added sorting for folders in overview

misc: added auto-redeploy option for cf pages integration

backend/src/lib/api-docs/constants.ts

@@ -674,8 +674,7 @@ export const INTEGRATION = {
       secretGCPLabel: "The label for GCP secrets.",
       secretAWSTag: "The tags for AWS secrets.",
       kmsKeyId: "The ID of the encryption key from AWS KMS.",
-      shouldDisableDelete: "The flag to disable deletion of secrets in AWS Parameter Store.",
-      shouldEnableDelete: "The flag to enable deletion of secrets"
+      shouldDisableDelete: "The flag to disable deletion of secrets in AWS Parameter Store."
     }
   },
   UPDATE: {

backend/src/server/routes/v1/integration-router.ts

@@ -8,7 +8,7 @@ import { writeLimit } from "@app/server/config/rateLimiter";
 import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
-import { IntegrationMetadataSchema } from "@app/services/integration/integration-schema";
+import { IntegrationMappingBehavior } from "@app/services/integration-auth/integration-list";
 import { PostHogEventTypes, TIntegrationCreatedEvent } from "@app/services/telemetry/telemetry-types";
 
 export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
@@ -46,7 +46,36 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
         path: z.string().trim().optional().describe(INTEGRATION.CREATE.path),
         region: z.string().trim().optional().describe(INTEGRATION.CREATE.region),
         scope: z.string().trim().optional().describe(INTEGRATION.CREATE.scope),
-        metadata: IntegrationMetadataSchema.default({})
+        metadata: z
+          .object({
+            secretPrefix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretPrefix),
+            secretSuffix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretSuffix),
+            initialSyncBehavior: z.string().optional().describe(INTEGRATION.CREATE.metadata.initialSyncBehavoir),
+            mappingBehavior: z
+              .nativeEnum(IntegrationMappingBehavior)
+              .optional()
+              .describe(INTEGRATION.CREATE.metadata.mappingBehavior),
+            shouldAutoRedeploy: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldAutoRedeploy),
+            secretGCPLabel: z
+              .object({
+                labelName: z.string(),
+                labelValue: z.string()
+              })
+              .optional()
+              .describe(INTEGRATION.CREATE.metadata.secretGCPLabel),
+            secretAWSTag: z
+              .array(
+                z.object({
+                  key: z.string(),
+                  value: z.string()
+                })
+              )
+              .optional()
+              .describe(INTEGRATION.CREATE.metadata.secretAWSTag),
+            kmsKeyId: z.string().optional().describe(INTEGRATION.CREATE.metadata.kmsKeyId),
+            shouldDisableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldDisableDelete)
+          })
+          .default({})
       }),
       response: {
         200: z.object({
@@ -132,7 +161,33 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
         targetEnvironment: z.string().trim().describe(INTEGRATION.UPDATE.targetEnvironment),
         owner: z.string().trim().describe(INTEGRATION.UPDATE.owner),
         environment: z.string().trim().describe(INTEGRATION.UPDATE.environment),
-        metadata: IntegrationMetadataSchema.optional()
+        metadata: z
+          .object({
+            secretPrefix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretPrefix),
+            secretSuffix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretSuffix),
+            initialSyncBehavior: z.string().optional().describe(INTEGRATION.CREATE.metadata.initialSyncBehavoir),
+            mappingBehavior: z.string().optional().describe(INTEGRATION.CREATE.metadata.mappingBehavior),
+            shouldAutoRedeploy: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldAutoRedeploy),
+            secretGCPLabel: z
+              .object({
+                labelName: z.string(),
+                labelValue: z.string()
+              })
+              .optional()
+              .describe(INTEGRATION.CREATE.metadata.secretGCPLabel),
+            secretAWSTag: z
+              .array(
+                z.object({
+                  key: z.string(),
+                  value: z.string()
+                })
+              )
+              .optional()
+              .describe(INTEGRATION.CREATE.metadata.secretAWSTag),
+            kmsKeyId: z.string().optional().describe(INTEGRATION.CREATE.metadata.kmsKeyId),
+            shouldDisableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldDisableDelete)
+          })
+          .optional()
       }),
       response: {
         200: z.object({

backend/src/services/integration-auth/integration-sync-secret.ts

@@ -31,7 +31,6 @@ import { logger } from "@app/lib/logger";
 import { TCreateManySecretsRawFn, TUpdateManySecretsRawFn } from "@app/services/secret/secret-types";
 
 import { TIntegrationDALFactory } from "../integration/integration-dal";
-import { IntegrationMetadataSchema } from "../integration/integration-schema";
 import {
   IntegrationInitialSyncBehavior,
   IntegrationMappingBehavior,
@@ -1364,41 +1363,38 @@ const syncSecretsGitHub = async ({
     }
   }
 
-  const metadata = IntegrationMetadataSchema.parse(integration.metadata);
-  if (metadata.shouldEnableDelete) {
-    for await (const encryptedSecret of encryptedSecrets) {
-      if (
-        !(encryptedSecret.name in secrets) &&
-        !(appendices?.prefix !== undefined && !encryptedSecret.name.startsWith(appendices?.prefix)) &&
-        !(appendices?.suffix !== undefined && !encryptedSecret.name.endsWith(appendices?.suffix))
-      ) {
-        switch (integration.scope) {
-          case GithubScope.Org: {
-            await octokit.request("DELETE /orgs/{org}/actions/secrets/{secret_name}", {
-              org: integration.owner as string,
+  for await (const encryptedSecret of encryptedSecrets) {
+    if (
+      !(encryptedSecret.name in secrets) &&
+      !(appendices?.prefix !== undefined && !encryptedSecret.name.startsWith(appendices?.prefix)) &&
+      !(appendices?.suffix !== undefined && !encryptedSecret.name.endsWith(appendices?.suffix))
+    ) {
+      switch (integration.scope) {
+        case GithubScope.Org: {
+          await octokit.request("DELETE /orgs/{org}/actions/secrets/{secret_name}", {
+            org: integration.owner as string,
+            secret_name: encryptedSecret.name
+          });
+          break;
+        }
+        case GithubScope.Env: {
+          await octokit.request(
+            "DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}",
+            {
+              repository_id: Number(integration.appId),
+              environment_name: integration.targetEnvironmentId as string,
               secret_name: encryptedSecret.name
-            });
-            break;
-          }
-          case GithubScope.Env: {
-            await octokit.request(
-              "DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}",
-              {
-                repository_id: Number(integration.appId),
-                environment_name: integration.targetEnvironmentId as string,
-                secret_name: encryptedSecret.name
-              }
-            );
-            break;
-          }
-          default: {
-            await octokit.request("DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}", {
-              owner: integration.owner as string,
-              repo: integration.app as string,
-              secret_name: encryptedSecret.name
-            });
-            break;
-          }
+            }
+          );
+          break;
+        }
+        default: {
+          await octokit.request("DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}", {
+            owner: integration.owner as string,
+            repo: integration.app as string,
+            secret_name: encryptedSecret.name
+          });
+          break;
         }
       }
     }
@@ -2754,6 +2750,20 @@ const syncSecretsCloudflarePages = async ({
       }
     }
   );
+
+  const metadata = z.record(z.any()).parse(integration.metadata);
+  if (metadata.shouldAutoRedeploy) {
+    await request.post(
+      `${IntegrationUrls.CLOUDFLARE_PAGES_API_URL}/client/v4/accounts/${accessId}/pages/projects/${integration.app}/deployments`,
+      {},
+      {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          Accept: "application/json"
+        }
+      }
+    );
+  }
 };
 
 /**

backend/src/services/integration/integration-schema.ts

@@ -1,35 +0,0 @@
-import { z } from "zod";
-
-import { INTEGRATION } from "@app/lib/api-docs";
-
-import { IntegrationMappingBehavior } from "../integration-auth/integration-list";
-
-export const IntegrationMetadataSchema = z.object({
-  secretPrefix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretPrefix),
-  secretSuffix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretSuffix),
-  initialSyncBehavior: z.string().optional().describe(INTEGRATION.CREATE.metadata.initialSyncBehavoir),
-  mappingBehavior: z
-    .nativeEnum(IntegrationMappingBehavior)
-    .optional()
-    .describe(INTEGRATION.CREATE.metadata.mappingBehavior),
-  shouldAutoRedeploy: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldAutoRedeploy),
-  secretGCPLabel: z
-    .object({
-      labelName: z.string(),
-      labelValue: z.string()
-    })
-    .optional()
-    .describe(INTEGRATION.CREATE.metadata.secretGCPLabel),
-  secretAWSTag: z
-    .array(
-      z.object({
-        key: z.string(),
-        value: z.string()
-      })
-    )
-    .optional()
-    .describe(INTEGRATION.CREATE.metadata.secretAWSTag),
-  kmsKeyId: z.string().optional().describe(INTEGRATION.CREATE.metadata.kmsKeyId),
-  shouldDisableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldDisableDelete),
-  shouldEnableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldEnableDelete)
-});

backend/src/services/integration/integration-types.ts

@@ -29,7 +29,6 @@ export type TCreateIntegrationDTO = {
     }[];
     kmsKeyId?: string;
     shouldDisableDelete?: boolean;
-    shouldEnableDelete?: boolean;
   };
 } & Omit<TProjectPermission, "projectId">;
 
@@ -55,7 +54,6 @@ export type TUpdateIntegrationDTO = {
     }[];
     kmsKeyId?: string;
     shouldDisableDelete?: boolean;
-    shouldEnableDelete?: boolean;
   };
 } & Omit<TProjectPermission, "projectId">;
 

backend/src/services/kms/kms-service.ts

@@ -77,7 +77,7 @@ export const kmsServiceFactory = ({ kmsDAL, kmsRootConfigDAL, keyStore }: TKmsSe
     // This will switch to a seal process and HMS flow in future
     const encryptionKey = appCfg.ENCRYPTION_KEY || appCfg.ROOT_ENCRYPTION_KEY;
     // if root key its base64 encoded
-    const isBase64 = Boolean(appCfg.ROOT_ENCRYPTION_KEY);
+    const isBase64 = !appCfg.ENCRYPTION_KEY;
     if (!encryptionKey) throw new Error("Root encryption key not found for KMS service.");
     const encryptionKeyBuffer = Buffer.from(encryptionKey, isBase64 ? "base64" : "utf8");
 

docs/integrations/platforms/kubernetes.mdx

@@ -496,7 +496,6 @@ To enable auto redeployment you simply have to add the following annotation to t
 ```yaml
 secrets.infisical.com/auto-reload: "true"
 ```
-
 <Accordion title="Deployment example with auto redeploy enabled">
 ```yaml
 apiVersion: apps/v1
@@ -527,7 +526,11 @@ spec:
         - containerPort: 80
 ```
 </Accordion>
-
+<Info>
+  #### How it works 
+  When a secret change occurs, the operator will check to see which deployments are using the operator-managed Kubernetes secret that received the update. 
+  Then, for each deployment that has this annotation present, a rolling update will be triggered.
+</Info>
 ## Global configuration
 
 To configure global settings that will apply to all instances of `InfisicalSecret`, you can define these configurations in a Kubernetes ConfigMap.

frontend/src/hooks/api/integrations/queries.tsx

@@ -73,7 +73,6 @@ export const useCreateIntegration = () => {
         }[];
         kmsKeyId?: string;
         shouldDisableDelete?: boolean;
-        shouldEnableDelete?: boolean;
       };
     }) => {
       const {

frontend/src/pages/integrations/cloudflare-pages/create.tsx

@@ -7,7 +7,15 @@ import { createNotification } from "@app/components/notifications";
 import { SecretPathInput } from "@app/components/v2/SecretPathInput";
 import { useCreateIntegration, useGetWorkspaceById } from "@app/hooks/api";
 
-import { Button, Card, CardTitle, FormControl, Select, SelectItem } from "../../../components/v2";
+import {
+  Button,
+  Card,
+  CardTitle,
+  FormControl,
+  Select,
+  SelectItem,
+  Switch
+} from "../../../components/v2";
 import {
   useGetIntegrationAuthApps,
   useGetIntegrationAuthById
@@ -34,6 +42,7 @@ export default function CloudflarePagesIntegrationPage() {
   const [targetApp, setTargetApp] = useState("");
   const [targetAppId, setTargetAppId] = useState("");
   const [targetEnvironment, setTargetEnvironment] = useState("");
+  const [shouldAutoRedeploy, setShouldAutoRedeploy] = useState(false);
 
   const [isLoading, setIsLoading] = useState(false);
 
@@ -69,7 +78,10 @@ export default function CloudflarePagesIntegrationPage() {
         appId: targetAppId,
         sourceEnvironment: selectedSourceEnvironment,
         targetEnvironment,
-        secretPath
+        secretPath,
+        metadata: {
+          shouldAutoRedeploy
+        }
       });
 
       setIsLoading(false);
@@ -169,6 +181,15 @@ export default function CloudflarePagesIntegrationPage() {
             ))}
           </Select>
         </FormControl>
+        <div className="mb-[2.36rem] ml-1 px-6">
+          <Switch
+            id="redeploy-cloudflare-pages"
+            onCheckedChange={(isChecked: boolean) => setShouldAutoRedeploy(isChecked)}
+            isChecked={shouldAutoRedeploy}
+          >
+            Auto-redeploy service upon secret change
+          </Switch>
+        </div>
         <Button
           onClick={handleButtonClick}
           color="mineshaft"

frontend/src/pages/integrations/github/create.tsx

@@ -33,7 +33,6 @@ import {
   Input,
   Select,
   SelectItem,
-  Switch,
   Tab,
   TabList,
   TabPanel,
@@ -60,7 +59,7 @@ const schema = yup.object({
   selectedSourceEnvironment: yup.string().trim().required("Project Environment is required"),
   secretPath: yup.string().trim().required("Secrets Path is required"),
   secretSuffix: yup.string().trim().optional(),
-  shouldEnableDelete: yup.boolean().optional(),
+
   scope: yup.mixed<TargetEnv>().oneOf(targetEnv.slice()).required(),
 
   repoIds: yup.mixed().when("scope", {
@@ -99,6 +98,7 @@ type FormData = yup.InferType<typeof schema>;
 export default function GitHubCreateIntegrationPage() {
   const router = useRouter();
   const { mutateAsync } = useCreateIntegration();
+  
 
   const integrationAuthId =
     (queryString.parse(router.asPath.split("?")[1]).integrationAuthId as string) ?? "";
@@ -120,8 +120,7 @@ export default function GitHubCreateIntegrationPage() {
     defaultValues: {
       secretPath: "/",
       scope: "github-repo",
-      repoIds: [],
-      shouldEnableDelete: false
+      repoIds: []
     }
   });
 
@@ -178,8 +177,7 @@ export default function GitHubCreateIntegrationPage() {
                 app: targetApp.name, // repo name
                 owner: targetApp.owner, // repo owner
                 metadata: {
-                  secretSuffix: data.secretSuffix,
-                  shouldEnableDelete: data.shouldEnableDelete
+                  secretSuffix: data.secretSuffix
                 }
               });
             })
@@ -196,8 +194,7 @@ export default function GitHubCreateIntegrationPage() {
             scope: data.scope,
             owner: integrationAuthOrgs?.find((e) => e.orgId === data.orgId)?.name,
             metadata: {
-              secretSuffix: data.secretSuffix,
-              shouldEnableDelete: data.shouldEnableDelete
+              secretSuffix: data.secretSuffix
             }
           });
           break;
@@ -214,8 +211,7 @@ export default function GitHubCreateIntegrationPage() {
             owner: repoOwner,
             targetEnvironmentId: data.envId,
             metadata: {
-              secretSuffix: data.secretSuffix,
-              shouldEnableDelete: data.shouldEnableDelete
+              secretSuffix: data.secretSuffix
             }
           });
           break;
@@ -550,21 +546,6 @@ export default function GitHubCreateIntegrationPage() {
                 animate={{ opacity: 1, translateX: 0 }}
                 exit={{ opacity: 0, translateX: 30 }}
               >
-                <div className="ml-1 mb-5">
-                  <Controller
-                    control={control}
-                    name="shouldEnableDelete"
-                    render={({ field: { onChange, value } }) => (
-                      <Switch
-                        id="delete-github-option"
-                        onCheckedChange={(isChecked) => onChange(isChecked)}
-                        isChecked={value}
-                      >
-                        Delete secrets in Github that are not in Infisical
-                      </Switch>
-                    )}
-                  />
-                </div>
                 <Controller
                   control={control}
                   name="secretSuffix"

frontend/src/views/SecretOverviewPage/SecretOverviewPage.tsx

@@ -454,12 +454,12 @@ export const SecretOverviewPage = () => {
   const filteredSecretNames = secKeys
     ?.filter((name) => name.toUpperCase().includes(searchFilter.toUpperCase()))
     .sort((a, b) => (sortDir === "asc" ? a.localeCompare(b) : b.localeCompare(a)));
-  const filteredFolderNames = folderNames?.filter((name) =>
-    name.toLowerCase().includes(searchFilter.toLowerCase())
-  );
-  const filteredDynamicSecrets = dynamicSecretNames?.filter((name) =>
-    name.toLowerCase().includes(searchFilter.toLowerCase())
-  );
+  const filteredFolderNames = folderNames
+    ?.filter((name) => name.toLowerCase().includes(searchFilter.toLowerCase()))
+    .sort((a, b) => (sortDir === "asc" ? a.localeCompare(b) : b.localeCompare(a)));
+  const filteredDynamicSecrets = dynamicSecretNames
+    ?.filter((name) => name.toLowerCase().includes(searchFilter.toLowerCase()))
+    .sort((a, b) => (sortDir === "asc" ? a.localeCompare(b) : b.localeCompare(a)));
 
   const isTableEmpty =
     !(