2Schema(unpackRules(el.permissions))))
-      }));
-    if (docs.length) {
-      for (let i = 0; i < updatedUserPrivilegeDocs.length; i += CHUNK_SIZE) {
-        const chunk = updatedUserPrivilegeDocs.slice(i, i + CHUNK_SIZE);
-        await knex(TableName.ProjectUserAdditionalPrivilege).insert(chunk).onConflict("id").merge();
-      }
-    }
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const hasVersion = await knex.schema.hasColumn(TableName.ProjectRoles, "version");
-  if (hasVersion) {
-    await knex.schema.alterTable(TableName.ProjectRoles, (t) => {
-      t.dropColumn("version");
-    });
-
-    // permission change can be ignored
-  }
-}
--- a/backend/src/db/migrations/20241014084900_identity-multiple-auth-methods.ts
+++ b/backend/src/db/migrations/20241014084900_identity-multiple-auth-methods.ts
@ -1,78 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-const BATCH_SIZE = 10_000;
-
-export async function up(knex: Knex): Promise<void> {
-  const hasAuthMethodColumnAccessToken = await knex.schema.hasColumn(TableName.IdentityAccessToken, "authMethod");
-
-  if (!hasAuthMethodColumnAccessToken) {
-    await knex.schema.alterTable(TableName.IdentityAccessToken, (t) => {
-      t.string("authMethod").nullable();
-    });
-
-    // first we remove identities without auth method that is unused
-    // ! We delete all access tokens where the identity has no auth method set!
-    // ! Which means un-configured identities that for some reason have access tokens, will have their access tokens deleted.
-    await knex(TableName.IdentityAccessToken)
-      .leftJoin(TableName.Identity, `${TableName.Identity}.id`, `${TableName.IdentityAccessToken}.identityId`)
-      .whereNull(`${TableName.Identity}.authMethod`)
-      .delete();
-
-    let nullableAccessTokens = await knex(TableName.IdentityAccessToken)
-      .whereNull("authMethod")
-      .limit(BATCH_SIZE)
-      .select("id");
-    let totalUpdated = 0;
-
-    do {
-      const batchIds = nullableAccessTokens.map((token) => token.id);
-
-      // ! Update the auth method column in batches for the current batch
-      // eslint-disable-next-line no-await-in-loop
-      await knex(TableName.IdentityAccessToken)
-        .whereIn("id", batchIds)
-        .update({
-          // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-          // @ts-ignore because generate schema happens after this
-          authMethod: knex(TableName.Identity)
-            .select("authMethod")
-            .whereRaw(`${TableName.IdentityAccessToken}."identityId" = ${TableName.Identity}.id`)
-            .whereNotNull("authMethod")
-            .first()
-        });
-
-      // eslint-disable-next-line no-await-in-loop
-      nullableAccessTokens = await knex(TableName.IdentityAccessToken)
-        .whereNull("authMethod")
-        .limit(BATCH_SIZE)
-        .select("id");
-
-      totalUpdated += batchIds.length;
-      console.log(`Updated ${batchIds.length} access tokens in batch <> Total updated: ${totalUpdated}`);
-    } while (nullableAccessTokens.length > 0);
-
-    // Finally we set the authMethod to notNullable after populating the column.
-    // This will fail if the data is not populated correctly, so it's safe.
-    await knex.schema.alterTable(TableName.IdentityAccessToken, (t) => {
-      t.string("authMethod").notNullable().alter();
-    });
-  }
-
-  // ! We aren't dropping the authMethod column from the Identity itself, because we wan't to be able to easily rollback for the time being.
-}
-
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
-export async function down(knex: Knex): Promise<void> {
-  const hasAuthMethodColumnAccessToken = await knex.schema.hasColumn(TableName.IdentityAccessToken, "authMethod");
-
-  if (hasAuthMethodColumnAccessToken) {
-    await knex.schema.alterTable(TableName.IdentityAccessToken, (t) => {
-      t.dropColumn("authMethod");
-    });
-  }
-}
-
-const config = { transaction: false };
-export { config };
--- a/backend/src/db/migrations/20241015084434_increase-identity-metadata-col-length.ts
+++ b/backend/src/db/migrations/20241015084434_increase-identity-metadata-col-length.ts
@ -1,19 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.IdentityMetadata, "value")) {
-    await knex.schema.alterTable(TableName.IdentityMetadata, (t) => {
-      t.string("value", 1020).alter();
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.IdentityMetadata, "value")) {
-    await knex.schema.alterTable(TableName.IdentityMetadata, (t) => {
-      t.string("value", 255).alter();
-    });
-  }
-}
--- a/backend/src/db/migrations/20241015145450_external-group-org-role-mapping.ts
+++ b/backend/src/db/migrations/20241015145450_external-group-org-role-mapping.ts
@ -1,32 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "@app/db/schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "@app/db/utils";
-
-export async function up(knex: Knex): Promise<void> {
-  // add external group to org role mapping table
-  if (!(await knex.schema.hasTable(TableName.ExternalGroupOrgRoleMapping))) {
-    await knex.schema.createTable(TableName.ExternalGroupOrgRoleMapping, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("groupName").notNullable();
-      t.index("groupName");
-      t.string("role").notNullable();
-      t.uuid("roleId");
-      t.foreign("roleId").references("id").inTable(TableName.OrgRoles);
-      t.uuid("orgId").notNullable();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-      t.unique(["orgId", "groupName"]);
-    });
-
-    await createOnUpdateTrigger(knex, TableName.ExternalGroupOrgRoleMapping);
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasTable(TableName.ExternalGroupOrgRoleMapping)) {
-    await dropOnUpdateTrigger(knex, TableName.ExternalGroupOrgRoleMapping);
-
-    await knex.schema.dropTable(TableName.ExternalGroupOrgRoleMapping);
-  }
-}
--- a/backend/src/db/migrations/20241016183616_add-org-enforce-mfa.ts
+++ b/backend/src/db/migrations/20241016183616_add-org-enforce-mfa.ts
@ -1,19 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasColumn(TableName.Organization, "enforceMfa"))) {
-    await knex.schema.alterTable(TableName.Organization, (tb) => {
-      tb.boolean("enforceMfa").defaultTo(false).notNullable();
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.Organization, "enforceMfa")) {
-    await knex.schema.alterTable(TableName.Organization, (t) => {
-      t.dropColumn("enforceMfa");
-    });
-  }
-}
--- a/backend/src/db/migrations/20241021114650_add-missing-org-cascade-references.ts
+++ b/backend/src/db/migrations/20241021114650_add-missing-org-cascade-references.ts
@ -1,21 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.SamlConfig, "orgId")) {
-    await knex.schema.alterTable(TableName.SamlConfig, (t) => {
-      t.dropForeign("orgId");
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.SamlConfig, "orgId")) {
-    await knex.schema.alterTable(TableName.SamlConfig, (t) => {
-      t.dropForeign("orgId");
-      t.foreign("orgId").references("id").inTable(TableName.Organization);
-    });
-  }
-}
--- a/backend/src/db/migrations/20241101174939_project-templates.ts
+++ b/backend/src/db/migrations/20241101174939_project-templates.ts
@ -1,28 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "@app/db/schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "@app/db/utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.ProjectTemplates))) {
-    await knex.schema.createTable(TableName.ProjectTemplates, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name", 32).notNullable();
-      t.string("description").nullable();
-      t.jsonb("roles").notNullable();
-      t.jsonb("environments").notNullable();
-      t.uuid("orgId").notNullable().references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-
-    await createOnUpdateTrigger(knex, TableName.ProjectTemplates);
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasTable(TableName.ProjectTemplates)) {
-    await dropOnUpdateTrigger(knex, TableName.ProjectTemplates);
-
-    await knex.schema.dropTable(TableName.ProjectTemplates);
-  }
-}
--- a/backend/src/db/migrations/20241107112632_skip-bootstrap-cert-validation-est.ts
+++ b/backend/src/db/migrations/20241107112632_skip-bootstrap-cert-validation-est.ts
@ -1,35 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const hasDisableBootstrapCertValidationCol = await knex.schema.hasColumn(
-    TableName.CertificateTemplateEstConfig,
-    "disableBootstrapCertValidation"
-  );
-
-  const hasCaChainCol = await knex.schema.hasColumn(TableName.CertificateTemplateEstConfig, "encryptedCaChain");
-
-  await knex.schema.alterTable(TableName.CertificateTemplateEstConfig, (t) => {
-    if (!hasDisableBootstrapCertValidationCol) {
-      t.boolean("disableBootstrapCertValidation").defaultTo(false).notNullable();
-    }
-
-    if (hasCaChainCol) {
-      t.binary("encryptedCaChain").nullable().alter();
-    }
-  });
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const hasDisableBootstrapCertValidationCol = await knex.schema.hasColumn(
-    TableName.CertificateTemplateEstConfig,
-    "disableBootstrapCertValidation"
-  );
-
-  await knex.schema.alterTable(TableName.CertificateTemplateEstConfig, (t) => {
-    if (hasDisableBootstrapCertValidationCol) {
-      t.dropColumn("disableBootstrapCertValidation");
-    }
-  });
-}
--- a/backend/src/db/migrations/20241110032223_add-missing-oidc-org-cascade-reference.ts
+++ b/backend/src/db/migrations/20241110032223_add-missing-oidc-org-cascade-reference.ts
@ -1,21 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.OidcConfig, "orgId")) {
-    await knex.schema.alterTable(TableName.OidcConfig, (t) => {
-      t.dropForeign("orgId");
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.OidcConfig, "orgId")) {
-    await knex.schema.alterTable(TableName.OidcConfig, (t) => {
-      t.dropForeign("orgId");
-      t.foreign("orgId").references("id").inTable(TableName.Organization);
-    });
-  }
-}
--- a/backend/src/db/migrations/20241111175154_kms-root-cfg-hsm.ts
+++ b/backend/src/db/migrations/20241111175154_kms-root-cfg-hsm.ts
@ -1,23 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const hasEncryptionStrategy = await knex.schema.hasColumn(TableName.KmsServerRootConfig, "encryptionStrategy");
-  const hasTimestampsCol = await knex.schema.hasColumn(TableName.KmsServerRootConfig, "createdAt");
-
-  await knex.schema.alterTable(TableName.KmsServerRootConfig, (t) => {
-    if (!hasEncryptionStrategy) t.string("encryptionStrategy").defaultTo("SOFTWARE");
-    if (!hasTimestampsCol) t.timestamps(true, true, true);
-  });
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const hasEncryptionStrategy = await knex.schema.hasColumn(TableName.KmsServerRootConfig, "encryptionStrategy");
-  const hasTimestampsCol = await knex.schema.hasColumn(TableName.KmsServerRootConfig, "createdAt");
-
-  await knex.schema.alterTable(TableName.KmsServerRootConfig, (t) => {
-    if (hasEncryptionStrategy) t.dropColumn("encryptionStrategy");
-    if (hasTimestampsCol) t.dropTimestamps(true);
-  });
-}
--- a/backend/src/db/migrations/20241112082701_add-totp-support.ts
+++ b/backend/src/db/migrations/20241112082701_add-totp-support.ts
@ -1,54 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.TotpConfig))) {
-    await knex.schema.createTable(TableName.TotpConfig, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("userId").notNullable();
-      t.foreign("userId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-      t.boolean("isVerified").defaultTo(false).notNullable();
-      t.binary("encryptedRecoveryCodes").notNullable();
-      t.binary("encryptedSecret").notNullable();
-      t.timestamps(true, true, true);
-      t.unique("userId");
-    });
-
-    await createOnUpdateTrigger(knex, TableName.TotpConfig);
-  }
-
-  const doesOrgMfaMethodColExist = await knex.schema.hasColumn(TableName.Organization, "selectedMfaMethod");
-  await knex.schema.alterTable(TableName.Organization, (t) => {
-    if (!doesOrgMfaMethodColExist) {
-      t.string("selectedMfaMethod");
-    }
-  });
-
-  const doesUserSelectedMfaMethodColExist = await knex.schema.hasColumn(TableName.Users, "selectedMfaMethod");
-  await knex.schema.alterTable(TableName.Users, (t) => {
-    if (!doesUserSelectedMfaMethodColExist) {
-      t.string("selectedMfaMethod");
-    }
-  });
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await dropOnUpdateTrigger(knex, TableName.TotpConfig);
-  await knex.schema.dropTableIfExists(TableName.TotpConfig);
-
-  const doesOrgMfaMethodColExist = await knex.schema.hasColumn(TableName.Organization, "selectedMfaMethod");
-  await knex.schema.alterTable(TableName.Organization, (t) => {
-    if (doesOrgMfaMethodColExist) {
-      t.dropColumn("selectedMfaMethod");
-    }
-  });
-
-  const doesUserSelectedMfaMethodColExist = await knex.schema.hasColumn(TableName.Users, "selectedMfaMethod");
-  await knex.schema.alterTable(TableName.Users, (t) => {
-    if (doesUserSelectedMfaMethodColExist) {
-      t.dropColumn("selectedMfaMethod");
-    }
-  });
-}
--- a/backend/src/db/migrations/20241119143026_add-project-descripton.ts
+++ b/backend/src/db/migrations/20241119143026_add-project-descripton.ts
@ -1,23 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const hasProjectDescription = await knex.schema.hasColumn(TableName.Project, "description");
-
-  if (!hasProjectDescription) {
-    await knex.schema.alterTable(TableName.Project, (t) => {
-      t.string("description");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const hasProjectDescription = await knex.schema.hasColumn(TableName.Project, "description");
-
-  if (hasProjectDescription) {
-    await knex.schema.alterTable(TableName.Project, (t) => {
-      t.dropColumn("description");
-    });
-  }
-}
--- a/backend/src/db/migrations/20241121131344_make-identity-metadata-not-nullable-again.ts
+++ b/backend/src/db/migrations/20241121131344_make-identity-metadata-not-nullable-again.ts
@ -1,20 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.IdentityMetadata, "value")) {
-    await knex(TableName.IdentityMetadata).whereNull("value").delete();
-    await knex.schema.alterTable(TableName.IdentityMetadata, (t) => {
-      t.string("value", 1020).notNullable().alter();
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.IdentityMetadata, "value")) {
-    await knex.schema.alterTable(TableName.IdentityMetadata, (t) => {
-      t.string("value", 1020).alter();
-    });
-  }
-}
--- a/backend/src/db/migrations/20241203165840_allow-disabling-approval-workflows.ts
+++ b/backend/src/db/migrations/20241203165840_allow-disabling-approval-workflows.ts
@ -1,59 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const hasAccessApprovalPolicyDeletedAtColumn = await knex.schema.hasColumn(
-    TableName.AccessApprovalPolicy,
-    "deletedAt"
-  );
-  const hasSecretApprovalPolicyDeletedAtColumn = await knex.schema.hasColumn(
-    TableName.SecretApprovalPolicy,
-    "deletedAt"
-  );
-
-  if (!hasAccessApprovalPolicyDeletedAtColumn) {
-    await knex.schema.alterTable(TableName.AccessApprovalPolicy, (t) => {
-      t.timestamp("deletedAt");
-    });
-  }
-  if (!hasSecretApprovalPolicyDeletedAtColumn) {
-    await knex.schema.alterTable(TableName.SecretApprovalPolicy, (t) => {
-      t.timestamp("deletedAt");
-    });
-  }
-
-  await knex.schema.alterTable(TableName.AccessApprovalRequest, (t) => {
-    t.dropForeign(["privilegeId"]);
-
-    // Add the new foreign key constraint with ON DELETE SET NULL
-    t.foreign("privilegeId").references("id").inTable(TableName.ProjectUserAdditionalPrivilege).onDelete("SET NULL");
-  });
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const hasAccessApprovalPolicyDeletedAtColumn = await knex.schema.hasColumn(
-    TableName.AccessApprovalPolicy,
-    "deletedAt"
-  );
-  const hasSecretApprovalPolicyDeletedAtColumn = await knex.schema.hasColumn(
-    TableName.SecretApprovalPolicy,
-    "deletedAt"
-  );
-
-  if (hasAccessApprovalPolicyDeletedAtColumn) {
-    await knex.schema.alterTable(TableName.AccessApprovalPolicy, (t) => {
-      t.dropColumn("deletedAt");
-    });
-  }
-  if (hasSecretApprovalPolicyDeletedAtColumn) {
-    await knex.schema.alterTable(TableName.SecretApprovalPolicy, (t) => {
-      t.dropColumn("deletedAt");
-    });
-  }
-
-  await knex.schema.alterTable(TableName.AccessApprovalRequest, (t) => {
-    t.dropForeign(["privilegeId"]);
-    t.foreign("privilegeId").references("id").inTable(TableName.ProjectUserAdditionalPrivilege).onDelete("CASCADE");
-  });
-}
--- a/backend/src/db/migrations/20241209144123_add-identity-jwt-auth.ts
+++ b/backend/src/db/migrations/20241209144123_add-identity-jwt-auth.ts
@ -1,34 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.IdentityJwtAuth))) {
-    await knex.schema.createTable(TableName.IdentityJwtAuth, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.bigInteger("accessTokenTTL").defaultTo(7200).notNullable();
-      t.bigInteger("accessTokenMaxTTL").defaultTo(7200).notNullable();
-      t.bigInteger("accessTokenNumUsesLimit").defaultTo(0).notNullable();
-      t.jsonb("accessTokenTrustedIps").notNullable();
-      t.uuid("identityId").notNullable().unique();
-      t.foreign("identityId").references("id").inTable(TableName.Identity).onDelete("CASCADE");
-      t.string("configurationType").notNullable();
-      t.string("jwksUrl").notNullable();
-      t.binary("encryptedJwksCaCert").notNullable();
-      t.binary("encryptedPublicKeys").notNullable();
-      t.string("boundIssuer").notNullable();
-      t.string("boundAudiences").notNullable();
-      t.jsonb("boundClaims").notNullable();
-      t.string("boundSubject").notNullable();
-      t.timestamps(true, true, true);
-    });
-
-    await createOnUpdateTrigger(knex, TableName.IdentityJwtAuth);
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.IdentityJwtAuth);
-  await dropOnUpdateTrigger(knex, TableName.IdentityJwtAuth);
-}
--- a/backend/src/db/migrations/20241213122320_add-index-for-secret-version-v2-folder.ts
+++ b/backend/src/db/migrations/20241213122320_add-index-for-secret-version-v2-folder.ts
@ -1,19 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.SecretVersionV2, "folderId")) {
-    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
-      t.index("folderId");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.SecretVersionV2, "folderId")) {
-    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
-      t.dropIndex("folderId");
-    });
-  }
-}
--- a/backend/src/db/migrations/20241213122350_project-split-to-products.ts
+++ b/backend/src/db/migrations/20241213122350_project-split-to-products.ts
@ -1,297 +0,0 @@
-import slugify from "@sindresorhus/slugify";
-import { Knex } from "knex";
-import { v4 as uuidV4 } from "uuid";
-
-import { alphaNumericNanoId } from "@app/lib/nanoid";
-
-import { ProjectType, TableName } from "../schemas";
-
-/* eslint-disable no-await-in-loop,@typescript-eslint/ban-ts-comment */
-const newProject = async (knex: Knex, projectId: string, projectType: ProjectType) => {
-  const newProjectId = uuidV4();
-  const project = await knex(TableName.Project).where("id", projectId).first();
-  await knex(TableName.Project).insert({
-    ...project,
-    type: projectType,
-    // @ts-ignore id is required
-    id: newProjectId,
-    slug: slugify(`${project?.name}-${alphaNumericNanoId(4)}`)
-  });
-
-  const customRoleMapping: Record<string, string> = {};
-  const projectCustomRoles = await knex(TableName.ProjectRoles).where("projectId", projectId);
-  if (projectCustomRoles.length) {
-    await knex.batchInsert(
-      TableName.ProjectRoles,
-      projectCustomRoles.map((el) => {
-        const id = uuidV4();
-        customRoleMapping[el.id] = id;
-        return {
-          ...el,
-          id,
-          projectId: newProjectId,
-          permissions: el.permissions ? JSON.stringify(el.permissions) : el.permissions
-        };
-      })
-    );
-  }
-  const groupMembershipMapping: Record<string, string> = {};
-  const groupMemberships = await knex(TableName.GroupProjectMembership).where("projectId", projectId);
-  if (groupMemberships.length) {
-    await knex.batchInsert(
-      TableName.GroupProjectMembership,
-      groupMemberships.map((el) => {
-        const id = uuidV4();
-        groupMembershipMapping[el.id] = id;
-        return { ...el, id, projectId: newProjectId };
-      })
-    );
-  }
-
-  const groupMembershipRoles = await knex(TableName.GroupProjectMembershipRole).whereIn(
-    "projectMembershipId",
-    groupMemberships.map((el) => el.id)
-  );
-  if (groupMembershipRoles.length) {
-    await knex.batchInsert(
-      TableName.GroupProjectMembershipRole,
-      groupMembershipRoles.map((el) => {
-        const id = uuidV4();
-        const projectMembershipId = groupMembershipMapping[el.projectMembershipId];
-        const customRoleId = el.customRoleId ? customRoleMapping[el.customRoleId] : el.customRoleId;
-        return { ...el, id, projectMembershipId, customRoleId };
-      })
-    );
-  }
-
-  const identityProjectMembershipMapping: Record<string, string> = {};
-  const identities = await knex(TableName.IdentityProjectMembership).where("projectId", projectId);
-  if (identities.length) {
-    await knex.batchInsert(
-      TableName.IdentityProjectMembership,
-      identities.map((el) => {
-        const id = uuidV4();
-        identityProjectMembershipMapping[el.id] = id;
-        return { ...el, id, projectId: newProjectId };
-      })
-    );
-  }
-
-  const identitiesRoles = await knex(TableName.IdentityProjectMembershipRole).whereIn(
-    "projectMembershipId",
-    identities.map((el) => el.id)
-  );
-  if (identitiesRoles.length) {
-    await knex.batchInsert(
-      TableName.IdentityProjectMembershipRole,
-      identitiesRoles.map((el) => {
-        const id = uuidV4();
-        const projectMembershipId = identityProjectMembershipMapping[el.projectMembershipId];
-        const customRoleId = el.customRoleId ? customRoleMapping[el.customRoleId] : el.customRoleId;
-        return { ...el, id, projectMembershipId, customRoleId };
-      })
-    );
-  }
-
-  const projectMembershipMapping: Record<string, string> = {};
-  const projectUserMembers = await knex(TableName.ProjectMembership).where("projectId", projectId);
-  if (projectUserMembers.length) {
-    await knex.batchInsert(
-      TableName.ProjectMembership,
-      projectUserMembers.map((el) => {
-        const id = uuidV4();
-        projectMembershipMapping[el.id] = id;
-        return { ...el, id, projectId: newProjectId };
-      })
-    );
-  }
-  const membershipRoles = await knex(TableName.ProjectUserMembershipRole).whereIn(
-    "projectMembershipId",
-    projectUserMembers.map((el) => el.id)
-  );
-  if (membershipRoles.length) {
-    await knex.batchInsert(
-      TableName.ProjectUserMembershipRole,
-      membershipRoles.map((el) => {
-        const id = uuidV4();
-        const projectMembershipId = projectMembershipMapping[el.projectMembershipId];
-        const customRoleId = el.customRoleId ? customRoleMapping[el.customRoleId] : el.customRoleId;
-        return { ...el, id, projectMembershipId, customRoleId };
-      })
-    );
-  }
-
-  const kmsKeys = await knex(TableName.KmsKey).where("projectId", projectId).andWhere("isReserved", true);
-  if (kmsKeys.length) {
-    await knex.batchInsert(
-      TableName.KmsKey,
-      kmsKeys.map((el) => {
-        const id = uuidV4();
-        const slug = slugify(alphaNumericNanoId(8).toLowerCase());
-        return { ...el, id, slug, projectId: newProjectId };
-      })
-    );
-  }
-
-  const projectBot = await knex(TableName.ProjectBot).where("projectId", projectId).first();
-  if (projectBot) {
-    const newProjectBot = { ...projectBot, id: uuidV4(), projectId: newProjectId };
-    await knex(TableName.ProjectBot).insert(newProjectBot);
-  }
-
-  const projectKeys = await knex(TableName.ProjectKeys).where("projectId", projectId);
-  if (projectKeys.length) {
-    await knex.batchInsert(
-      TableName.ProjectKeys,
-      projectKeys.map((el) => {
-        const id = uuidV4();
-        return { ...el, id, projectId: newProjectId };
-      })
-    );
-  }
-
-  return newProjectId;
-};
-
-const BATCH_SIZE = 500;
-export async function up(knex: Knex): Promise<void> {
-  const hasSplitMappingTable = await knex.schema.hasTable(TableName.ProjectSplitBackfillIds);
-  if (!hasSplitMappingTable) {
-    await knex.schema.createTable(TableName.ProjectSplitBackfillIds, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("sourceProjectId", 36).notNullable();
-      t.foreign("sourceProjectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-      t.string("destinationProjectType").notNullable();
-      t.string("destinationProjectId", 36).notNullable();
-      t.foreign("destinationProjectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-    });
-  }
-
-  const hasTypeColumn = await knex.schema.hasColumn(TableName.Project, "type");
-  if (!hasTypeColumn) {
-    await knex.schema.alterTable(TableName.Project, (t) => {
-      t.string("type");
-    });
-
-    let projectsToBeTyped;
-    do {
-      // eslint-disable-next-line no-await-in-loop
-      projectsToBeTyped = await knex(TableName.Project).whereNull("type").limit(BATCH_SIZE).select("id");
-      if (projectsToBeTyped.length) {
-        // eslint-disable-next-line no-await-in-loop
-        await knex(TableName.Project)
-          .whereIn(
-            "id",
-            projectsToBeTyped.map((el) => el.id)
-          )
-          .update({ type: ProjectType.SecretManager });
-      }
-    } while (projectsToBeTyped.length > 0);
-
-    const projectsWithCertificates = await knex(TableName.CertificateAuthority)
-      .distinct("projectId")
-      .select("projectId");
-    /* eslint-disable no-await-in-loop,no-param-reassign */
-    for (const { projectId } of projectsWithCertificates) {
-      const newProjectId = await newProject(knex, projectId, ProjectType.CertificateManager);
-      await knex(TableName.CertificateAuthority).where("projectId", projectId).update({ projectId: newProjectId });
-      await knex(TableName.PkiAlert).where("projectId", projectId).update({ projectId: newProjectId });
-      await knex(TableName.PkiCollection).where("projectId", projectId).update({ projectId: newProjectId });
-      await knex(TableName.ProjectSplitBackfillIds).insert({
-        sourceProjectId: projectId,
-        destinationProjectType: ProjectType.CertificateManager,
-        destinationProjectId: newProjectId
-      });
-    }
-
-    const projectsWithCmek = await knex(TableName.KmsKey)
-      .where("isReserved", false)
-      .whereNotNull("projectId")
-      .distinct("projectId")
-      .select("projectId");
-    for (const { projectId } of projectsWithCmek) {
-      if (projectId) {
-        const newProjectId = await newProject(knex, projectId, ProjectType.KMS);
-        await knex(TableName.KmsKey)
-          .where({
-            isReserved: false,
-            projectId
-          })
-          .update({ projectId: newProjectId });
-        await knex(TableName.ProjectSplitBackfillIds).insert({
-          sourceProjectId: projectId,
-          destinationProjectType: ProjectType.KMS,
-          destinationProjectId: newProjectId
-        });
-      }
-    }
-
-    /* eslint-enable */
-    await knex.schema.alterTable(TableName.Project, (t) => {
-      t.string("type").notNullable().alter();
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const hasTypeColumn = await knex.schema.hasColumn(TableName.Project, "type");
-  const hasSplitMappingTable = await knex.schema.hasTable(TableName.ProjectSplitBackfillIds);
-
-  if (hasTypeColumn && hasSplitMappingTable) {
-    const splitProjectMappings = await knex(TableName.ProjectSplitBackfillIds).where({});
-    const certMapping = splitProjectMappings.filter(
-      (el) => el.destinationProjectType === ProjectType.CertificateManager
-    );
-    /* eslint-disable no-await-in-loop */
-    for (const project of certMapping) {
-      await knex(TableName.CertificateAuthority)
-        .where("projectId", project.destinationProjectId)
-        .update({ projectId: project.sourceProjectId });
-      await knex(TableName.PkiAlert)
-        .where("projectId", project.destinationProjectId)
-        .update({ projectId: project.sourceProjectId });
-      await knex(TableName.PkiCollection)
-        .where("projectId", project.destinationProjectId)
-        .update({ projectId: project.sourceProjectId });
-    }
-
-    /* eslint-enable */
-    const kmsMapping = splitProjectMappings.filter((el) => el.destinationProjectType === ProjectType.KMS);
-    /* eslint-disable no-await-in-loop */
-    for (const project of kmsMapping) {
-      await knex(TableName.KmsKey)
-        .where({
-          isReserved: false,
-          projectId: project.destinationProjectId
-        })
-        .update({ projectId: project.sourceProjectId });
-    }
-    /* eslint-enable */
-    await knex(TableName.ProjectMembership)
-      .whereIn(
-        "projectId",
-        splitProjectMappings.map((el) => el.destinationProjectId)
-      )
-      .delete();
-    await knex(TableName.ProjectRoles)
-      .whereIn(
-        "projectId",
-        splitProjectMappings.map((el) => el.destinationProjectId)
-      )
-      .delete();
-    await knex(TableName.Project)
-      .whereIn(
-        "id",
-        splitProjectMappings.map((el) => el.destinationProjectId)
-      )
-      .delete();
-
-    await knex.schema.alterTable(TableName.Project, (t) => {
-      t.dropColumn("type");
-    });
-  }
-
-  if (hasSplitMappingTable) {
-    await knex.schema.dropTableIfExists(TableName.ProjectSplitBackfillIds);
-  }
-}
--- a/backend/src/db/migrations/20241216013357_ssh-mgmt.ts
+++ b/backend/src/db/migrations/20241216013357_ssh-mgmt.ts
@ -1,99 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.SshCertificateAuthority))) {
-    await knex.schema.createTable(TableName.SshCertificateAuthority, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.timestamps(true, true, true);
-      t.string("projectId").notNullable();
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-      t.string("status").notNullable(); // active / disabled
-      t.string("friendlyName").notNullable();
-      t.string("keyAlgorithm").notNullable();
-    });
-    await createOnUpdateTrigger(knex, TableName.SshCertificateAuthority);
-  }
-
-  if (!(await knex.schema.hasTable(TableName.SshCertificateAuthoritySecret))) {
-    await knex.schema.createTable(TableName.SshCertificateAuthoritySecret, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.timestamps(true, true, true);
-      t.uuid("sshCaId").notNullable().unique();
-      t.foreign("sshCaId").references("id").inTable(TableName.SshCertificateAuthority).onDelete("CASCADE");
-      t.binary("encryptedPrivateKey").notNullable();
-    });
-    await createOnUpdateTrigger(knex, TableName.SshCertificateAuthoritySecret);
-  }
-
-  if (!(await knex.schema.hasTable(TableName.SshCertificateTemplate))) {
-    await knex.schema.createTable(TableName.SshCertificateTemplate, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.timestamps(true, true, true);
-      t.uuid("sshCaId").notNullable();
-      t.foreign("sshCaId").references("id").inTable(TableName.SshCertificateAuthority).onDelete("CASCADE");
-      t.string("status").notNullable(); // active / disabled
-      t.string("name").notNullable();
-      t.string("ttl").notNullable();
-      t.string("maxTTL").notNullable();
-      t.specificType("allowedUsers", "text[]").notNullable();
-      t.specificType("allowedHosts", "text[]").notNullable();
-      t.boolean("allowUserCertificates").notNullable();
-      t.boolean("allowHostCertificates").notNullable();
-      t.boolean("allowCustomKeyIds").notNullable();
-    });
-    await createOnUpdateTrigger(knex, TableName.SshCertificateTemplate);
-  }
-
-  if (!(await knex.schema.hasTable(TableName.SshCertificate))) {
-    await knex.schema.createTable(TableName.SshCertificate, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.timestamps(true, true, true);
-      t.uuid("sshCaId").notNullable();
-      t.foreign("sshCaId").references("id").inTable(TableName.SshCertificateAuthority).onDelete("SET NULL");
-      t.uuid("sshCertificateTemplateId");
-      t.foreign("sshCertificateTemplateId")
-        .references("id")
-        .inTable(TableName.SshCertificateTemplate)
-        .onDelete("SET NULL");
-      t.string("serialNumber").notNullable().unique();
-      t.string("certType").notNullable(); // user or host
-      t.specificType("principals", "text[]").notNullable();
-      t.string("keyId").notNullable();
-      t.datetime("notBefore").notNullable();
-      t.datetime("notAfter").notNullable();
-    });
-    await createOnUpdateTrigger(knex, TableName.SshCertificate);
-  }
-
-  if (!(await knex.schema.hasTable(TableName.SshCertificateBody))) {
-    await knex.schema.createTable(TableName.SshCertificateBody, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.timestamps(true, true, true);
-      t.uuid("sshCertId").notNullable().unique();
-      t.foreign("sshCertId").references("id").inTable(TableName.SshCertificate).onDelete("CASCADE");
-      t.binary("encryptedCertificate").notNullable();
-    });
-
-    await createOnUpdateTrigger(knex, TableName.SshCertificateBody);
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SshCertificateBody);
-  await dropOnUpdateTrigger(knex, TableName.SshCertificateBody);
-
-  await knex.schema.dropTableIfExists(TableName.SshCertificate);
-  await dropOnUpdateTrigger(knex, TableName.SshCertificate);
-
-  await knex.schema.dropTableIfExists(TableName.SshCertificateTemplate);
-  await dropOnUpdateTrigger(knex, TableName.SshCertificateTemplate);
-
-  await knex.schema.dropTableIfExists(TableName.SshCertificateAuthoritySecret);
-  await dropOnUpdateTrigger(knex, TableName.SshCertificateAuthoritySecret);
-
-  await knex.schema.dropTableIfExists(TableName.SshCertificateAuthority);
-  await dropOnUpdateTrigger(knex, TableName.SshCertificateAuthority);
-}
--- a/backend/src/db/schemas/access-approval-policies.ts
+++ b/backend/src/db/schemas/access-approval-policies.ts
@ -15,8 +15,7 @@ export const AccessApprovalPoliciesSchema = z.object({
  envId: z.string().uuid(),
  createdAt: z.date(),
  updatedAt: z.date(),
-  enforcementLevel: z.string().default("hard"),
-  deletedAt: z.date().nullable().optional()
+  enforcementLevel: z.string().default("hard")
 });

 export type TAccessApprovalPolicies = z.infer<typeof AccessApprovalPoliciesSchema>;
--- a/backend/src/db/schemas/audit-logs.ts
+++ b/backend/src/db/schemas/audit-logs.ts
@ -20,8 +20,7 @@ export const AuditLogsSchema = z.object({
  createdAt: z.date(),
  updatedAt: z.date(),
  orgId: z.string().uuid().nullable().optional(),
-  projectId: z.string().nullable().optional(),
-  projectName: z.string().nullable().optional()
+  projectId: z.string().nullable().optional()
 });

 export type TAuditLogs = z.infer<typeof AuditLogsSchema>;
--- a/backend/src/db/schemas/certificate-template-est-configs.ts
+++ b/backend/src/db/schemas/certificate-template-est-configs.ts
@ -12,12 +12,11 @@ import { TImmutableDBKeys } from "./models";
 export const CertificateTemplateEstConfigsSchema = z.object({
  id: z.string().uuid(),
  certificateTemplateId: z.string().uuid(),
-  encryptedCaChain: zodBuffer.nullable().optional(),
+  encryptedCaChain: zodBuffer,
  hashedPassphrase: z.string(),
  isEnabled: z.boolean(),
  createdAt: z.date(),
-  updatedAt: z.date(),
-  disableBootstrapCertValidation: z.boolean().default(false)
+  updatedAt: z.date()
 });

 export type TCertificateTemplateEstConfigs = z.infer<typeof CertificateTemplateEstConfigsSchema>;
--- a/backend/src/db/schemas/external-group-org-role-mappings.ts
+++ b/backend/src/db/schemas/external-group-org-role-mappings.ts
@ -1,27 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const ExternalGroupOrgRoleMappingsSchema = z.object({
-  id: z.string().uuid(),
-  groupName: z.string(),
-  role: z.string(),
-  roleId: z.string().uuid().nullable().optional(),
-  orgId: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TExternalGroupOrgRoleMappings = z.infer<typeof ExternalGroupOrgRoleMappingsSchema>;
-export type TExternalGroupOrgRoleMappingsInsert = Omit<
-  z.input<typeof ExternalGroupOrgRoleMappingsSchema>,
-  TImmutableDBKeys
->;
-export type TExternalGroupOrgRoleMappingsUpdate = Partial<
-  Omit<z.input<typeof ExternalGroupOrgRoleMappingsSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/identity-access-tokens.ts
+++ b/backend/src/db/schemas/identity-access-tokens.ts
@ -20,8 +20,7 @@ export const IdentityAccessTokensSchema = z.object({
  identityId: z.string().uuid(),
  createdAt: z.date(),
  updatedAt: z.date(),
-  name: z.string().nullable().optional(),
-  authMethod: z.string()
+  name: z.string().nullable().optional()
 });

 export type TIdentityAccessTokens = z.infer<typeof IdentityAccessTokensSchema>;
--- a/backend/src/db/schemas/identity-jwt-auths.ts
+++ b/backend/src/db/schemas/identity-jwt-auths.ts
@ -1,33 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { zodBuffer } from "@app/lib/zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const IdentityJwtAuthsSchema = z.object({
-  id: z.string().uuid(),
-  accessTokenTTL: z.coerce.number().default(7200),
-  accessTokenMaxTTL: z.coerce.number().default(7200),
-  accessTokenNumUsesLimit: z.coerce.number().default(0),
-  accessTokenTrustedIps: z.unknown(),
-  identityId: z.string().uuid(),
-  configurationType: z.string(),
-  jwksUrl: z.string(),
-  encryptedJwksCaCert: zodBuffer,
-  encryptedPublicKeys: zodBuffer,
-  boundIssuer: z.string(),
-  boundAudiences: z.string(),
-  boundClaims: z.unknown(),
-  boundSubject: z.string(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TIdentityJwtAuths = z.infer<typeof IdentityJwtAuthsSchema>;
-export type TIdentityJwtAuthsInsert = Omit<z.input<typeof IdentityJwtAuthsSchema>, TImmutableDBKeys>;
-export type TIdentityJwtAuthsUpdate = Partial<Omit<z.input<typeof IdentityJwtAuthsSchema>, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/index.ts
+++ b/backend/src/db/schemas/index.ts
@ -30,7 +30,6 @@ export * from "./identity-access-tokens";
 export * from "./identity-aws-auths";
 export * from "./identity-azure-auths";
 export * from "./identity-gcp-auths";
-export * from "./identity-jwt-auths";
 export * from "./identity-kubernetes-auths";
 export * from "./identity-metadata";
 export * from "./identity-oidc-auths";
@ -65,8 +64,6 @@ export * from "./project-keys";
 export * from "./project-memberships";
 export * from "./project-roles";
 export * from "./project-slack-configs";
-export * from "./project-split-backfill-ids";
-export * from "./project-templates";
 export * from "./project-user-additional-privilege";
 export * from "./project-user-membership-roles";
 export * from "./projects";
@ -107,13 +104,7 @@ export * from "./secrets";
 export * from "./secrets-v2";
 export * from "./service-tokens";
 export * from "./slack-integrations";
-export * from "./ssh-certificate-authorities";
-export * from "./ssh-certificate-authority-secrets";
-export * from "./ssh-certificate-bodies";
-export * from "./ssh-certificate-templates";
-export * from "./ssh-certificates";
 export * from "./super-admin";
-export * from "./totp-configs";
 export * from "./trusted-ips";
 export * from "./user-actions";
 export * from "./user-aliases";
--- a/backend/src/db/schemas/kms-root-config.ts
+++ b/backend/src/db/schemas/kms-root-config.ts
@ -11,10 +11,7 @@ import { TImmutableDBKeys } from "./models";

 export const KmsRootConfigSchema = z.object({
  id: z.string().uuid(),
-  encryptedRootKey: zodBuffer,
-  encryptionStrategy: z.string().default("SOFTWARE").nullable().optional(),
-  createdAt: z.date(),
-  updatedAt: z.date()
+  encryptedRootKey: zodBuffer
 });

 export type TKmsRootConfig = z.infer<typeof KmsRootConfigSchema>;
--- a/backend/src/db/schemas/models.ts
+++ b/backend/src/db/schemas/models.ts
@ -2,11 +2,6 @@ import { z } from "zod";

 export enum TableName {
  Users = "users",
-  SshCertificateAuthority = "ssh_certificate_authorities",
-  SshCertificateAuthoritySecret = "ssh_certificate_authority_secrets",
-  SshCertificateTemplate = "ssh_certificate_templates",
-  SshCertificate = "ssh_certificates",
-  SshCertificateBody = "ssh_certificate_bodies",
  CertificateAuthority = "certificate_authorities",
  CertificateTemplateEstConfig = "certificate_template_est_configs",
  CertificateAuthorityCert = "certificate_authority_certs",
@ -22,7 +17,6 @@ export enum TableName {
  Groups = "groups",
  GroupProjectMembership = "group_project_memberships",
  GroupProjectMembershipRole = "group_project_membership_roles",
-  ExternalGroupOrgRoleMapping = "external_group_org_role_mappings",
  UserGroupMembership = "user_group_membership",
  UserAliases = "user_aliases",
  UserEncryptionKey = "user_encryption_keys",
@ -46,7 +40,6 @@ export enum TableName {
  ProjectUserAdditionalPrivilege = "project_user_additional_privilege",
  ProjectUserMembershipRole = "project_user_membership_roles",
  ProjectKeys = "project_keys",
-  ProjectTemplates = "project_templates",
  Secret = "secrets",
  SecretReference = "secret_references",
  SecretSharing = "secret_sharing",
@ -73,7 +66,6 @@ export enum TableName {
  IdentityUaClientSecret = "identity_ua_client_secrets",
  IdentityAwsAuth = "identity_aws_auths",
  IdentityOidcAuth = "identity_oidc_auths",
-  IdentityJwtAuth = "identity_jwt_auths",
  IdentityOrgMembership = "identity_org_memberships",
  IdentityProjectMembership = "identity_project_memberships",
  IdentityProjectMembershipRole = "identity_project_membership_role",
@ -111,7 +103,6 @@ export enum TableName {
  SecretApprovalRequestSecretV2 = "secret_approval_requests_secrets_v2",
  SecretApprovalRequestSecretTagV2 = "secret_approval_request_secret_tags_v2",
  SnapshotSecretV2 = "secret_snapshot_secrets_v2",
-  ProjectSplitBackfillIds = "project_split_backfill_ids",
  // junction tables with tags
  SecretV2JnTag = "secret_v2_tag_junction",
  JnSecretTag = "secret_tag_junction",
@ -124,7 +115,6 @@ export enum TableName {
  ExternalKms = "external_kms",
  InternalKms = "internal_kms",
  InternalKmsKeyVersion = "internal_kms_key_version",
-  TotpConfig = "totp_configs",
  // @depreciated
  KmsKeyVersion = "kms_key_versions",
  WorkflowIntegrations = "workflow_integrations",
@ -198,18 +188,10 @@ export enum ProjectUpgradeStatus {

 export enum IdentityAuthMethod {
  TOKEN_AUTH = "token-auth",
-  UNIVERSAL_AUTH = "universal-auth",
+  Univeral = "universal-auth",
  KUBERNETES_AUTH = "kubernetes-auth",
  GCP_AUTH = "gcp-auth",
  AWS_AUTH = "aws-auth",
  AZURE_AUTH = "azure-auth",
-  OIDC_AUTH = "oidc-auth",
-  JWT_AUTH = "jwt-auth"
-}
-
-export enum ProjectType {
-  SecretManager = "secret-manager",
-  CertificateManager = "cert-manager",
-  KMS = "kms",
-  SSH = "ssh"
+  OIDC_AUTH = "oidc-auth"
 }
--- a/backend/src/db/schemas/organizations.ts
+++ b/backend/src/db/schemas/organizations.ts
@ -19,10 +19,7 @@ export const OrganizationsSchema = z.object({
  authEnforced: z.boolean().default(false).nullable().optional(),
  scimEnabled: z.boolean().default(false).nullable().optional(),
  kmsDefaultKeyId: z.string().uuid().nullable().optional(),
-  kmsEncryptedDataKey: zodBuffer.nullable().optional(),
-  defaultMembershipRole: z.string().default("member"),
-  enforceMfa: z.boolean().default(false),
-  selectedMfaMethod: z.string().nullable().optional()
+  kmsEncryptedDataKey: zodBuffer.nullable().optional()
 });

 export type TOrganizations = z.infer<typeof OrganizationsSchema>;
--- a/backend/src/db/schemas/project-roles.ts
+++ b/backend/src/db/schemas/project-roles.ts
@ -15,8 +15,7 @@ export const ProjectRolesSchema = z.object({
  permissions: z.unknown(),
  createdAt: z.date(),
  updatedAt: z.date(),
-  projectId: z.string(),
-  version: z.number().default(1)
+  projectId: z.string()
 });

 export type TProjectRoles = z.infer<typeof ProjectRolesSchema>;
--- a/backend/src/db/schemas/project-split-backfill-ids.ts
+++ b/backend/src/db/schemas/project-split-backfill-ids.ts
@ -1,21 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const ProjectSplitBackfillIdsSchema = z.object({
-  id: z.string().uuid(),
-  sourceProjectId: z.string(),
-  destinationProjectType: z.string(),
-  destinationProjectId: z.string()
-});
-
-export type TProjectSplitBackfillIds = z.infer<typeof ProjectSplitBackfillIdsSchema>;
-export type TProjectSplitBackfillIdsInsert = Omit<z.input<typeof ProjectSplitBackfillIdsSchema>, TImmutableDBKeys>;
-export type TProjectSplitBackfillIdsUpdate = Partial<
-  Omit<z.input<typeof ProjectSplitBackfillIdsSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/project-templates.ts
+++ b/backend/src/db/schemas/project-templates.ts
@ -1,23 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const ProjectTemplatesSchema = z.object({
-  id: z.string().uuid(),
-  name: z.string(),
-  description: z.string().nullable().optional(),
-  roles: z.unknown(),
-  environments: z.unknown(),
-  orgId: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TProjectTemplates = z.infer<typeof ProjectTemplatesSchema>;
-export type TProjectTemplatesInsert = Omit<z.input<typeof ProjectTemplatesSchema>, TImmutableDBKeys>;
-export type TProjectTemplatesUpdate = Partial<Omit<z.input<typeof ProjectTemplatesSchema>, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/projects.ts
+++ b/backend/src/db/schemas/projects.ts
@ -23,9 +23,7 @@ export const ProjectsSchema = z.object({
  kmsCertificateKeyId: z.string().uuid().nullable().optional(),
  auditLogsRetentionDays: z.number().nullable().optional(),
  kmsSecretManagerKeyId: z.string().uuid().nullable().optional(),
-  kmsSecretManagerEncryptedDataKey: zodBuffer.nullable().optional(),
-  description: z.string().nullable().optional(),
-  type: z.string()
+  kmsSecretManagerEncryptedDataKey: zodBuffer.nullable().optional()
 });

 export type TProjects = z.infer<typeof ProjectsSchema>;
--- a/backend/src/db/schemas/secret-approval-policies.ts
+++ b/backend/src/db/schemas/secret-approval-policies.ts
@ -15,8 +15,7 @@ export const SecretApprovalPoliciesSchema = z.object({
  envId: z.string().uuid(),
  createdAt: z.date(),
  updatedAt: z.date(),
-  enforcementLevel: z.string().default("hard"),
-  deletedAt: z.date().nullable().optional()
+  enforcementLevel: z.string().default("hard")
 });

 export type TSecretApprovalPolicies = z.infer<typeof SecretApprovalPoliciesSchema>;
--- a/backend/src/db/schemas/ssh-certificate-authorities.ts
+++ b/backend/src/db/schemas/ssh-certificate-authorities.ts
@ -1,24 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const SshCertificateAuthoritiesSchema = z.object({
-  id: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date(),
-  projectId: z.string(),
-  status: z.string(),
-  friendlyName: z.string(),
-  keyAlgorithm: z.string()
-});
-
-export type TSshCertificateAuthorities = z.infer<typeof SshCertificateAuthoritiesSchema>;
-export type TSshCertificateAuthoritiesInsert = Omit<z.input<typeof SshCertificateAuthoritiesSchema>, TImmutableDBKeys>;
-export type TSshCertificateAuthoritiesUpdate = Partial<
-  Omit<z.input<typeof SshCertificateAuthoritiesSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/ssh-certificate-authority-secrets.ts
+++ b/backend/src/db/schemas/ssh-certificate-authority-secrets.ts
@ -1,27 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { zodBuffer } from "@app/lib/zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const SshCertificateAuthoritySecretsSchema = z.object({
-  id: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date(),
-  sshCaId: z.string().uuid(),
-  encryptedPrivateKey: zodBuffer
-});
-
-export type TSshCertificateAuthoritySecrets = z.infer<typeof SshCertificateAuthoritySecretsSchema>;
-export type TSshCertificateAuthoritySecretsInsert = Omit<
-  z.input<typeof SshCertificateAuthoritySecretsSchema>,
-  TImmutableDBKeys
->;
-export type TSshCertificateAuthoritySecretsUpdate = Partial<
-  Omit<z.input<typeof SshCertificateAuthoritySecretsSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/ssh-certificate-bodies.ts
+++ b/backend/src/db/schemas/ssh-certificate-bodies.ts
@ -1,22 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { zodBuffer } from "@app/lib/zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const SshCertificateBodiesSchema = z.object({
-  id: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date(),
-  sshCertId: z.string().uuid(),
-  encryptedCertificate: zodBuffer
-});
-
-export type TSshCertificateBodies = z.infer<typeof SshCertificateBodiesSchema>;
-export type TSshCertificateBodiesInsert = Omit<z.input<typeof SshCertificateBodiesSchema>, TImmutableDBKeys>;
-export type TSshCertificateBodiesUpdate = Partial<Omit<z.input<typeof SshCertificateBodiesSchema>, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/ssh-certificate-templates.ts
+++ b/backend/src/db/schemas/ssh-certificate-templates.ts
@ -1,30 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const SshCertificateTemplatesSchema = z.object({
-  id: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date(),
-  sshCaId: z.string().uuid(),
-  status: z.string(),
-  name: z.string(),
-  ttl: z.string(),
-  maxTTL: z.string(),
-  allowedUsers: z.string().array(),
-  allowedHosts: z.string().array(),
-  allowUserCertificates: z.boolean(),
-  allowHostCertificates: z.boolean(),
-  allowCustomKeyIds: z.boolean()
-});
-
-export type TSshCertificateTemplates = z.infer<typeof SshCertificateTemplatesSchema>;
-export type TSshCertificateTemplatesInsert = Omit<z.input<typeof SshCertificateTemplatesSchema>, TImmutableDBKeys>;
-export type TSshCertificateTemplatesUpdate = Partial<
-  Omit<z.input<typeof SshCertificateTemplatesSchema>, TImmutableDBKeys>
->;
--- a/backend/src/db/schemas/ssh-certificates.ts
+++ b/backend/src/db/schemas/ssh-certificates.ts
@ -1,26 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const SshCertificatesSchema = z.object({
-  id: z.string().uuid(),
-  createdAt: z.date(),
-  updatedAt: z.date(),
-  sshCaId: z.string().uuid(),
-  sshCertificateTemplateId: z.string().uuid().nullable().optional(),
-  serialNumber: z.string(),
-  certType: z.string(),
-  principals: z.string().array(),
-  keyId: z.string(),
-  notBefore: z.date(),
-  notAfter: z.date()
-});
-
-export type TSshCertificates = z.infer<typeof SshCertificatesSchema>;
-export type TSshCertificatesInsert = Omit<z.input<typeof SshCertificatesSchema>, TImmutableDBKeys>;
-export type TSshCertificatesUpdate = Partial<Omit<z.input<typeof SshCertificatesSchema>, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/totp-configs.ts
+++ b/backend/src/db/schemas/totp-configs.ts
@ -1,24 +0,0 @@
-// Code generated by automation script, DO NOT EDIT.
-// Automated by pulling database and generating zod schema
-// To update. Just run npm run generate:schema
-// Written by akhilmhdh.
-
-import { z } from "zod";
-
-import { zodBuffer } from "@app/lib/zod";
-
-import { TImmutableDBKeys } from "./models";
-
-export const TotpConfigsSchema = z.object({
-  id: z.string().uuid(),
-  userId: z.string().uuid(),
-  isVerified: z.boolean().default(false),
-  encryptedRecoveryCodes: zodBuffer,
-  encryptedSecret: zodBuffer,
-  createdAt: z.date(),
-  updatedAt: z.date()
-});
-
-export type TTotpConfigs = z.infer<typeof TotpConfigsSchema>;
-export type TTotpConfigsInsert = Omit<z.input<typeof TotpConfigsSchema>, TImmutableDBKeys>;
-export type TTotpConfigsUpdate = Partial<Omit<z.input<typeof TotpConfigsSchema>, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/users.ts
+++ b/backend/src/db/schemas/users.ts
@ -26,8 +26,7 @@ export const UsersSchema = z.object({
  consecutiveFailedMfaAttempts: z.number().default(0).nullable().optional(),
  isLocked: z.boolean().default(false).nullable().optional(),
  temporaryLockDateEnd: z.date().nullable().optional(),
-  consecutiveFailedPasswordAttempts: z.number().default(0).nullable().optional(),
-  selectedMfaMethod: z.string().nullable().optional()
+  consecutiveFailedPasswordAttempts: z.number().default(0).nullable().optional()
 });

 export type TUsers = z.infer<typeof UsersSchema>;
--- a/backend/src/db/seeds/3-project.ts
+++ b/backend/src/db/seeds/3-project.ts
@ -4,7 +4,7 @@ import { Knex } from "knex";

 import { encryptSymmetric128BitHexKeyUTF8 } from "@app/lib/crypto";

-import { ProjectMembershipRole, ProjectType, SecretEncryptionAlgo, SecretKeyEncoding, TableName } from "../schemas";
+import { ProjectMembershipRole, SecretEncryptionAlgo, SecretKeyEncoding, TableName } from "../schemas";
 import { buildUserProjectKey, getUserPrivateKey, seedData1 } from "../seed-data";

 export const DEFAULT_PROJECT_ENVS = [
@ -24,7 +24,6 @@ export async function seed(knex: Knex): Promise<void> {
      name: seedData1.project.name,
      orgId: seedData1.organization.id,
      slug: "first-project",
-      type: ProjectType.SecretManager,
      // eslint-disable-next-line
      // @ts-ignore
      id: seedData1.project.id
--- a/backend/src/db/seeds/4-project-v3.ts
+++ b/backend/src/db/seeds/4-project-v3.ts
@ -1,6 +1,6 @@
 import { Knex } from "knex";

-import { ProjectMembershipRole, ProjectType, ProjectVersion, TableName } from "../schemas";
+import { ProjectMembershipRole, ProjectVersion, TableName } from "../schemas";
 import { seedData1 } from "../seed-data";

 export const DEFAULT_PROJECT_ENVS = [
@ -16,7 +16,6 @@ export async function seed(knex: Knex): Promise<void> {
      orgId: seedData1.organization.id,
      slug: seedData1.projectV3.slug,
      version: ProjectVersion.V3,
-      type: ProjectType.SecretManager,
      // eslint-disable-next-line
      // @ts-ignore
      id: seedData1.projectV3.id
--- a/backend/src/db/seeds/5-machine-identity.ts
+++ b/backend/src/db/seeds/5-machine-identity.ts
@ -16,7 +16,7 @@ export async function seed(knex: Knex): Promise<void> {
      // @ts-ignore
      id: seedData1.machineIdentity.id,
      name: seedData1.machineIdentity.name,
-      authMethod: IdentityAuthMethod.UNIVERSAL_AUTH
+      authMethod: IdentityAuthMethod.Univeral
    }
  ]);
  const identityUa = await knex(TableName.IdentityUniversalAuth)
--- a/backend/src/db/utils.ts
+++ b/backend/src/db/utils.ts
@ -2,9 +2,6 @@ import { Knex } from "knex";

 import { TableName } from "./schemas";

-interface PgTriggerResult {
-  rows: Array<{ exists: boolean }>;
-}
 export const createJunctionTable = (knex: Knex, tableName: TableName, table1Name: TableName, table2Name: TableName) =>
  knex.schema.createTable(tableName, (table) => {
    table.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
@ -31,26 +28,13 @@ DROP FUNCTION IF EXISTS on_update_timestamp() CASCADE;

 // we would be using this to apply updatedAt where ever we wanta
 // remember to set `timestamps(true,true,true)` before this on schema
-export const createOnUpdateTrigger = async (knex: Knex, tableName: string) => {
-  const triggerExists = await knex.raw<PgTriggerResult>(`
-    SELECT EXISTS (
-      SELECT 1 
-      FROM pg_trigger 
-      WHERE tgname = '${tableName}_updatedAt'
-    );
-  `);
-
-  if (!triggerExists?.rows?.[0]?.exists) {
-    return knex.raw(`
-      CREATE TRIGGER "${tableName}_updatedAt"
-      BEFORE UPDATE ON ${tableName}
-      FOR EACH ROW
-      EXECUTE PROCEDURE on_update_timestamp();
-    `);
-  }
-
-  return null;
-};
+export const createOnUpdateTrigger = (knex: Knex, tableName: string) =>
+  knex.raw(`
+CREATE TRIGGER "${tableName}_updatedAt"
+BEFORE UPDATE ON ${tableName}
+FOR EACH ROW
+EXECUTE PROCEDURE on_update_timestamp();
+`);

 export const dropOnUpdateTrigger = (knex: Knex, tableName: string) =>
  knex.raw(`DROP TRIGGER IF EXISTS "${tableName}_updatedAt" ON ${tableName}`);
--- a/backend/src/ee/routes/v1/access-approval-request-router.ts
+++ b/backend/src/ee/routes/v1/access-approval-request-router.ts
@ -109,8 +109,7 @@ export const registerAccessApprovalRequestRouter = async (server: FastifyZodProv
              approvers: z.string().array(),
              secretPath: z.string().nullish(),
              envId: z.string(),
-              enforcementLevel: z.string(),
-              deletedAt: z.date().nullish()
+              enforcementLevel: z.string()
            }),
            reviewers: z
              .object({
--- a/backend/src/ee/routes/v1/dynamic-secret-router.ts
+++ b/backend/src/ee/routes/v1/dynamic-secret-router.ts
@ -1,3 +1,4 @@
+import slugify from "@sindresorhus/slugify";
 import ms from "ms";
 import { z } from "zod";

@ -7,7 +8,6 @@ import { DYNAMIC_SECRETS } from "@app/lib/api-docs";
 import { daysToMillisecond } from "@app/lib/dates";
 import { removeTrailingSlash } from "@app/lib/fn";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { SanitizedDynamicSecretSchema } from "@app/server/routes/sanitizedSchemas";
 import { AuthMode } from "@app/services/auth/auth-type";
@ -48,7 +48,15 @@ export const registerDynamicSecretRouter = async (server: FastifyZodProvider) =>
          .nullable(),
        path: z.string().describe(DYNAMIC_SECRETS.CREATE.path).trim().default("/").transform(removeTrailingSlash),
        environmentSlug: z.string().describe(DYNAMIC_SECRETS.CREATE.environmentSlug).min(1),
-        name: slugSchema({ min: 1, max: 64, field: "Name" }).describe(DYNAMIC_SECRETS.CREATE.name)
+        name: z
+          .string()
+          .describe(DYNAMIC_SECRETS.CREATE.name)
+          .min(1)
+          .toLowerCase()
+          .max(64)
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid"
+          })
      }),
      response: {
        200: z.object({
--- a/backend/src/ee/routes/v1/external-kms-router.ts
+++ b/backend/src/ee/routes/v1/external-kms-router.ts
@ -4,15 +4,9 @@ import { ExternalKmsSchema, KmsKeysSchema } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import {
  ExternalKmsAwsSchema,
-  ExternalKmsGcpCredentialSchema,
-  ExternalKmsGcpSchema,
  ExternalKmsInputSchema,
-  ExternalKmsInputUpdateSchema,
-  KmsGcpKeyFetchAuthType,
-  KmsProviders,
-  TExternalKmsGcpCredentialSchema
+  ExternalKmsInputUpdateSchema
 } from "@app/ee/services/external-kms/providers/model";
-import { NotFoundError } from "@app/lib/errors";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
@ -50,8 +44,7 @@ const sanitizedExternalSchemaForGetById = KmsKeysSchema.extend({
    statusDetails: true,
    provider: true
  }).extend({
-    // for GCP, we don't return the credential object as it is sensitive data that should not be exposed
-    providerInput: z.union([ExternalKmsAwsSchema, ExternalKmsGcpSchema.pick({ gcpRegion: true, keyName: true })])
+    providerInput: ExternalKmsAwsSchema
  })
 });

@ -293,67 +286,4 @@ export const registerExternalKmsRouter = async (server: FastifyZodProvider) => {
      return { externalKms };
    }
  });
-
-  server.route({
-    method: "POST",
-    url: "/gcp/keys",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      body: z.discriminatedUnion("authMethod", [
-        z.object({
-          authMethod: z.literal(KmsGcpKeyFetchAuthType.Credential),
-          region: z.string().trim().min(1),
-          credential: ExternalKmsGcpCredentialSchema
-        }),
-        z.object({
-          authMethod: z.literal(KmsGcpKeyFetchAuthType.Kms),
-          region: z.string().trim().min(1),
-          kmsId: z.string().trim().min(1)
-        })
-      ]),
-      response: {
-        200: z.object({
-          keys: z.string().array()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const { region, authMethod } = req.body;
-      let credentialJson: TExternalKmsGcpCredentialSchema | undefined;
-
-      if (authMethod === KmsGcpKeyFetchAuthType.Credential) {
-        credentialJson = req.body.credential;
-      } else if (authMethod === KmsGcpKeyFetchAuthType.Kms) {
-        const externalKms = await server.services.externalKms.findById({
-          actor: req.permission.type,
-          actorId: req.permission.id,
-          actorAuthMethod: req.permission.authMethod,
-          actorOrgId: req.permission.orgId,
-          id: req.body.kmsId
-        });
-
-        if (!externalKms || externalKms.external.provider !== KmsProviders.Gcp) {
-          throw new NotFoundError({ message: "KMS not found or not of type GCP" });
-        }
-
-        credentialJson = externalKms.external.providerInput.credential as TExternalKmsGcpCredentialSchema;
-      }
-
-      if (!credentialJson) {
-        throw new NotFoundError({
-          message: "Something went wrong while fetching the GCP credential, please check inputs and try again"
-        });
-      }
-
-      const results = await server.services.externalKms.fetchGcpKeys({
-        credential: credentialJson,
-        gcpRegion: region
-      });
-
-      return results;
-    }
-  });
 };
--- a/backend/src/ee/routes/v1/group-router.ts
+++ b/backend/src/ee/routes/v1/group-router.ts
@ -1,9 +1,8 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";

 import { GroupsSchema, OrgMembershipRole, UsersSchema } from "@app/db/schemas";
-import { EFilterReturnedUsers } from "@app/ee/services/group/group-types";
 import { GROUPS } from "@app/lib/api-docs";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

@ -15,7 +14,15 @@ export const registerGroupRouter = async (server: FastifyZodProvider) => {
    schema: {
      body: z.object({
        name: z.string().trim().min(1).max(50).describe(GROUPS.CREATE.name),
-        slug: slugSchema({ min: 5, max: 36 }).optional().describe(GROUPS.CREATE.slug),
+        slug: z
+          .string()
+          .min(5)
+          .max(36)
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .optional()
+          .describe(GROUPS.CREATE.slug),
        role: z.string().trim().min(1).default(OrgMembershipRole.NoAccess).describe(GROUPS.CREATE.role)
      }),
      response: {
@ -93,7 +100,14 @@ export const registerGroupRouter = async (server: FastifyZodProvider) => {
      body: z
        .object({
          name: z.string().trim().min(1).describe(GROUPS.UPDATE.name),
-          slug: slugSchema({ min: 5, max: 36 }).describe(GROUPS.UPDATE.slug),
+          slug: z
+            .string()
+            .min(5)
+            .max(36)
+            .refine((v) => slugify(v) === v, {
+              message: "Slug must be a valid slug"
+            })
+            .describe(GROUPS.UPDATE.slug),
          role: z.string().trim().min(1).describe(GROUPS.UPDATE.role)
        })
        .partial(),
@ -151,9 +165,7 @@ export const registerGroupRouter = async (server: FastifyZodProvider) => {
      querystring: z.object({
        offset: z.coerce.number().min(0).max(100).default(0).describe(GROUPS.LIST_USERS.offset),
        limit: z.coerce.number().min(1).max(100).default(10).describe(GROUPS.LIST_USERS.limit),
-        username: z.string().trim().optional().describe(GROUPS.LIST_USERS.username),
-        search: z.string().trim().optional().describe(GROUPS.LIST_USERS.search),
-        filter: z.nativeEnum(EFilterReturnedUsers).optional().describe(GROUPS.LIST_USERS.filterUsers)
+        username: z.string().optional().describe(GROUPS.LIST_USERS.username)
      }),
      response: {
        200: z.object({
@ -166,8 +178,7 @@ export const registerGroupRouter = async (server: FastifyZodProvider) => {
          })
            .merge(
              z.object({
-                isPartOfGroup: z.boolean(),
-                joinedGroupAt: z.date().nullable()
+                isPartOfGroup: z.boolean()
              })
            )
            .array(),
--- a/backend/src/ee/routes/v1/identity-project-additional-privilege-router.ts
+++ b/backend/src/ee/routes/v1/identity-project-additional-privilege-router.ts
@ -1,14 +1,13 @@
+import { packRules } from "@casl/ability/extra";
 import slugify from "@sindresorhus/slugify";
 import ms from "ms";
 import { z } from "zod";

 import { IdentityProjectAdditionalPrivilegeTemporaryMode } from "@app/ee/services/identity-project-additional-privilege/identity-project-additional-privilege-types";
-import { backfillPermissionV1SchemaToV2Schema } from "@app/ee/services/permission/project-permission";
 import { IDENTITY_ADDITIONAL_PRIVILEGE } from "@app/lib/api-docs";
 import { UnauthorizedError } from "@app/lib/errors";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import {
  ProjectPermissionSchema,
@ -34,7 +33,17 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
      body: z.object({
        identityId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.identityId),
        projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.projectSlug),
-        slug: slugSchema({ min: 1, max: 60 }).optional().describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.slug),
+        slug: z
+          .string()
+          .min(1)
+          .max(60)
+          .trim()
+          .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .optional()
+          .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.slug),
        permissions: ProjectPermissionSchema.array()
          .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.permissions)
          .optional(),
@ -68,11 +77,9 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
        actorOrgId: req.permission.orgId,
        actorAuthMethod: req.permission.authMethod,
        ...req.body,
-        slug: req.body.slug ?? slugify(alphaNumericNanoId(12)),
+        slug: req.body.slug ? slugify(req.body.slug) : slugify(alphaNumericNanoId(12)),
        isTemporary: false,
-        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-        // @ts-ignore-error this is valid ts
-        permissions: backfillPermissionV1SchemaToV2Schema(permission)
+        permissions: JSON.stringify(packRules(permission))
      });
      return { privilege };
    }
@ -94,7 +101,17 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
      body: z.object({
        identityId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.identityId),
        projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.projectSlug),
-        slug: slugSchema({ min: 1, max: 60 }).optional().describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.slug),
+        slug: z
+          .string()
+          .min(1)
+          .max(60)
+          .trim()
+          .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .optional()
+          .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.slug),
        permissions: ProjectPermissionSchema.array()
          .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.permissions)
          .optional(),
@ -140,11 +157,9 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
        actorOrgId: req.permission.orgId,
        actorAuthMethod: req.permission.authMethod,
        ...req.body,
-        slug: req.body.slug ?? slugify(alphaNumericNanoId(12)),
+        slug: req.body.slug ? slugify(req.body.slug) : slugify(alphaNumericNanoId(12)),
        isTemporary: true,
-        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-        // @ts-ignore-error this is valid ts
-        permissions: backfillPermissionV1SchemaToV2Schema(permission)
+        permissions: JSON.stringify(packRules(permission))
      });
      return { privilege };
    }
@ -170,7 +185,16 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
        projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.projectSlug),
        privilegeDetails: z
          .object({
-            slug: slugSchema({ min: 1, max: 60 }).describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.newSlug),
+            slug: z
+              .string()
+              .min(1)
+              .max(60)
+              .trim()
+              .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+              .refine((v) => slugify(v) === v, {
+                message: "Slug must be a valid slug"
+              })
+              .describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.newSlug),
            permissions: ProjectPermissionSchema.array().describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.permissions),
            privilegePermission: ProjectSpecificPrivilegePermissionSchema.describe(
              IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.privilegePermission
@ -220,13 +244,7 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
        projectSlug: req.body.projectSlug,
        data: {
          ...updatedInfo,
-          // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-          // @ts-ignore-error this is valid ts
-          permissions: permission
-            ? // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-              // @ts-ignore-error this is valid ts
-              backfillPermissionV1SchemaToV2Schema(permission)
-            : undefined
+          permissions: permission ? JSON.stringify(packRules(permission)) : undefined
        }
      });
      return { privilege };
--- a/backend/src/ee/routes/v1/index.ts
+++ b/backend/src/ee/routes/v1/index.ts
@ -1,5 +1,3 @@
-import { registerProjectTemplateRouter } from "@app/ee/routes/v1/project-template-router";
-
 import { registerAccessApprovalPolicyRouter } from "./access-approval-policy-router";
 import { registerAccessApprovalRequestRouter } from "./access-approval-request-router";
 import { registerAuditLogStreamRouter } from "./audit-log-stream-router";
@ -25,9 +23,6 @@ import { registerSecretRotationRouter } from "./secret-rotation-router";
 import { registerSecretScanningRouter } from "./secret-scanning-router";
 import { registerSecretVersionRouter } from "./secret-version-router";
 import { registerSnapshotRouter } from "./snapshot-router";
-import { registerSshCaRouter } from "./ssh-certificate-authority-router";
-import { registerSshCertRouter } from "./ssh-certificate-router";
-import { registerSshCertificateTemplateRouter } from "./ssh-certificate-template-router";
 import { registerTrustedIpRouter } from "./trusted-ip-router";
 import { registerUserAdditionalPrivilegeRouter } from "./user-additional-privilege-router";

@ -71,15 +66,6 @@ export const registerV1EERoutes = async (server: FastifyZodProvider) => {
    { prefix: "/pki" }
  );

-  await server.register(
-    async (sshRouter) => {
-      await sshRouter.register(registerSshCaRouter, { prefix: "/ca" });
-      await sshRouter.register(registerSshCertRouter, { prefix: "/certificates" });
-      await sshRouter.register(registerSshCertificateTemplateRouter, { prefix: "/certificate-templates" });
-    },
-    { prefix: "/ssh" }
-  );
-
  await server.register(
    async (ssoRouter) => {
      await ssoRouter.register(registerSamlRouter);
@ -95,9 +81,9 @@ export const registerV1EERoutes = async (server: FastifyZodProvider) => {
  await server.register(registerSecretVersionRouter, { prefix: "/secret" });
  await server.register(registerGroupRouter, { prefix: "/groups" });
  await server.register(registerAuditLogStreamRouter, { prefix: "/audit-log-streams" });
-  await server.register(registerUserAdditionalPrivilegeRouter, { prefix: "/user-project-additional-privilege" });
  await server.register(
    async (privilegeRouter) => {
+      await privilegeRouter.register(registerUserAdditionalPrivilegeRouter, { prefix: "/users" });
      await privilegeRouter.register(registerIdentityProjectAdditionalPrivilegeRouter, { prefix: "/identity" });
    },
    { prefix: "/additional-privilege" }
@ -106,6 +92,4 @@ export const registerV1EERoutes = async (server: FastifyZodProvider) => {
  await server.register(registerExternalKmsRouter, {
    prefix: "/external-kms"
  });
-
-  await server.register(registerProjectTemplateRouter, { prefix: "/project-templates" });
 };
--- a/backend/src/ee/routes/v1/oidc-router.ts
+++ b/backend/src/ee/routes/v1/oidc-router.ts
@ -9,6 +9,7 @@
 import { Authenticator, Strategy } from "@fastify/passport";
 import fastifySession from "@fastify/session";
 import RedisStore from "connect-redis";
+import { Redis } from "ioredis";
 import { z } from "zod";

 import { OidcConfigsSchema } from "@app/db/schemas/oidc-configs";
@ -20,6 +21,7 @@ import { AuthMode } from "@app/services/auth/auth-type";

 export const registerOidcRouter = async (server: FastifyZodProvider) => {
  const appCfg = getConfig();
+  const redis = new Redis(appCfg.REDIS_URL);
  const passport = new Authenticator({ key: "oidc", userProperty: "passportUser" });

  /*
@ -28,7 +30,7 @@ export const registerOidcRouter = async (server: FastifyZodProvider) => {
  - Fastify session <> Redis structure is based on the ff: https://github.com/fastify/session/blob/master/examples/redis.js
  */
  const redisStore = new RedisStore({
-    client: server.redis,
+    client: redis,
    prefix: "oidc-session:",
    ttl: 600 // 10 minutes
  });
--- a/backend/src/ee/routes/v1/org-role-router.ts
+++ b/backend/src/ee/routes/v1/org-role-router.ts
@ -1,8 +1,8 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";

 import { OrgMembershipRole, OrgMembershipsSchema, OrgRolesSchema } from "@app/db/schemas";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

@ -18,10 +18,17 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
        organizationId: z.string().trim()
      }),
      body: z.object({
-        slug: slugSchema({ min: 1, max: 64 }).refine(
-          (val) => !Object.values(OrgMembershipRole).includes(val as OrgMembershipRole),
-          "Please choose a different slug, the slug you have entered is reserved"
-        ),
+        slug: z
+          .string()
+          .min(1)
+          .trim()
+          .refine(
+            (val) => !Object.values(OrgMembershipRole).includes(val as OrgMembershipRole),
+            "Please choose a different slug, the slug you have entered is reserved"
+          )
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid"
+          }),
        name: z.string().trim(),
        description: z.string().trim().optional(),
        permissions: z.any().array()
@ -87,13 +94,17 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
        roleId: z.string().trim()
      }),
      body: z.object({
-        // TODO: Switch to slugSchema after verifying correct methods with Akhil - Omar 11/24
-        slug: slugSchema({ min: 1, max: 64 })
+        slug: z
+          .string()
+          .trim()
+          .optional()
          .refine(
-            (val) => !Object.keys(OrgMembershipRole).includes(val),
+            (val) => typeof val !== "undefined" && !Object.keys(OrgMembershipRole).includes(val),
            "Please choose a different slug, the slug you have entered is reserved."
          )
-          .optional(),
+          .refine((val) => typeof val === "undefined" || slugify(val) === val, {
+            message: "Slug must be a valid"
+          }),
        name: z.string().trim().optional(),
        description: z.string().trim().optional(),
        permissions: z.any().array().optional()
--- a/backend/src/ee/routes/v1/project-role-router.ts
+++ b/backend/src/ee/routes/v1/project-role-router.ts
@ -1,18 +1,14 @@
 import { packRules } from "@casl/ability/extra";
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";

 import { ProjectMembershipRole, ProjectMembershipsSchema, ProjectRolesSchema } from "@app/db/schemas";
-import {
-  backfillPermissionV1SchemaToV2Schema,
-  ProjectPermissionV1Schema
-} from "@app/ee/services/permission/project-permission";
+import { ProjectPermissionSchema } from "@app/ee/services/permission/project-permission";
 import { PROJECT_ROLE } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { SanitizedRoleSchemaV1 } from "@app/server/routes/sanitizedSchemas";
+import { SanitizedRoleSchema } from "@app/server/routes/sanitizedSchemas";
 import { AuthMode } from "@app/services/auth/auth-type";
-import { ProjectRoleServiceIdentifierType } from "@app/services/project-role/project-role-types";

 export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
  server.route({
@ -32,19 +28,26 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
        projectSlug: z.string().trim().describe(PROJECT_ROLE.CREATE.projectSlug)
      }),
      body: z.object({
-        slug: slugSchema({ max: 64 })
+        slug: z
+          .string()
+          .toLowerCase()
+          .trim()
+          .min(1)
          .refine(
            (val) => !Object.values(ProjectMembershipRole).includes(val as ProjectMembershipRole),
            "Please choose a different slug, the slug you have entered is reserved"
          )
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid"
+          })
          .describe(PROJECT_ROLE.CREATE.slug),
        name: z.string().min(1).trim().describe(PROJECT_ROLE.CREATE.name),
        description: z.string().trim().optional().describe(PROJECT_ROLE.CREATE.description),
-        permissions: ProjectPermissionV1Schema.array().describe(PROJECT_ROLE.CREATE.permissions)
+        permissions: ProjectPermissionSchema.array().describe(PROJECT_ROLE.CREATE.permissions)
      }),
      response: {
        200: z.object({
-          role: SanitizedRoleSchemaV1
+          role: SanitizedRoleSchema
        })
      }
    },
@ -55,16 +58,12 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
        actor: req.permission.type,
-        filter: {
-          type: ProjectRoleServiceIdentifierType.SLUG,
-          projectSlug: req.params.projectSlug
-        },
+        projectSlug: req.params.projectSlug,
        data: {
          ...req.body,
-          permissions: JSON.stringify(packRules(backfillPermissionV1SchemaToV2Schema(req.body.permissions, true)))
+          permissions: JSON.stringify(packRules(req.body.permissions))
        }
      });
-
      return { role };
    }
  });
@ -87,20 +86,28 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
        roleId: z.string().trim().describe(PROJECT_ROLE.UPDATE.roleId)
      }),
      body: z.object({
-        slug: slugSchema({ max: 64 })
+        slug: z
+          .string()
+          .toLowerCase()
+          .trim()
+          .optional()
+          .describe(PROJECT_ROLE.UPDATE.slug)
          .refine(
-            (val) => !Object.values(ProjectMembershipRole).includes(val as ProjectMembershipRole),
+            (val) =>
+              typeof val === "undefined" ||
+              !Object.values(ProjectMembershipRole).includes(val as ProjectMembershipRole),
            "Please choose a different slug, the slug you have entered is reserved"
          )
-          .describe(PROJECT_ROLE.UPDATE.slug)
-          .optional(),
+          .refine((val) => typeof val === "undefined" || slugify(val) === val, {
+            message: "Slug must be a valid"
+          }),
        name: z.string().trim().optional().describe(PROJECT_ROLE.UPDATE.name),
        description: z.string().trim().optional().describe(PROJECT_ROLE.UPDATE.description),
-        permissions: ProjectPermissionV1Schema.array().describe(PROJECT_ROLE.UPDATE.permissions).optional()
+        permissions: ProjectPermissionSchema.array().describe(PROJECT_ROLE.UPDATE.permissions).optional()
      }),
      response: {
        200: z.object({
-          role: SanitizedRoleSchemaV1
+          role: SanitizedRoleSchema
        })
      }
    },
@ -111,12 +118,11 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
        actor: req.permission.type,
+        projectSlug: req.params.projectSlug,
        roleId: req.params.roleId,
        data: {
          ...req.body,
-          permissions: req.body.permissions
-            ? JSON.stringify(packRules(backfillPermissionV1SchemaToV2Schema(req.body.permissions, true)))
-            : undefined
+          permissions: req.body.permissions ? JSON.stringify(packRules(req.body.permissions)) : undefined
        }
      });
      return { role };
@ -142,7 +148,7 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
      }),
      response: {
        200: z.object({
-          role: SanitizedRoleSchemaV1
+          role: SanitizedRoleSchema
        })
      }
    },
@ -153,6 +159,7 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
        actor: req.permission.type,
+        projectSlug: req.params.projectSlug,
        roleId: req.params.roleId
      });
      return { role };
@ -177,7 +184,7 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
      }),
      response: {
        200: z.object({
-          roles: ProjectRolesSchema.omit({ permissions: true, version: true }).array()
+          roles: ProjectRolesSchema.omit({ permissions: true }).array()
        })
      }
    },
@ -188,10 +195,7 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
        actor: req.permission.type,
-        filter: {
-          type: ProjectRoleServiceIdentifierType.SLUG,
-          projectSlug: req.params.projectSlug
-        }
+        projectSlug: req.params.projectSlug
      });
      return { roles };
    }
@ -210,7 +214,7 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
      }),
      response: {
        200: z.object({
-          role: SanitizedRoleSchemaV1.omit({ version: true })
+          role: SanitizedRoleSchema
        })
      }
    },
@ -221,13 +225,9 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
        actor: req.permission.type,
-        filter: {
-          type: ProjectRoleServiceIdentifierType.SLUG,
-          projectSlug: req.params.projectSlug
-        },
+        projectSlug: req.params.projectSlug,
        roleSlug: req.params.slug
      });
-
      return { role };
    }
  });
--- a/backend/src/ee/routes/v1/project-template-router.ts
+++ b/backend/src/ee/routes/v1/project-template-router.ts
@ -1,302 +0,0 @@
-import { z } from "zod";
-
-import { ProjectMembershipRole, ProjectTemplatesSchema } from "@app/db/schemas";
-import { EventType } from "@app/ee/services/audit-log/audit-log-types";
-import { ProjectPermissionV2Schema } from "@app/ee/services/permission/project-permission";
-import { ProjectTemplateDefaultEnvironments } from "@app/ee/services/project-template/project-template-constants";
-import { isInfisicalProjectTemplate } from "@app/ee/services/project-template/project-template-fns";
-import { ProjectTemplates } from "@app/lib/api-docs";
-import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
-import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { UnpackedPermissionSchema } from "@app/server/routes/santizedSchemas/permission";
-import { AuthMode } from "@app/services/auth/auth-type";
-
-const MAX_JSON_SIZE_LIMIT_IN_BYTES = 32_768;
-
-const isReservedRoleSlug = (slug: string) =>
-  Object.values(ProjectMembershipRole).includes(slug as ProjectMembershipRole);
-
-const isReservedRoleName = (name: string) =>
-  ["custom", "admin", "viewer", "developer", "no access"].includes(name.toLowerCase());
-
-const SanitizedProjectTemplateSchema = ProjectTemplatesSchema.extend({
-  roles: z
-    .object({
-      name: z.string().trim().min(1),
-      slug: slugSchema(),
-      permissions: UnpackedPermissionSchema.array()
-    })
-    .array(),
-  environments: z
-    .object({
-      name: z.string().trim().min(1),
-      slug: slugSchema(),
-      position: z.number().min(1)
-    })
-    .array()
-});
-
-const ProjectTemplateRolesSchema = z
-  .object({
-    name: z.string().trim().min(1),
-    slug: slugSchema(),
-    permissions: ProjectPermissionV2Schema.array()
-  })
-  .array()
-  .superRefine((roles, ctx) => {
-    if (!roles.length) return;
-
-    if (Buffer.byteLength(JSON.stringify(roles)) > MAX_JSON_SIZE_LIMIT_IN_BYTES)
-      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "Size limit exceeded" });
-
-    if (new Set(roles.map((v) => v.slug)).size !== roles.length)
-      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "Role slugs must be unique" });
-
-    if (new Set(roles.map((v) => v.name)).size !== roles.length)
-      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "Role names must be unique" });
-
-    roles.forEach((role) => {
-      if (isReservedRoleSlug(role.slug))
-        ctx.addIssue({ code: z.ZodIssueCode.custom, message: `Role slug "${role.slug}" is reserved` });
-
-      if (isReservedRoleName(role.name))
-        ctx.addIssue({ code: z.ZodIssueCode.custom, message: `Role name "${role.name}" is reserved` });
-    });
-  });
-
-const ProjectTemplateEnvironmentsSchema = z
-  .object({
-    name: z.string().trim().min(1),
-    slug: slugSchema(),
-    position: z.number().min(1)
-  })
-  .array()
-  .min(1)
-  .superRefine((environments, ctx) => {
-    if (Buffer.byteLength(JSON.stringify(environments)) > MAX_JSON_SIZE_LIMIT_IN_BYTES)
-      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "Size limit exceeded" });
-
-    if (new Set(environments.map((v) => v.name)).size !== environments.length)
-      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "Environment names must be unique" });
-
-    if (new Set(environments.map((v) => v.slug)).size !== environments.length)
-      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "Environment slugs must be unique" });
-
-    if (
-      environments.some((env) => env.position < 1 || env.position > environments.length) ||
-      new Set(environments.map((env) => env.position)).size !== environments.length
-    )
-      ctx.addIssue({
-        code: z.ZodIssueCode.custom,
-        message: "One or more of the positions specified is invalid. Positions must be sequential starting from 1."
-      });
-  });
-
-export const registerProjectTemplateRouter = async (server: FastifyZodProvider) => {
-  server.route({
-    method: "GET",
-    url: "/",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      description: "List project templates for the current organization.",
-      response: {
-        200: z.object({
-          projectTemplates: SanitizedProjectTemplateSchema.array()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const projectTemplates = await server.services.projectTemplate.listProjectTemplatesByOrg(req.permission);
-
-      const auditTemplates = projectTemplates.filter((template) => !isInfisicalProjectTemplate(template.name));
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: req.permission.orgId,
-        event: {
-          type: EventType.GET_PROJECT_TEMPLATES,
-          metadata: {
-            count: auditTemplates.length,
-            templateIds: auditTemplates.map((template) => template.id)
-          }
-        }
-      });
-
-      return { projectTemplates };
-    }
-  });
-
-  server.route({
-    method: "GET",
-    url: "/:templateId",
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      description: "Get a project template by ID.",
-      params: z.object({
-        templateId: z.string().uuid()
-      }),
-      response: {
-        200: z.object({
-          projectTemplate: SanitizedProjectTemplateSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const projectTemplate = await server.services.projectTemplate.findProjectTemplateById(
-        req.params.templateId,
-        req.permission
-      );
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: req.permission.orgId,
-        event: {
-          type: EventType.GET_PROJECT_TEMPLATE,
-          metadata: {
-            templateId: req.params.templateId
-          }
-        }
-      });
-
-      return { projectTemplate };
-    }
-  });
-
-  server.route({
-    method: "POST",
-    url: "/",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      description: "Create a project template.",
-      body: z.object({
-        name: slugSchema({ field: "name" })
-          .refine((val) => !isInfisicalProjectTemplate(val), {
-            message: `The requested project template name is reserved.`
-          })
-          .describe(ProjectTemplates.CREATE.name),
-        description: z.string().max(256).trim().optional().describe(ProjectTemplates.CREATE.description),
-        roles: ProjectTemplateRolesSchema.default([]).describe(ProjectTemplates.CREATE.roles),
-        environments: ProjectTemplateEnvironmentsSchema.default(ProjectTemplateDefaultEnvironments).describe(
-          ProjectTemplates.CREATE.environments
-        )
-      }),
-      response: {
-        200: z.object({
-          projectTemplate: SanitizedProjectTemplateSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const projectTemplate = await server.services.projectTemplate.createProjectTemplate(req.body, req.permission);
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: req.permission.orgId,
-        event: {
-          type: EventType.CREATE_PROJECT_TEMPLATE,
-          metadata: req.body
-        }
-      });
-
-      return { projectTemplate };
-    }
-  });
-
-  server.route({
-    method: "PATCH",
-    url: "/:templateId",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      description: "Update a project template.",
-      params: z.object({ templateId: z.string().uuid().describe(ProjectTemplates.UPDATE.templateId) }),
-      body: z.object({
-        name: slugSchema({ field: "name" })
-          .refine((val) => !isInfisicalProjectTemplate(val), {
-            message: `The requested project template name is reserved.`
-          })
-          .optional()
-          .describe(ProjectTemplates.UPDATE.name),
-        description: z.string().max(256).trim().optional().describe(ProjectTemplates.UPDATE.description),
-        roles: ProjectTemplateRolesSchema.optional().describe(ProjectTemplates.UPDATE.roles),
-        environments: ProjectTemplateEnvironmentsSchema.optional().describe(ProjectTemplates.UPDATE.environments)
-      }),
-      response: {
-        200: z.object({
-          projectTemplate: SanitizedProjectTemplateSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const projectTemplate = await server.services.projectTemplate.updateProjectTemplateById(
-        req.params.templateId,
-        req.body,
-        req.permission
-      );
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: req.permission.orgId,
-        event: {
-          type: EventType.UPDATE_PROJECT_TEMPLATE,
-          metadata: {
-            templateId: req.params.templateId,
-            ...req.body
-          }
-        }
-      });
-
-      return { projectTemplate };
-    }
-  });
-
-  server.route({
-    method: "DELETE",
-    url: "/:templateId",
-    config: {
-      rateLimit: writeLimit
-    },
-    schema: {
-      description: "Delete a project template.",
-      params: z.object({ templateId: z.string().uuid().describe(ProjectTemplates.DELETE.templateId) }),
-
-      response: {
-        200: z.object({
-          projectTemplate: SanitizedProjectTemplateSchema
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
-    handler: async (req) => {
-      const projectTemplate = await server.services.projectTemplate.deleteProjectTemplateById(
-        req.params.templateId,
-        req.permission
-      );
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: req.permission.orgId,
-        event: {
-          type: EventType.DELETE_PROJECT_TEMPLATE,
-          metadata: {
-            templateId: req.params.templateId
-          }
-        }
-      });
-
-      return { projectTemplate };
-    }
-  });
-};
--- a/backend/src/ee/routes/v1/saml-router.ts
+++ b/backend/src/ee/routes/v1/saml-router.ts
@ -122,18 +122,13 @@ export const registerSamlRouter = async (server: FastifyZodProvider) => {
              },
              `email: ${email} firstName: ${profile.firstName as string}`
            );
-
-            throw new Error("Invalid saml request. Missing email or first name");
          }

          const userMetadata = Object.keys(profile.attributes || {})
            .map((key) => {
              // for the ones like in format: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email
              const formatedKey = key.startsWith("http") ? key.split("/").at(-1) || "" : key;
-              return {
-                key: formatedKey,
-                value: String((profile.attributes as Record<string, string>)[key]).substring(0, 1020)
-              };
+              return { key: formatedKey, value: String((profile.attributes as Record<string, string>)[key]) };
            })
            .filter((el) => el.key && !["email", "firstName", "lastName"].includes(el.key));

--- a/backend/src/ee/routes/v1/scim-router.ts
+++ b/backend/src/ee/routes/v1/scim-router.ts
@ -20,7 +20,7 @@ const ScimUserSchema = z.object({
      z.object({
        primary: z.boolean(),
        value: z.string().email(),
-        type: z.string().trim().default("work")
+        type: z.string().trim()
      })
    )
    .optional(),
@ -210,7 +210,8 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
          .array(
            z.object({
              primary: z.boolean(),
-              value: z.string().email()
+              value: z.string().email(),
+              type: z.string().trim()
            })
          )
          .optional(),
@ -280,7 +281,8 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
          .array(
            z.object({
              primary: z.boolean(),
-              value: z.string().email()
+              value: z.string().email(),
+              type: z.string().trim()
            })
          )
          .optional(),
@ -299,7 +301,7 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
            z.object({
              primary: z.boolean(),
              value: z.string().email(),
-              type: z.string().trim().default("work")
+              type: z.string().trim()
            })
          ),
          displayName: z.string().trim(),
--- a/backend/src/ee/routes/v1/secret-approval-request-router.ts
+++ b/backend/src/ee/routes/v1/secret-approval-request-router.ts
@ -52,8 +52,7 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
                })
                .array(),
              secretPath: z.string().optional().nullable(),
-              enforcementLevel: z.string(),
-              deletedAt: z.date().nullish()
+              enforcementLevel: z.string()
            }),
            committerUser: approvalRequestUser,
            commits: z.object({ op: z.string(), secretId: z.string().nullable().optional() }).array(),
@ -261,8 +260,7 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
                approvals: z.number(),
                approvers: approvalRequestUser.array(),
                secretPath: z.string().optional().nullable(),
-                enforcementLevel: z.string(),
-                deletedAt: z.date().nullish()
+                enforcementLevel: z.string()
              }),
              environment: z.string(),
              statusChangedByUser: approvalRequestUser.optional(),
--- a/Show More
+++ b/Show More