misc: added image for generated token

upgrade mintlify docs

.infisicalignore

@@ -45,3 +45,4 @@ cli/detect/config/gitleaks.toml:gcp-api-key:582
 .github/workflows/helm-release-infisical-core.yml:generic-api-key:48
 .github/workflows/helm-release-infisical-core.yml:generic-api-key:47
 backend/src/services/smtp/smtp-service.ts:generic-api-key:79
+frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/CloudflarePagesSyncFields.tsx:cloudflare-api-key:7

backend/src/db/instance.ts

@@ -50,6 +50,8 @@ export const initDbConnection = ({
           }
         : false
     },
+    // https://knexjs.org/guide/#pool
+    pool: { min: 0, max: 10 },
     migrations: {
       tableName: "infisical_migrations"
     }
@@ -70,7 +72,8 @@ export const initDbConnection = ({
       },
       migrations: {
         tableName: "infisical_migrations"
-      }
+      },
+      pool: { min: 0, max: 10 }
     });
   });
 

backend/src/ee/routes/v1/access-approval-request-router.ts

@@ -89,7 +89,7 @@ export const registerAccessApprovalRequestRouter = async (server: FastifyZodProv
     schema: {
       querystring: z.object({
         projectSlug: z.string().trim(),
-        authorProjectMembershipId: z.string().trim().optional(),
+        authorUserId: z.string().trim().optional(),
         envSlug: z.string().trim().optional()
       }),
       response: {
@@ -143,7 +143,7 @@ export const registerAccessApprovalRequestRouter = async (server: FastifyZodProv
     handler: async (req) => {
       const { requests } = await server.services.accessApprovalRequest.listApprovalRequests({
         projectSlug: req.query.projectSlug,
-        authorProjectMembershipId: req.query.authorProjectMembershipId,
+        authorUserId: req.query.authorUserId,
         envSlug: req.query.envSlug,
         actor: req.permission.type,
         actorId: req.permission.id,

backend/src/ee/routes/v1/secret-approval-request-router.ts

@@ -30,6 +30,7 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
         workspaceId: z.string().trim(),
         environment: z.string().trim().optional(),
         committer: z.string().trim().optional(),
+        search: z.string().trim().optional(),
         status: z.nativeEnum(RequestState).optional(),
         limit: z.coerce.number().default(20),
         offset: z.coerce.number().default(0)
@@ -66,13 +67,14 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
                 userId: z.string().nullable().optional()
               })
               .array()
-          }).array()
+          }).array(),
+          totalCount: z.number()
         })
       }
     },
     onRequest: verifyAuth([AuthMode.JWT]),
     handler: async (req) => {
-      const approvals = await server.services.secretApprovalRequest.getSecretApprovals({
+      const { approvals, totalCount } = await server.services.secretApprovalRequest.getSecretApprovals({
         actor: req.permission.type,
         actorId: req.permission.id,
         actorAuthMethod: req.permission.authMethod,
@@ -80,7 +82,7 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
         ...req.query,
         projectId: req.query.workspaceId
       });
-      return { approvals };
+      return { approvals, totalCount };
     }
   });
 

backend/src/ee/services/access-approval-request/access-approval-request-dal.ts

@@ -725,16 +725,17 @@ export const accessApprovalRequestDALFactory = (db: TDbClient): TAccessApprovalR
         )
 
         .where(`${TableName.Environment}.projectId`, projectId)
-        .where(`${TableName.AccessApprovalPolicy}.deletedAt`, null)
         .select(selectAllTableCols(TableName.AccessApprovalRequest))
         .select(db.ref("status").withSchema(TableName.AccessApprovalRequestReviewer).as("reviewerStatus"))
-        .select(db.ref("reviewerUserId").withSchema(TableName.AccessApprovalRequestReviewer).as("reviewerUserId"));
+        .select(db.ref("reviewerUserId").withSchema(TableName.AccessApprovalRequestReviewer).as("reviewerUserId"))
+        .select(db.ref("deletedAt").withSchema(TableName.AccessApprovalPolicy).as("policyDeletedAt"));
 
       const formattedRequests = sqlNestRelationships({
         data: accessRequests,
         key: "id",
         parentMapper: (doc) => ({
-          ...AccessApprovalRequestsSchema.parse(doc)
+          ...AccessApprovalRequestsSchema.parse(doc),
+          isPolicyDeleted: Boolean(doc.policyDeletedAt)
         }),
         childrenMapper: [
           {
@@ -751,7 +752,8 @@ export const accessApprovalRequestDALFactory = (db: TDbClient): TAccessApprovalR
         (req) =>
           !req.privilegeId &&
           !req.reviewers.some((r) => r.status === ApprovalStatus.REJECTED) &&
-          req.status === ApprovalStatus.PENDING
+          req.status === ApprovalStatus.PENDING &&
+          !req.isPolicyDeleted
       );
 
       // an approval is finalized if there are any rejections, a privilege ID is set or the number of approvals is equal to the number of approvals required.
@@ -759,7 +761,8 @@ export const accessApprovalRequestDALFactory = (db: TDbClient): TAccessApprovalR
         (req) =>
           req.privilegeId ||
           req.reviewers.some((r) => r.status === ApprovalStatus.REJECTED) ||
-          req.status !== ApprovalStatus.PENDING
+          req.status !== ApprovalStatus.PENDING ||
+          req.isPolicyDeleted
       );
 
       return { pendingCount: pendingApprovals.length, finalizedCount: finalizedApprovals.length };

backend/src/ee/services/access-approval-request/access-approval-request-service.ts

@@ -275,7 +275,7 @@ export const accessApprovalRequestServiceFactory = ({
 
   const listApprovalRequests: TAccessApprovalRequestServiceFactory["listApprovalRequests"] = async ({
     projectSlug,
-    authorProjectMembershipId,
+    authorUserId,
     envSlug,
     actor,
     actorOrgId,
@@ -300,8 +300,8 @@ export const accessApprovalRequestServiceFactory = ({
     const policies = await accessApprovalPolicyDAL.find({ projectId: project.id });
     let requests = await accessApprovalRequestDAL.findRequestsWithPrivilegeByPolicyIds(policies.map((p) => p.id));
 
-    if (authorProjectMembershipId) {
-      requests = requests.filter((request) => request.requestedByUserId === actorId);
+    if (authorUserId) {
+      requests = requests.filter((request) => request.requestedByUserId === authorUserId);
     }
 
     if (envSlug) {

backend/src/ee/services/access-approval-request/access-approval-request-types.ts

@@ -31,7 +31,7 @@ export type TCreateAccessApprovalRequestDTO = {
 
 export type TListApprovalRequestsDTO = {
   projectSlug: string;
-  authorProjectMembershipId?: string;
+  authorUserId?: string;
   envSlug?: string;
 } & Omit<TProjectPermission, "projectId">;
 

backend/src/ee/services/secret-approval-request/secret-approval-request-dal.ts

@@ -24,6 +24,7 @@ type TFindQueryFilter = {
   committer?: string;
   limit?: number;
   offset?: number;
+  search?: string;
 };
 
 export const secretApprovalRequestDALFactory = (db: TDbClient) => {
@@ -314,7 +315,6 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
                   .where(`${TableName.SecretApprovalPolicyApprover}.approverUserId`, userId)
                   .orWhere(`${TableName.SecretApprovalRequest}.committerUserId`, userId)
             )
-            .andWhere((bd) => void bd.where(`${TableName.SecretApprovalPolicy}.deletedAt`, null))
             .select("status", `${TableName.SecretApprovalRequest}.id`)
             .groupBy(`${TableName.SecretApprovalRequest}.id`, "status")
             .count("status")
@@ -340,13 +340,13 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
   };
 
   const findByProjectId = async (
-    { status, limit = 20, offset = 0, projectId, committer, environment, userId }: TFindQueryFilter,
+    { status, limit = 20, offset = 0, projectId, committer, environment, userId, search }: TFindQueryFilter,
     tx?: Knex
   ) => {
     try {
       // akhilmhdh: If ever u wanted a 1 to so many relationship connected with pagination
       // this is the place u wanna look at.
-      const query = (tx || db.replicaNode())(TableName.SecretApprovalRequest)
+      const innerQuery = (tx || db.replicaNode())(TableName.SecretApprovalRequest)
         .join(TableName.SecretFolder, `${TableName.SecretApprovalRequest}.folderId`, `${TableName.SecretFolder}.id`)
         .join(TableName.Environment, `${TableName.SecretFolder}.envId`, `${TableName.Environment}.id`)
         .join(
@@ -435,7 +435,30 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
           db.ref("firstName").withSchema("committerUser").as("committerUserFirstName"),
           db.ref("lastName").withSchema("committerUser").as("committerUserLastName")
         )
-        .orderBy("createdAt", "desc");
+        .distinctOn(`${TableName.SecretApprovalRequest}.id`)
+        .as("inner");
+
+      const query = (tx || db)
+        .select("*")
+        .select(db.raw("count(*) OVER() as total_count"))
+        .from(innerQuery)
+        .orderBy("createdAt", "desc") as typeof innerQuery;
+
+      if (search) {
+        void query.where((qb) => {
+          void qb
+            .whereRaw(`CONCAT_WS(' ', ??, ??) ilike ?`, [
+              db.ref("firstName").withSchema("committerUser"),
+              db.ref("lastName").withSchema("committerUser"),
+              `%${search}%`
+            ])
+            .orWhereRaw(`?? ilike ?`, [db.ref("username").withSchema("committerUser"), `%${search}%`])
+            .orWhereRaw(`?? ilike ?`, [db.ref("email").withSchema("committerUser"), `%${search}%`])
+            .orWhereILike(`${TableName.Environment}.name`, `%${search}%`)
+            .orWhereILike(`${TableName.Environment}.slug`, `%${search}%`)
+            .orWhereILike(`${TableName.SecretApprovalPolicy}.secretPath`, `%${search}%`);
+        });
+      }
 
       const docs = await (tx || db)
         .with("w", query)
@@ -443,6 +466,10 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
         .from<Awaited<typeof query>[number]>("w")
         .where("w.rank", ">=", offset)
         .andWhere("w.rank", "<", offset + limit);
+
+      // @ts-expect-error knex does not infer
+      const totalCount = Number(docs[0]?.total_count || 0);
+
       const formattedDoc = sqlNestRelationships({
         data: docs,
         key: "id",
@@ -504,23 +531,26 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
           }
         ]
       });
-      return formattedDoc.map((el) => ({
-        ...el,
-        policy: { ...el.policy, approvers: el.approvers, bypassers: el.bypassers }
-      }));
+      return {
+        approvals: formattedDoc.map((el) => ({
+          ...el,
+          policy: { ...el.policy, approvers: el.approvers, bypassers: el.bypassers }
+        })),
+        totalCount
+      };
     } catch (error) {
       throw new DatabaseError({ error, name: "FindSAR" });
     }
   };
 
   const findByProjectIdBridgeSecretV2 = async (
-    { status, limit = 20, offset = 0, projectId, committer, environment, userId }: TFindQueryFilter,
+    { status, limit = 20, offset = 0, projectId, committer, environment, userId, search }: TFindQueryFilter,
     tx?: Knex
   ) => {
     try {
       // akhilmhdh: If ever u wanted a 1 to so many relationship connected with pagination
       // this is the place u wanna look at.
-      const query = (tx || db.replicaNode())(TableName.SecretApprovalRequest)
+      const innerQuery = (tx || db.replicaNode())(TableName.SecretApprovalRequest)
         .join(TableName.SecretFolder, `${TableName.SecretApprovalRequest}.folderId`, `${TableName.SecretFolder}.id`)
         .join(TableName.Environment, `${TableName.SecretFolder}.envId`, `${TableName.Environment}.id`)
         .join(
@@ -609,14 +639,42 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
           db.ref("firstName").withSchema("committerUser").as("committerUserFirstName"),
           db.ref("lastName").withSchema("committerUser").as("committerUserLastName")
         )
-        .orderBy("createdAt", "desc");
+        .distinctOn(`${TableName.SecretApprovalRequest}.id`)
+        .as("inner");
 
+      const query = (tx || db)
+        .select("*")
+        .select(db.raw("count(*) OVER() as total_count"))
+        .from(innerQuery)
+        .orderBy("createdAt", "desc") as typeof innerQuery;
+
+      if (search) {
+        void query.where((qb) => {
+          void qb
+            .whereRaw(`CONCAT_WS(' ', ??, ??) ilike ?`, [
+              db.ref("firstName").withSchema("committerUser"),
+              db.ref("lastName").withSchema("committerUser"),
+              `%${search}%`
+            ])
+            .orWhereRaw(`?? ilike ?`, [db.ref("username").withSchema("committerUser"), `%${search}%`])
+            .orWhereRaw(`?? ilike ?`, [db.ref("email").withSchema("committerUser"), `%${search}%`])
+            .orWhereILike(`${TableName.Environment}.name`, `%${search}%`)
+            .orWhereILike(`${TableName.Environment}.slug`, `%${search}%`)
+            .orWhereILike(`${TableName.SecretApprovalPolicy}.secretPath`, `%${search}%`);
+        });
+      }
+
+      const rankOffset = offset + 1;
       const docs = await (tx || db)
         .with("w", query)
         .select("*")
         .from<Awaited<typeof query>[number]>("w")
-        .where("w.rank", ">=", offset)
-        .andWhere("w.rank", "<", offset + limit);
+        .where("w.rank", ">=", rankOffset)
+        .andWhere("w.rank", "<", rankOffset + limit);
+
+      // @ts-expect-error knex does not infer
+      const totalCount = Number(docs[0]?.total_count || 0);
+
       const formattedDoc = sqlNestRelationships({
         data: docs,
         key: "id",
@@ -682,10 +740,13 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
           }
         ]
       });
-      return formattedDoc.map((el) => ({
-        ...el,
-        policy: { ...el.policy, approvers: el.approvers, bypassers: el.bypassers }
-      }));
+      return {
+        approvals: formattedDoc.map((el) => ({
+          ...el,
+          policy: { ...el.policy, approvers: el.approvers, bypassers: el.bypassers }
+        })),
+        totalCount
+      };
     } catch (error) {
       throw new DatabaseError({ error, name: "FindSAR" });
     }

backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts

@@ -194,7 +194,8 @@ export const secretApprovalRequestServiceFactory = ({
     environment,
     committer,
     limit,
-    offset
+    offset,
+    search
   }: TListApprovalsDTO) => {
     if (actor === ActorType.SERVICE) throw new BadRequestError({ message: "Cannot use service token" });
 
@@ -208,6 +209,7 @@ export const secretApprovalRequestServiceFactory = ({
     });
 
     const { shouldUseSecretV2Bridge } = await projectBotService.getBotKey(projectId);
+
     if (shouldUseSecretV2Bridge) {
       return secretApprovalRequestDAL.findByProjectIdBridgeSecretV2({
         projectId,
@@ -216,19 +218,21 @@ export const secretApprovalRequestServiceFactory = ({
         status,
         userId: actorId,
         limit,
-        offset
+        offset,
+        search
       });
     }
-    const approvals = await secretApprovalRequestDAL.findByProjectId({
+
+    return secretApprovalRequestDAL.findByProjectId({
       projectId,
       committer,
       environment,
       status,
       userId: actorId,
       limit,
-      offset
+      offset,
+      search
     });
-    return approvals;
   };
 
   const getSecretApprovalDetails = async ({

backend/src/ee/services/secret-approval-request/secret-approval-request-types.ts

@@ -93,6 +93,7 @@ export type TListApprovalsDTO = {
   committer?: string;
   limit?: number;
   offset?: number;
+  search?: string;
 } & TProjectPermission;
 
 export type TSecretApprovalDetailsDTO = {

backend/src/lib/api-docs/constants.ts

@@ -2401,6 +2401,10 @@ export const SecretSyncs = {
     },
     FLYIO: {
       appId: "The ID of the Fly.io app to sync secrets to."
+    },
+    CLOUDFLARE_PAGES: {
+      projectName: "The name of the Cloudflare Pages project to sync secrets to.",
+      environment: "The environment of the Cloudflare Pages project to sync secrets to."
     }
   }
 };

backend/src/server/routes/v1/app-connection-routers/app-connection-router.ts

@@ -80,6 +80,10 @@ import {
   WindmillConnectionListItemSchema
 } from "@app/services/app-connection/windmill";
 import { AuthMode } from "@app/services/auth/auth-type";
+import {
+  CloudflareConnectionListItemSchema,
+  SanitizedCloudflareConnectionSchema
+} from "@app/services/app-connection/cloudflare/cloudflare-connection-schema";
 
 // can't use discriminated due to multiple schemas for certain apps
 const SanitizedAppConnectionSchema = z.union([
@@ -109,7 +113,8 @@ const SanitizedAppConnectionSchema = z.union([
   ...SanitizedOnePassConnectionSchema.options,
   ...SanitizedHerokuConnectionSchema.options,
   ...SanitizedRenderConnectionSchema.options,
-  ...SanitizedFlyioConnectionSchema.options
+  ...SanitizedFlyioConnectionSchema.options,
+  ...SanitizedCloudflareConnectionSchema.options
 ]);
 
 const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
@@ -139,7 +144,8 @@ const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
   OnePassConnectionListItemSchema,
   HerokuConnectionListItemSchema,
   RenderConnectionListItemSchema,
-  FlyioConnectionListItemSchema
+  FlyioConnectionListItemSchema,
+  CloudflareConnectionListItemSchema
 ]);
 
 export const registerAppConnectionRouter = async (server: FastifyZodProvider) => {

backend/src/server/routes/v1/app-connection-routers/cloudflare-connection-router.ts

@@ -0,0 +1,53 @@
+import z from "zod";
+
+import { readLimit } from "@app/server/config/rateLimiter";
+import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import {
+  CreateCloudflareConnectionSchema,
+  SanitizedCloudflareConnectionSchema,
+  UpdateCloudflareConnectionSchema
+} from "@app/services/app-connection/cloudflare/cloudflare-connection-schema";
+import { AuthMode } from "@app/services/auth/auth-type";
+
+import { registerAppConnectionEndpoints } from "./app-connection-endpoints";
+
+export const registerCloudflareConnectionRouter = async (server: FastifyZodProvider) => {
+  registerAppConnectionEndpoints({
+    app: AppConnection.Cloudflare,
+    server,
+    sanitizedResponseSchema: SanitizedCloudflareConnectionSchema,
+    createSchema: CreateCloudflareConnectionSchema,
+    updateSchema: UpdateCloudflareConnectionSchema
+  });
+
+  // The below endpoints are not exposed and for Infisical App use
+  server.route({
+    method: "GET",
+    url: `/:connectionId/cloudflare-pages-projects`,
+    config: {
+      rateLimit: readLimit
+    },
+    schema: {
+      params: z.object({
+        connectionId: z.string().uuid()
+      }),
+      response: {
+        200: z
+          .object({
+            id: z.string(),
+            name: z.string()
+          })
+          .array()
+      }
+    },
+    onRequest: verifyAuth([AuthMode.JWT]),
+    handler: async (req) => {
+      const { connectionId } = req.params;
+
+      const projects = await server.services.appConnection.cloudflare.listPagesProjects(connectionId, req.permission);
+
+      return projects;
+    }
+  });
+};

backend/src/server/routes/v1/app-connection-routers/index.ts

@@ -27,6 +27,7 @@ import { registerTeamCityConnectionRouter } from "./teamcity-connection-router";
 import { registerTerraformCloudConnectionRouter } from "./terraform-cloud-router";
 import { registerVercelConnectionRouter } from "./vercel-connection-router";
 import { registerWindmillConnectionRouter } from "./windmill-connection-router";
+import { registerCloudflareConnectionRouter } from "./cloudflare-connection-router";
 
 export * from "./app-connection-router";
 
@@ -58,5 +59,6 @@ export const APP_CONNECTION_REGISTER_ROUTER_MAP: Record<AppConnection, (server:
     [AppConnection.OnePass]: registerOnePassConnectionRouter,
     [AppConnection.Heroku]: registerHerokuConnectionRouter,
     [AppConnection.Render]: registerRenderConnectionRouter,
-    [AppConnection.Flyio]: registerFlyioConnectionRouter
+    [AppConnection.Flyio]: registerFlyioConnectionRouter,
+    [AppConnection.Cloudflare]: registerCloudflareConnectionRouter
   };

backend/src/server/routes/v1/secret-sync-routers/cloudflare-pages-sync-router.ts

@@ -0,0 +1,16 @@
+import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
+import { registerSyncSecretsEndpoints } from "./secret-sync-endpoints";
+import {
+  CloudflarePagesSyncSchema,
+  CreateCloudflarePagesSyncSchema,
+  UpdateCloudflarePagesSyncSchema
+} from "@app/services/secret-sync/cloudflare-pages/cloudflare-pages-schema";
+
+export const registerCloudflarePagesSyncRouter = async (server: FastifyZodProvider) =>
+  registerSyncSecretsEndpoints({
+    destination: SecretSync.CloudflarePages,
+    server,
+    responseSchema: CloudflarePagesSyncSchema,
+    createSchema: CreateCloudflarePagesSyncSchema,
+    updateSchema: UpdateCloudflarePagesSyncSchema
+  });

backend/src/server/routes/v1/secret-sync-routers/index.ts

@@ -8,6 +8,7 @@ import { registerAzureAppConfigurationSyncRouter } from "./azure-app-configurati
 import { registerAzureDevOpsSyncRouter } from "./azure-devops-sync-router";
 import { registerAzureKeyVaultSyncRouter } from "./azure-key-vault-sync-router";
 import { registerCamundaSyncRouter } from "./camunda-sync-router";
+import { registerCloudflarePagesSyncRouter } from "./cloudflare-pages-sync-router";
 import { registerDatabricksSyncRouter } from "./databricks-sync-router";
 import { registerFlyioSyncRouter } from "./flyio-sync-router";
 import { registerGcpSyncRouter } from "./gcp-sync-router";
@@ -43,5 +44,6 @@ export const SECRET_SYNC_REGISTER_ROUTER_MAP: Record<SecretSync, (server: Fastif
   [SecretSync.OnePass]: registerOnePassSyncRouter,
   [SecretSync.Heroku]: registerHerokuSyncRouter,
   [SecretSync.Render]: registerRenderSyncRouter,
-  [SecretSync.Flyio]: registerFlyioSyncRouter
+  [SecretSync.Flyio]: registerFlyioSyncRouter,
+  [SecretSync.CloudflarePages]: registerCloudflarePagesSyncRouter
 };

backend/src/server/routes/v1/secret-sync-routers/secret-sync-router.ts

@@ -34,6 +34,10 @@ import { TeamCitySyncListItemSchema, TeamCitySyncSchema } from "@app/services/se
 import { TerraformCloudSyncListItemSchema, TerraformCloudSyncSchema } from "@app/services/secret-sync/terraform-cloud";
 import { VercelSyncListItemSchema, VercelSyncSchema } from "@app/services/secret-sync/vercel";
 import { WindmillSyncListItemSchema, WindmillSyncSchema } from "@app/services/secret-sync/windmill";
+import {
+  CloudflarePagesSyncListItemSchema,
+  CloudflarePagesSyncSchema
+} from "@app/services/secret-sync/cloudflare-pages/cloudflare-pages-schema";
 
 const SecretSyncSchema = z.discriminatedUnion("destination", [
   AwsParameterStoreSyncSchema,
@@ -55,7 +59,8 @@ const SecretSyncSchema = z.discriminatedUnion("destination", [
   OnePassSyncSchema,
   HerokuSyncSchema,
   RenderSyncSchema,
-  FlyioSyncSchema
+  FlyioSyncSchema,
+  CloudflarePagesSyncSchema
 ]);
 
 const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
@@ -78,7 +83,8 @@ const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
   OnePassSyncListItemSchema,
   HerokuSyncListItemSchema,
   RenderSyncListItemSchema,
-  FlyioSyncListItemSchema
+  FlyioSyncListItemSchema,
+  CloudflarePagesSyncListItemSchema
 ]);
 
 export const registerSecretSyncRouter = async (server: FastifyZodProvider) => {

backend/src/services/app-connection/app-connection-enums.ts

@@ -25,7 +25,8 @@ export enum AppConnection {
   OnePass = "1password",
   Heroku = "heroku",
   Render = "render",
-  Flyio = "flyio"
+  Flyio = "flyio",
+  Cloudflare = "cloudflare"
 }
 
 export enum AWSRegion {

backend/src/services/app-connection/app-connection-fns.ts

@@ -99,6 +99,11 @@ import {
   validateWindmillConnectionCredentials,
   WindmillConnectionMethod
 } from "./windmill";
+import {
+  getCloudflareConnectionListItem,
+  validateCloudflareConnectionCredentials
+} from "./cloudflare/cloudflare-connection-fns";
+import { CloudflareConnectionMethod } from "./cloudflare/cloudflare-connection-enum";
 
 export const listAppConnectionOptions = () => {
   return [
@@ -128,7 +133,8 @@ export const listAppConnectionOptions = () => {
     getOnePassConnectionListItem(),
     getHerokuConnectionListItem(),
     getRenderConnectionListItem(),
-    getFlyioConnectionListItem()
+    getFlyioConnectionListItem(),
+    getCloudflareConnectionListItem()
   ].sort((a, b) => a.name.localeCompare(b.name));
 };
 
@@ -206,7 +212,8 @@ export const validateAppConnectionCredentials = async (
     [AppConnection.OnePass]: validateOnePassConnectionCredentials as TAppConnectionCredentialsValidator,
     [AppConnection.Heroku]: validateHerokuConnectionCredentials as TAppConnectionCredentialsValidator,
     [AppConnection.Render]: validateRenderConnectionCredentials as TAppConnectionCredentialsValidator,
-    [AppConnection.Flyio]: validateFlyioConnectionCredentials as TAppConnectionCredentialsValidator
+    [AppConnection.Flyio]: validateFlyioConnectionCredentials as TAppConnectionCredentialsValidator,
+    [AppConnection.Cloudflare]: validateCloudflareConnectionCredentials as TAppConnectionCredentialsValidator
   };
 
   return VALIDATE_APP_CONNECTION_CREDENTIALS_MAP[appConnection.app](appConnection);
@@ -241,6 +248,7 @@ export const getAppConnectionMethodName = (method: TAppConnection["method"]) =>
     case TerraformCloudConnectionMethod.ApiToken:
     case VercelConnectionMethod.ApiToken:
     case OnePassConnectionMethod.ApiToken:
+    case CloudflareConnectionMethod.APIToken:
       return "API Token";
     case PostgresConnectionMethod.UsernameAndPassword:
     case MsSqlConnectionMethod.UsernameAndPassword:
@@ -318,7 +326,8 @@ export const TRANSITION_CONNECTION_CREDENTIALS_TO_PLATFORM: Record<
   [AppConnection.OnePass]: platformManagedCredentialsNotSupported,
   [AppConnection.Heroku]: platformManagedCredentialsNotSupported,
   [AppConnection.Render]: platformManagedCredentialsNotSupported,
-  [AppConnection.Flyio]: platformManagedCredentialsNotSupported
+  [AppConnection.Flyio]: platformManagedCredentialsNotSupported,
+  [AppConnection.Cloudflare]: platformManagedCredentialsNotSupported
 };
 
 export const enterpriseAppCheck = async (

backend/src/services/app-connection/app-connection-maps.ts

@@ -27,7 +27,8 @@ export const APP_CONNECTION_NAME_MAP: Record<AppConnection, string> = {
   [AppConnection.OnePass]: "1Password",
   [AppConnection.Heroku]: "Heroku",
   [AppConnection.Render]: "Render",
-  [AppConnection.Flyio]: "Fly.io"
+  [AppConnection.Flyio]: "Fly.io",
+  [AppConnection.Cloudflare]: "Cloudflare"
 };
 
 export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanType> = {
@@ -57,5 +58,6 @@ export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanTyp
   [AppConnection.MySql]: AppConnectionPlanType.Regular,
   [AppConnection.Heroku]: AppConnectionPlanType.Regular,
   [AppConnection.Render]: AppConnectionPlanType.Regular,
-  [AppConnection.Flyio]: AppConnectionPlanType.Regular
+  [AppConnection.Flyio]: AppConnectionPlanType.Regular,
+  [AppConnection.Cloudflare]: AppConnectionPlanType.Regular
 };

backend/src/services/app-connection/app-connection-service.ts

@@ -47,6 +47,8 @@ import { azureDevOpsConnectionService } from "./azure-devops/azure-devops-servic
 import { ValidateAzureKeyVaultConnectionCredentialsSchema } from "./azure-key-vault";
 import { ValidateCamundaConnectionCredentialsSchema } from "./camunda";
 import { camundaConnectionService } from "./camunda/camunda-connection-service";
+import { ValidateCloudflareConnectionCredentialsSchema } from "./cloudflare/cloudflare-connection-schema";
+import { cloudflareConnectionService } from "./cloudflare/cloudflare-connection-service";
 import { ValidateDatabricksConnectionCredentialsSchema } from "./databricks";
 import { databricksConnectionService } from "./databricks/databricks-connection-service";
 import { ValidateFlyioConnectionCredentialsSchema } from "./flyio";
@@ -113,7 +115,8 @@ const VALIDATE_APP_CONNECTION_CREDENTIALS_MAP: Record<AppConnection, TValidateAp
   [AppConnection.OnePass]: ValidateOnePassConnectionCredentialsSchema,
   [AppConnection.Heroku]: ValidateHerokuConnectionCredentialsSchema,
   [AppConnection.Render]: ValidateRenderConnectionCredentialsSchema,
-  [AppConnection.Flyio]: ValidateFlyioConnectionCredentialsSchema
+  [AppConnection.Flyio]: ValidateFlyioConnectionCredentialsSchema,
+  [AppConnection.Cloudflare]: ValidateCloudflareConnectionCredentialsSchema
 };
 
 export const appConnectionServiceFactory = ({
@@ -521,6 +524,7 @@ export const appConnectionServiceFactory = ({
     onepass: onePassConnectionService(connectAppConnectionById),
     heroku: herokuConnectionService(connectAppConnectionById, appConnectionDAL, kmsService),
     render: renderConnectionService(connectAppConnectionById),
+    cloudflare: cloudflareConnectionService(connectAppConnectionById),
     flyio: flyioConnectionService(connectAppConnectionById)
   };
 };

backend/src/services/app-connection/app-connection-types.ts

@@ -153,6 +153,12 @@ import {
   TWindmillConnectionConfig,
   TWindmillConnectionInput
 } from "./windmill";
+import {
+  TCloudflareConnection,
+  TCloudflareConnectionConfig,
+  TCloudflareConnectionInput,
+  TValidateCloudflareConnectionCredentialsSchema
+} from "./cloudflare/cloudflare-connection-types";
 
 export type TAppConnection = { id: string } & (
   | TAwsConnection
@@ -182,6 +188,7 @@ export type TAppConnection = { id: string } & (
   | THerokuConnection
   | TRenderConnection
   | TFlyioConnection
+  | TCloudflareConnection
 );
 
 export type TAppConnectionRaw = NonNullable<Awaited<ReturnType<TAppConnectionDALFactory["findById"]>>>;
@@ -216,6 +223,7 @@ export type TAppConnectionInput = { id: string } & (
   | THerokuConnectionInput
   | TRenderConnectionInput
   | TFlyioConnectionInput
+  | TCloudflareConnectionInput
 );
 
 export type TSqlConnectionInput =
@@ -257,7 +265,8 @@ export type TAppConnectionConfig =
   | TOnePassConnectionConfig
   | THerokuConnectionConfig
   | TRenderConnectionConfig
-  | TFlyioConnectionConfig;
+  | TFlyioConnectionConfig
+  | TCloudflareConnectionConfig;
 
 export type TValidateAppConnectionCredentialsSchema =
   | TValidateAwsConnectionCredentialsSchema
@@ -286,7 +295,8 @@ export type TValidateAppConnectionCredentialsSchema =
   | TValidateOnePassConnectionCredentialsSchema
   | TValidateHerokuConnectionCredentialsSchema
   | TValidateRenderConnectionCredentialsSchema
-  | TValidateFlyioConnectionCredentialsSchema;
+  | TValidateFlyioConnectionCredentialsSchema
+  | TValidateCloudflareConnectionCredentialsSchema;
 
 export type TListAwsConnectionKmsKeys = {
   connectionId: string;

backend/src/services/app-connection/cloudflare/cloudflare-connection-enum.ts

@@ -0,0 +1,3 @@
+export enum CloudflareConnectionMethod {
+  APIToken = "api-token"
+}

backend/src/services/app-connection/cloudflare/cloudflare-connection-fns.ts

@@ -0,0 +1,75 @@
+import { AxiosError } from "axios";
+
+import { request } from "@app/lib/config/request";
+import { BadRequestError } from "@app/lib/errors";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
+
+import { CloudflareConnectionMethod } from "./cloudflare-connection-enum";
+import {
+  TCloudflareConnection,
+  TCloudflareConnectionConfig,
+  TCloudflarePagesProject
+} from "./cloudflare-connection-types";
+
+export const getCloudflareConnectionListItem = () => {
+  return {
+    name: "Cloudflare" as const,
+    app: AppConnection.Cloudflare as const,
+    methods: Object.values(CloudflareConnectionMethod) as [CloudflareConnectionMethod.APIToken]
+  };
+};
+
+export const listCloudflarePagesProjects = async (
+  appConnection: TCloudflareConnection
+): Promise<TCloudflarePagesProject[]> => {
+  const {
+    credentials: { apiToken, accountId }
+  } = appConnection;
+
+  const { data } = await request.get<{ result: { name: string; id: string }[] }>(
+    `${IntegrationUrls.CLOUDFLARE_API_URL}/client/v4/accounts/${accountId}/pages/projects`,
+    {
+      headers: {
+        Authorization: `Bearer ${apiToken}`,
+        Accept: "application/json"
+      }
+    }
+  );
+
+  return data.result.map((a) => ({
+    name: a.name,
+    id: a.id
+  }));
+};
+
+export const validateCloudflareConnectionCredentials = async (config: TCloudflareConnectionConfig) => {
+  const { apiToken, accountId } = config.credentials;
+
+  try {
+    const resp = await request.get(`${IntegrationUrls.CLOUDFLARE_API_URL}/client/v4/accounts/${accountId}`, {
+      headers: {
+        Authorization: `Bearer ${apiToken}`,
+        Accept: "application/json"
+      }
+    });
+
+    if (resp.data === null) {
+      throw new BadRequestError({
+        message: "Unable to validate connection: Invalid API token provided."
+      });
+    }
+  } catch (error: unknown) {
+    if (error instanceof AxiosError) {
+      throw new BadRequestError({
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+        message: `Failed to validate credentials: ${error.response?.data?.errors?.[0]?.message || error.message || "Unknown error"}`
+      });
+    }
+    throw new BadRequestError({
+      message: "Unable to validate connection: verify credentials"
+    });
+  }
+
+  return config.credentials;
+};

backend/src/services/app-connection/cloudflare/cloudflare-connection-schema.ts

@@ -0,0 +1,74 @@
+import z from "zod";
+
+import { AppConnections } from "@app/lib/api-docs";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import {
+  BaseAppConnectionSchema,
+  GenericCreateAppConnectionFieldsSchema,
+  GenericUpdateAppConnectionFieldsSchema
+} from "@app/services/app-connection/app-connection-schemas";
+
+import { CloudflareConnectionMethod } from "./cloudflare-connection-enum";
+import { CharacterType, characterValidator } from "@app/lib/validator/validate-string";
+
+const accountIdCharacterValidator = characterValidator([
+  CharacterType.AlphaNumeric,
+  CharacterType.Underscore,
+  CharacterType.Hyphen
+]);
+
+export const CloudflareConnectionApiTokenCredentialsSchema = z.object({
+  accountId: z
+    .string()
+    .trim()
+    .min(1, "Account ID required")
+    .max(256, "Account ID cannot exceed 256 characters")
+    .refine(
+      (val) => accountIdCharacterValidator(val),
+      "Account ID can only contain alphanumeric characters, underscores, and hyphens"
+    ),
+  apiToken: z.string().trim().min(1, "API token required").max(256, "API token cannot exceed 256 characters")
+});
+
+const BaseCloudflareConnectionSchema = BaseAppConnectionSchema.extend({ app: z.literal(AppConnection.Cloudflare) });
+
+export const CloudflareConnectionSchema = BaseCloudflareConnectionSchema.extend({
+  method: z.literal(CloudflareConnectionMethod.APIToken),
+  credentials: CloudflareConnectionApiTokenCredentialsSchema
+});
+
+export const SanitizedCloudflareConnectionSchema = z.discriminatedUnion("method", [
+  BaseCloudflareConnectionSchema.extend({
+    method: z.literal(CloudflareConnectionMethod.APIToken),
+    credentials: CloudflareConnectionApiTokenCredentialsSchema.pick({ accountId: true })
+  })
+]);
+
+export const ValidateCloudflareConnectionCredentialsSchema = z.discriminatedUnion("method", [
+  z.object({
+    method: z
+      .literal(CloudflareConnectionMethod.APIToken)
+      .describe(AppConnections.CREATE(AppConnection.Cloudflare).method),
+    credentials: CloudflareConnectionApiTokenCredentialsSchema.describe(
+      AppConnections.CREATE(AppConnection.Cloudflare).credentials
+    )
+  })
+]);
+
+export const CreateCloudflareConnectionSchema = ValidateCloudflareConnectionCredentialsSchema.and(
+  GenericCreateAppConnectionFieldsSchema(AppConnection.Cloudflare)
+);
+
+export const UpdateCloudflareConnectionSchema = z
+  .object({
+    credentials: CloudflareConnectionApiTokenCredentialsSchema.optional().describe(
+      AppConnections.UPDATE(AppConnection.Cloudflare).credentials
+    )
+  })
+  .and(GenericUpdateAppConnectionFieldsSchema(AppConnection.Cloudflare));
+
+export const CloudflareConnectionListItemSchema = z.object({
+  name: z.literal("Cloudflare"),
+  app: z.literal(AppConnection.Cloudflare),
+  methods: z.nativeEnum(CloudflareConnectionMethod).array()
+});

backend/src/services/app-connection/cloudflare/cloudflare-connection-service.ts

@@ -0,0 +1,30 @@
+import { logger } from "@app/lib/logger";
+import { OrgServiceActor } from "@app/lib/types";
+
+import { AppConnection } from "../app-connection-enums";
+import { listCloudflarePagesProjects } from "./cloudflare-connection-fns";
+import { TCloudflareConnection } from "./cloudflare-connection-types";
+
+type TGetAppConnectionFunc = (
+  app: AppConnection,
+  connectionId: string,
+  actor: OrgServiceActor
+) => Promise<TCloudflareConnection>;
+
+export const cloudflareConnectionService = (getAppConnection: TGetAppConnectionFunc) => {
+  const listPagesProjects = async (connectionId: string, actor: OrgServiceActor) => {
+    const appConnection = await getAppConnection(AppConnection.Cloudflare, connectionId, actor);
+    try {
+      const projects = await listCloudflarePagesProjects(appConnection);
+
+      return projects;
+    } catch (error) {
+      logger.error(error, "Failed to list Cloudflare Pages projects for Cloudflare connection");
+      return [];
+    }
+  };
+
+  return {
+    listPagesProjects
+  };
+};

backend/src/services/app-connection/cloudflare/cloudflare-connection-types.ts

@@ -0,0 +1,30 @@
+import z from "zod";
+
+import { DiscriminativePick } from "@app/lib/types";
+
+import { AppConnection } from "../app-connection-enums";
+import {
+  CloudflareConnectionSchema,
+  CreateCloudflareConnectionSchema,
+  ValidateCloudflareConnectionCredentialsSchema
+} from "./cloudflare-connection-schema";
+
+export type TCloudflareConnection = z.infer<typeof CloudflareConnectionSchema>;
+
+export type TCloudflareConnectionInput = z.infer<typeof CreateCloudflareConnectionSchema> & {
+  app: AppConnection.Cloudflare;
+};
+
+export type TValidateCloudflareConnectionCredentialsSchema = typeof ValidateCloudflareConnectionCredentialsSchema;
+
+export type TCloudflareConnectionConfig = DiscriminativePick<
+  TCloudflareConnectionInput,
+  "method" | "app" | "credentials"
+> & {
+  orgId: string;
+};
+
+export type TCloudflarePagesProject = {
+  id: string;
+  name: string;
+};

backend/src/services/integration-auth/integration-list.ts

@@ -84,6 +84,8 @@ export enum IntegrationUrls {
   QOVERY_API_URL = "https://api.qovery.com",
   TERRAFORM_CLOUD_API_URL = "https://app.terraform.io",
   CLOUDFLARE_PAGES_API_URL = "https://api.cloudflare.com",
+  // eslint-disable-next-line @typescript-eslint/no-duplicate-enum-values
+  CLOUDFLARE_API_URL = "https://api.cloudflare.com",
   // eslint-disable-next-line
   CLOUDFLARE_WORKERS_API_URL = "https://api.cloudflare.com",
   BITBUCKET_API_URL = "https://api.bitbucket.org",

backend/src/services/secret-sync/cloudflare-pages/cloudflare-pages-constants.ts

@@ -0,0 +1,10 @@
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
+import { TSecretSyncListItem } from "@app/services/secret-sync/secret-sync-types";
+
+export const CLOUDFLARE_PAGES_SYNC_LIST_OPTION: TSecretSyncListItem = {
+  name: "Cloudflare Pages",
+  destination: SecretSync.CloudflarePages,
+  connection: AppConnection.Cloudflare,
+  canImportSecrets: false
+};

backend/src/services/secret-sync/cloudflare-pages/cloudflare-pages-fns.ts

@@ -0,0 +1,138 @@
+import { request } from "@app/lib/config/request";
+import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
+import { matchesSchema } from "@app/services/secret-sync/secret-sync-fns";
+import { TSecretMap } from "@app/services/secret-sync/secret-sync-types";
+
+import { SECRET_SYNC_NAME_MAP } from "../secret-sync-maps";
+import { TCloudflarePagesSyncWithCredentials } from "./cloudflare-pages-types";
+
+const getProjectEnvironmentSecrets = async (secretSync: TCloudflarePagesSyncWithCredentials) => {
+  const {
+    destinationConfig,
+    connection: {
+      credentials: { apiToken, accountId }
+    }
+  } = secretSync;
+
+  const secrets = (
+    await request.get<{
+      result: {
+        deployment_configs: Record<
+          string,
+          {
+            env_vars: Record<string, { type: "plain_text" | "secret_text"; value: string }>;
+          }
+        >;
+      };
+    }>(
+      `${IntegrationUrls.CLOUDFLARE_PAGES_API_URL}/client/v4/accounts/${accountId}/pages/projects/${destinationConfig.projectName}`,
+      {
+        headers: {
+          Authorization: `Bearer ${apiToken}`,
+          Accept: "application/json"
+        }
+      }
+    )
+  ).data.result.deployment_configs[destinationConfig.environment].env_vars;
+
+  return Object.entries(secrets ?? {}).map(([key, envVar]) => ({
+    key,
+    value: envVar.value
+  }));
+};
+
+export const CloudflarePagesSyncFns = {
+  syncSecrets: async (secretSync: TCloudflarePagesSyncWithCredentials, secretMap: TSecretMap) => {
+    const {
+      destinationConfig,
+      connection: {
+        credentials: { apiToken, accountId }
+      }
+    } = secretSync;
+
+    // Create/update secret entries
+    let secretEntries: [string, object | null][] = Object.entries(secretMap).map(([key, val]) => [
+      key,
+      { type: "secret_text", value: val.value }
+    ]);
+
+    // Handle deletions if not disabled
+    if (!secretSync.syncOptions.disableSecretDeletion) {
+      const existingSecrets = await getProjectEnvironmentSecrets(secretSync);
+      const toDeleteKeys = existingSecrets
+        .filter(
+          (secret) =>
+            matchesSchema(secret.key, secretSync.environment?.slug || "", secretSync.syncOptions.keySchema) &&
+            !secretMap[secret.key]
+        )
+        .map((secret) => secret.key);
+
+      const toDeleteEntries: [string, null][] = toDeleteKeys.map((key) => [key, null]);
+      secretEntries = [...secretEntries, ...toDeleteEntries];
+    }
+
+    const data = {
+      deployment_configs: {
+        [destinationConfig.environment]: {
+          env_vars: Object.fromEntries(secretEntries)
+        }
+      }
+    };
+
+    await request.patch(
+      `${IntegrationUrls.CLOUDFLARE_PAGES_API_URL}/client/v4/accounts/${accountId}/pages/projects/${destinationConfig.projectName}`,
+      data,
+      {
+        headers: {
+          Authorization: `Bearer ${apiToken}`,
+          Accept: "application/json"
+        }
+      }
+    );
+  },
+
+  getSecrets: async (secretSync: TCloudflarePagesSyncWithCredentials): Promise<TSecretMap> => {
+    throw new Error(`${SECRET_SYNC_NAME_MAP[secretSync.destination]} does not support importing secrets.`);
+  },
+
+  removeSecrets: async (secretSync: TCloudflarePagesSyncWithCredentials, secretMap: TSecretMap) => {
+    const {
+      destinationConfig,
+      connection: {
+        credentials: { apiToken, accountId }
+      }
+    } = secretSync;
+
+    const secrets = await getProjectEnvironmentSecrets(secretSync);
+    const toDeleteKeys = secrets
+      .filter(
+        (secret) =>
+          matchesSchema(secret.key, secretSync.environment?.slug || "", secretSync.syncOptions.keySchema) &&
+          secret.key in secretMap
+      )
+      .map((secret) => secret.key);
+
+    if (toDeleteKeys.length === 0) return;
+
+    const secretEntries: [string, null][] = toDeleteKeys.map((key) => [key, null]);
+
+    const data = {
+      deployment_configs: {
+        [destinationConfig.environment]: {
+          env_vars: Object.fromEntries(secretEntries)
+        }
+      }
+    };
+
+    await request.patch(
+      `${IntegrationUrls.CLOUDFLARE_PAGES_API_URL}/client/v4/accounts/${accountId}/pages/projects/${destinationConfig.projectName}`,
+      data,
+      {
+        headers: {
+          Authorization: `Bearer ${apiToken}`,
+          Accept: "application/json"
+        }
+      }
+    );
+  }
+};

backend/src/services/secret-sync/cloudflare-pages/cloudflare-pages-schema.ts

@@ -0,0 +1,53 @@
+import { z } from "zod";
+
+import { SecretSyncs } from "@app/lib/api-docs";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
+import {
+  BaseSecretSyncSchema,
+  GenericCreateSecretSyncFieldsSchema,
+  GenericUpdateSecretSyncFieldsSchema
+} from "@app/services/secret-sync/secret-sync-schemas";
+import { TSyncOptionsConfig } from "@app/services/secret-sync/secret-sync-types";
+
+const CloudflarePagesSyncDestinationConfigSchema = z.object({
+  projectName: z
+    .string()
+    .min(1, "Project name is required")
+    .describe(SecretSyncs.DESTINATION_CONFIG.CLOUDFLARE_PAGES.projectName),
+  environment: z
+    .string()
+    .min(1, "Environment is required")
+    .describe(SecretSyncs.DESTINATION_CONFIG.CLOUDFLARE_PAGES.environment)
+});
+
+const CloudflarePagesSyncOptionsConfig: TSyncOptionsConfig = { canImportSecrets: false };
+
+export const CloudflarePagesSyncSchema = BaseSecretSyncSchema(
+  SecretSync.CloudflarePages,
+  CloudflarePagesSyncOptionsConfig
+).extend({
+  destination: z.literal(SecretSync.CloudflarePages),
+  destinationConfig: CloudflarePagesSyncDestinationConfigSchema
+});
+
+export const CreateCloudflarePagesSyncSchema = GenericCreateSecretSyncFieldsSchema(
+  SecretSync.CloudflarePages,
+  CloudflarePagesSyncOptionsConfig
+).extend({
+  destinationConfig: CloudflarePagesSyncDestinationConfigSchema
+});
+
+export const UpdateCloudflarePagesSyncSchema = GenericUpdateSecretSyncFieldsSchema(
+  SecretSync.CloudflarePages,
+  CloudflarePagesSyncOptionsConfig
+).extend({
+  destinationConfig: CloudflarePagesSyncDestinationConfigSchema.optional()
+});
+
+export const CloudflarePagesSyncListItemSchema = z.object({
+  name: z.literal("Cloudflare Pages"),
+  connection: z.literal(AppConnection.Cloudflare),
+  destination: z.literal(SecretSync.CloudflarePages),
+  canImportSecrets: z.literal(false)
+});

backend/src/services/secret-sync/cloudflare-pages/cloudflare-pages-types.ts

@@ -0,0 +1,19 @@
+import z from "zod";
+
+import { TCloudflareConnection } from "@app/services/app-connection/cloudflare/cloudflare-connection-types";
+
+import {
+  CloudflarePagesSyncListItemSchema,
+  CloudflarePagesSyncSchema,
+  CreateCloudflarePagesSyncSchema
+} from "./cloudflare-pages-schema";
+
+export type TCloudflarePagesSyncListItem = z.infer<typeof CloudflarePagesSyncListItemSchema>;
+
+export type TCloudflarePagesSync = z.infer<typeof CloudflarePagesSyncSchema>;
+
+export type TCloudflarePagesSyncInput = z.infer<typeof CreateCloudflarePagesSyncSchema>;
+
+export type TCloudflarePagesSyncWithCredentials = TCloudflarePagesSync & {
+  connection: TCloudflareConnection;
+};

backend/src/services/secret-sync/secret-sync-enums.ts

@@ -18,7 +18,8 @@ export enum SecretSync {
   OnePass = "1password",
   Heroku = "heroku",
   Render = "render",
-  Flyio = "flyio"
+  Flyio = "flyio",
+  CloudflarePages = "cloudflare-pages"
 }
 
 export enum SecretSyncInitialSyncBehavior {

backend/src/services/secret-sync/secret-sync-fns.ts

@@ -29,6 +29,8 @@ import { AZURE_APP_CONFIGURATION_SYNC_LIST_OPTION, azureAppConfigurationSyncFact
 import { AZURE_DEVOPS_SYNC_LIST_OPTION, azureDevOpsSyncFactory } from "./azure-devops";
 import { AZURE_KEY_VAULT_SYNC_LIST_OPTION, azureKeyVaultSyncFactory } from "./azure-key-vault";
 import { CAMUNDA_SYNC_LIST_OPTION, camundaSyncFactory } from "./camunda";
+import { CLOUDFLARE_PAGES_SYNC_LIST_OPTION } from "./cloudflare-pages/cloudflare-pages-constants";
+import { CloudflarePagesSyncFns } from "./cloudflare-pages/cloudflare-pages-fns";
 import { FLYIO_SYNC_LIST_OPTION, FlyioSyncFns } from "./flyio";
 import { GCP_SYNC_LIST_OPTION } from "./gcp";
 import { GcpSyncFns } from "./gcp/gcp-sync-fns";
@@ -63,7 +65,8 @@ const SECRET_SYNC_LIST_OPTIONS: Record<SecretSync, TSecretSyncListItem> = {
   [SecretSync.OnePass]: ONEPASS_SYNC_LIST_OPTION,
   [SecretSync.Heroku]: HEROKU_SYNC_LIST_OPTION,
   [SecretSync.Render]: RENDER_SYNC_LIST_OPTION,
-  [SecretSync.Flyio]: FLYIO_SYNC_LIST_OPTION
+  [SecretSync.Flyio]: FLYIO_SYNC_LIST_OPTION,
+  [SecretSync.CloudflarePages]: CLOUDFLARE_PAGES_SYNC_LIST_OPTION
 };
 
 export const listSecretSyncOptions = () => {
@@ -227,6 +230,8 @@ export const SecretSyncFns = {
         return RenderSyncFns.syncSecrets(secretSync, schemaSecretMap);
       case SecretSync.Flyio:
         return FlyioSyncFns.syncSecrets(secretSync, schemaSecretMap);
+      case SecretSync.CloudflarePages:
+        return CloudflarePagesSyncFns.syncSecrets(secretSync, schemaSecretMap);
       default:
         throw new Error(
           `Unhandled sync destination for sync secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
@@ -313,6 +318,9 @@ export const SecretSyncFns = {
       case SecretSync.Flyio:
         secretMap = await FlyioSyncFns.getSecrets(secretSync);
         break;
+      case SecretSync.CloudflarePages:
+        secretMap = await CloudflarePagesSyncFns.getSecrets(secretSync);
+        break;
       default:
         throw new Error(
           `Unhandled sync destination for get secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
@@ -386,6 +394,8 @@ export const SecretSyncFns = {
         return RenderSyncFns.removeSecrets(secretSync, schemaSecretMap);
       case SecretSync.Flyio:
         return FlyioSyncFns.removeSecrets(secretSync, schemaSecretMap);
+      case SecretSync.CloudflarePages:
+        return CloudflarePagesSyncFns.removeSecrets(secretSync, schemaSecretMap);
       default:
         throw new Error(
           `Unhandled sync destination for remove secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`

backend/src/services/secret-sync/secret-sync-maps.ts

@@ -21,7 +21,8 @@ export const SECRET_SYNC_NAME_MAP: Record<SecretSync, string> = {
   [SecretSync.OnePass]: "1Password",
   [SecretSync.Heroku]: "Heroku",
   [SecretSync.Render]: "Render",
-  [SecretSync.Flyio]: "Fly.io"
+  [SecretSync.Flyio]: "Fly.io",
+  [SecretSync.CloudflarePages]: "Cloudflare Pages"
 };
 
 export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
@@ -44,7 +45,8 @@ export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
   [SecretSync.OnePass]: AppConnection.OnePass,
   [SecretSync.Heroku]: AppConnection.Heroku,
   [SecretSync.Render]: AppConnection.Render,
-  [SecretSync.Flyio]: AppConnection.Flyio
+  [SecretSync.Flyio]: AppConnection.Flyio,
+  [SecretSync.CloudflarePages]: AppConnection.Cloudflare
 };
 
 export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
@@ -67,5 +69,6 @@ export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
   [SecretSync.OnePass]: SecretSyncPlanType.Regular,
   [SecretSync.Heroku]: SecretSyncPlanType.Regular,
   [SecretSync.Render]: SecretSyncPlanType.Regular,
-  [SecretSync.Flyio]: SecretSyncPlanType.Regular
+  [SecretSync.Flyio]: SecretSyncPlanType.Regular,
+  [SecretSync.CloudflarePages]: SecretSyncPlanType.Regular
 };

backend/src/services/secret-sync/secret-sync-types.ts

@@ -106,6 +106,12 @@ import {
   TTerraformCloudSyncWithCredentials
 } from "./terraform-cloud";
 import { TVercelSync, TVercelSyncInput, TVercelSyncListItem, TVercelSyncWithCredentials } from "./vercel";
+import {
+  TCloudflarePagesSync,
+  TCloudflarePagesSyncInput,
+  TCloudflarePagesSyncListItem,
+  TCloudflarePagesSyncWithCredentials
+} from "./cloudflare-pages/cloudflare-pages-types";
 
 export type TSecretSync =
   | TAwsParameterStoreSync
@@ -127,7 +133,8 @@ export type TSecretSync =
   | TOnePassSync
   | THerokuSync
   | TRenderSync
-  | TFlyioSync;
+  | TFlyioSync
+  | TCloudflarePagesSync;
 
 export type TSecretSyncWithCredentials =
   | TAwsParameterStoreSyncWithCredentials
@@ -149,7 +156,8 @@ export type TSecretSyncWithCredentials =
   | TOnePassSyncWithCredentials
   | THerokuSyncWithCredentials
   | TRenderSyncWithCredentials
-  | TFlyioSyncWithCredentials;
+  | TFlyioSyncWithCredentials
+  | TCloudflarePagesSyncWithCredentials;
 
 export type TSecretSyncInput =
   | TAwsParameterStoreSyncInput
@@ -171,7 +179,8 @@ export type TSecretSyncInput =
   | TOnePassSyncInput
   | THerokuSyncInput
   | TRenderSyncInput
-  | TFlyioSyncInput;
+  | TFlyioSyncInput
+  | TCloudflarePagesSyncInput;
 
 export type TSecretSyncListItem =
   | TAwsParameterStoreSyncListItem
@@ -193,7 +202,8 @@ export type TSecretSyncListItem =
   | TOnePassSyncListItem
   | THerokuSyncListItem
   | TRenderSyncListItem
-  | TFlyioSyncListItem;
+  | TFlyioSyncListItem
+  | TCloudflarePagesSyncListItem;
 
 export type TSyncOptionsConfig = {
   canImportSecrets: boolean;

docs/api-reference/endpoints/app-connections/cloudflare/available.mdx

@@ -0,0 +1,4 @@
+---
+title: "Available"
+openapi: "GET /api/v1/app-connections/cloudflare/available"
+---

docs/api-reference/endpoints/app-connections/cloudflare/create.mdx

@@ -0,0 +1,10 @@
+---
+title: "Create"
+openapi: "POST /api/v1/app-connections/cloudflare"
+---
+
+<Note>
+  Check out the configuration docs for [Cloudflare
+  Connections](/integrations/app-connections/cloudflare) to learn how to obtain
+  the required credentials.
+</Note>

docs/api-reference/endpoints/app-connections/cloudflare/delete.mdx

@@ -0,0 +1,4 @@
+---
+title: "Delete"
+openapi: "DELETE /api/v1/app-connections/cloudflare/{connectionId}"
+---

docs/api-reference/endpoints/app-connections/cloudflare/get-by-id.mdx

@@ -0,0 +1,4 @@
+---
+title: "Get by ID"
+openapi: "GET /api/v1/app-connections/cloudflare/{connectionId}"
+---

docs/api-reference/endpoints/app-connections/cloudflare/get-by-name.mdx

@@ -0,0 +1,4 @@
+---
+title: "Get by Name"
+openapi: "GET /api/v1/app-connections/cloudflare/connection-name/{connectionName}"
+---

docs/api-reference/endpoints/app-connections/cloudflare/list.mdx

@@ -0,0 +1,4 @@
+---
+title: "List"
+openapi: "GET /api/v1/app-connections/cloudflare"
+---

docs/api-reference/endpoints/app-connections/cloudflare/update.mdx

@@ -0,0 +1,10 @@
+---
+title: "Update"
+openapi: "PATCH /api/v1/app-connections/cloudflare/{connectionId}"
+---
+
+<Note>
+  Check out the configuration docs for [Cloudflare
+  Connections](/integrations/app-connections/cloudflare) to learn how to obtain
+  the required credentials.
+</Note>

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/create.mdx

@@ -0,0 +1,4 @@
+---
+title: "Create"
+openapi: "POST /api/v1/secret-syncs/cloudflare-pages"
+---

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/delete.mdx

@@ -0,0 +1,4 @@
+---
+title: "Delete"
+openapi: "DELETE /api/v1/secret-syncs/cloudflare-pages/{syncId}"
+---

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/get-by-id.mdx

@@ -0,0 +1,4 @@
+---
+title: "Get by ID"
+openapi: "GET /api/v1/secret-syncs/cloudflare-pages/{syncId}"
+---

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/get-by-name.mdx

@@ -0,0 +1,4 @@
+---
+title: "Get by Name"
+openapi: "GET /api/v1/secret-syncs/cloudflare-pages/sync-name/{syncName}"
+---

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/list.mdx

@@ -0,0 +1,4 @@
+---
+title: "List"
+openapi: "GET /api/v1/secret-syncs/cloudflare-pages"
+---

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/remove-secrets.mdx

@@ -0,0 +1,4 @@
+---
+title: "Remove Secrets"
+openapi: "POST /api/v1/secret-syncs/cloudflare-pages/{syncId}/remove-secrets"
+---

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/sync-secrets.mdx

@@ -0,0 +1,4 @@
+---
+title: "Sync Secrets"
+openapi: "POST /api/v1/secret-syncs/cloudflare-pages/{syncId}/sync-secrets"
+---

docs/api-reference/endpoints/secret-syncs/cloudflare-pages/update.mdx

@@ -0,0 +1,4 @@
+---
+title: "Update"
+openapi: "PATCH /api/v1/secret-syncs/cloudflare-pages/{syncId}"
+---

docs/documentation/platform/pki/pki-issuer.mdx

@@ -49,11 +49,21 @@ In the following steps, we explore how to install the Infisical PKI Issuer using
         ```
     </Step>
     <Step title="Install the Issuer Controller">
-        Install the Infisical PKI Issuer controller into your Kubernetes cluster by running the following command:
+        Install the Infisical PKI Issuer controller into your Kubernetes cluster using one of the following methods:
 
-        ```bash
-        kubectl apply -f https://raw.githubusercontent.com/Infisical/infisical-issuer/main/build/install.yaml
-        ```
+        <Tabs>
+            <Tab title="Helm">
+                ```bash
+                helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/'
+                helm install infisical-pki-issuer infisical-helm-charts/infisical-pki-issuer
+                ```
+            </Tab>
+            <Tab title="kubectl">
+                ```bash
+                kubectl apply -f https://raw.githubusercontent.com/Infisical/infisical-issuer/main/build/install.yaml
+                ```
+            </Tab>
+        </Tabs>
     </Step>
     <Step title="Create Kubernetes Secret for Infisical PKI Issuer">
         Start by creating a Kubernetes `Secret` containing the **Client Secret** from step 1. As mentioned previously, this will be used by the Infisical PKI issuer to authenticate with Infisical.

docs/integrations/app-connections/cloudflare.mdx

@@ -0,0 +1,94 @@
+---
+title: "Cloudflare Connection"
+description: "Learn how to configure a Cloudflare Connection for Infisical."
+---
+
+Infisical supports connecting to Cloudflare using API tokens and Account ID for secure access to your Cloudflare services.
+
+## Configure API Token and Account ID for Infisical
+
+<Steps>
+  <Step title="Create API Token">
+    Navigate to your Cloudflare dashboard and go to **Profile**.
+
+    ![Navigate Cloudflare Profile](/images/app-connections/cloudflare/cloudflare-navigate-profile.png)
+
+    Click **API Tokens > Create Token** to generate a new API token.
+
+    ![Create API Token](/images/app-connections/cloudflare/cloudflare-create-token.png)
+
+  </Step>
+  <Step title="Configure Token Permissions">
+    Configure your API token with the necessary permissions for your Cloudflare services.
+
+    Depending on your use case, add one or more of the following permission sets to your API token:
+
+    <Tabs>
+      <Tab title="Secret Sync">
+        <AccordionGroup>
+          <Accordion title="Cloudflare Pages">
+            Use the following permissions to grant Infisical access to sync secrets to Cloudflare Pages:
+
+            ![Configure Token](/images/app-connections/cloudflare/cloudflare-pages-configure-permissions.png)
+
+            **Required Permissions:**
+            - **Account** - **Cloudflare Pages** - **Edit**
+            - **Account** - **Account Settings** - **Read**
+
+            Add these permissions to your API token and click **Continue to summary**, then **Create Token** to generate your API token.
+          </Accordion>
+        </AccordionGroup>
+      </Tab>
+    </Tabs>
+
+  </Step>
+  <Step title="Save Your API Token">
+    After creation, copy and securely store your API token as it will not be shown again.
+    
+    ![Generated API Token](/images/app-connections/cloudflare/cloudflare-generated-token.png)
+
+    <Warning>
+      Keep your API token secure and do not share it. Anyone with access to this token can manage your Cloudflare resources based on the permissions granted.
+    </Warning>
+
+  </Step>
+  <Step title="Get Account ID">
+    From your Cloudflare Account Home page, click on the account information dropdown and select **Copy account ID**.
+
+    ![Account ID](/images/app-connections/cloudflare/cloudflare-account-id.png)
+
+    Save your Account ID for use in the next step.
+
+  </Step>
+</Steps>
+
+## Setup Cloudflare Connection in Infisical
+
+<Steps>
+  <Step title="Navigate to App Connections">
+    Navigate to the **App Connections** tab on the **Organization Settings**
+    page. ![App Connections
+    Tab](/images/app-connections/general/add-connection.png)
+  </Step>
+  <Step title="Add Connection">
+    Select the **Cloudflare Connection** option from the connection options
+    modal. ![Select Cloudflare
+    Connection](/images/app-connections/cloudflare/cloudflare-app-connection-select.png)
+  </Step>
+  <Step title="Input Credentials">
+    Enter your Cloudflare API token and Account ID in the provided fields and
+    click **Connect to Cloudflare** to establish the connection. ![Connect to
+    Cloudflare](/images/app-connections/cloudflare/cloudflare-app-connection-form.png)
+  </Step>
+  <Step title="Connection Created">
+    Your **Cloudflare Connection** is now available for use in your Infisical
+    projects. ![Cloudflare Connection
+    Created](/images/app-connections/cloudflare/cloudflare-app-connection-created.png)
+  </Step>
+</Steps>
+
+<Info>
+  API token connections require manual token rotation when your Cloudflare API
+  token expires or is regenerated. Monitor your connection status and update the
+  token as needed.
+</Info>

docs/integrations/secret-syncs/cloudflare-pages.mdx

@@ -0,0 +1,133 @@
+---
+title: "Cloudflare Pages Sync"
+description: "Learn how to configure a Cloudflare Pages Sync for Infisical."
+---
+
+**Prerequisites:**
+
+- Set up and add secrets to [Infisical Cloud](https://app.infisical.com)
+- Create a [Cloudflare Connection](/integrations/app-connections/cloudflare)
+
+<Tabs>
+  <Tab title="Infisical UI">
+    1. Navigate to **Project** > **Integrations** and select the **Secret Syncs** tab. Click on the **Add Sync** button.
+    ![Secret Syncs Tab](/images/secret-syncs/general/secret-sync-tab.png)
+
+    2. Select the **Cloudflare Pages** option.
+    ![Select Cloudflare Pages](/images/secret-syncs/cloudflare-pages/select-cloudflare-pages-option.png)
+
+    3. Configure the **Source** from where secrets should be retrieved, then click **Next**.
+    ![Configure Source](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-source.png)
+
+      - **Environment**: The project environment to retrieve secrets from.
+      - **Secret Path**: The folder path to retrieve secrets from.
+
+      <Tip>
+        If you need to sync secrets from multiple folder locations, check out [secret imports](/documentation/platform/secret-reference#secret-imports).
+      </Tip>
+
+    4. Configure the **Destination** to where secrets should be deployed, then click **Next**.
+    ![Configure Destination](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-destination.png)
+
+      - **Cloudflare Connection**: The Cloudflare Connection to authenticate with.
+      - **Cloudflare Pages Project**: Choose the Cloudflare Pages project you want to sync secrets to.
+      - **Environment**: Select the deployment environment (preview or production).
+
+    5. Configure the **Sync Options** to specify how secrets should be synced, then click **Next**.
+    ![Configure Options](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-options.png)
+
+      - **Initial Sync Behavior**: Determines how Infisical should resolve the initial sync.
+        - **Overwrite Destination Secrets**: Removes any secrets at the destination endpoint not present in Infisical.
+      - **Key Schema**: Template that determines how secret names are transformed when syncing, using `{{secretKey}}` as a placeholder for the original secret name and `{{environment}}` for the environment.
+      - **Auto-Sync Enabled**: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
+      - **Disable Secret Deletion**: If enabled, Infisical will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Infisical.
+
+    6. Configure the **Details** of your Cloudflare Pages Sync, then click **Next**.
+    ![Configure Details](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-details.png)
+
+      - **Name**: The name of your sync. Must be slug-friendly.
+      - **Description**: An optional description for your sync.
+
+    7. Review your Cloudflare Pages Sync configuration, then click **Create Sync**.
+    ![Confirm Configuration](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-review.png)
+
+    8. If enabled, your Cloudflare Pages Sync will begin syncing your secrets to the destination endpoint.
+    ![Sync Secrets](/images/secret-syncs/cloudflare-pages/cloudflare-pages-sync-created.png)
+
+  </Tab>
+  <Tab title="API">
+    To create a **Cloudflare Pages Sync**, make an API request to the [Create Cloudflare Pages Sync](/api-reference/endpoints/secret-syncs/cloudflare-pages/create) API endpoint.
+
+    ### Sample request
+
+    ```bash Request
+    curl --request POST \
+      --url https://app.infisical.com/api/v1/secret-syncs/cloudflare-pages \
+      --header 'Content-Type: application/json' \
+      --data '{
+        "name": "my-cloudflare-pages-sync",
+        "projectId": "your-project-id",
+        "description": "an example sync",
+        "connectionId": "your-cloudflare-connection-id",
+        "environment": "production",
+        "secretPath": "/my-secrets",
+        "isEnabled": true,
+        "syncOptions": {
+          "initialSyncBehavior": "overwrite-destination"
+        },
+        "destinationConfig": {
+          "projectId": "your-cloudflare-pages-project-id",
+          "projectName": "my-pages-project",
+          "environment": "production"
+        }
+      }'
+    ```
+
+    ### Sample response
+
+    ```bash Response
+    {
+      "secretSync": {
+        "id": "your-sync-id",
+        "name": "my-cloudflare-pages-sync",
+        "description": "an example sync",
+        "isEnabled": true,
+        "version": 1,
+        "folderId": "your-folder-id",
+        "connectionId": "your-cloudflare-connection-id",
+        "createdAt": "2024-05-01T12:00:00Z",
+        "updatedAt": "2024-05-01T12:00:00Z",
+        "syncStatus": "succeeded",
+        "lastSyncJobId": "123",
+        "lastSyncMessage": null,
+        "lastSyncedAt": "2024-05-01T12:00:00Z",
+        "syncOptions": {
+          "initialSyncBehavior": "overwrite-destination"
+        },
+        "projectId": "your-project-id",
+        "connection": {
+          "app": "cloudflare",
+          "name": "my-cloudflare-connection",
+          "id": "your-cloudflare-connection-id"
+        },
+        "environment": {
+          "slug": "production",
+          "name": "Production",
+          "id": "your-env-id"
+        },
+        "folder": {
+          "id": "your-folder-id",
+          "path": "/my-secrets"
+        },
+        "destination": "cloudflare-pages",
+        "destinationConfig": {
+          "projectId": "your-cloudflare-pages-project-id",
+          "projectName": "my-pages-project",
+          "environment": "production"
+        }
+      }
+    }
+    ```
+
+  </Tab>
+</Tabs>

docs/style.css

@@ -1,3 +1,7 @@
+* {
+  border-radius: 0 !important;
+}
+
 #navbar .max-w-8xl {
   max-width: 100%;
   border-bottom: 1px solid #ebebeb;
@@ -26,24 +30,20 @@
 }
 
 #sidebar li > div.mt-2 {
-  border-radius: 0;
   padding: 5px;
 }
 
 #sidebar li > a.text-primary {
-  border-radius: 0;
   background-color: #FBFFCC;
   border-left: 4px solid #EFFF33;
   padding: 5px;
 }
 
 #sidebar li > a.mt-2 {
-  border-radius: 0;
   padding: 5px;
 }
 
 #sidebar li > a.leading-6 {
-  border-radius: 0;
   padding: 0px;
 }
 
@@ -68,65 +68,26 @@
 }
 
 #content-area .mt-8 .block{
-  border-radius: 0;
   border-width: 1px;
   background-color: #FCFBFA;
   border-color: #ebebeb;
 }
 
 /* #content-area:hover .mt-8 .block:hover{
-  border-radius: 0;
+  
   border-width: 1px;
   background-color: #FDFFE5;
   border-color: #EFFF33;
 } */
 
-#content-area .mt-8 .rounded-xl{
-  border-radius: 0;
-}
-
-#content-area .mt-8 .rounded-lg{
-  border-radius: 0;
-}
-
-#content-area .mt-6 .rounded-xl{
-  border-radius: 0;
-}
-
-#content-area .mt-6 .rounded-lg{
-  border-radius: 0;
-}
-
-#content-area .mt-6 .rounded-md{
-  border-radius: 0;
-}
-
-#content-area .mt-8 .rounded-md{
-  border-radius: 0;
-}
-
 #content-area div.my-4{
-  border-radius: 0;
   border-width: 1px;
 }
 
-#content-area div.flex-1 {
-  /* text-transform: uppercase; */
+/* #content-area div.flex-1 {
   opacity: 0.8;
   font-weight: 400;
-}
-
-#content-area button {
-  border-radius: 0;
-}
-
-#content-area a {
-  border-radius: 0;
-}
-
-#content-area .not-prose {
-  border-radius: 0;
-}
+} */
 
 /* .eyebrow {
   text-transform: uppercase;

frontend/src/components/secret-syncs/CreateSecretSyncModal.tsx

@@ -59,7 +59,6 @@ export const CreateSecretSyncModal = ({ onOpenChange, selectSync = null, ...prop
         onPointerDownOutside={(e) => e.preventDefault()}
         className="max-w-2xl"
         subTitle={selectedSync ? undefined : "Select a third-party service to sync secrets to."}
-        bodyClassName="overflow-visible"
       >
         <Content
           onComplete={() => {

frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/CloudflarePagesSyncFields.tsx

@@ -0,0 +1,95 @@
+import { Controller, useFormContext, useWatch } from "react-hook-form";
+import { SingleValue } from "react-select";
+
+import { SecretSyncConnectionField } from "@app/components/secret-syncs/forms/SecretSyncConnectionField";
+import { FilterableSelect, FormControl, Select, SelectItem } from "@app/components/v2";
+import {
+  TCloudflareProject,
+  useCloudflareConnectionListPagesProjects
+} from "@app/hooks/api/appConnections/cloudflare";
+import { SecretSync } from "@app/hooks/api/secretSyncs";
+
+import { TSecretSyncForm } from "../schemas";
+
+const CLOUDFLARE_ENVIRONMENTS = [
+  {
+    name: "Preview",
+    value: "preview"
+  },
+  {
+    name: "Production",
+    value: "production"
+  }
+];
+
+export const CloudflarePagesSyncFields = () => {
+  const { control, setValue } = useFormContext<
+    TSecretSyncForm & { destination: SecretSync.CloudflarePages }
+  >();
+
+  const connectionId = useWatch({ name: "connection.id", control });
+
+  const { data: projects = [], isPending: isProjectsPending } =
+    useCloudflareConnectionListPagesProjects(connectionId, {
+      enabled: Boolean(connectionId)
+    });
+
+  return (
+    <>
+      <SecretSyncConnectionField
+        onChange={() => {
+          setValue("destinationConfig.projectName", "");
+          setValue("destinationConfig.environment", "preview");
+        }}
+      />
+      <Controller
+        name="destinationConfig.projectName"
+        control={control}
+        render={({ field: { value, onChange }, fieldState: { error } }) => (
+          <FormControl errorText={error?.message} isError={Boolean(error?.message)} label="Project">
+            <FilterableSelect
+              isLoading={isProjectsPending && Boolean(connectionId)}
+              isDisabled={!connectionId}
+              value={projects ? (projects.find((project) => project.name === value) ?? []) : []}
+              onChange={(option) => {
+                onChange((option as SingleValue<TCloudflareProject>)?.name ?? null);
+              }}
+              options={projects}
+              placeholder="Select a project..."
+              getOptionLabel={(option) => option.name}
+              getOptionValue={(option) => option.id.toString()}
+            />
+          </FormControl>
+        )}
+      />
+      <Controller
+        name="destinationConfig.environment"
+        control={control}
+        defaultValue="preview"
+        render={({ field: { value, onChange }, fieldState: { error } }) => (
+          <FormControl
+            errorText={error?.message}
+            isError={Boolean(error?.message)}
+            label="Environment"
+            tooltipClassName="max-w-lg py-3"
+          >
+            <Select
+              value={value}
+              onValueChange={(val) => onChange(val)}
+              className="w-full border border-mineshaft-500 capitalize"
+              position="popper"
+              placeholder="Select an environment..."
+              dropdownContainerClassName="max-w-none"
+            >
+              {CLOUDFLARE_ENVIRONMENTS.map(({ name, value: envValue }) => (
+                <SelectItem className="capitalize" value={envValue} key={envValue}>
+                  {name}
+                </SelectItem>
+              ))}
+            </Select>
+          </FormControl>
+        )}
+      />
+    </>
+  );
+};

frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/SecretSyncDestinationFields.tsx

@@ -10,6 +10,7 @@ import { AzureAppConfigurationSyncFields } from "./AzureAppConfigurationSyncFiel
 import { AzureDevOpsSyncFields } from "./AzureDevOpsSyncFields";
 import { AzureKeyVaultSyncFields } from "./AzureKeyVaultSyncFields";
 import { CamundaSyncFields } from "./CamundaSyncFields";
+import { CloudflarePagesSyncFields } from "./CloudflarePagesSyncFields";
 import { DatabricksSyncFields } from "./DatabricksSyncFields";
 import { FlyioSyncFields } from "./FlyioSyncFields";
 import { GcpSyncFields } from "./GcpSyncFields";
@@ -70,6 +71,8 @@ export const SecretSyncDestinationFields = () => {
       return <RenderSyncFields />;
     case SecretSync.Flyio:
       return <FlyioSyncFields />;
+    case SecretSync.CloudflarePages:
+      return <CloudflarePagesSyncFields />;
     default:
       throw new Error(`Unhandled Destination Config Field: ${destination}`);
   }

frontend/src/components/secret-syncs/forms/SecretSyncOptionsFields/SecretSyncOptionsFields.tsx

@@ -55,6 +55,7 @@ export const SecretSyncOptionsFields = ({ hideInitialSync }: Props) => {
     case SecretSync.Heroku:
     case SecretSync.Render:
     case SecretSync.Flyio:
+    case SecretSync.CloudflarePages:
       AdditionalSyncOptionsFieldsComponent = null;
       break;
     default:

frontend/src/components/secret-syncs/forms/SecretSyncReviewFields/CloudflarePagesReviewFields.tsx

@@ -0,0 +1,18 @@
+import { useFormContext } from "react-hook-form";
+
+import { TSecretSyncForm } from "@app/components/secret-syncs/forms/schemas";
+import { GenericFieldLabel } from "@app/components/v2";
+import { SecretSync } from "@app/hooks/api/secretSyncs";
+
+export const CloudflarePagesSyncReviewFields = () => {
+  const { watch } = useFormContext<TSecretSyncForm & { destination: SecretSync.CloudflarePages }>();
+  const projectName = watch("destinationConfig.projectName");
+  const environment = watch("destinationConfig.environment");
+
+  return (
+    <>
+      <GenericFieldLabel label="Project">{projectName}</GenericFieldLabel>
+      <GenericFieldLabel label="Environment">{environment}</GenericFieldLabel>
+    </>
+  );
+};

frontend/src/components/secret-syncs/forms/SecretSyncReviewFields/SecretSyncReviewFields.tsx

@@ -19,6 +19,7 @@ import { AzureAppConfigurationSyncReviewFields } from "./AzureAppConfigurationSy
 import { AzureDevOpsSyncReviewFields } from "./AzureDevOpsSyncReviewFields";
 import { AzureKeyVaultSyncReviewFields } from "./AzureKeyVaultSyncReviewFields";
 import { CamundaSyncReviewFields } from "./CamundaSyncReviewFields";
+import { CloudflarePagesSyncReviewFields } from "./CloudflarePagesReviewFields";
 import { DatabricksSyncReviewFields } from "./DatabricksSyncReviewFields";
 import { FlyioSyncReviewFields } from "./FlyioSyncReviewFields";
 import { GcpSyncReviewFields } from "./GcpSyncReviewFields";
@@ -116,6 +117,9 @@ export const SecretSyncReviewFields = () => {
     case SecretSync.Flyio:
       DestinationFieldsComponent = <FlyioSyncReviewFields />;
       break;
+    case SecretSync.CloudflarePages:
+      DestinationFieldsComponent = <CloudflarePagesSyncReviewFields />;
+      break;
     default:
       throw new Error(`Unhandled Destination Review Fields: ${destination}`);
   }

frontend/src/components/secret-syncs/forms/schemas/cloudflare-pages-sync-destination-schema.ts

@@ -0,0 +1,14 @@
+import { z } from "zod";
+
+import { BaseSecretSyncSchema } from "@app/components/secret-syncs/forms/schemas/base-secret-sync-schema";
+import { SecretSync } from "@app/hooks/api/secretSyncs";
+
+export const CloudflarePagesSyncDestinationSchema = BaseSecretSyncSchema().merge(
+  z.object({
+    destination: z.literal(SecretSync.CloudflarePages),
+    destinationConfig: z.object({
+      projectName: z.string().trim().min(1, "Project name is required"),
+      environment: z.string().trim().min(1, "Environment is required")
+    })
+  })
+);

frontend/src/components/secret-syncs/forms/schemas/secret-sync-schema.ts

@@ -7,6 +7,7 @@ import { AzureAppConfigurationSyncDestinationSchema } from "./azure-app-configur
 import { AzureDevOpsSyncDestinationSchema } from "./azure-devops-sync-destination-schema";
 import { AzureKeyVaultSyncDestinationSchema } from "./azure-key-vault-sync-destination-schema";
 import { CamundaSyncDestinationSchema } from "./camunda-sync-destination-schema";
+import { CloudflarePagesSyncDestinationSchema } from "./cloudflare-pages-sync-destination-schema";
 import { DatabricksSyncDestinationSchema } from "./databricks-sync-destination-schema";
 import { FlyioSyncDestinationSchema } from "./flyio-sync-destination-schema";
 import { GcpSyncDestinationSchema } from "./gcp-sync-destination-schema";
@@ -41,7 +42,8 @@ const SecretSyncUnionSchema = z.discriminatedUnion("destination", [
   OnePassSyncDestinationSchema,
   HerokuSyncDestinationSchema,
   RenderSyncDestinationSchema,
-  FlyioSyncDestinationSchema
+  FlyioSyncDestinationSchema,
+  CloudflarePagesSyncDestinationSchema
 ]);
 
 export const SecretSyncFormSchema = SecretSyncUnionSchema;

frontend/src/components/v2/Dropdown/Dropdown.tsx

@@ -94,7 +94,7 @@ export const DropdownMenuItem = <T extends ElementType = "button">({
     className={twMerge(
       "block cursor-pointer rounded-sm px-4 py-2 font-inter text-xs text-mineshaft-200 outline-none data-[highlighted]:bg-mineshaft-700",
       className,
-      isDisabled ? "pointer-events-none opacity-50" : ""
+      isDisabled ? "pointer-events-none cursor-not-allowed opacity-50" : ""
     )}
   >
     <Item type="button" role="menuitem" className="flex w-full items-center" ref={inputRef}>

frontend/src/helpers/appConnections.ts

@@ -18,6 +18,7 @@ import {
   AzureDevOpsConnectionMethod,
   AzureKeyVaultConnectionMethod,
   CamundaConnectionMethod,
+  CloudflareConnectionMethod,
   DatabricksConnectionMethod,
   FlyioConnectionMethod,
   GcpConnectionMethod,
@@ -84,7 +85,8 @@ export const APP_CONNECTION_MAP: Record<
   [AppConnection.OnePass]: { name: "1Password", image: "1Password.png" },
   [AppConnection.Heroku]: { name: "Heroku", image: "Heroku.png" },
   [AppConnection.Render]: { name: "Render", image: "Render.png" },
-  [AppConnection.Flyio]: { name: "Fly.io", image: "Flyio.svg" }
+  [AppConnection.Flyio]: { name: "Fly.io", image: "Flyio.svg" },
+  [AppConnection.Cloudflare]: { name: "Cloudflare", image: "Cloudflare.png" }
 };
 
 export const getAppConnectionMethodDetails = (method: TAppConnection["method"]) => {
@@ -114,6 +116,7 @@ export const getAppConnectionMethodDetails = (method: TAppConnection["method"])
     case TerraformCloudConnectionMethod.ApiToken:
     case VercelConnectionMethod.ApiToken:
     case OnePassConnectionMethod.ApiToken:
+    case CloudflareConnectionMethod.ApiToken:
       return { name: "API Token", icon: faKey };
     case PostgresConnectionMethod.UsernameAndPassword:
     case MsSqlConnectionMethod.UsernameAndPassword:

frontend/src/helpers/policies.ts

@@ -1,12 +1,20 @@
+import { IconDefinition } from "@fortawesome/free-brands-svg-icons";
+import { faArrowRightToBracket, faEdit } from "@fortawesome/free-solid-svg-icons";
+
 import { PolicyType } from "@app/hooks/api/policies/enums";
 
-export const policyDetails: Record<PolicyType, { name: string; className: string }> = {
+export const policyDetails: Record<
+  PolicyType,
+  { name: string; className: string; icon: IconDefinition }
+> = {
   [PolicyType.AccessPolicy]: {
-    className: "bg-lime-900 text-lime-100",
-    name: "Access Policy"
+    className: "bg-green/20 text-green",
+    name: "Access Policy",
+    icon: faArrowRightToBracket
   },
   [PolicyType.ChangePolicy]: {
-    className: "bg-indigo-900 text-indigo-100",
-    name: "Change Policy"
+    className: "bg-yellow/20 text-yellow",
+    name: "Change Policy",
+    icon: faEdit
   }
 };

frontend/src/helpers/secretSyncs.ts

@@ -73,6 +73,10 @@ export const SECRET_SYNC_MAP: Record<SecretSync, { name: string; image: string }
   [SecretSync.Flyio]: {
     name: "Fly.io",
     image: "Flyio.svg"
+  },
+  [SecretSync.CloudflarePages]: {
+    name: "Cloudflare Pages",
+    image: "Cloudflare.png"
   }
 };
 
@@ -96,7 +100,8 @@ export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
   [SecretSync.OnePass]: AppConnection.OnePass,
   [SecretSync.Heroku]: AppConnection.Heroku,
   [SecretSync.Render]: AppConnection.Render,
-  [SecretSync.Flyio]: AppConnection.Flyio
+  [SecretSync.Flyio]: AppConnection.Flyio,
+  [SecretSync.CloudflarePages]: AppConnection.Cloudflare
 };
 
 export const SECRET_SYNC_INITIAL_SYNC_BEHAVIOR_MAP: Record<

frontend/src/hooks/api/accessApproval/queries.tsx

@@ -65,11 +65,11 @@ const fetchApprovalPolicies = async ({ projectSlug }: TGetAccessApprovalRequests
 const fetchApprovalRequests = async ({
   projectSlug,
   envSlug,
-  authorProjectMembershipId
+  authorUserId
 }: TGetAccessApprovalRequestsDTO) => {
   const { data } = await apiRequest.get<{ requests: TAccessApprovalRequest[] }>(
     "/api/v1/access-approvals/requests",
-    { params: { projectSlug, envSlug, authorProjectMembershipId } }
+    { params: { projectSlug, envSlug, authorUserId } }
   );
 
   return data.requests.map((request) => ({
@@ -109,12 +109,12 @@ export const useGetAccessRequestsCount = ({
 export const useGetAccessApprovalPolicies = ({
   projectSlug,
   envSlug,
-  authorProjectMembershipId,
+  authorUserId,
   options = {}
 }: TGetAccessApprovalRequestsDTO & TReactQueryOptions) =>
   useQuery({
     queryKey: accessApprovalKeys.getAccessApprovalPolicies(projectSlug),
-    queryFn: () => fetchApprovalPolicies({ projectSlug, envSlug, authorProjectMembershipId }),
+    queryFn: () => fetchApprovalPolicies({ projectSlug, envSlug, authorUserId }),
     ...options,
     enabled: Boolean(projectSlug) && (options?.enabled ?? true)
   });
@@ -122,16 +122,13 @@ export const useGetAccessApprovalPolicies = ({
 export const useGetAccessApprovalRequests = ({
   projectSlug,
   envSlug,
-  authorProjectMembershipId,
+  authorUserId,
   options = {}
 }: TGetAccessApprovalRequestsDTO & TReactQueryOptions) =>
   useQuery({
-    queryKey: accessApprovalKeys.getAccessApprovalRequests(
-      projectSlug,
-      envSlug,
-      authorProjectMembershipId
-    ),
-    queryFn: () => fetchApprovalRequests({ projectSlug, envSlug, authorProjectMembershipId }),
+    queryKey: accessApprovalKeys.getAccessApprovalRequests(projectSlug, envSlug, authorUserId),
+    queryFn: () => fetchApprovalRequests({ projectSlug, envSlug, authorUserId }),
     ...options,
-    enabled: Boolean(projectSlug) && (options?.enabled ?? true)
+    enabled: Boolean(projectSlug) && (options?.enabled ?? true),
+    placeholderData: (previousData) => previousData
   });

frontend/src/hooks/api/accessApproval/types.ts

@@ -148,7 +148,7 @@ export type TCreateAccessRequestDTO = {
 export type TGetAccessApprovalRequestsDTO = {
   projectSlug: string;
   envSlug?: string;
-  authorProjectMembershipId?: string;
+  authorUserId?: string;
 };
 
 export type TGetAccessPolicyApprovalCountDTO = {

frontend/src/hooks/api/appConnections/cloudflare/index.ts

@@ -0,0 +1,2 @@
+export * from "./queries";
+export * from "./types";

frontend/src/hooks/api/appConnections/cloudflare/queries.tsx

@@ -0,0 +1,37 @@
+import { useQuery, UseQueryOptions } from "@tanstack/react-query";
+
+import { apiRequest } from "@app/config/request";
+
+import { appConnectionKeys } from "../queries";
+import { TCloudflareProject } from "./types";
+
+const cloudflareConnectionKeys = {
+  all: [...appConnectionKeys.all, "cloudflare"] as const,
+  listPagesProjects: (connectionId: string) =>
+    [...cloudflareConnectionKeys.all, "pages-projects", connectionId] as const
+};
+
+export const useCloudflareConnectionListPagesProjects = (
+  connectionId: string,
+  options?: Omit<
+    UseQueryOptions<
+      TCloudflareProject[],
+      unknown,
+      TCloudflareProject[],
+      ReturnType<typeof cloudflareConnectionKeys.listPagesProjects>
+    >,
+    "queryKey" | "queryFn"
+  >
+) => {
+  return useQuery({
+    queryKey: cloudflareConnectionKeys.listPagesProjects(connectionId),
+    queryFn: async () => {
+      const { data } = await apiRequest.get<TCloudflareProject[]>(
+        `/api/v1/app-connections/cloudflare/${connectionId}/cloudflare-pages-projects`
+      );
+
+      return data;
+    },
+    ...options
+  });
+};

frontend/src/hooks/api/appConnections/cloudflare/types.ts

@@ -0,0 +1,4 @@
+export type TCloudflareProject = {
+  id: string;
+  name: string;
+};

frontend/src/hooks/api/appConnections/enums.ts

@@ -25,5 +25,6 @@ export enum AppConnection {
   OnePass = "1password",
   Heroku = "heroku",
   Render = "render",
-  Flyio = "flyio"
+  Flyio = "flyio",
+  Cloudflare = "cloudflare"
 }

frontend/src/hooks/api/appConnections/types/app-options.ts

@@ -123,6 +123,10 @@ export type TFlyioConnectionOption = TAppConnectionOptionBase & {
   app: AppConnection.Flyio;
 };
 
+export type TCloudflareConnectionOption = TAppConnectionOptionBase & {
+  app: AppConnection.Cloudflare;
+};
+
 export type TAppConnectionOption =
   | TAwsConnectionOption
   | TGitHubConnectionOption
@@ -148,7 +152,8 @@ export type TAppConnectionOption =
   | TOnePassConnectionOption
   | THerokuConnectionOption
   | TRenderConnectionOption
-  | TFlyioConnectionOption;
+  | TFlyioConnectionOption
+  | TCloudflareConnectionOption;
 
 export type TAppConnectionOptionMap = {
   [AppConnection.AWS]: TAwsConnectionOption;
@@ -178,4 +183,5 @@ export type TAppConnectionOptionMap = {
   [AppConnection.Heroku]: THerokuConnectionOption;
   [AppConnection.Render]: TRenderConnectionOption;
   [AppConnection.Flyio]: TFlyioConnectionOption;
+  [AppConnection.Cloudflare]: TCloudflareConnectionOption;
 };

frontend/src/hooks/api/appConnections/types/cloudflare-connection.ts

@@ -0,0 +1,14 @@
+import { AppConnection } from "@app/hooks/api/appConnections/enums";
+import { TRootAppConnection } from "@app/hooks/api/appConnections/types/root-connection";
+
+export enum CloudflareConnectionMethod {
+  ApiToken = "api-token"
+}
+
+export type TCloudflareConnection = TRootAppConnection & { app: AppConnection.Cloudflare } & {
+  method: CloudflareConnectionMethod.ApiToken;
+  credentials: {
+    apiToken: string;
+    accountId: string;
+  };
+};

frontend/src/hooks/api/appConnections/types/index.ts

@@ -8,6 +8,7 @@ import { TAzureClientSecretsConnection } from "./azure-client-secrets-connection
 import { TAzureDevOpsConnection } from "./azure-devops-connection";
 import { TAzureKeyVaultConnection } from "./azure-key-vault-connection";
 import { TCamundaConnection } from "./camunda-connection";
+import { TCloudflareConnection } from "./cloudflare-connection";
 import { TDatabricksConnection } from "./databricks-connection";
 import { TFlyioConnection } from "./flyio-connection";
 import { TGcpConnection } from "./gcp-connection";
@@ -55,6 +56,7 @@ export * from "./teamcity-connection";
 export * from "./terraform-cloud-connection";
 export * from "./vercel-connection";
 export * from "./windmill-connection";
+export * from "./cloudflare-connection";
 
 export type TAppConnection =
   | TAwsConnection
@@ -83,7 +85,8 @@ export type TAppConnection =
   | TOnePassConnection
   | THerokuConnection
   | TRenderConnection
-  | TFlyioConnection;
+  | TFlyioConnection
+  | TCloudflareConnection;
 
 export type TAvailableAppConnection = Pick<TAppConnection, "name" | "id">;
 
@@ -138,4 +141,5 @@ export type TAppConnectionMap = {
   [AppConnection.Heroku]: THerokuConnection;
   [AppConnection.Render]: TRenderConnection;
   [AppConnection.Flyio]: TFlyioConnection;
+  [AppConnection.Cloudflare]: TCloudflareConnection;
 };

frontend/src/hooks/api/secretApprovalRequest/queries.tsx

@@ -1,5 +1,5 @@
 /* eslint-disable no-param-reassign */
-import { useInfiniteQuery, useQuery, UseQueryOptions } from "@tanstack/react-query";
+import { useQuery, UseQueryOptions } from "@tanstack/react-query";
 
 import {
   decryptAssymmetric,
@@ -25,10 +25,11 @@ export const secretApprovalRequestKeys = {
     status,
     committer,
     offset,
-    limit
+    limit,
+    search
   }: TGetSecretApprovalRequestList) =>
     [
-      { workspaceId, environment, status, committer, offset, limit },
+      { workspaceId, environment, status, committer, offset, limit, search },
       "secret-approval-requests"
     ] as const,
   detail: ({ id }: Omit<TGetSecretApprovalRequestDetails, "decryptKey">) =>
@@ -118,23 +119,25 @@ const fetchSecretApprovalRequestList = async ({
   committer,
   status = "open",
   limit = 20,
-  offset
+  offset = 0,
+  search = ""
 }: TGetSecretApprovalRequestList) => {
-  const { data } = await apiRequest.get<{ approvals: TSecretApprovalRequest[] }>(
-    "/api/v1/secret-approval-requests",
-    {
-      params: {
-        workspaceId,
-        environment,
-        committer,
-        status,
-        limit,
-        offset
-      }
+  const { data } = await apiRequest.get<{
+    approvals: TSecretApprovalRequest[];
+    totalCount: number;
+  }>("/api/v1/secret-approval-requests", {
+    params: {
+      workspaceId,
+      environment,
+      committer,
+      status,
+      limit,
+      offset,
+      search
     }
-  );
+  });
 
-  return data.approvals;
+  return data;
 };
 
 export const useGetSecretApprovalRequests = ({
@@ -143,31 +146,32 @@ export const useGetSecretApprovalRequests = ({
   options = {},
   status,
   limit = 20,
+  offset = 0,
+  search,
   committer
 }: TGetSecretApprovalRequestList & TReactQueryOptions) =>
-  useInfiniteQuery({
-    initialPageParam: 0,
+  useQuery({
     queryKey: secretApprovalRequestKeys.list({
       workspaceId,
       environment,
       committer,
-      status
+      status,
+      limit,
+      search,
+      offset
     }),
-    queryFn: ({ pageParam }) =>
+    queryFn: () =>
       fetchSecretApprovalRequestList({
         workspaceId,
         environment,
         status,
         committer,
         limit,
-        offset: pageParam
+        offset,
+        search
       }),
     enabled: Boolean(workspaceId) && (options?.enabled ?? true),
-    getNextPageParam: (lastPage, pages) => {
-      if (lastPage.length && lastPage.length < limit) return undefined;
-
-      return lastPage?.length !== 0 ? pages.length * limit : undefined;
-    }
+    placeholderData: (previousData) => previousData
   });
 
 const fetchSecretApprovalRequestDetails = async ({

frontend/src/hooks/api/secretApprovalRequest/types.ts

@@ -113,6 +113,7 @@ export type TGetSecretApprovalRequestList = {
   committer?: string;
   limit?: number;
   offset?: number;
+  search?: string;
 };
 
 export type TGetSecretApprovalRequestCount = {

frontend/src/hooks/api/secretSyncs/enums.ts

@@ -18,7 +18,8 @@ export enum SecretSync {
   OnePass = "1password",
   Heroku = "heroku",
   Render = "render",
-  Flyio = "flyio"
+  Flyio = "flyio",
+  CloudflarePages = "cloudflare-pages"
 }
 
 export enum SecretSyncStatus {

frontend/src/hooks/api/secretSyncs/types/cloudflare-pages-sync.ts

@@ -0,0 +1,16 @@
+import { AppConnection } from "@app/hooks/api/appConnections/enums";
+import { SecretSync } from "@app/hooks/api/secretSyncs";
+import { TRootSecretSync } from "@app/hooks/api/secretSyncs/types/root-sync";
+
+export type TCloudflarePagesSync = TRootSecretSync & {
+  destination: SecretSync.CloudflarePages;
+  destinationConfig: {
+    projectName: string;
+    environment: string;
+  };
+  connection: {
+    app: AppConnection.Cloudflare;
+    name: string;
+    id: string;
+  };
+};

frontend/src/hooks/api/secretSyncs/types/index.ts

@@ -9,6 +9,7 @@ import { TAzureAppConfigurationSync } from "./azure-app-configuration-sync";
 import { TAzureDevOpsSync } from "./azure-devops-sync";
 import { TAzureKeyVaultSync } from "./azure-key-vault-sync";
 import { TCamundaSync } from "./camunda-sync";
+import { TCloudflarePagesSync } from "./cloudflare-pages-sync";
 import { TDatabricksSync } from "./databricks-sync";
 import { TFlyioSync } from "./flyio-sync";
 import { TGcpSync } from "./gcp-sync";
@@ -49,7 +50,8 @@ export type TSecretSync =
   | TOnePassSync
   | THerokuSync
   | TRenderSync
-  | TFlyioSync;
+  | TFlyioSync
+  | TCloudflarePagesSync;
 
 export type TListSecretSyncs = { secretSyncs: TSecretSync[] };
 

frontend/src/layouts/ProjectLayout/ProjectLayout.tsx

@@ -352,9 +352,9 @@ export const ProjectLayout = () => {
                                 secretApprovalReqCount?.open ||
                                   accessApprovalRequestCount?.pendingCount
                               ) && (
-                                <span className="ml-2 rounded border border-primary-400 bg-primary-600 px-1 py-0.5 text-xs font-semibold text-black">
+                                <Badge variant="primary" className="ml-1.5">
                                   {pendingRequestsCount}
-                                </span>
+                                </Badge>
                               )}
                             </MenuItem>
                           )}

frontend/src/pages/organization/AppConnections/AppConnectionsPage/components/AppConnectionForm/AppConnectionForm.tsx

@@ -17,6 +17,7 @@ import { AzureClientSecretsConnectionForm } from "./AzureClientSecretsConnection
 import { AzureDevOpsConnectionForm } from "./AzureDevOpsConnectionForm";
 import { AzureKeyVaultConnectionForm } from "./AzureKeyVaultConnectionForm";
 import { CamundaConnectionForm } from "./CamundaConnectionForm";
+import { CloudflareConnectionForm } from "./CloudflareConnectionForm";
 import { DatabricksConnectionForm } from "./DatabricksConnectionForm";
 import { FlyioConnectionForm } from "./FlyioConnectionForm";
 import { GcpConnectionForm } from "./GcpConnectionForm";
@@ -128,6 +129,8 @@ const CreateForm = ({ app, onComplete }: CreateFormProps) => {
       return <RenderConnectionForm onSubmit={onSubmit} />;
     case AppConnection.Flyio:
       return <FlyioConnectionForm onSubmit={onSubmit} />;
+    case AppConnection.Cloudflare:
+      return <CloudflareConnectionForm onSubmit={onSubmit} />;
     default:
       throw new Error(`Unhandled App ${app}`);
   }
@@ -218,6 +221,8 @@ const UpdateForm = ({ appConnection, onComplete }: UpdateFormProps) => {
       return <RenderConnectionForm onSubmit={onSubmit} appConnection={appConnection} />;
     case AppConnection.Flyio:
       return <FlyioConnectionForm onSubmit={onSubmit} appConnection={appConnection} />;
+    case AppConnection.Cloudflare:
+      return <CloudflareConnectionForm onSubmit={onSubmit} appConnection={appConnection} />;
     default:
       throw new Error(`Unhandled App ${(appConnection as TAppConnection).app}`);
   }