improvement: disable tooltip hover content for env name tooltip

improvement: increase env tooltip max width and adjust alignment
improvement: add collapsed environment view to secret overview page and minor ui adjustments
2025-08-19 21:17:10 +00:00 · 2025-06-26 09:12:11 -07:00 · 2025-06-26 07:56:47 -07:00 · 2025-06-25 16:49:34 -07:00
114 changed files with 259 additions and 5390 deletions
--- a/.env.example
+++ b/.env.example
@@ -107,10 +107,6 @@ INF_APP_CONNECTION_GITHUB_APP_PRIVATE_KEY=
 INF_APP_CONNECTION_GITHUB_APP_SLUG=
 INF_APP_CONNECTION_GITHUB_APP_ID=
 #gitlab app connection
 INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID=
 INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_SECRET=
 #github radar app connection
 INF_APP_CONNECTION_GITHUB_RADAR_APP_CLIENT_ID=
 INF_APP_CONNECTION_GITHUB_RADAR_APP_CLIENT_SECRET=
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -30,7 +30,6 @@
        "@fastify/static": "^7.0.4",
        "@fastify/swagger": "^8.14.0",
        "@fastify/swagger-ui": "^2.1.0",
        "@gitbeaker/rest": "^42.5.0",
        "@google-cloud/kms": "^4.5.0",
        "@infisical/quic": "^1.0.8",
        "@node-saml/passport-saml": "^5.0.1",
@@ -7808,48 +7807,6 @@
        "p-limit": "^3.1.0"
      }
    },
    "node_modules/@gitbeaker/core": {
      "version": "42.5.0",
      "resolved": "https://registry.npmjs.org/@gitbeaker/core/-/core-42.5.0.tgz",
      "integrity": "sha512-rMWpOPaZi1iLiifnOIoVO57p2EmQQdfIwP4txqNyMvG4WjYP5Ez0U7jRD9Nra41x6K5kTPBZkuQcAdxVWRJcEQ==",
      "license": "MIT",
      "dependencies": {
        "@gitbeaker/requester-utils": "^42.5.0",
        "qs": "^6.12.2",
        "xcase": "^2.0.1"
      },
      "engines": {
        "node": ">=18.20.0"
      }
    },
    "node_modules/@gitbeaker/requester-utils": {
      "version": "42.5.0",
      "resolved": "https://registry.npmjs.org/@gitbeaker/requester-utils/-/requester-utils-42.5.0.tgz",
      "integrity": "sha512-HLdLS9LPBMVQumvroQg/4qkphLDtwDB+ygEsrD2u4oYCMUtXV4V1xaVqU4yTXjbTJ5sItOtdB43vYRkBcgueBw==",
      "license": "MIT",
      "dependencies": {
        "picomatch-browser": "^2.2.6",
        "qs": "^6.12.2",
        "rate-limiter-flexible": "^4.0.1",
        "xcase": "^2.0.1"
      },
      "engines": {
        "node": ">=18.20.0"
      }
    },
    "node_modules/@gitbeaker/rest": {
      "version": "42.5.0",
      "resolved": "https://registry.npmjs.org/@gitbeaker/rest/-/rest-42.5.0.tgz",
      "integrity": "sha512-oC5cM6jS7aFOp0luTw5mWSRuMgdxwHRLZQ/aWkI+ETMfsprR/HyxsXfljlMY/XJ/fRxTbRJiodR5Axf66WjO3w==",
      "license": "MIT",
      "dependencies": {
        "@gitbeaker/core": "^42.5.0",
        "@gitbeaker/requester-utils": "^42.5.0"
      },
      "engines": {
        "node": ">=18.20.0"
      }
    },
    "node_modules/@google-cloud/kms": {
      "version": "4.5.0",
      "resolved": "https://registry.npmjs.org/@google-cloud/kms/-/kms-4.5.0.tgz",
@@ -24671,18 +24628,6 @@
        "url": "https://github.com/sponsors/jonschlinkert"
      }
    },
    "node_modules/picomatch-browser": {
      "version": "2.2.6",
      "resolved": "https://registry.npmjs.org/picomatch-browser/-/picomatch-browser-2.2.6.tgz",
      "integrity": "sha512-0ypsOQt9D4e3hziV8O4elD9uN0z/jtUEfxVRtNaAAtXIyUx9m/SzlO020i8YNL2aL/E6blOvvHQcin6HZlFy/w==",
      "license": "MIT",
      "engines": {
        "node": ">=8.6"
      },
      "funding": {
        "url": "https://github.com/sponsors/jonschlinkert"
      }
    },
    "node_modules/pify": {
      "version": "4.0.1",
      "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
@@ -25617,12 +25562,6 @@
        "node": ">= 0.6"
      }
    },
    "node_modules/rate-limiter-flexible": {
      "version": "4.0.1",
      "resolved": "https://registry.npmjs.org/rate-limiter-flexible/-/rate-limiter-flexible-4.0.1.tgz",
      "integrity": "sha512-2/dGHpDFpeA0+755oUkW+EKyklqLS9lu0go9pDsbhqQjZcxfRyJ6LA4JI0+HAdZ2bemD/oOjUeZQB2lCZqXQfQ==",
      "license": "ISC"
    },
    "node_modules/raw-body": {
      "version": "2.5.2",
      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
@@ -31100,12 +31039,6 @@
        }
      }
    },
    "node_modules/xcase": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/xcase/-/xcase-2.0.1.tgz",
      "integrity": "sha512-UmFXIPU+9Eg3E9m/728Bii0lAIuoc+6nbrNUKaRPJOFp91ih44qqGlWtxMB6kXFrRD6po+86ksHM5XHCfk6iPw==",
      "license": "MIT"
    },
    "node_modules/xml-crypto": {
      "version": "6.0.1",
      "resolved": "https://registry.npmjs.org/xml-crypto/-/xml-crypto-6.0.1.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@@ -149,7 +149,6 @@
    "@fastify/static": "^7.0.4",
    "@fastify/swagger": "^8.14.0",
    "@fastify/swagger-ui": "^2.1.0",
    "@gitbeaker/rest": "^42.5.0",
    "@google-cloud/kms": "^4.5.0",
    "@infisical/quic": "^1.0.8",
    "@node-saml/passport-saml": "^5.0.1",
--- a/backend/src/lib/api-docs/constants.ts
+++ b/backend/src/lib/api-docs/constants.ts
@@ -2228,12 +2228,6 @@ export const AppConnections = {
    },
    FLYIO: {
      accessToken: "The Access Token used to access fly.io."
    },
    GITLAB: {
      instanceUrl: "The GitLab instance URL to connect with.",
      accessToken: "The Access Token used to access GitLab.",
      code: "The OAuth code to use to connect with GitLab.",
      accessTokenType: "The type of token used to connect with GitLab."
    }
  }
 };
@@ -2408,17 +2402,6 @@ export const SecretSyncs = {
    FLYIO: {
      appId: "The ID of the Fly.io app to sync secrets to."
    },
    GITLAB: {
      projectId: "The GitLab Project ID to sync secrets to.",
      projectName: "The GitLab Project Name to sync secrets to.",
      groupId: "The GitLab Group ID to sync secrets to.",
      groupName: "The GitLab Group Name to sync secrets to.",
      scope: "The GitLab scope that secrets should be synced to. (default: project)",
      targetEnvironment: "The GitLab environment scope that secrets should be synced to. (default: *)",
      shouldProtectSecrets: "Whether variables should be protected",
      shouldMaskSecrets: "Whether variables should be masked in logs",
      shouldHideSecrets: "Whether variables should be hidden"
    },
    CLOUDFLARE_PAGES: {
      projectName: "The name of the Cloudflare Pages project to sync secrets to.",
      environment: "The environment of the Cloudflare Pages project to sync secrets to."
--- a/backend/src/lib/config/env.ts
+++ b/backend/src/lib/config/env.ts
@@ -247,10 +247,6 @@ const envSchema = z
    INF_APP_CONNECTION_GITHUB_RADAR_APP_ID: zpStr(z.string().optional()),
    INF_APP_CONNECTION_GITHUB_RADAR_APP_WEBHOOK_SECRET: zpStr(z.string().optional()),
    // gitlab oauth
    INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID: zpStr(z.string().optional()),
    INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_SECRET: zpStr(z.string().optional()),
    // gcp app
    INF_APP_CONNECTION_GCP_SERVICE_ACCOUNT_CREDENTIAL: zpStr(z.string().optional()),
--- a/backend/src/server/routes/v1/app-connection-routers/app-connection-router.ts
+++ b/backend/src/server/routes/v1/app-connection-routers/app-connection-router.ts
@@ -35,10 +35,6 @@ import {
  CamundaConnectionListItemSchema,
  SanitizedCamundaConnectionSchema
 } from "@app/services/app-connection/camunda";
 import {
  CloudflareConnectionListItemSchema,
  SanitizedCloudflareConnectionSchema
 } from "@app/services/app-connection/cloudflare/cloudflare-connection-schema";
 import {
  DatabricksConnectionListItemSchema,
  SanitizedDatabricksConnectionSchema
@@ -50,7 +46,6 @@ import {
  GitHubRadarConnectionListItemSchema,
  SanitizedGitHubRadarConnectionSchema
 } from "@app/services/app-connection/github-radar";
 import { GitLabConnectionListItemSchema, SanitizedGitLabConnectionSchema } from "@app/services/app-connection/gitlab";
 import {
  HCVaultConnectionListItemSchema,
  SanitizedHCVaultConnectionSchema
@@ -85,6 +80,10 @@ import {
  WindmillConnectionListItemSchema
 } from "@app/services/app-connection/windmill";
 import { AuthMode } from "@app/services/auth/auth-type";
 import {
  CloudflareConnectionListItemSchema,
  SanitizedCloudflareConnectionSchema
 } from "@app/services/app-connection/cloudflare/cloudflare-connection-schema";
 // can't use discriminated due to multiple schemas for certain apps
 const SanitizedAppConnectionSchema = z.union([
@@ -115,7 +114,6 @@ const SanitizedAppConnectionSchema = z.union([
  ...SanitizedHerokuConnectionSchema.options,
  ...SanitizedRenderConnectionSchema.options,
  ...SanitizedFlyioConnectionSchema.options,
  ...SanitizedGitLabConnectionSchema.options,
  ...SanitizedCloudflareConnectionSchema.options
 ]);
@@ -147,7 +145,6 @@ const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
  HerokuConnectionListItemSchema,
  RenderConnectionListItemSchema,
  FlyioConnectionListItemSchema,
  GitLabConnectionListItemSchema,
  CloudflareConnectionListItemSchema
 ]);
--- a/backend/src/server/routes/v1/app-connection-routers/gitlab-connection-router.ts
+++ b/backend/src/server/routes/v1/app-connection-routers/gitlab-connection-router.ts
@@ -1,90 +0,0 @@
 import z from "zod";
 import { readLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AppConnection } from "@app/services/app-connection/app-connection-enums";
 import {
  CreateGitLabConnectionSchema,
  SanitizedGitLabConnectionSchema,
  TGitLabGroup,
  TGitLabProject,
  UpdateGitLabConnectionSchema
 } from "@app/services/app-connection/gitlab";
 import { AuthMode } from "@app/services/auth/auth-type";
 import { registerAppConnectionEndpoints } from "./app-connection-endpoints";
 export const registerGitLabConnectionRouter = async (server: FastifyZodProvider) => {
  registerAppConnectionEndpoints({
    app: AppConnection.GitLab,
    server,
    sanitizedResponseSchema: SanitizedGitLabConnectionSchema,
    createSchema: CreateGitLabConnectionSchema,
    updateSchema: UpdateGitLabConnectionSchema
  });
  // The below endpoints are not exposed and for Infisical App use
  server.route({
    method: "GET",
    url: `/:connectionId/projects`,
    config: {
      rateLimit: readLimit
    },
    schema: {
      params: z.object({
        connectionId: z.string().uuid()
      }),
      response: {
        200: z
          .object({
            id: z.string(),
            name: z.string()
          })
          .array()
      }
    },
    onRequest: verifyAuth([AuthMode.JWT]),
    handler: async (req) => {
      const { connectionId } = req.params;
      const projects: TGitLabProject[] = await server.services.appConnection.gitlab.listProjects(
        connectionId,
        req.permission
      );
      return projects;
    }
  });
  server.route({
    method: "GET",
    url: `/:connectionId/groups`,
    config: {
      rateLimit: readLimit
    },
    schema: {
      params: z.object({
        connectionId: z.string().uuid()
      }),
      response: {
        200: z
          .object({
            id: z.string(),
            name: z.string()
          })
          .array()
      }
    },
    onRequest: verifyAuth([AuthMode.JWT]),
    handler: async (req) => {
      const { connectionId } = req.params;
      const groups: TGitLabGroup[] = await server.services.appConnection.gitlab.listGroups(
        connectionId,
        req.permission
      );
      return groups;
    }
  });
 };
--- a/backend/src/server/routes/v1/app-connection-routers/index.ts
+++ b/backend/src/server/routes/v1/app-connection-routers/index.ts
@@ -10,13 +10,11 @@ import { registerAzureClientSecretsConnectionRouter } from "./azure-client-secre
 import { registerAzureDevOpsConnectionRouter } from "./azure-devops-connection-router";
 import { registerAzureKeyVaultConnectionRouter } from "./azure-key-vault-connection-router";
 import { registerCamundaConnectionRouter } from "./camunda-connection-router";
 import { registerCloudflareConnectionRouter } from "./cloudflare-connection-router";
 import { registerDatabricksConnectionRouter } from "./databricks-connection-router";
 import { registerFlyioConnectionRouter } from "./flyio-connection-router";
 import { registerGcpConnectionRouter } from "./gcp-connection-router";
 import { registerGitHubConnectionRouter } from "./github-connection-router";
 import { registerGitHubRadarConnectionRouter } from "./github-radar-connection-router";
 import { registerGitLabConnectionRouter } from "./gitlab-connection-router";
 import { registerHCVaultConnectionRouter } from "./hc-vault-connection-router";
 import { registerHerokuConnectionRouter } from "./heroku-connection-router";
 import { registerHumanitecConnectionRouter } from "./humanitec-connection-router";
@@ -29,6 +27,7 @@ import { registerTeamCityConnectionRouter } from "./teamcity-connection-router";
 import { registerTerraformCloudConnectionRouter } from "./terraform-cloud-router";
 import { registerVercelConnectionRouter } from "./vercel-connection-router";
 import { registerWindmillConnectionRouter } from "./windmill-connection-router";
 import { registerCloudflareConnectionRouter } from "./cloudflare-connection-router";
 export * from "./app-connection-router";
@@ -61,6 +60,5 @@ export const APP_CONNECTION_REGISTER_ROUTER_MAP: Record<AppConnection, (server:
    [AppConnection.Heroku]: registerHerokuConnectionRouter,
    [AppConnection.Render]: registerRenderConnectionRouter,
    [AppConnection.Flyio]: registerFlyioConnectionRouter,
    [AppConnection.GitLab]: registerGitLabConnectionRouter,
    [AppConnection.Cloudflare]: registerCloudflareConnectionRouter
  };
--- a/backend/src/server/routes/v1/secret-sync-routers/gitlab-sync-router.ts
+++ b/backend/src/server/routes/v1/secret-sync-routers/gitlab-sync-router.ts
@@ -1,13 +0,0 @@
 import { CreateGitLabSyncSchema, GitLabSyncSchema, UpdateGitLabSyncSchema } from "@app/services/secret-sync/gitlab";
 import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
 import { registerSyncSecretsEndpoints } from "./secret-sync-endpoints";
 export const registerGitLabSyncRouter = async (server: FastifyZodProvider) =>
  registerSyncSecretsEndpoints({
    destination: SecretSync.GitLab,
    server,
    responseSchema: GitLabSyncSchema,
    createSchema: CreateGitLabSyncSchema,
    updateSchema: UpdateGitLabSyncSchema
  });
--- a/backend/src/server/routes/v1/secret-sync-routers/index.ts
+++ b/backend/src/server/routes/v1/secret-sync-routers/index.ts
@@ -13,7 +13,6 @@ import { registerDatabricksSyncRouter } from "./databricks-sync-router";
 import { registerFlyioSyncRouter } from "./flyio-sync-router";
 import { registerGcpSyncRouter } from "./gcp-sync-router";
 import { registerGitHubSyncRouter } from "./github-sync-router";
 import { registerGitLabSyncRouter } from "./gitlab-sync-router";
 import { registerHCVaultSyncRouter } from "./hc-vault-sync-router";
 import { registerHerokuSyncRouter } from "./heroku-sync-router";
 import { registerHumanitecSyncRouter } from "./humanitec-sync-router";
@@ -46,6 +45,5 @@ export const SECRET_SYNC_REGISTER_ROUTER_MAP: Record<SecretSync, (server: Fastif
  [SecretSync.Heroku]: registerHerokuSyncRouter,
  [SecretSync.Render]: registerRenderSyncRouter,
  [SecretSync.Flyio]: registerFlyioSyncRouter,
  [SecretSync.GitLab]: registerGitLabSyncRouter,
  [SecretSync.CloudflarePages]: registerCloudflarePagesSyncRouter
 };
--- a/backend/src/server/routes/v1/secret-sync-routers/secret-sync-router.ts
+++ b/backend/src/server/routes/v1/secret-sync-routers/secret-sync-router.ts
@@ -22,15 +22,10 @@ import {
 import { AzureDevOpsSyncListItemSchema, AzureDevOpsSyncSchema } from "@app/services/secret-sync/azure-devops";
 import { AzureKeyVaultSyncListItemSchema, AzureKeyVaultSyncSchema } from "@app/services/secret-sync/azure-key-vault";
 import { CamundaSyncListItemSchema, CamundaSyncSchema } from "@app/services/secret-sync/camunda";
 import {
  CloudflarePagesSyncListItemSchema,
  CloudflarePagesSyncSchema
 } from "@app/services/secret-sync/cloudflare-pages/cloudflare-pages-schema";
 import { DatabricksSyncListItemSchema, DatabricksSyncSchema } from "@app/services/secret-sync/databricks";
 import { FlyioSyncListItemSchema, FlyioSyncSchema } from "@app/services/secret-sync/flyio";
 import { GcpSyncListItemSchema, GcpSyncSchema } from "@app/services/secret-sync/gcp";
 import { GitHubSyncListItemSchema, GitHubSyncSchema } from "@app/services/secret-sync/github";
 import { GitLabSyncListItemSchema, GitLabSyncSchema } from "@app/services/secret-sync/gitlab";
 import { HCVaultSyncListItemSchema, HCVaultSyncSchema } from "@app/services/secret-sync/hc-vault";
 import { HerokuSyncListItemSchema, HerokuSyncSchema } from "@app/services/secret-sync/heroku";
 import { HumanitecSyncListItemSchema, HumanitecSyncSchema } from "@app/services/secret-sync/humanitec";
@@ -39,6 +34,10 @@ import { TeamCitySyncListItemSchema, TeamCitySyncSchema } from "@app/services/se
 import { TerraformCloudSyncListItemSchema, TerraformCloudSyncSchema } from "@app/services/secret-sync/terraform-cloud";
 import { VercelSyncListItemSchema, VercelSyncSchema } from "@app/services/secret-sync/vercel";
 import { WindmillSyncListItemSchema, WindmillSyncSchema } from "@app/services/secret-sync/windmill";
 import {
  CloudflarePagesSyncListItemSchema,
  CloudflarePagesSyncSchema
 } from "@app/services/secret-sync/cloudflare-pages/cloudflare-pages-schema";
 const SecretSyncSchema = z.discriminatedUnion("destination", [
  AwsParameterStoreSyncSchema,
@@ -61,7 +60,6 @@ const SecretSyncSchema = z.discriminatedUnion("destination", [
  HerokuSyncSchema,
  RenderSyncSchema,
  FlyioSyncSchema,
  GitLabSyncSchema,
  CloudflarePagesSyncSchema
 ]);
@@ -86,7 +84,6 @@ const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
  HerokuSyncListItemSchema,
  RenderSyncListItemSchema,
  FlyioSyncListItemSchema,
  GitLabSyncListItemSchema,
  CloudflarePagesSyncListItemSchema
 ]);
--- a/backend/src/services/app-connection/app-connection-enums.ts
+++ b/backend/src/services/app-connection/app-connection-enums.ts
@@ -26,7 +26,6 @@ export enum AppConnection {
  Heroku = "heroku",
  Render = "render",
  Flyio = "flyio",
  GitLab = "gitlab",
  Cloudflare = "cloudflare"
 }
--- a/backend/src/services/app-connection/app-connection-fns.ts
+++ b/backend/src/services/app-connection/app-connection-fns.ts
@@ -51,11 +51,6 @@ import {
  validateAzureKeyVaultConnectionCredentials
 } from "./azure-key-vault";
 import { CamundaConnectionMethod, getCamundaConnectionListItem, validateCamundaConnectionCredentials } from "./camunda";
 import { CloudflareConnectionMethod } from "./cloudflare/cloudflare-connection-enum";
 import {
  getCloudflareConnectionListItem,
  validateCloudflareConnectionCredentials
 } from "./cloudflare/cloudflare-connection-fns";
 import {
  DatabricksConnectionMethod,
  getDatabricksConnectionListItem,
@@ -69,7 +64,6 @@ import {
  GitHubRadarConnectionMethod,
  validateGitHubRadarConnectionCredentials
 } from "./github-radar";
 import { getGitLabConnectionListItem, GitLabConnectionMethod, validateGitLabConnectionCredentials } from "./gitlab";
 import {
  getHCVaultConnectionListItem,
  HCVaultConnectionMethod,
@@ -105,6 +99,11 @@ import {
  validateWindmillConnectionCredentials,
  WindmillConnectionMethod
 } from "./windmill";
 import {
  getCloudflareConnectionListItem,
  validateCloudflareConnectionCredentials
 } from "./cloudflare/cloudflare-connection-fns";
 import { CloudflareConnectionMethod } from "./cloudflare/cloudflare-connection-enum";
 export const listAppConnectionOptions = () => {
  return [
@@ -135,7 +134,6 @@ export const listAppConnectionOptions = () => {
    getHerokuConnectionListItem(),
    getRenderConnectionListItem(),
    getFlyioConnectionListItem(),
    getGitLabConnectionListItem(),
    getCloudflareConnectionListItem()
  ].sort((a, b) => a.name.localeCompare(b.name));
 };
@@ -215,7 +213,6 @@ export const validateAppConnectionCredentials = async (
    [AppConnection.Heroku]: validateHerokuConnectionCredentials as TAppConnectionCredentialsValidator,
    [AppConnection.Render]: validateRenderConnectionCredentials as TAppConnectionCredentialsValidator,
    [AppConnection.Flyio]: validateFlyioConnectionCredentials as TAppConnectionCredentialsValidator,
    [AppConnection.GitLab]: validateGitLabConnectionCredentials as TAppConnectionCredentialsValidator,
    [AppConnection.Cloudflare]: validateCloudflareConnectionCredentials as TAppConnectionCredentialsValidator
  };
@@ -233,7 +230,6 @@ export const getAppConnectionMethodName = (method: TAppConnection["method"]) =>
    case GitHubConnectionMethod.OAuth:
    case AzureDevOpsConnectionMethod.OAuth:
    case HerokuConnectionMethod.OAuth:
    case GitLabConnectionMethod.OAuth:
      return "OAuth";
    case HerokuConnectionMethod.AuthToken:
      return "Auth Token";
@@ -331,7 +327,6 @@ export const TRANSITION_CONNECTION_CREDENTIALS_TO_PLATFORM: Record<
  [AppConnection.Heroku]: platformManagedCredentialsNotSupported,
  [AppConnection.Render]: platformManagedCredentialsNotSupported,
  [AppConnection.Flyio]: platformManagedCredentialsNotSupported,
  [AppConnection.GitLab]: platformManagedCredentialsNotSupported,
  [AppConnection.Cloudflare]: platformManagedCredentialsNotSupported
 };
--- a/backend/src/services/app-connection/app-connection-maps.ts
+++ b/backend/src/services/app-connection/app-connection-maps.ts
@@ -28,7 +28,6 @@ export const APP_CONNECTION_NAME_MAP: Record<AppConnection, string> = {
  [AppConnection.Heroku]: "Heroku",
  [AppConnection.Render]: "Render",
  [AppConnection.Flyio]: "Fly.io",
  [AppConnection.GitLab]: "GitLab",
  [AppConnection.Cloudflare]: "Cloudflare"
 };
@@ -60,6 +59,5 @@ export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanTyp
  [AppConnection.Heroku]: AppConnectionPlanType.Regular,
  [AppConnection.Render]: AppConnectionPlanType.Regular,
  [AppConnection.Flyio]: AppConnectionPlanType.Regular,
  [AppConnection.GitLab]: AppConnectionPlanType.Regular,
  [AppConnection.Cloudflare]: AppConnectionPlanType.Regular
 };
--- a/backend/src/services/app-connection/app-connection-service.ts
+++ b/backend/src/services/app-connection/app-connection-service.ts
@@ -58,8 +58,6 @@ import { gcpConnectionService } from "./gcp/gcp-connection-service";
 import { ValidateGitHubConnectionCredentialsSchema } from "./github";
 import { githubConnectionService } from "./github/github-connection-service";
 import { ValidateGitHubRadarConnectionCredentialsSchema } from "./github-radar";
 import { ValidateGitLabConnectionCredentialsSchema } from "./gitlab";
 import { gitlabConnectionService } from "./gitlab/gitlab-connection-service";
 import { ValidateHCVaultConnectionCredentialsSchema } from "./hc-vault";
 import { hcVaultConnectionService } from "./hc-vault/hc-vault-connection-service";
 import { ValidateHerokuConnectionCredentialsSchema } from "./heroku";
@@ -118,7 +116,6 @@ const VALIDATE_APP_CONNECTION_CREDENTIALS_MAP: Record<AppConnection, TValidateAp
  [AppConnection.Heroku]: ValidateHerokuConnectionCredentialsSchema,
  [AppConnection.Render]: ValidateRenderConnectionCredentialsSchema,
  [AppConnection.Flyio]: ValidateFlyioConnectionCredentialsSchema,
  [AppConnection.GitLab]: ValidateGitLabConnectionCredentialsSchema,
  [AppConnection.Cloudflare]: ValidateCloudflareConnectionCredentialsSchema
 };
@@ -527,8 +524,7 @@ export const appConnectionServiceFactory = ({
    onepass: onePassConnectionService(connectAppConnectionById),
    heroku: herokuConnectionService(connectAppConnectionById, appConnectionDAL, kmsService),
    render: renderConnectionService(connectAppConnectionById),
-    flyio: flyioConnectionService(connectAppConnectionById),
+    cloudflare: cloudflareConnectionService(connectAppConnectionById),
-    gitlab: gitlabConnectionService(connectAppConnectionById, appConnectionDAL, kmsService),
+    flyio: flyioConnectionService(connectAppConnectionById)
    cloudflare: cloudflareConnectionService(connectAppConnectionById)
  };
 };
--- a/backend/src/services/app-connection/app-connection-types.ts
+++ b/backend/src/services/app-connection/app-connection-types.ts
@@ -62,12 +62,6 @@ import {
  TCamundaConnectionInput,
  TValidateCamundaConnectionCredentialsSchema
 } from "./camunda";
 import {
  TCloudflareConnection,
  TCloudflareConnectionConfig,
  TCloudflareConnectionInput,
  TValidateCloudflareConnectionCredentialsSchema
 } from "./cloudflare/cloudflare-connection-types";
 import {
  TDatabricksConnection,
  TDatabricksConnectionConfig,
@@ -98,12 +92,6 @@ import {
  TGitHubRadarConnectionInput,
  TValidateGitHubRadarConnectionCredentialsSchema
 } from "./github-radar";
 import {
  TGitLabConnection,
  TGitLabConnectionConfig,
  TGitLabConnectionInput,
  TValidateGitLabConnectionCredentialsSchema
 } from "./gitlab";
 import {
  THCVaultConnection,
  THCVaultConnectionConfig,
@@ -165,6 +153,12 @@ import {
  TWindmillConnectionConfig,
  TWindmillConnectionInput
 } from "./windmill";
 import {
  TCloudflareConnection,
  TCloudflareConnectionConfig,
  TCloudflareConnectionInput,
  TValidateCloudflareConnectionCredentialsSchema
 } from "./cloudflare/cloudflare-connection-types";
 export type TAppConnection = { id: string } & (
  | TAwsConnection
@@ -194,7 +188,6 @@ export type TAppConnection = { id: string } & (
  | THerokuConnection
  | TRenderConnection
  | TFlyioConnection
  | TGitLabConnection
  | TCloudflareConnection
 );
@@ -230,7 +223,6 @@ export type TAppConnectionInput = { id: string } & (
  | THerokuConnectionInput
  | TRenderConnectionInput
  | TFlyioConnectionInput
  | TGitLabConnectionInput
  | TCloudflareConnectionInput
 );
@@ -274,7 +266,6 @@ export type TAppConnectionConfig =
  | THerokuConnectionConfig
  | TRenderConnectionConfig
  | TFlyioConnectionConfig
  | TGitLabConnectionConfig
  | TCloudflareConnectionConfig;
 export type TValidateAppConnectionCredentialsSchema =
@@ -305,7 +296,6 @@ export type TValidateAppConnectionCredentialsSchema =
  | TValidateHerokuConnectionCredentialsSchema
  | TValidateRenderConnectionCredentialsSchema
  | TValidateFlyioConnectionCredentialsSchema
  | TValidateGitLabConnectionCredentialsSchema
  | TValidateCloudflareConnectionCredentialsSchema;
 export type TListAwsConnectionKmsKeys = {
--- a/backend/src/services/app-connection/gitlab/gitlab-connection-enums.ts
+++ b/backend/src/services/app-connection/gitlab/gitlab-connection-enums.ts
@@ -1,9 +0,0 @@
 export enum GitLabConnectionMethod {
  OAuth = "oauth",
  AccessToken = "access-token"
 }
 export enum GitLabAccessTokenType {
  Project = "project",
  Personal = "personal"
 }
--- a/backend/src/services/app-connection/gitlab/gitlab-connection-fns.ts
+++ b/backend/src/services/app-connection/gitlab/gitlab-connection-fns.ts
@@ -1,351 +0,0 @@
 /* eslint-disable no-await-in-loop */
 import { GitbeakerRequestError, Gitlab } from "@gitbeaker/rest";
 import { AxiosError } from "axios";
 import { getConfig } from "@app/lib/config/env";
 import { request } from "@app/lib/config/request";
 import { BadRequestError, InternalServerError } from "@app/lib/errors";
 import { removeTrailingSlash } from "@app/lib/fn";
 import { logger } from "@app/lib/logger";
 import { blockLocalAndPrivateIpAddresses } from "@app/lib/validator";
 import { AppConnection } from "@app/services/app-connection/app-connection-enums";
 import { encryptAppConnectionCredentials } from "@app/services/app-connection/app-connection-fns";
 import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { TAppConnectionDALFactory } from "../app-connection-dal";
 import { GitLabAccessTokenType, GitLabConnectionMethod } from "./gitlab-connection-enums";
 import { TGitLabConnection, TGitLabConnectionConfig, TGitLabGroup, TGitLabProject } from "./gitlab-connection-types";
 interface GitLabOAuthTokenResponse {
  access_token: string;
  token_type: string;
  expires_in: number;
  refresh_token: string;
  created_at: number;
  scope?: string;
 }
 export const getGitLabConnectionListItem = () => {
  const { INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID } = getConfig();
  return {
    name: "GitLab" as const,
    app: AppConnection.GitLab as const,
    methods: Object.values(GitLabConnectionMethod) as [
      GitLabConnectionMethod.AccessToken,
      GitLabConnectionMethod.OAuth
    ],
    oauthClientId: INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID
  };
 };
 export const getGitLabInstanceUrl = async (instanceUrl?: string) => {
  const gitLabInstanceUrl = instanceUrl ? removeTrailingSlash(instanceUrl) : IntegrationUrls.GITLAB_URL;
  await blockLocalAndPrivateIpAddresses(gitLabInstanceUrl);
  return gitLabInstanceUrl;
 };
 export const getGitLabClient = async (accessToken: string, instanceUrl?: string, isOAuth = false) => {
  const host = await getGitLabInstanceUrl(instanceUrl);
  const client = new Gitlab<true>({
    host,
    ...(isOAuth ? { oauthToken: accessToken } : { token: accessToken }),
    camelize: true
  });
  return client;
 };
 export const refreshGitLabToken = async (
  refreshToken: string,
  appId: string,
  orgId: string,
  appConnectionDAL: Pick<TAppConnectionDALFactory, "updateById">,
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">,
  instanceUrl?: string
 ): Promise<string> => {
  const { INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID, INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_SECRET, SITE_URL } =
    getConfig();
  if (!INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_SECRET || !INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID || !SITE_URL) {
    throw new InternalServerError({
      message: `GitLab environment variables have not been configured`
    });
  }
  const payload = new URLSearchParams({
    grant_type: "refresh_token",
    refresh_token: refreshToken,
    client_id: INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID,
    client_secret: INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_SECRET,
    redirect_uri: `${SITE_URL}/organization/app-connections/gitlab/oauth/callback`
  });
  try {
    const url = await getGitLabInstanceUrl(instanceUrl);
    const { data } = await request.post<GitLabOAuthTokenResponse>(`${url}/oauth/token`, payload.toString(), {
      headers: {
        "Content-Type": "application/x-www-form-urlencoded",
        Accept: "application/json"
      }
    });
    const expiresAt = new Date(Date.now() + data.expires_in * 1000 - 600000);
    const encryptedCredentials = await encryptAppConnectionCredentials({
      credentials: {
        instanceUrl,
        tokenType: data.token_type,
        createdAt: new Date(data.created_at * 1000).toISOString(),
        refreshToken: data.refresh_token,
        accessToken: data.access_token,
        expiresAt
      },
      orgId,
      kmsService
    });
    await appConnectionDAL.updateById(appId, { encryptedCredentials });
    return data.access_token;
  } catch (error: unknown) {
    if (error instanceof AxiosError) {
      throw new BadRequestError({
        message: `Failed to refresh GitLab token: ${error.message}`
      });
    }
    throw new BadRequestError({
      message: "Unable to refresh GitLab token"
    });
  }
 };
 export const exchangeGitLabOAuthCode = async (
  code: string,
  instanceUrl?: string
 ): Promise<GitLabOAuthTokenResponse> => {
  const { INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID, INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_SECRET, SITE_URL } =
    getConfig();
  if (!INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_SECRET || !INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID || !SITE_URL) {
    throw new InternalServerError({
      message: `GitLab environment variables have not been configured`
    });
  }
  try {
    const payload = new URLSearchParams({
      grant_type: "authorization_code",
      code,
      client_id: INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID,
      client_secret: INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_SECRET,
      redirect_uri: `${SITE_URL}/organization/app-connections/gitlab/oauth/callback`
    });
    const url = await getGitLabInstanceUrl(instanceUrl);
    const response = await request.post<GitLabOAuthTokenResponse>(`${url}/oauth/token`, payload.toString(), {
      headers: {
        "Content-Type": "application/x-www-form-urlencoded",
        Accept: "application/json"
      }
    });
    if (!response.data) {
      throw new InternalServerError({
        message: "Failed to exchange OAuth code: Empty response"
      });
    }
    return response.data;
  } catch (error: unknown) {
    if (error instanceof AxiosError) {
      throw new BadRequestError({
        message: `Failed to exchange OAuth code: ${error.message}`
      });
    }
    throw new BadRequestError({
      message: "Unable to exchange OAuth code"
    });
  }
 };
 export const validateGitLabConnectionCredentials = async (config: TGitLabConnectionConfig) => {
  const { credentials: inputCredentials, method } = config;
  let accessToken: string;
  let oauthData: GitLabOAuthTokenResponse | null = null;
  if (method === GitLabConnectionMethod.OAuth && "code" in inputCredentials) {
    oauthData = await exchangeGitLabOAuthCode(inputCredentials.code, inputCredentials.instanceUrl);
    accessToken = oauthData.access_token;
  } else if (method === GitLabConnectionMethod.AccessToken && "accessToken" in inputCredentials) {
    accessToken = inputCredentials.accessToken;
  } else {
    throw new BadRequestError({
      message: "Invalid credentials for the selected connection method"
    });
  }
  try {
    const client = await getGitLabClient(
      accessToken,
      inputCredentials.instanceUrl,
      method === GitLabConnectionMethod.OAuth
    );
    await client.Users.showCurrentUser();
  } catch (error: unknown) {
    logger.error(error, "Error validating GitLab connection credentials");
    if (error instanceof GitbeakerRequestError) {
      throw new BadRequestError({
        message: `Failed to validate credentials: ${error.message ?? "Unknown error"}${error.cause?.description && error.message !== "Unauthorized" ? `. Cause: ${error.cause.description}` : ""}`
      });
    }
    throw new BadRequestError({
      message: `Failed to validate credentials: ${(error as Error)?.message || "verify credentials"}`
    });
  }
  if (method === GitLabConnectionMethod.OAuth && oauthData) {
    return {
      accessToken,
      instanceUrl: inputCredentials.instanceUrl,
      refreshToken: oauthData.refresh_token,
      expiresAt: new Date(Date.now() + oauthData.expires_in * 1000 - 60000),
      tokenType: oauthData.token_type,
      createdAt: new Date(oauthData.created_at * 1000)
    };
  }
  return inputCredentials;
 };
 export const listGitLabProjects = async ({
  appConnection,
  appConnectionDAL,
  kmsService
 }: {
  appConnection: TGitLabConnection;
  appConnectionDAL: Pick<TAppConnectionDALFactory, "updateById">;
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">;
 }): Promise<TGitLabProject[]> => {
  let { accessToken } = appConnection.credentials;
  if (
    appConnection.method === GitLabConnectionMethod.OAuth &&
    appConnection.credentials.refreshToken &&
    new Date(appConnection.credentials.expiresAt) < new Date()
  ) {
    accessToken = await refreshGitLabToken(
      appConnection.credentials.refreshToken,
      appConnection.id,
      appConnection.orgId,
      appConnectionDAL,
      kmsService,
      appConnection.credentials.instanceUrl
    );
  }
  try {
    const client = await getGitLabClient(
      accessToken,
      appConnection.credentials.instanceUrl,
      appConnection.method === GitLabConnectionMethod.OAuth
    );
    const projects = await client.Projects.all({
      archived: false,
      includePendingDelete: false,
      membership: true,
      includeHidden: false,
      imported: false
    });
    return projects.map((project) => ({
      name: project.pathWithNamespace,
      id: project.id.toString()
    }));
  } catch (error: unknown) {
    if (error instanceof GitbeakerRequestError) {
      throw new BadRequestError({
        message: `Failed to fetch GitLab projects: ${error.message ?? "Unknown error"}${error.cause?.description && error.message !== "Unauthorized" ? `. Cause: ${error.cause.description}` : ""}`
      });
    }
    if (error instanceof InternalServerError) {
      throw error;
    }
    throw new InternalServerError({
      message: "Unable to fetch GitLab projects"
    });
  }
 };
 export const listGitLabGroups = async ({
  appConnection,
  appConnectionDAL,
  kmsService
 }: {
  appConnection: TGitLabConnection;
  appConnectionDAL: Pick<TAppConnectionDALFactory, "updateById">;
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">;
 }): Promise<TGitLabGroup[]> => {
  let { accessToken } = appConnection.credentials;
  if (
    appConnection.method === GitLabConnectionMethod.AccessToken &&
    appConnection.credentials.accessTokenType === GitLabAccessTokenType.Project
  ) {
    return [];
  }
  if (
    appConnection.method === GitLabConnectionMethod.OAuth &&
    appConnection.credentials.refreshToken &&
    new Date(appConnection.credentials.expiresAt) < new Date()
  ) {
    accessToken = await refreshGitLabToken(
      appConnection.credentials.refreshToken,
      appConnection.id,
      appConnection.orgId,
      appConnectionDAL,
      kmsService,
      appConnection.credentials.instanceUrl
    );
  }
  try {
    const client = await getGitLabClient(
      accessToken,
      appConnection.credentials.instanceUrl,
      appConnection.method === GitLabConnectionMethod.OAuth
    );
    const groups = await client.Groups.all({
      orderBy: "name",
      sort: "asc",
      minAccessLevel: 50
    });
    return groups.map((group) => ({
      id: group.id.toString(),
      name: group.name
    }));
  } catch (error: unknown) {
    if (error instanceof GitbeakerRequestError) {
      throw new BadRequestError({
        message: `Failed to fetch GitLab groups: ${error.message ?? "Unknown error"}${error.cause?.description && error.message !== "Unauthorized" ? `. Cause: ${error.cause.description}` : ""}`
      });
    }
    if (error instanceof InternalServerError) {
      throw error;
    }
    throw new InternalServerError({
      message: "Unable to fetch GitLab groups"
    });
  }
 };
--- a/backend/src/services/app-connection/gitlab/gitlab-connection-schemas.ts
+++ b/backend/src/services/app-connection/gitlab/gitlab-connection-schemas.ts
@@ -1,138 +0,0 @@
 import z from "zod";
 import { AppConnections } from "@app/lib/api-docs";
 import { AppConnection } from "@app/services/app-connection/app-connection-enums";
 import {
  BaseAppConnectionSchema,
  GenericCreateAppConnectionFieldsSchema,
  GenericUpdateAppConnectionFieldsSchema
 } from "@app/services/app-connection/app-connection-schemas";
 import { GitLabAccessTokenType, GitLabConnectionMethod } from "./gitlab-connection-enums";
 export const GitLabConnectionAccessTokenCredentialsSchema = z.object({
  accessToken: z
    .string()
    .trim()
    .min(1, "Access Token required")
    .describe(AppConnections.CREDENTIALS.GITLAB.accessToken),
  instanceUrl: z
    .string()
    .trim()
    .url("Invalid Instance URL")
    .optional()
    .describe(AppConnections.CREDENTIALS.GITLAB.instanceUrl),
  accessTokenType: z.nativeEnum(GitLabAccessTokenType).describe(AppConnections.CREDENTIALS.GITLAB.accessTokenType)
 });
 export const GitLabConnectionOAuthCredentialsSchema = z.object({
  code: z.string().trim().min(1, "OAuth code required").describe(AppConnections.CREDENTIALS.GITLAB.code),
  instanceUrl: z
    .string()
    .trim()
    .url("Invalid Instance URL")
    .optional()
    .describe(AppConnections.CREDENTIALS.GITLAB.instanceUrl)
 });
 export const GitLabConnectionOAuthOutputCredentialsSchema = z.object({
  accessToken: z.string().trim(),
  refreshToken: z.string().trim(),
  expiresAt: z.date(),
  tokenType: z.string().optional().default("bearer"),
  createdAt: z.string().optional(),
  instanceUrl: z
    .string()
    .trim()
    .url("Invalid Instance URL")
    .optional()
    .describe(AppConnections.CREDENTIALS.GITLAB.instanceUrl)
 });
 export const GitLabConnectionRefreshTokenCredentialsSchema = z.object({
  refreshToken: z.string().trim().min(1, "Refresh token required"),
  instanceUrl: z
    .string()
    .trim()
    .url("Invalid Instance URL")
    .optional()
    .describe(AppConnections.CREDENTIALS.GITLAB.instanceUrl)
 });
 const BaseGitLabConnectionSchema = BaseAppConnectionSchema.extend({
  app: z.literal(AppConnection.GitLab)
 });
 export const GitLabConnectionSchema = z.intersection(
  BaseGitLabConnectionSchema,
  z.discriminatedUnion("method", [
    z.object({
      method: z.literal(GitLabConnectionMethod.AccessToken),
      credentials: GitLabConnectionAccessTokenCredentialsSchema
    }),
    z.object({
      method: z.literal(GitLabConnectionMethod.OAuth),
      credentials: GitLabConnectionOAuthOutputCredentialsSchema
    })
  ])
 );
 export const SanitizedGitLabConnectionSchema = z.discriminatedUnion("method", [
  BaseGitLabConnectionSchema.extend({
    method: z.literal(GitLabConnectionMethod.AccessToken),
    credentials: GitLabConnectionAccessTokenCredentialsSchema.pick({
      instanceUrl: true,
      accessTokenType: true
    })
  }),
  BaseGitLabConnectionSchema.extend({
    method: z.literal(GitLabConnectionMethod.OAuth),
    credentials: GitLabConnectionOAuthOutputCredentialsSchema.pick({
      instanceUrl: true
    })
  })
 ]);
 export const ValidateGitLabConnectionCredentialsSchema = z.discriminatedUnion("method", [
  z.object({
    method: z.literal(GitLabConnectionMethod.AccessToken).describe(AppConnections.CREATE(AppConnection.GitLab).method),
    credentials: GitLabConnectionAccessTokenCredentialsSchema.describe(
      AppConnections.CREATE(AppConnection.GitLab).credentials
    )
  }),
  z.object({
    method: z.literal(GitLabConnectionMethod.OAuth).describe(AppConnections.CREATE(AppConnection.GitLab).method),
    credentials: z
      .union([
        GitLabConnectionOAuthCredentialsSchema,
        GitLabConnectionRefreshTokenCredentialsSchema,
        GitLabConnectionOAuthOutputCredentialsSchema
      ])
      .describe(AppConnections.CREATE(AppConnection.GitLab).credentials)
  })
 ]);
 export const CreateGitLabConnectionSchema = ValidateGitLabConnectionCredentialsSchema.and(
  GenericCreateAppConnectionFieldsSchema(AppConnection.GitLab)
 );
 export const UpdateGitLabConnectionSchema = z
  .object({
    credentials: z
      .union([
        GitLabConnectionAccessTokenCredentialsSchema,
        GitLabConnectionOAuthOutputCredentialsSchema,
        GitLabConnectionRefreshTokenCredentialsSchema,
        GitLabConnectionOAuthCredentialsSchema
      ])
      .optional()
      .describe(AppConnections.UPDATE(AppConnection.GitLab).credentials)
  })
  .and(GenericUpdateAppConnectionFieldsSchema(AppConnection.GitLab));
 export const GitLabConnectionListItemSchema = z.object({
  name: z.literal("GitLab"),
  app: z.literal(AppConnection.GitLab),
  methods: z.nativeEnum(GitLabConnectionMethod).array(),
  oauthClientId: z.string().optional()
 });
--- a/backend/src/services/app-connection/gitlab/gitlab-connection-service.ts
+++ b/backend/src/services/app-connection/gitlab/gitlab-connection-service.ts
@@ -1,47 +0,0 @@
 import { logger } from "@app/lib/logger";
 import { OrgServiceActor } from "@app/lib/types";
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { TAppConnectionDALFactory } from "../app-connection-dal";
 import { AppConnection } from "../app-connection-enums";
 import { listGitLabGroups, listGitLabProjects } from "./gitlab-connection-fns";
 import { TGitLabConnection } from "./gitlab-connection-types";
 type TGetAppConnectionFunc = (
  app: AppConnection,
  connectionId: string,
  actor: OrgServiceActor
 ) => Promise<TGitLabConnection>;
 export const gitlabConnectionService = (
  getAppConnection: TGetAppConnectionFunc,
  appConnectionDAL: Pick<TAppConnectionDALFactory, "updateById">,
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">
 ) => {
  const listProjects = async (connectionId: string, actor: OrgServiceActor) => {
    try {
      const appConnection = await getAppConnection(AppConnection.GitLab, connectionId, actor);
      const projects = await listGitLabProjects({ appConnection, appConnectionDAL, kmsService });
      return projects;
    } catch (error) {
      logger.error(error, `Failed to establish connection with GitLab for app ${connectionId}`);
      return [];
    }
  };
  const listGroups = async (connectionId: string, actor: OrgServiceActor) => {
    try {
      const appConnection = await getAppConnection(AppConnection.GitLab, connectionId, actor);
      const groups = await listGitLabGroups({ appConnection, appConnectionDAL, kmsService });
      return groups;
    } catch (error) {
      logger.error(error, `Failed to establish connection with GitLab for app ${connectionId}`);
      return [];
    }
  };
  return {
    listProjects,
    listGroups
  };
 };
--- a/backend/src/services/app-connection/gitlab/gitlab-connection-types.ts
+++ b/backend/src/services/app-connection/gitlab/gitlab-connection-types.ts
@@ -1,56 +0,0 @@
 import z from "zod";
 import { DiscriminativePick } from "@app/lib/types";
 import { AppConnection } from "../app-connection-enums";
 import {
  CreateGitLabConnectionSchema,
  GitLabConnectionSchema,
  ValidateGitLabConnectionCredentialsSchema
 } from "./gitlab-connection-schemas";
 export type TGitLabConnection = z.infer<typeof GitLabConnectionSchema>;
 export type TGitLabConnectionInput = z.infer<typeof CreateGitLabConnectionSchema> & {
  app: AppConnection.GitLab;
 };
 export type TValidateGitLabConnectionCredentialsSchema = typeof ValidateGitLabConnectionCredentialsSchema;
 export type TGitLabConnectionConfig = DiscriminativePick<TGitLabConnectionInput, "method" | "app" | "credentials"> & {
  orgId: string;
 };
 export type TGitLabProject = {
  name: string;
  id: string;
 };
 export type TGitLabAccessTokenCredentials = {
  accessToken: string;
  instanceUrl: string;
 };
 export type TGitLabOAuthCredentials = {
  accessToken: string;
  refreshToken: string;
  expiresAt: Date;
  tokenType?: string;
  createdAt?: Date;
  instanceUrl: string;
 };
 export type TGitLabOAuthCodeCredentials = {
  code: string;
  instanceUrl: string;
 };
 export type TGitLabRefreshTokenCredentials = {
  refreshToken: string;
  instanceUrl: string;
 };
 export interface TGitLabGroup {
  id: string;
  name: string;
 }
--- a/backend/src/services/app-connection/gitlab/index.ts
+++ b/backend/src/services/app-connection/gitlab/index.ts
@@ -1,4 +0,0 @@
 export * from "./gitlab-connection-enums";
 export * from "./gitlab-connection-fns";
 export * from "./gitlab-connection-schemas";
 export * from "./gitlab-connection-types";
--- a/backend/src/services/secret-sync/gitlab/gitlab-sync-constants.ts
+++ b/backend/src/services/secret-sync/gitlab/gitlab-sync-constants.ts
@@ -1,10 +0,0 @@
 import { AppConnection } from "@app/services/app-connection/app-connection-enums";
 import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
 import { TSecretSyncListItem } from "@app/services/secret-sync/secret-sync-types";
 export const GITLAB_SYNC_LIST_OPTION: TSecretSyncListItem = {
  name: "GitLab",
  destination: SecretSync.GitLab,
  connection: AppConnection.GitLab,
  canImportSecrets: false
 };
--- a/backend/src/services/secret-sync/gitlab/gitlab-sync-enums.ts
+++ b/backend/src/services/secret-sync/gitlab/gitlab-sync-enums.ts
@@ -1,4 +0,0 @@
 export enum GitLabSyncScope {
  Project = "project",
  Group = "group"
 }
--- a/backend/src/services/secret-sync/gitlab/gitlab-sync-fns.ts
+++ b/backend/src/services/secret-sync/gitlab/gitlab-sync-fns.ts
@@ -1,452 +0,0 @@
 /* eslint-disable no-await-in-loop */
 import { GitbeakerRequestError } from "@gitbeaker/rest";
 import { TAppConnectionDALFactory } from "@app/services/app-connection/app-connection-dal";
 import {
  getGitLabClient,
  GitLabConnectionMethod,
  refreshGitLabToken,
  TGitLabConnection
 } from "@app/services/app-connection/gitlab";
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { TGitLabSyncWithCredentials, TGitLabVariable } from "@app/services/secret-sync/gitlab/gitlab-sync-types";
 import { SecretSyncError } from "@app/services/secret-sync/secret-sync-errors";
 import { matchesSchema } from "@app/services/secret-sync/secret-sync-fns";
 import { TSecretMap } from "@app/services/secret-sync/secret-sync-types";
 import { SECRET_SYNC_NAME_MAP } from "../secret-sync-maps";
 import { GitLabSyncScope } from "./gitlab-sync-enums";
 interface TGitLabVariablePayload {
  key?: string;
  value: string;
  variable_type?: "env_var" | "file";
  environment_scope?: string;
  protected?: boolean;
  masked?: boolean;
  masked_and_hidden?: boolean;
  description?: string;
 }
 interface TGitLabVariableCreate extends TGitLabVariablePayload {
  key: string;
 }
 interface TGitLabVariableUpdate extends Omit<TGitLabVariablePayload, "key"> {}
 type TGitLabSyncFactoryDeps = {
  appConnectionDAL: Pick<TAppConnectionDALFactory, "updateById">;
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">;
 };
 const getValidAccessToken = async (
  connection: TGitLabConnection,
  appConnectionDAL: Pick<TAppConnectionDALFactory, "updateById">,
  kmsService: Pick<TKmsServiceFactory, "createCipherPairWithDataKey">
 ): Promise<string> => {
  if (
    connection.method === GitLabConnectionMethod.OAuth &&
    connection.credentials.refreshToken &&
    new Date(connection.credentials.expiresAt) < new Date()
  ) {
    const accessToken = await refreshGitLabToken(
      connection.credentials.refreshToken,
      connection.id,
      connection.orgId,
      appConnectionDAL,
      kmsService,
      connection.credentials.instanceUrl
    );
    return accessToken;
  }
  return connection.credentials.accessToken;
 };
 const getGitLabVariables = async ({
  accessToken,
  connection,
  scope,
  resourceId,
  targetEnvironment
 }: {
  accessToken: string;
  connection: TGitLabConnection;
  scope: GitLabSyncScope;
  resourceId: string;
  targetEnvironment?: string;
 }): Promise<TGitLabVariable[]> => {
  try {
    const client = await getGitLabClient(
      accessToken,
      connection.credentials.instanceUrl,
      connection.method === GitLabConnectionMethod.OAuth
    );
    let variables: TGitLabVariable[] = [];
    if (scope === GitLabSyncScope.Project) {
      variables = await client.ProjectVariables.all(resourceId);
    } else {
      variables = await client.GroupVariables.all(resourceId);
    }
    if (targetEnvironment) {
      variables = variables.filter((v) => v.environmentScope === targetEnvironment);
    }
    return variables;
  } catch (error) {
    if (error instanceof GitbeakerRequestError) {
      throw new SecretSyncError({
        error: new Error(
          `Failed to fetch variables: ${error.message ?? "Unknown error"}${error.cause?.description && error.message !== "Unauthorized" ? `. Cause: ${error.cause.description}` : ""}`
        )
      });
    }
    throw new SecretSyncError({
      error
    });
  }
 };
 const createGitLabVariable = async ({
  accessToken,
  connection,
  scope,
  resourceId,
  variable
 }: {
  accessToken: string;
  connection: TGitLabConnection;
  scope: GitLabSyncScope;
  resourceId: string;
  variable: TGitLabVariableCreate;
 }): Promise<void> => {
  try {
    const client = await getGitLabClient(
      accessToken,
      connection.credentials.instanceUrl,
      connection.method === GitLabConnectionMethod.OAuth
    );
    const payload = {
      key: variable.key,
      value: variable.value,
      variableType: "env_var",
      environmentScope: variable.environment_scope || "*",
      protected: variable.protected || false,
      masked: variable.masked || false,
      masked_and_hidden: variable.masked_and_hidden || false,
      raw: false
    };
    if (scope === GitLabSyncScope.Project) {
      await client.ProjectVariables.create(resourceId, payload.key, payload.value, {
        variableType: "env_var",
        environmentScope: payload.environmentScope,
        protected: payload.protected,
        masked: payload.masked,
        masked_and_hidden: payload.masked_and_hidden,
        raw: false
      });
    } else {
      await client.GroupVariables.create(resourceId, payload.key, payload.value, {
        variableType: "env_var",
        environmentScope: payload.environmentScope,
        protected: payload.protected,
        masked: payload.masked,
        ...(payload.masked_and_hidden && { masked_and_hidden: payload.masked_and_hidden }),
        raw: false
      });
    }
  } catch (error) {
    if (error instanceof GitbeakerRequestError) {
      throw new SecretSyncError({
        error: new Error(
          `Failed to create variable: ${error.message ?? "Unknown error"}${error.cause?.description && error.message !== "Unauthorized" ? `. Cause: ${error.cause.description}` : ""}`
        ),
        secretKey: variable.key
      });
    }
    throw new SecretSyncError({
      error,
      secretKey: variable.key
    });
  }
 };
 const updateGitLabVariable = async ({
  accessToken,
  connection,
  scope,
  resourceId,
  key,
  variable,
  targetEnvironment
 }: {
  accessToken: string;
  connection: TGitLabConnection;
  scope: GitLabSyncScope;
  resourceId: string;
  key: string;
  variable: TGitLabVariableUpdate;
  targetEnvironment?: string;
 }): Promise<void> => {
  try {
    const client = await getGitLabClient(
      accessToken,
      connection.credentials.instanceUrl,
      connection.method === GitLabConnectionMethod.OAuth
    );
    const options = {
      ...(variable.environment_scope && { environmentScope: variable.environment_scope }),
      ...(variable.protected !== undefined && { protected: variable.protected }),
      ...(variable.masked !== undefined && { masked: variable.masked })
    };
    if (targetEnvironment) {
      options.environmentScope = targetEnvironment;
    }
    if (scope === GitLabSyncScope.Project) {
      await client.ProjectVariables.edit(resourceId, key, variable.value, {
        ...options,
        filter: { environment_scope: targetEnvironment || "*" }
      });
    } else {
      await client.GroupVariables.edit(resourceId, key, variable.value, {
        ...options,
        filter: { environment_scope: targetEnvironment || "*" }
      });
    }
  } catch (error) {
    if (error instanceof GitbeakerRequestError) {
      throw new SecretSyncError({
        error: new Error(
          `Failed to update variable: ${error.message ?? "Unknown error"}${error.cause?.description && error.message !== "Unauthorized" ? `. Cause: ${error.cause.description}` : ""}`
        ),
        secretKey: key
      });
    }
    throw new SecretSyncError({
      error,
      secretKey: key
    });
  }
 };
 const deleteGitLabVariable = async ({
  accessToken,
  connection,
  scope,
  resourceId,
  key,
  targetEnvironment,
  allVariables
 }: {
  accessToken: string;
  connection: TGitLabConnection;
  scope: GitLabSyncScope;
  resourceId: string;
  key: string;
  targetEnvironment?: string;
  allVariables?: TGitLabVariable[];
 }): Promise<void> => {
  if (allVariables && !allVariables.find((v) => v.key === key)) {
    return;
  }
  try {
    const client = await getGitLabClient(
      accessToken,
      connection.credentials.instanceUrl,
      connection.method === GitLabConnectionMethod.OAuth
    );
    const options: { filter?: { environment_scope: string } } = {};
    if (targetEnvironment) {
      options.filter = { environment_scope: targetEnvironment || "*" };
    }
    if (scope === GitLabSyncScope.Project) {
      await client.ProjectVariables.remove(resourceId, key, options);
    } else {
      await client.GroupVariables.remove(resourceId, key);
    }
  } catch (error: unknown) {
    if (error instanceof GitbeakerRequestError) {
      throw new SecretSyncError({
        error: new Error(
          `Failed to delete variable: ${error.message ?? "Unknown error"}${error.cause?.description && error.message !== "Unauthorized" ? `. Cause: ${error.cause.description}` : ""}`
        ),
        secretKey: key
      });
    }
    throw new SecretSyncError({
      error,
      secretKey: key
    });
  }
 };
 export const GitLabSyncFns = {
  syncSecrets: async (
    secretSync: TGitLabSyncWithCredentials,
    secretMap: TSecretMap,
    { appConnectionDAL, kmsService }: TGitLabSyncFactoryDeps
  ): Promise<void> => {
    const { connection, environment, destinationConfig } = secretSync;
    const { scope, targetEnvironment } = destinationConfig;
    const resourceId = scope === GitLabSyncScope.Project ? destinationConfig.projectId : destinationConfig.groupId;
    const accessToken = await getValidAccessToken(connection, appConnectionDAL, kmsService);
    try {
      const currentVariables = await getGitLabVariables({
        accessToken,
        connection,
        scope,
        resourceId,
        targetEnvironment
      });
      const currentVariableMap = new Map(currentVariables.map((v) => [v.key, v]));
      for (const [key, { value }] of Object.entries(secretMap)) {
        if (value?.length < 8 && destinationConfig.shouldMaskSecrets) {
          throw new SecretSyncError({
            message: `Secret ${key} is too short to be masked. GitLab requires a minimum of 8 characters for masked secrets.`,
            secretKey: key
          });
        }
        try {
          const existingVariable = currentVariableMap.get(key);
          if (existingVariable) {
            if (
              existingVariable.value !== value ||
              existingVariable.environmentScope !== targetEnvironment ||
              existingVariable.protected !== destinationConfig.shouldProtectSecrets ||
              existingVariable.masked !== destinationConfig.shouldMaskSecrets
            ) {
              await updateGitLabVariable({
                accessToken,
                connection,
                scope,
                resourceId,
                key,
                variable: {
                  value,
                  environment_scope: targetEnvironment,
                  protected: destinationConfig.shouldProtectSecrets,
                  masked: destinationConfig.shouldMaskSecrets || existingVariable.hidden
                },
                targetEnvironment
              });
            }
          } else {
            await createGitLabVariable({
              accessToken,
              connection,
              scope,
              resourceId,
              variable: {
                key,
                value,
                variable_type: "env_var",
                environment_scope: targetEnvironment || "*",
                protected: destinationConfig.shouldProtectSecrets || false,
                masked: destinationConfig.shouldMaskSecrets || false,
                masked_and_hidden: destinationConfig.shouldHideSecrets || false
              }
            });
          }
        } catch (error) {
          throw new SecretSyncError({
            error,
            secretKey: key
          });
        }
      }
      if (!secretSync.syncOptions.disableSecretDeletion) {
        for (const variable of currentVariables) {
          try {
            const shouldDelete =
              matchesSchema(variable.key, environment?.slug || "", secretSync.syncOptions.keySchema) &&
              !(variable.key in secretMap);
            if (shouldDelete) {
              await deleteGitLabVariable({
                accessToken,
                connection,
                scope,
                resourceId,
                key: variable.key,
                targetEnvironment
              });
            }
          } catch (error) {
            throw new SecretSyncError({
              error,
              secretKey: variable.key
            });
          }
        }
      }
    } catch (error) {
      if (error instanceof SecretSyncError) {
        throw error;
      }
      throw new SecretSyncError({
        message: "Failed to sync secrets",
        error
      });
    }
  },
  removeSecrets: async (
    secretSync: TGitLabSyncWithCredentials,
    secretMap: TSecretMap,
    { appConnectionDAL, kmsService }: TGitLabSyncFactoryDeps
  ): Promise<void> => {
    const { connection, destinationConfig } = secretSync;
    const { scope, targetEnvironment } = destinationConfig;
    const resourceId = scope === GitLabSyncScope.Project ? destinationConfig.projectId : destinationConfig.groupId;
    const accessToken = await getValidAccessToken(connection, appConnectionDAL, kmsService);
    const allVariables = await getGitLabVariables({
      accessToken,
      connection,
      scope,
      resourceId,
      targetEnvironment
    });
    for (const key of Object.keys(secretMap)) {
      try {
        await deleteGitLabVariable({
          accessToken,
          connection,
          scope,
          resourceId,
          key,
          targetEnvironment,
          allVariables
        });
      } catch (error) {
        throw new SecretSyncError({
          error,
          secretKey: key
        });
      }
    }
  },
  getSecrets: async (secretSync: TGitLabSyncWithCredentials): Promise<TSecretMap> => {
    throw new Error(`${SECRET_SYNC_NAME_MAP[secretSync.destination]} does not support importing secrets.`);
  }
 };
--- a/backend/src/services/secret-sync/gitlab/gitlab-sync-schemas.ts
+++ b/backend/src/services/secret-sync/gitlab/gitlab-sync-schemas.ts
@@ -1,97 +0,0 @@
 import { z } from "zod";
 import { SecretSyncs } from "@app/lib/api-docs";
 import { AppConnection } from "@app/services/app-connection/app-connection-enums";
 import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
 import {
  BaseSecretSyncSchema,
  GenericCreateSecretSyncFieldsSchema,
  GenericUpdateSecretSyncFieldsSchema
 } from "@app/services/secret-sync/secret-sync-schemas";
 import { TSyncOptionsConfig } from "@app/services/secret-sync/secret-sync-types";
 import { GitLabSyncScope } from "./gitlab-sync-enums";
 const GitLabSyncDestinationConfigSchema = z.discriminatedUnion("scope", [
  z.object({
    scope: z.literal(GitLabSyncScope.Project).describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.scope),
    projectId: z.string().min(1, "Project ID is required").describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.projectId),
    projectName: z
      .string()
      .min(1, "Project name is required")
      .describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.projectName),
    targetEnvironment: z
      .string()
      .optional()
      .default("*")
      .describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.targetEnvironment),
    shouldProtectSecrets: z
      .boolean()
      .optional()
      .default(false)
      .describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.shouldProtectSecrets),
    shouldMaskSecrets: z
      .boolean()
      .optional()
      .default(false)
      .describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.shouldMaskSecrets),
    shouldHideSecrets: z
      .boolean()
      .optional()
      .default(false)
      .describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.shouldHideSecrets)
  }),
  z.object({
    scope: z.literal(GitLabSyncScope.Group).describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.scope),
    groupId: z.string().min(1, "Group ID is required").describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.groupId),
    groupName: z.string().min(1, "Group name is required").describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.groupName),
    targetEnvironment: z
      .string()
      .optional()
      .default("*")
      .describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.targetEnvironment),
    shouldProtectSecrets: z
      .boolean()
      .optional()
      .default(false)
      .describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.shouldProtectSecrets),
    shouldMaskSecrets: z
      .boolean()
      .optional()
      .default(false)
      .describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.shouldMaskSecrets),
    shouldHideSecrets: z
      .boolean()
      .optional()
      .default(false)
      .describe(SecretSyncs.DESTINATION_CONFIG.GITLAB.shouldHideSecrets)
  })
 ]);
 const GitLabSyncOptionsConfig: TSyncOptionsConfig = { canImportSecrets: false };
 export const GitLabSyncSchema = BaseSecretSyncSchema(SecretSync.GitLab, GitLabSyncOptionsConfig).extend({
  destination: z.literal(SecretSync.GitLab),
  destinationConfig: GitLabSyncDestinationConfigSchema
 });
 export const CreateGitLabSyncSchema = GenericCreateSecretSyncFieldsSchema(
  SecretSync.GitLab,
  GitLabSyncOptionsConfig
 ).extend({
  destinationConfig: GitLabSyncDestinationConfigSchema
 });
 export const UpdateGitLabSyncSchema = GenericUpdateSecretSyncFieldsSchema(
  SecretSync.GitLab,
  GitLabSyncOptionsConfig
 ).extend({
  destinationConfig: GitLabSyncDestinationConfigSchema.optional()
 });
 export const GitLabSyncListItemSchema = z.object({
  name: z.literal("GitLab"),
  connection: z.literal(AppConnection.GitLab),
  destination: z.literal(SecretSync.GitLab),
  canImportSecrets: z.literal(false)
 });
--- a/backend/src/services/secret-sync/gitlab/gitlab-sync-types.ts
+++ b/backend/src/services/secret-sync/gitlab/gitlab-sync-types.ts
@@ -1,58 +0,0 @@
 import { z } from "zod";
 import { TGitLabConnection } from "@app/services/app-connection/gitlab";
 import { CreateGitLabSyncSchema, GitLabSyncListItemSchema, GitLabSyncSchema } from "./gitlab-sync-schemas";
 export type TGitLabSync = z.infer<typeof GitLabSyncSchema>;
 export type TGitLabSyncInput = z.infer<typeof CreateGitLabSyncSchema>;
 export type TGitLabSyncListItem = z.infer<typeof GitLabSyncListItemSchema>;
 export type TGitLabSyncWithCredentials = TGitLabSync & {
  connection: TGitLabConnection;
 };
 export type TGitLabVariable = {
  key: string;
  value: string;
  protected: boolean;
  masked: boolean;
  environmentScope?: string;
  hidden?: boolean;
 };
 export type TGitLabVariableCreate = {
  key: string;
  value: string;
  variable_type?: "env_var" | "file";
  protected?: boolean;
  masked?: boolean;
  raw?: boolean;
  environment_scope?: string;
  description?: string;
 };
 export type TGitLabVariableUpdate = {
  value: string;
  variable_type?: "env_var" | "file";
  protected?: boolean;
  masked?: boolean;
  raw?: boolean;
  environment_scope?: string;
  description?: string | null;
 };
 export type TGitLabListVariables = {
  accessToken: string;
  projectId: string;
  environmentScope?: string;
 };
 export type TGitLabCreateVariable = TGitLabListVariables & {
  variable: TGitLabVariableCreate;
 };
 export type TGitLabUpdateVariable = TGitLabListVariables & {
  key: string;
  variable: TGitLabVariableUpdate;
 };
--- a/backend/src/services/secret-sync/gitlab/index.ts
+++ b/backend/src/services/secret-sync/gitlab/index.ts
@@ -1,4 +0,0 @@
 export * from "./gitlab-sync-constants";
 export * from "./gitlab-sync-fns";
 export * from "./gitlab-sync-schemas";
 export * from "./gitlab-sync-types";
--- a/backend/src/services/secret-sync/secret-sync-enums.ts
+++ b/backend/src/services/secret-sync/secret-sync-enums.ts
@@ -19,7 +19,6 @@ export enum SecretSync {
  Heroku = "heroku",
  Render = "render",
  Flyio = "flyio",
  GitLab = "gitlab",
  CloudflarePages = "cloudflare-pages"
 }
--- a/backend/src/services/secret-sync/secret-sync-fns.ts
+++ b/backend/src/services/secret-sync/secret-sync-fns.ts
@@ -34,7 +34,6 @@ import { CloudflarePagesSyncFns } from "./cloudflare-pages/cloudflare-pages-fns"
 import { FLYIO_SYNC_LIST_OPTION, FlyioSyncFns } from "./flyio";
 import { GCP_SYNC_LIST_OPTION } from "./gcp";
 import { GcpSyncFns } from "./gcp/gcp-sync-fns";
 import { GITLAB_SYNC_LIST_OPTION, GitLabSyncFns } from "./gitlab";
 import { HC_VAULT_SYNC_LIST_OPTION, HCVaultSyncFns } from "./hc-vault";
 import { HEROKU_SYNC_LIST_OPTION, HerokuSyncFns } from "./heroku";
 import { HUMANITEC_SYNC_LIST_OPTION } from "./humanitec";
@@ -67,7 +66,6 @@ const SECRET_SYNC_LIST_OPTIONS: Record<SecretSync, TSecretSyncListItem> = {
  [SecretSync.Heroku]: HEROKU_SYNC_LIST_OPTION,
  [SecretSync.Render]: RENDER_SYNC_LIST_OPTION,
  [SecretSync.Flyio]: FLYIO_SYNC_LIST_OPTION,
  [SecretSync.GitLab]: GITLAB_SYNC_LIST_OPTION,
  [SecretSync.CloudflarePages]: CLOUDFLARE_PAGES_SYNC_LIST_OPTION
 };
@@ -232,8 +230,6 @@ export const SecretSyncFns = {
        return RenderSyncFns.syncSecrets(secretSync, schemaSecretMap);
      case SecretSync.Flyio:
        return FlyioSyncFns.syncSecrets(secretSync, schemaSecretMap);
      case SecretSync.GitLab:
        return GitLabSyncFns.syncSecrets(secretSync, schemaSecretMap, { appConnectionDAL, kmsService });
      case SecretSync.CloudflarePages:
        return CloudflarePagesSyncFns.syncSecrets(secretSync, schemaSecretMap);
      default:
@@ -322,9 +318,6 @@ export const SecretSyncFns = {
      case SecretSync.Flyio:
        secretMap = await FlyioSyncFns.getSecrets(secretSync);
        break;
      case SecretSync.GitLab:
        secretMap = await GitLabSyncFns.getSecrets(secretSync);
        break;
      case SecretSync.CloudflarePages:
        secretMap = await CloudflarePagesSyncFns.getSecrets(secretSync);
        break;
@@ -401,8 +394,6 @@ export const SecretSyncFns = {
        return RenderSyncFns.removeSecrets(secretSync, schemaSecretMap);
      case SecretSync.Flyio:
        return FlyioSyncFns.removeSecrets(secretSync, schemaSecretMap);
      case SecretSync.GitLab:
        return GitLabSyncFns.removeSecrets(secretSync, schemaSecretMap, { appConnectionDAL, kmsService });
      case SecretSync.CloudflarePages:
        return CloudflarePagesSyncFns.removeSecrets(secretSync, schemaSecretMap);
      default:
--- a/backend/src/services/secret-sync/secret-sync-maps.ts
+++ b/backend/src/services/secret-sync/secret-sync-maps.ts
@@ -22,7 +22,6 @@ export const SECRET_SYNC_NAME_MAP: Record<SecretSync, string> = {
  [SecretSync.Heroku]: "Heroku",
  [SecretSync.Render]: "Render",
  [SecretSync.Flyio]: "Fly.io",
  [SecretSync.GitLab]: "GitLab",
  [SecretSync.CloudflarePages]: "Cloudflare Pages"
 };
@@ -47,7 +46,6 @@ export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
  [SecretSync.Heroku]: AppConnection.Heroku,
  [SecretSync.Render]: AppConnection.Render,
  [SecretSync.Flyio]: AppConnection.Flyio,
  [SecretSync.GitLab]: AppConnection.GitLab,
  [SecretSync.CloudflarePages]: AppConnection.Cloudflare
 };
@@ -72,6 +70,5 @@ export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
  [SecretSync.Heroku]: SecretSyncPlanType.Regular,
  [SecretSync.Render]: SecretSyncPlanType.Regular,
  [SecretSync.Flyio]: SecretSyncPlanType.Regular,
  [SecretSync.GitLab]: SecretSyncPlanType.Regular,
  [SecretSync.CloudflarePages]: SecretSyncPlanType.Regular
 };
--- a/backend/src/services/secret-sync/secret-sync-types.ts
+++ b/backend/src/services/secret-sync/secret-sync-types.ts
@@ -72,15 +72,8 @@ import {
  TAzureKeyVaultSyncListItem,
  TAzureKeyVaultSyncWithCredentials
 } from "./azure-key-vault";
 import {
  TCloudflarePagesSync,
  TCloudflarePagesSyncInput,
  TCloudflarePagesSyncListItem,
  TCloudflarePagesSyncWithCredentials
 } from "./cloudflare-pages/cloudflare-pages-types";
 import { TFlyioSync, TFlyioSyncInput, TFlyioSyncListItem, TFlyioSyncWithCredentials } from "./flyio/flyio-sync-types";
 import { TGcpSync, TGcpSyncInput, TGcpSyncListItem, TGcpSyncWithCredentials } from "./gcp";
 import { TGitLabSync, TGitLabSyncInput, TGitLabSyncListItem, TGitLabSyncWithCredentials } from "./gitlab";
 import {
  THCVaultSync,
  THCVaultSyncInput,
@@ -113,6 +106,12 @@ import {
  TTerraformCloudSyncWithCredentials
 } from "./terraform-cloud";
 import { TVercelSync, TVercelSyncInput, TVercelSyncListItem, TVercelSyncWithCredentials } from "./vercel";
 import {
  TCloudflarePagesSync,
  TCloudflarePagesSyncInput,
  TCloudflarePagesSyncListItem,
  TCloudflarePagesSyncWithCredentials
 } from "./cloudflare-pages/cloudflare-pages-types";
 export type TSecretSync =
  | TAwsParameterStoreSync
@@ -135,7 +134,6 @@ export type TSecretSync =
  | THerokuSync
  | TRenderSync
  | TFlyioSync
  | TGitLabSync
  | TCloudflarePagesSync;
 export type TSecretSyncWithCredentials =
@@ -159,7 +157,6 @@ export type TSecretSyncWithCredentials =
  | THerokuSyncWithCredentials
  | TRenderSyncWithCredentials
  | TFlyioSyncWithCredentials
  | TGitLabSyncWithCredentials
  | TCloudflarePagesSyncWithCredentials;
 export type TSecretSyncInput =
@@ -183,7 +180,6 @@ export type TSecretSyncInput =
  | THerokuSyncInput
  | TRenderSyncInput
  | TFlyioSyncInput
  | TGitLabSyncInput
  | TCloudflarePagesSyncInput;
 export type TSecretSyncListItem =
@@ -207,7 +203,6 @@ export type TSecretSyncListItem =
  | THerokuSyncListItem
  | TRenderSyncListItem
  | TFlyioSyncListItem
  | TGitLabSyncListItem
  | TCloudflarePagesSyncListItem;
 export type TSyncOptionsConfig = {
--- a/docs/api-reference/endpoints/app-connections/gitlab/available.mdx
+++ b/docs/api-reference/endpoints/app-connections/gitlab/available.mdx
@@ -1,4 +0,0 @@
 ---
 title: "Available"
 openapi: "GET /api/v1/app-connections/gitlab/available"
 ---
--- a/docs/api-reference/endpoints/app-connections/gitlab/create.mdx
+++ b/docs/api-reference/endpoints/app-connections/gitlab/create.mdx
@@ -1,10 +0,0 @@
 ---
 title: "Create"
 openapi: "POST /api/v1/app-connections/gitlab"
 ---
 <Note>
    Gitlab OAuth Connections must be created through the Infisical UI.
    Check out the configuration docs for [Gitlab OAuth Connections](/integrations/app-connections/gitlab) for a step-by-step
    guide.
 </Note>
--- a/docs/api-reference/endpoints/app-connections/gitlab/delete.mdx
+++ b/docs/api-reference/endpoints/app-connections/gitlab/delete.mdx
@@ -1,4 +0,0 @@
 ---
 title: "Delete"
 openapi: "DELETE /api/v1/app-connections/gitlab/{connectionId}"
 ---
--- a/docs/api-reference/endpoints/app-connections/gitlab/get-by-id.mdx
+++ b/docs/api-reference/endpoints/app-connections/gitlab/get-by-id.mdx
@@ -1,4 +0,0 @@
 ---
 title: "Get by ID"
 openapi: "GET /api/v1/app-connections/gitlab/{connectionId}"
 ---
--- a/docs/api-reference/endpoints/app-connections/gitlab/get-by-name.mdx
+++ b/docs/api-reference/endpoints/app-connections/gitlab/get-by-name.mdx
@@ -1,4 +0,0 @@
 ---
 title: "Get by Name"
 openapi: "GET /api/v1/app-connections/gitlab/connection-name/{connectionName}"
 ---
--- a/docs/api-reference/endpoints/app-connections/gitlab/list.mdx
+++ b/docs/api-reference/endpoints/app-connections/gitlab/list.mdx
@@ -1,4 +0,0 @@
 ---
 title: "List"
 openapi: "GET /api/v1/app-connections/gitlab"
 ---
--- a/docs/api-reference/endpoints/app-connections/gitlab/update.mdx
+++ b/docs/api-reference/endpoints/app-connections/gitlab/update.mdx
@@ -1,10 +0,0 @@
 ---
 title: "Update"
 openapi: "PATCH /api/v1/app-connections/gitlab/{connectionId}"
 ---
 <Note>
    Gitlab OAuth Connections must be updated through the Infisical UI.
    Check out the configuration docs for [Gitlab OAuth Connections](/integrations/app-connections/gitlab) for a step-by-step
    guide.
 </Note>
--- a/docs/api-reference/endpoints/secret-syncs/gitlab/create.mdx
+++ b/docs/api-reference/endpoints/secret-syncs/gitlab/create.mdx
@@ -1,4 +0,0 @@
 ---
 title: "Create"
 openapi: "POST /api/v1/secret-syncs/gitlab"
 ---
--- a/docs/api-reference/endpoints/secret-syncs/gitlab/delete.mdx
+++ b/docs/api-reference/endpoints/secret-syncs/gitlab/delete.mdx
@@ -1,4 +0,0 @@
 ---
 title: "Delete"
 openapi: "DELETE /api/v1/secret-syncs/gitlab/{syncId}"
 ---
--- a/docs/api-reference/endpoints/secret-syncs/gitlab/get-by-id.mdx
+++ b/docs/api-reference/endpoints/secret-syncs/gitlab/get-by-id.mdx
@@ -1,4 +0,0 @@
 ---
 title: "Get by ID"
 openapi: "GET /api/v1/secret-syncs/gitlab/{syncId}"
 ---
--- a/docs/api-reference/endpoints/secret-syncs/gitlab/get-by-name.mdx
+++ b/docs/api-reference/endpoints/secret-syncs/gitlab/get-by-name.mdx
@@ -1,4 +0,0 @@
 ---
 title: "Get by Name"
 openapi: "GET /api/v1/secret-syncs/gitlab/sync-name/{syncName}"
 ---
--- a/docs/api-reference/endpoints/secret-syncs/gitlab/list.mdx
+++ b/docs/api-reference/endpoints/secret-syncs/gitlab/list.mdx
@@ -1,4 +0,0 @@
 ---
 title: "List"
 openapi: "GET /api/v1/secret-syncs/gitlab"
 ---
--- a/docs/api-reference/endpoints/secret-syncs/gitlab/remove-secrets.mdx
+++ b/docs/api-reference/endpoints/secret-syncs/gitlab/remove-secrets.mdx
@@ -1,4 +0,0 @@
 ---
 title: "Remove Secrets"
 openapi: "POST /api/v1/secret-syncs/gitlab/{syncId}/remove-secrets"
 ---
--- a/docs/api-reference/endpoints/secret-syncs/gitlab/sync-secrets.mdx
+++ b/docs/api-reference/endpoints/secret-syncs/gitlab/sync-secrets.mdx
@@ -1,4 +0,0 @@
 ---
 title: "Sync Secrets"
 openapi: "POST /api/v1/secret-syncs/gitlab/{syncId}/sync-secrets"
 ---
--- a/docs/api-reference/endpoints/secret-syncs/gitlab/update.mdx
+++ b/docs/api-reference/endpoints/secret-syncs/gitlab/update.mdx
@@ -1,4 +0,0 @@
 ---
 title: "Update"
 openapi: "PATCH /api/v1/secret-syncs/gitlab/{syncId}"
 ---
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -475,7 +475,6 @@
                  "integrations/app-connections/gcp",
                  "integrations/app-connections/github",
                  "integrations/app-connections/github-radar",
                  "integrations/app-connections/gitlab",
                  "integrations/app-connections/hashicorp-vault",
                  "integrations/app-connections/heroku",
                  "integrations/app-connections/humanitec",
@@ -513,7 +512,6 @@
                  "integrations/secret-syncs/flyio",
                  "integrations/secret-syncs/gcp-secret-manager",
                  "integrations/secret-syncs/github",
                  "integrations/secret-syncs/gitlab",
                  "integrations/secret-syncs/hashicorp-vault",
                  "integrations/secret-syncs/heroku",
                  "integrations/secret-syncs/humanitec",
@@ -1319,18 +1317,6 @@
                      "api-reference/endpoints/app-connections/github/delete"
                    ]
                  },
                  {
                    "group": "GitLab",
                    "pages": [
                      "api-reference/endpoints/app-connections/gitlab/list",
                      "api-reference/endpoints/app-connections/gitlab/available",
                      "api-reference/endpoints/app-connections/gitlab/get-by-id",
                      "api-reference/endpoints/app-connections/gitlab/get-by-name",
                      "api-reference/endpoints/app-connections/gitlab/create",
                      "api-reference/endpoints/app-connections/gitlab/update",
                      "api-reference/endpoints/app-connections/gitlab/delete"
                    ]
                  },
                  {
                    "group": "GitHub Radar",
                    "pages": [
@@ -1681,19 +1667,6 @@
                      "api-reference/endpoints/secret-syncs/github/remove-secrets"
                    ]
                  },
                  {
                    "group": "GitLab",
                    "pages": [
                      "api-reference/endpoints/secret-syncs/gitlab/list",
                      "api-reference/endpoints/secret-syncs/gitlab/get-by-id",
                      "api-reference/endpoints/secret-syncs/gitlab/get-by-name",
                      "api-reference/endpoints/secret-syncs/gitlab/create",
                      "api-reference/endpoints/secret-syncs/gitlab/update",
                      "api-reference/endpoints/secret-syncs/gitlab/delete",
                      "api-reference/endpoints/secret-syncs/gitlab/sync-secrets",
                      "api-reference/endpoints/secret-syncs/gitlab/remove-secrets"
                    ]
                  },
                  {
                    "group": "Hashicorp Vault",
                    "pages": [
--- a/docs/images/app-connections/gitlab/create-gitlab-access-token-connection.png
+++ b/docs/images/app-connections/gitlab/create-gitlab-access-token-connection.png
--- a/docs/images/app-connections/gitlab/create-gitlab-oauth-connection.png
+++ b/docs/images/app-connections/gitlab/create-gitlab-oauth-connection.png
--- a/docs/images/app-connections/gitlab/gitlab-access-token-connection-created.png
+++ b/docs/images/app-connections/gitlab/gitlab-access-token-connection-created.png
--- a/docs/images/app-connections/gitlab/gitlab-access-token-connection.png
+++ b/docs/images/app-connections/gitlab/gitlab-access-token-connection.png
--- a/docs/images/app-connections/gitlab/gitlab-add-access-token.png
+++ b/docs/images/app-connections/gitlab/gitlab-add-access-token.png
--- a/docs/images/app-connections/gitlab/gitlab-applications.png
+++ b/docs/images/app-connections/gitlab/gitlab-applications.png
--- a/docs/images/app-connections/gitlab/gitlab-authorization-page.png
+++ b/docs/images/app-connections/gitlab/gitlab-authorization-page.png
--- a/docs/images/app-connections/gitlab/gitlab-config-credentials.png
+++ b/docs/images/app-connections/gitlab/gitlab-config-credentials.png
--- a/docs/images/app-connections/gitlab/gitlab-copy-token.png
+++ b/docs/images/app-connections/gitlab/gitlab-copy-token.png
--- a/docs/images/app-connections/gitlab/gitlab-create-application-bottom.png
+++ b/docs/images/app-connections/gitlab/gitlab-create-application-bottom.png
--- a/docs/images/app-connections/gitlab/gitlab-create-application-top.png
+++ b/docs/images/app-connections/gitlab/gitlab-create-application-top.png
--- a/docs/images/app-connections/gitlab/gitlab-dashboard.png
+++ b/docs/images/app-connections/gitlab/gitlab-dashboard.png
--- a/docs/images/app-connections/gitlab/gitlab-oauth-connection.png
+++ b/docs/images/app-connections/gitlab/gitlab-oauth-connection.png
--- a/docs/images/app-connections/gitlab/gitlab-personal-access-token-form.png
+++ b/docs/images/app-connections/gitlab/gitlab-personal-access-token-form.png
--- a/docs/images/app-connections/gitlab/gitlab-project-access-token-created.png
+++ b/docs/images/app-connections/gitlab/gitlab-project-access-token-created.png
--- a/docs/images/app-connections/gitlab/gitlab-project-access-token-form.png
+++ b/docs/images/app-connections/gitlab/gitlab-project-access-token-form.png
--- a/docs/images/app-connections/gitlab/gitlab-project-access-token-list.png
+++ b/docs/images/app-connections/gitlab/gitlab-project-access-token-list.png
--- a/docs/images/app-connections/gitlab/gitlab-secret-scanning-token.png
+++ b/docs/images/app-connections/gitlab/gitlab-secret-scanning-token.png
--- a/docs/images/secret-syncs/gitlab/gitlab-secret-sync-created.png
+++ b/docs/images/secret-syncs/gitlab/gitlab-secret-sync-created.png
--- a/docs/images/secret-syncs/gitlab/gitlab-secret-sync-destination.png
+++ b/docs/images/secret-syncs/gitlab/gitlab-secret-sync-destination.png
--- a/docs/images/secret-syncs/gitlab/gitlab-secret-sync-details.png
+++ b/docs/images/secret-syncs/gitlab/gitlab-secret-sync-details.png
--- a/docs/images/secret-syncs/gitlab/gitlab-secret-sync-option.png
+++ b/docs/images/secret-syncs/gitlab/gitlab-secret-sync-option.png
--- a/docs/images/secret-syncs/gitlab/gitlab-secret-sync-options.png
+++ b/docs/images/secret-syncs/gitlab/gitlab-secret-sync-options.png
--- a/docs/images/secret-syncs/gitlab/gitlab-secret-sync-review.png
+++ b/docs/images/secret-syncs/gitlab/gitlab-secret-sync-review.png
--- a/docs/images/secret-syncs/gitlab/gitlab-secret-sync-source.png
+++ b/docs/images/secret-syncs/gitlab/gitlab-secret-sync-source.png
--- a/docs/integrations/app-connections/gitlab.mdx
+++ b/docs/integrations/app-connections/gitlab.mdx
@@ -1,192 +0,0 @@
 ---
 title: "GitLab Connection"
 description: "Learn how to configure a GitLab Connection for Infisical using OAuth or Access Token methods."
 ---
 Infisical supports two methods for connecting to GitLab: **OAuth** and **Access Token**. Choose the method that best fits your setup and security requirements.
 <Tabs>
  <Tab title="OAuth Method">
    The OAuth method provides secure authentication through GitLab's OAuth flow.
    <Accordion title="Self-Hosted Instance Setup">
      Using the GitLab Connection with OAuth on a self-hosted instance of Infisical requires configuring an OAuth application in GitLab and registering your instance with it.
      **Prerequisites:**
      - A GitLab account with existing projects
      - Self-hosted Infisical instance
      <Steps>
        <Step title="Create an OAuth application in GitLab">
          Navigate to your user Settings > Applications to create a new GitLab application.
          ![GitLab Dashboard](/images/app-connections/gitlab/gitlab-dashboard.png)
          ![GitLab Applications Settings](/images/app-connections/gitlab/gitlab-applications.png)
          Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/organization/app-connections/gitlab/oauth/callback`.
          ![GitLab New Application Form](/images/app-connections/gitlab/gitlab-create-application-top.png)
          ![GitLab New Application Form](/images/app-connections/gitlab/gitlab-create-application-bottom.png)
          <Tip>
            The domain you defined in the Redirect URI should be equivalent to the `SITE_URL` configured in your Infisical instance.
          </Tip>
          <Note>
            If you have a GitLab group, you can create an OAuth application under it in your group Settings > Applications.
          </Note>
        </Step>
        <Step title="Add your GitLab OAuth application credentials to Infisical">
          Obtain the **Application ID** and **Secret** for your GitLab OAuth application.
          ![GitLab Application Credentials](/images/app-connections/gitlab/gitlab-config-credentials.png)
          Back in your Infisical instance, add two new environment variables for the credentials of your GitLab OAuth application:
          - `INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID`: The **Application ID** of your GitLab OAuth application.
          - `INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_SECRET`: The **Secret** of your GitLab OAuth application.
          Once added, restart your Infisical instance and use the GitLab Connection.
        </Step>
      </Steps>
    </Accordion>
    ## Setup GitLab OAuth Connection in Infisical
    <Steps>
      <Step title="Navigate to App Connections">
        Navigate to the **App Connections** tab on the **Organization Settings** page.
        ![App Connections Tab](/images/app-connections/general/add-connection.png)
      </Step>
      <Step title="Add Connection">
        Select the **GitLab Connection** option from the connection options modal.
        ![Select GitLab Connection](/images/app-connections/gitlab/select-gitlab-connection.png)
      </Step>
      <Step title="Choose OAuth Method">
        Select the **OAuth** method and click **Connect to GitLab**.
        ![Connect via GitLab OAuth](/images/app-connections/gitlab/create-gitlab-oauth-connection.png)
      </Step>
      <Step title="Grant Access">
        You will be redirected to GitLab to grant Infisical access to your GitLab account. Once granted, you will be redirected back to Infisical's App Connections page.
        ![GitLab Authorization](/images/app-connections/gitlab/gitlab-authorization-page.png)
      </Step>
      <Step title="Connection Created">
        Your **GitLab Connection** is now available for use.
        ![GitLab OAuth Connection](/images/app-connections/gitlab/gitlab-oauth-connection.png)
      </Step>
    </Steps>
  </Tab>
  <Tab title="Access Token Method">
    The Access Token method uses a GitLab access token for authentication, providing a straightforward setup process.
    ## Generate GitLab Access Token
    <Tabs>
      <Tab title="Personal Access Token">
        Personal access tokens provide access to your GitLab account and all projects you have access to.
        <Steps>
          <Step title="Navigate to Access Tokens">
            Log in to your GitLab account and navigate to User Settings > Access tokens. Click **Add new token** to create a new personal access token.
            ![GitLab Personal Access Tokens](/images/app-connections/gitlab/gitlab-add-access-token.png)
          </Step>
          <Step title="Configure Token">
            <Tabs>
              <Tab title="Secret Sync">
              For Secret Syncs, your token will require the ability to access the API:
              Fill in the token details:
              - **Token name**: A descriptive name for the token (e.g., "connection-token")
              - **Expiration date**: Set an appropriate expiration date
              - **Select scopes**: Choose the **api** scope for full API access
              ![GitLab Personal Token Form](/images/app-connections/gitlab/gitlab-personal-access-token-form.png)
              </Tab>
            </Tabs>
            <Info>
              Personal Access Token connections require manual token rotation when your GitLab access token expires or is regenerated. Monitor your connection status and update the token as needed.
            </Info>
          </Step>
          <Step title="Copy Token">
            Copy the generated token immediately as it won't be shown again.
            ![GitLab Personal Token Created](/images/app-connections/gitlab/gitlab-copy-token.png)
            <Warning>
              Keep your access token secure and do not share it. Anyone with access to this token can access your GitLab account and projects.
            </Warning>
          </Step>
        </Steps>
      </Tab>
      <Tab title="Project Access Token">
        Project access tokens provide access to a specific GitLab project, offering more granular control.
        <Steps>
          <Step title="Navigate to Project Settings">
            Go to your GitLab project and navigate to Settings > Access Tokens. Click **Add new token** to create a new project access token.
            ![GitLab Project Access Tokens](/images/app-connections/gitlab/gitlab-project-access-token-list.png)
          </Step>
          <Step title="Configure Token">
            <Tabs>
            <Tab title="Secret Sync">
                  For Secret Syncs, your token will require the ability to access the API and be at least an **Owner**:
                  Fill in the token details:
                  - **Token name**: A descriptive name for the token
                  - **Expiration date**: Set an appropriate expiration date
                  - **Select role**: Choose **Owner** or higher role
                  - **Select scopes**: Choose the **api** scope for API access
                  ![GitLab Create Project Token](/images/app-connections/gitlab/gitlab-project-access-token-form.png)
              </Tab>
            </Tabs>
            <Info>
              Project Access Token connections require manual token rotation when your GitLab access token expires or is regenerated. Monitor your connection status and update the token as needed.
            </Info>
          </Step>
          <Step title="Copy Token">
            Copy the generated token immediately as it won't be shown again.
            ![GitLab Project Token Form](/images/app-connections/gitlab/gitlab-project-access-token-created.png)
            <Warning>
              Keep your access token secure and do not share it. Anyone with access to this token can access your GitLab account and projects.
            </Warning>
          </Step>
        </Steps>
      </Tab>
    </Tabs>
    ## Setup GitLab Access Token Connection in Infisical
    <Steps>
      <Step title="Navigate to App Connections">
        Navigate to the **App Connections** tab on the **Organization Settings** page.
        ![App Connections Tab](/images/app-connections/general/add-connection.png)
      </Step>
      <Step title="Add Connection">
        Select the **GitLab Connection** option from the connection options modal.
        ![Select GitLab Connection](/images/app-connections/gitlab/select-gitlab-connection.png)
      </Step>
      <Step title="Configure Access Token">
        Select the **Access Token** method, paste your GitLab access token in the provided field, and select the appropriate token type.
        ![Configure Access Token](/images/app-connections/gitlab/create-gitlab-access-token-connection.png)
        Click **Connect** to establish the connection.
      </Step>
      <Step title="Connection Created">
        Your **GitLab Connection** is now available for use.
        ![GitLab Access Token Connection](/images/app-connections/gitlab/gitlab-access-token-connection.png)
      </Step>
    </Steps>
  </Tab>
 </Tabs>
--- a/docs/integrations/app-connections/heroku.mdx
+++ b/docs/integrations/app-connections/heroku.mdx
@@ -1,6 +1,6 @@
 ---
-title: "Heroku Connection"
+title: "Heroku App Connection"
-description: "Learn how to configure a Heroku Connection for Infisical using OAuth or Auth Token methods."
+description: "Learn how to configure a Heroku App Connection for Infisical using OAuth or Auth Token methods."
 ---
 Infisical supports two methods for connecting to Heroku: **OAuth** and **Auth Token**. Choose the method that best fits your setup and security requirements.
@@ -10,7 +10,7 @@ Infisical supports two methods for connecting to Heroku: **OAuth** and **Auth To
    The OAuth method provides secure authentication through Heroku's OAuth flow.
    <Accordion title="Self-Hosted Instance Setup">
-      Using the Heroku Connection with OAuth on a self-hosted instance of Infisical requires configuring an API client in Heroku and registering your instance with it.
+      Using the Heroku App Connection with OAuth on a self-hosted instance of Infisical requires configuring an API client in Heroku and registering your instance with it.
      **Prerequisites:**
      - A Heroku account with existing applications
@@ -42,7 +42,7 @@ Infisical supports two methods for connecting to Heroku: **OAuth** and **Auth To
          - `CLIENT_ID_HEROKU`: The **Client ID** of your Heroku API client.
          - `CLIENT_SECRET_HEROKU`: The **Client Secret** of your Heroku API client.
-          Once added, restart your Infisical instance and use the Heroku Connection.
+          Once added, restart your Infisical instance and use the Heroku App Connection.
        </Step>
      </Steps>
    </Accordion>
@@ -55,7 +55,7 @@ Infisical supports two methods for connecting to Heroku: **OAuth** and **Auth To
        ![App Connections Tab](/images/app-connections/general/add-connection.png)
      </Step>
      <Step title="Add Connection">
-        Select the **Heroku Connection** option from the connection options modal.
+        Select the **Heroku App Connection** option from the connection options modal.
        ![Select Heroku Connection](/images/app-connections/heroku/heroku-select-connection.png)
      </Step>
      <Step title="Choose OAuth Method">
@@ -68,7 +68,7 @@ Infisical supports two methods for connecting to Heroku: **OAuth** and **Auth To
        ![Heroku Authorization](/images/integrations/heroku/integrations-heroku-auth.png)
      </Step>
      <Step title="Connection Created">
-        Your **Heroku Connection** is now available for use.
+        Your **Heroku App Connection** is now available for use.
        ![Heroku OAuth Connection](/images/app-connections/heroku/heroku-connection.png)
      </Step>
    </Steps>
@@ -97,7 +97,7 @@ Infisical supports two methods for connecting to Heroku: **OAuth** and **Auth To
        ![App Connections Tab](/images/app-connections/general/add-connection.png)
      </Step>
      <Step title="Add Connection">
-        Select the **Heroku Connection** option from the connection options modal.
+        Select the **Heroku App Connection** option from the connection options modal.
        ![Select Heroku Connection](/images/app-connections/heroku/heroku-select-connection.png)
      </Step>
      <Step title="Configure Auth Token">
@@ -108,7 +108,7 @@ Infisical supports two methods for connecting to Heroku: **OAuth** and **Auth To
        Click **Connect** to establish the connection.
      </Step>
      <Step title="Connection Created">
-        Your **Heroku Connection** is now available for use.
+        Your **Heroku App Connection** is now available for use.
        ![Heroku Auth Token Connection](/images/app-connections/heroku/heroku-connection.png)
      </Step>
    </Steps>
--- a/docs/integrations/secret-syncs/gitlab.mdx
+++ b/docs/integrations/secret-syncs/gitlab.mdx
@@ -1,180 +0,0 @@
 ---
 title: "GitLab Sync"
 description: "Learn how to configure a GitLab Sync for Infisical."
 ---
 **Prerequisites:**
    - Set up and add secrets to [Infisical Cloud](https://app.infisical.com)
    - Create a [GitLab Connection](/integrations/app-connections/gitlab)
 <Tabs>
    <Tab title="Infisical UI">
        1. Navigate to **Project** > **Integrations** and select the **Secret Syncs** tab. Click on the **Add Sync** button.
        ![Secret Syncs Tab](/images/secret-syncs/general/secret-sync-tab.png)
        2. Select the **GitLab** option.
        ![Select GitLab](/images/secret-syncs/gitlab/gitlab-secret-sync-option.png)
        3. Configure the **Source** from where secrets should be retrieved, then click **Next**.
        ![Configure Source](/images/secret-syncs/gitlab/gitlab-secret-sync-source.png)
            - **Environment**: The project environment to retrieve secrets from.
            - **Secret Path**: The folder path to retrieve secrets from.
        <Tip>
            If you need to sync secrets from multiple folder locations, check out [secret imports](/documentation/platform/secret-reference#secret-imports).
        </Tip>
        4. Configure the **Destination** to where secrets should be deployed, then click **Next**.
        ![Configure Destination](/images/secret-syncs/gitlab/gitlab-secret-sync-destination.png)
            - **GitLab Connection**: The GitLab Connection to authenticate with.
            - **Scope**: The GitLab scope to sync secrets to.
                - **Project**: Sync secrets to a GitLab project.
                - **Group**: Sync secrets to a GitLab group.
            <p class="height:1px"  />
            The remaining fields are determined by the selected **Scope**:
            <AccordionGroup>
                <Accordion title="Project">
                    - **GitLab Project**: The project to deploy secrets to.
                    - **GitLab Environment Scope**: The environment scope to deploy secrets to (optional, defaults to "*" for all environments).
                    - **Mark secrets as Protected**: If enabled, synced secrets will be marked as protected in GitLab.
                    - **Mark secrets as Masked**: If enabled, synced secrets will be masked in GitLab CI/CD logs.
                    - **Mark secrets as Hidden**: If enabled, synced secrets will be hidden from the GitLab UI.
                </Accordion>
                <Accordion title="Group">
                    - **GitLab Group**: The group to deploy secrets to.
                    - **GitLab Environment Scope**: The environment scope to deploy secrets to (optional, defaults to "*" for all environments).
                    - **Mark secrets as Protected**: If enabled, synced secrets will be marked as protected in GitLab.
                    - **Mark secrets as Masked**: If enabled, synced secrets will be masked in GitLab CI/CD logs.
                    - **Mark secrets as Hidden**: If enabled, synced secrets will be hidden from the GitLab UI.
                </Accordion>
            </AccordionGroup>
            <Note>
                Be aware that GitLab only allows to mark secrets as hidden for new secrets. If you try to mark an existing secret as hidden, it produces an error.
            </Note>
            <Warning>
                If you enable **Mark secrets as Hidden**, Infisical will not be able to unhide/unmask secrets from the sync destination if you disable the option later. This is because GitLab does not allow to unhide/unmask existing secrets.
            </Warning>
        5. Configure the **Sync Options** to specify how secrets should be synced, then click **Next**.
        ![Configure Options](/images/secret-syncs/gitlab/gitlab-secret-sync-options.png)
            - **Initial Sync Behavior**: Determines how Infisical should resolve the initial sync.
                - **Overwrite Destination Secrets**: Removes any secrets at the destination endpoint not present in Infisical.
                <Note>
                    GitLab does not support importing secrets.
                </Note>
            - **Key Schema**: Template that determines how secret names are transformed when syncing, using `{{secretKey}}` as a placeholder for the original secret name and `{{environment}}` for the environment.
            <Note>
                We highly recommend using a Key Schema to ensure that Infisical only manages the specific keys you intend, keeping everything else untouched.
            </Note>
            - **Auto-Sync Enabled**: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
            - **Disable Secret Deletion**: If enabled, Infisical will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Infisical.
        6. Configure the **Details** of your GitLab Sync, then click **Next**.
        ![Configure Details](/images/secret-syncs/gitlab/gitlab-secret-sync-details.png)
            - **Name**: The name of your sync. Must be slug-friendly.
            - **Description**: An optional description for your sync.
        7. Review your GitLab Sync configuration, then click **Create Sync**.
        ![Confirm Configuration](/images/secret-syncs/gitlab/gitlab-secret-sync-review.png)
        8. If enabled, your GitLab Sync will begin syncing your secrets to the destination endpoint.
        ![Sync Secrets](/images/secret-syncs/gitlab/gitlab-secret-sync-created.png)
    </Tab>
    <Tab title="API">
        To create a **GitLab Sync**, make an API request to the [Create GitLab Sync](/api-reference/endpoints/secret-syncs/gitlab/create) API endpoint.
        ### Sample request
        ```bash Request
        curl    --request POST \
        --url https://app.infisical.com/api/v1/secret-syncs/gitlab \
        --header 'Content-Type: application/json' \
        --data '{
            "name": "my-gitlab-sync",
            "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "description": "an example sync",
            "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
            "environment": "dev",
            "secretPath": "/my-secrets",
            "isEnabled": true,
            "syncOptions": {
                "initialSyncBehavior": "overwrite-destination"
            },
            "destinationConfig": {
                "scope": "project",
                "projectId": "70998370",
                "projectName": "test",
                "targetEnvironment": "*",
                "shouldProtectSecrets": true,
                "shouldMaskSecrets": true,
                "shouldHideSecrets": false
            }
        }'
        ```
        ### Sample response
        ```bash Response
        {
            "secretSync": {
                "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "name": "my-gitlab-sync",
                "description": "an example sync",
                "isEnabled": true,
                "version": 1,
                "folderId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "createdAt": "2023-11-07T05:31:56Z",
                "updatedAt": "2023-11-07T05:31:56Z",
                "syncStatus": "succeeded",
                "lastSyncJobId": "123",
                "lastSyncMessage": null,
                "lastSyncedAt": "2023-11-07T05:31:56Z",
                "importStatus": null,
                "lastImportJobId": null,
                "lastImportMessage": null,
                "lastImportedAt": null,
                "removeStatus": null,
                "lastRemoveJobId": null,
                "lastRemoveMessage": null,
                "lastRemovedAt": null,
                "syncOptions": {
                    "initialSyncBehavior": "overwrite-destination"
                },
                "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                "connection": {
                    "app": "gitlab",
                    "name": "my-gitlab-connection",
                    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
                },
                "environment": {
                    "slug": "dev",
                    "name": "Development",
                    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
                },
                "folder": {
                    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
                    "path": "/my-secrets"
                },
                "destination": "gitlab",
                "destinationConfig": {
                    "scope": "project",
                    "projectId": "70998370",
                    "projectName": "test",
                    "targetEnvironment": "*",
                    "shouldProtectSecrets": true,
                    "shouldMaskSecrets": true,
                    "shouldHideSecrets": false
                }
            }
        }
        ```
    </Tab>
 </Tabs>
--- a/docs/integrations/secret-syncs/heroku.mdx
+++ b/docs/integrations/secret-syncs/heroku.mdx
@@ -6,7 +6,7 @@ description: "Learn how to configure a Heroku Sync for Infisical."
 **Prerequisites:**
 - Set up and add secrets to [Infisical Cloud](https://app.infisical.com)
- Create a [Heroku Connection](/integrations/app-connections/heroku)
+- Create a [Heroku App Connection](/integrations/app-connections/heroku)
 <Tabs>
    <Tab title="Infisical UI">
@@ -29,7 +29,7 @@ description: "Learn how to configure a Heroku Sync for Infisical."
        4. Configure the **Destination** to where secrets should be deployed, then click **Next**.
        ![Configure Destination](/images/secret-syncs/heroku/heroku-destination.png)
-            - **Heroku Connection**: The Heroku Connection to authenticate with.
+            - **Heroku App Connection**: The Heroku App Connection to authenticate with.
            - **Heroku App**: The Heroku application to sync secrets to.
        5. Configure the **Sync Options** to specify how secrets should be synced, then click **Next**.
--- a/docs/mint.json
+++ b/docs/mint.json
--- a/docs/self-hosting/configuration/envars.mdx
+++ b/docs/self-hosting/configuration/envars.mdx
@@ -590,17 +590,6 @@ You can configure third-party app connections for re-use across Infisical Projec
 </Accordion>
 <Accordion title="GitLab OAuth Connection">
    <ParamField query="INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID" type="string" default="none" optional>
        The Application ID of your GitLab OAuth application.
    </ParamField>
    <ParamField query="INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_SECRET" type="string" default="none" optional>
        The Secret of your GitLab OAuth application.
    </ParamField>
 </Accordion>
 ## Native Secret Integrations
 To help you sync secrets from Infisical to services such as Github and Gitlab, Infisical provides native integrations out of the box.
--- a/frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/GitLabSyncFields.tsx
+++ b/frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/GitLabSyncFields.tsx
@@ -1,282 +0,0 @@
 import { Controller, useFormContext, useWatch } from "react-hook-form";
 import { SingleValue } from "react-select";
 import { faCircleInfo, faQuestionCircle } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { SecretSyncConnectionField } from "@app/components/secret-syncs/forms/SecretSyncConnectionField";
 import {
  FilterableSelect,
  FormControl,
  Input,
  Select,
  SelectItem,
  Switch,
  Tooltip
 } from "@app/components/v2";
 import {
  TGitLabGroup,
  TGitLabProject,
  useGitlabConnectionListGroups,
  useGitlabConnectionListProjects
 } from "@app/hooks/api/appConnections/gitlab";
 import { SecretSync } from "@app/hooks/api/secretSyncs";
 import { GitLabSyncScope } from "@app/hooks/api/secretSyncs/types/gitlab-sync";
 import { TSecretSyncForm } from "../schemas";
 const SecretProtectionOption = ({
  title,
  isEnabled,
  onChange,
  id,
  isDisabled = false,
  tooltip
 }: {
  title: string;
  isEnabled: boolean;
  onChange: (checked: boolean) => void;
  id: string;
  isDisabled?: boolean;
  tooltip?: string;
 }) => {
  return (
    <Switch
      className="bg-mineshaft-400/80 shadow-inner data-[state=checked]:bg-green/80"
      id={id}
      thumbClassName="bg-mineshaft-800"
      onCheckedChange={onChange}
      isChecked={isEnabled}
      isDisabled={isDisabled}
      containerClassName="w-full"
    >
      <p>
        {title}{" "}
        {tooltip && (
          <Tooltip className="max-w-md" content={tooltip}>
            <FontAwesomeIcon icon={faQuestionCircle} size="sm" className="ml-1" />
          </Tooltip>
        )}
      </p>
    </Switch>
  );
 };
 export const GitLabSyncFields = () => {
  const { control, setValue } = useFormContext<
    TSecretSyncForm & { destination: SecretSync.GitLab }
  >();
  const connectionId = useWatch({ name: "connection.id", control });
  const scope = useWatch({ name: "destinationConfig.scope", control });
  const shouldMaskSecrets = useWatch({ name: "destinationConfig.shouldMaskSecrets", control });
  const { data: groups, isLoading: isGroupsLoading } = useGitlabConnectionListGroups(connectionId, {
    enabled: Boolean(connectionId) && scope === GitLabSyncScope.Group
  });
  const { data: projects, isLoading: isProjectsLoading } = useGitlabConnectionListProjects(
    connectionId,
    {
      enabled: Boolean(connectionId)
    }
  );
  return (
    <div className="h-full overflow-auto">
      <SecretSyncConnectionField
        onChange={() => {
          setValue("destinationConfig.projectId", "");
          setValue("destinationConfig.projectName", "");
          setValue("destinationConfig.groupId", "");
          setValue("destinationConfig.groupName", "");
          setValue("destinationConfig.scope", GitLabSyncScope.Project);
        }}
      />
      <Controller
        name="destinationConfig.scope"
        control={control}
        defaultValue={GitLabSyncScope.Project}
        render={({ field: { value, onChange }, fieldState: { error } }) => (
          <FormControl errorText={error?.message} isError={Boolean(error?.message)} label="Scope">
            <Select
              value={value}
              onValueChange={(val) => {
                onChange(val);
                setValue("destinationConfig.projectId", "");
                setValue("destinationConfig.projectName", "");
                setValue("destinationConfig.groupId", "");
                setValue("destinationConfig.groupName", "");
              }}
              className="w-full border border-mineshaft-500 capitalize"
              position="popper"
              placeholder="Select a scope..."
              dropdownContainerClassName="max-w-none"
            >
              {Object.values(GitLabSyncScope).map((projectScope) => (
                <SelectItem className="capitalize" value={projectScope} key={projectScope}>
                  {projectScope.replace("-", " ")}
                </SelectItem>
              ))}
            </Select>
          </FormControl>
        )}
      />
      {scope === GitLabSyncScope.Group && (
        <Controller
          name="destinationConfig.groupId"
          control={control}
          render={({ field: { value, onChange }, fieldState: { error } }) => (
            <FormControl
              isError={Boolean(error)}
              errorText={error?.message}
              label="Group"
              helperText={
                <Tooltip
                  className="max-w-md"
                  content="Ensure the group exists in the connection's GitLab instance URL."
                >
                  <div>
                    <span>Don&#39;t see the group you&#39;re looking for?</span>{" "}
                    <FontAwesomeIcon icon={faCircleInfo} className="text-mineshaft-400" />
                  </div>
                </Tooltip>
              }
            >
              <FilterableSelect
                menuPlacement="top"
                isLoading={isGroupsLoading && Boolean(connectionId)}
                isDisabled={!connectionId}
                value={groups?.find((group) => group.id === value) ?? null}
                onChange={(option) => {
                  onChange((option as SingleValue<TGitLabGroup>)?.id ?? "");
                  setValue(
                    "destinationConfig.groupName",
                    (option as SingleValue<TGitLabGroup>)?.name ?? ""
                  );
                }}
                options={groups}
                placeholder="Select a group..."
                getOptionLabel={(option) => option.name}
                getOptionValue={(option) => option.id}
              />
            </FormControl>
          )}
        />
      )}
      {scope === GitLabSyncScope.Project && (
        <Controller
          name="destinationConfig.projectId"
          control={control}
          render={({ field: { value, onChange }, fieldState: { error } }) => (
            <FormControl
              isError={Boolean(error)}
              errorText={error?.message}
              label="GitLab Project"
              helperText={
                <Tooltip
                  className="max-w-md"
                  content="Ensure the project exists in the connection's GitLab instance URL and the connection has access to it."
                >
                  <div>
                    <span>Don&#39;t see the project you&#39;re looking for?</span>{" "}
                    <FontAwesomeIcon icon={faCircleInfo} className="text-mineshaft-400" />
                  </div>
                </Tooltip>
              }
            >
              <FilterableSelect
                menuPlacement="top"
                isLoading={isProjectsLoading && Boolean(connectionId)}
                isDisabled={!connectionId}
                value={projects?.find((project) => project.id === value) ?? null}
                onChange={(option) => {
                  onChange((option as SingleValue<TGitLabProject>)?.id ?? "");
                  setValue(
                    "destinationConfig.projectName",
                    (option as SingleValue<TGitLabProject>)?.name ?? ""
                  );
                }}
                options={projects}
                placeholder="Select a project..."
                getOptionLabel={(option) => option.name}
                getOptionValue={(option) => option.id}
              />
            </FormControl>
          )}
        />
      )}
      <Controller
        control={control}
        defaultValue=""
        name="destinationConfig.targetEnvironment"
        render={({ field, fieldState: { error } }) => (
          <FormControl
            label="GitLab Environment Scope (Optional)"
            isError={Boolean(error)}
            errorText={error?.message}
          >
            <Input {...field} placeholder="*" />
          </FormControl>
        )}
      />
      {/* Secret Protection Settings Section */}
      <div className="mt-6">
        <div className="space-y-4">
          <Controller
            control={control}
            name="destinationConfig.shouldProtectSecrets"
            render={({ field: { onChange, value } }) => (
              <SecretProtectionOption
                id="should-protect-secrets"
                title="Mark secrets as Protected"
                isEnabled={value || false}
                onChange={onChange}
              />
            )}
          />
          <Controller
            control={control}
            name="destinationConfig.shouldMaskSecrets"
            render={({ field: { onChange, value } }) => (
              <SecretProtectionOption
                id="should-mask-secrets"
                title="Mark secrets as Masked"
                tooltip="GitLab has limitations for masked variables: secrets must be at least 8 characters long and not match existing CI/CD variable names. Secrets not meeting these criteria won't be masked."
                isEnabled={value || false}
                onChange={(checked) => {
                  onChange(checked);
                  if (!checked) {
                    setValue("destinationConfig.shouldHideSecrets", false);
                  }
                }}
              />
            )}
          />
          <Controller
            control={control}
            name="destinationConfig.shouldHideSecrets"
            render={({ field: { onChange, value } }) => (
              <div className="max-h-32 opacity-100 transition-all duration-300">
                <SecretProtectionOption
                  id="should-hide-secrets"
                  title="Mark secrets as Hidden"
                  tooltip="Secrets can only be marked as hidden if they are also masked. If this is enabled, Infisical will not be able to unhide/unmask secrets from the sync destination if you disable the option later."
                  isEnabled={value || false}
                  onChange={onChange}
                  isDisabled={!shouldMaskSecrets}
                />
              </div>
            )}
          />
        </div>
      </div>
    </div>
  );
 };
--- a/frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/SecretSyncDestinationFields.tsx
+++ b/frontend/src/components/secret-syncs/forms/SecretSyncDestinationFields/SecretSyncDestinationFields.tsx
@@ -15,7 +15,6 @@ import { DatabricksSyncFields } from "./DatabricksSyncFields";
 import { FlyioSyncFields } from "./FlyioSyncFields";
 import { GcpSyncFields } from "./GcpSyncFields";
 import { GitHubSyncFields } from "./GitHubSyncFields";
 import { GitLabSyncFields } from "./GitLabSyncFields";
 import { HCVaultSyncFields } from "./HCVaultSyncFields";
 import { HerokuSyncFields } from "./HerokuSyncFields";
 import { HumanitecSyncFields } from "./HumanitecSyncFields";
@@ -72,8 +71,6 @@ export const SecretSyncDestinationFields = () => {
      return <RenderSyncFields />;
    case SecretSync.Flyio:
      return <FlyioSyncFields />;
    case SecretSync.GitLab:
      return <GitLabSyncFields />;
    case SecretSync.CloudflarePages:
      return <CloudflarePagesSyncFields />;
    default:
--- a/frontend/src/components/secret-syncs/forms/SecretSyncOptionsFields/SecretSyncOptionsFields.tsx
+++ b/frontend/src/components/secret-syncs/forms/SecretSyncOptionsFields/SecretSyncOptionsFields.tsx
@@ -55,7 +55,6 @@ export const SecretSyncOptionsFields = ({ hideInitialSync }: Props) => {
    case SecretSync.Heroku:
    case SecretSync.Render:
    case SecretSync.Flyio:
    case SecretSync.GitLab:
    case SecretSync.CloudflarePages:
      AdditionalSyncOptionsFieldsComponent = null;
      break;
--- a/frontend/src/components/secret-syncs/forms/SecretSyncReviewFields/GitLabSyncReviewFields.tsx
+++ b/frontend/src/components/secret-syncs/forms/SecretSyncReviewFields/GitLabSyncReviewFields.tsx
@@ -1,37 +0,0 @@
 import { useFormContext } from "react-hook-form";
 import { GenericFieldLabel } from "@app/components/secret-syncs";
 import { TSecretSyncForm } from "@app/components/secret-syncs/forms/schemas";
 import { SecretSync } from "@app/hooks/api/secretSyncs";
 import { GitLabSyncScope } from "@app/hooks/api/secretSyncs/types/gitlab-sync";
 export const GitLabSyncReviewFields = () => {
  const { watch } = useFormContext<TSecretSyncForm & { destination: SecretSync.GitLab }>();
  const projectName = watch("destinationConfig.projectName");
  const targetEnvironment = watch("destinationConfig.targetEnvironment");
  const groupName = watch("destinationConfig.groupName");
  const scope = watch("destinationConfig.scope");
  const shouldProtectSecrets = watch("destinationConfig.shouldProtectSecrets");
  const shouldMaskSecrets = watch("destinationConfig.shouldMaskSecrets");
  const shouldHideSecrets = watch("destinationConfig.shouldHideSecrets");
  return (
    <>
      <GenericFieldLabel label="Scope">{scope}</GenericFieldLabel>
      {scope === GitLabSyncScope.Project && (
        <GenericFieldLabel label="Project Name">{projectName}</GenericFieldLabel>
      )}
      {scope === GitLabSyncScope.Group && (
        <GenericFieldLabel label="Group Name">{groupName}</GenericFieldLabel>
      )}
      {targetEnvironment && (
        <GenericFieldLabel label="Environment">{targetEnvironment}</GenericFieldLabel>
      )}
      <GenericFieldLabel label="Protect Secrets">
        {shouldProtectSecrets ? "Yes" : "No"}
      </GenericFieldLabel>
      <GenericFieldLabel label="Mask Secrets">{shouldMaskSecrets ? "Yes" : "No"}</GenericFieldLabel>
      <GenericFieldLabel label="Hide Secrets">{shouldHideSecrets ? "Yes" : "No"}</GenericFieldLabel>
    </>
  );
 };
--- a/frontend/src/components/secret-syncs/forms/SecretSyncReviewFields/SecretSyncReviewFields.tsx
+++ b/frontend/src/components/secret-syncs/forms/SecretSyncReviewFields/SecretSyncReviewFields.tsx
@@ -24,7 +24,6 @@ import { DatabricksSyncReviewFields } from "./DatabricksSyncReviewFields";
 import { FlyioSyncReviewFields } from "./FlyioSyncReviewFields";
 import { GcpSyncReviewFields } from "./GcpSyncReviewFields";
 import { GitHubSyncReviewFields } from "./GitHubSyncReviewFields";
 import { GitLabSyncReviewFields } from "./GitLabSyncReviewFields";
 import { HCVaultSyncReviewFields } from "./HCVaultSyncReviewFields";
 import { HerokuSyncReviewFields } from "./HerokuSyncReviewFields";
 import { HumanitecSyncReviewFields } from "./HumanitecSyncReviewFields";
@@ -118,9 +117,6 @@ export const SecretSyncReviewFields = () => {
    case SecretSync.Flyio:
      DestinationFieldsComponent = <FlyioSyncReviewFields />;
      break;
    case SecretSync.GitLab:
      DestinationFieldsComponent = <GitLabSyncReviewFields />;
      break;
    case SecretSync.CloudflarePages:
      DestinationFieldsComponent = <CloudflarePagesSyncReviewFields />;
      break;
--- a/frontend/src/components/secret-syncs/forms/schemas/gitlab-sync-destination-schema.ts
+++ b/frontend/src/components/secret-syncs/forms/schemas/gitlab-sync-destination-schema.ts
@@ -1,31 +0,0 @@
 import { z } from "zod";
 import { BaseSecretSyncSchema } from "@app/components/secret-syncs/forms/schemas/base-secret-sync-schema";
 import { SecretSync } from "@app/hooks/api/secretSyncs";
 import { GitLabSyncScope } from "@app/hooks/api/secretSyncs/types/gitlab-sync";
 export const GitlabSyncDestinationSchema = BaseSecretSyncSchema().merge(
  z.object({
    destination: z.literal(SecretSync.GitLab),
    destinationConfig: z.discriminatedUnion("scope", [
      z.object({
        scope: z.literal(GitLabSyncScope.Project),
        projectId: z.string().trim().min(1, "Project ID required"),
        projectName: z.string().trim().min(1, "Project name required"),
        targetEnvironment: z.string().optional(),
        shouldProtectSecrets: z.boolean().optional().default(false),
        shouldMaskSecrets: z.boolean().optional().default(false),
        shouldHideSecrets: z.boolean().optional().default(false)
      }),
      z.object({
        scope: z.literal(GitLabSyncScope.Group),
        targetEnvironment: z.string().optional(),
        groupId: z.string().trim().min(1, "Group ID required"),
        groupName: z.string().trim().min(1, "Group name required"),
        shouldProtectSecrets: z.boolean().optional().default(false),
        shouldMaskSecrets: z.boolean().optional().default(false),
        shouldHideSecrets: z.boolean().optional().default(false)
      })
    ])
  })
 );
--- a/frontend/src/components/secret-syncs/forms/schemas/secret-sync-schema.ts
+++ b/frontend/src/components/secret-syncs/forms/schemas/secret-sync-schema.ts
@@ -12,7 +12,6 @@ import { DatabricksSyncDestinationSchema } from "./databricks-sync-destination-s
 import { FlyioSyncDestinationSchema } from "./flyio-sync-destination-schema";
 import { GcpSyncDestinationSchema } from "./gcp-sync-destination-schema";
 import { GitHubSyncDestinationSchema } from "./github-sync-destination-schema";
 import { GitlabSyncDestinationSchema } from "./gitlab-sync-destination-schema";
 import { HCVaultSyncDestinationSchema } from "./hc-vault-sync-destination-schema";
 import { HerokuSyncDestinationSchema } from "./heroku-sync-destination-schema";
 import { HumanitecSyncDestinationSchema } from "./humanitec-sync-destination-schema";
@@ -44,7 +43,6 @@ const SecretSyncUnionSchema = z.discriminatedUnion("destination", [
  HerokuSyncDestinationSchema,
  RenderSyncDestinationSchema,
  FlyioSyncDestinationSchema,
  GitlabSyncDestinationSchema,
  CloudflarePagesSyncDestinationSchema
 ]);
--- a/frontend/src/components/v2/Tooltip/Tooltip.tsx
+++ b/frontend/src/components/v2/Tooltip/Tooltip.tsx
@@ -1,5 +1,6 @@
 import { ReactNode } from "react";
 import * as TooltipPrimitive from "@radix-ui/react-tooltip";
 import { TooltipProps as RootProps } from "@radix-ui/react-tooltip";
 import { twMerge } from "tailwind-merge";
 export type TooltipProps = Omit<TooltipPrimitive.TooltipContentProps, "open" | "content"> & {
@@ -14,6 +15,7 @@ export type TooltipProps = Omit<TooltipPrimitive.TooltipContentProps, "open" | "
  isDisabled?: boolean;
  center?: boolean;
  size?: "sm" | "md";
  rootProps?: RootProps;
 };
 export const Tooltip = ({
@@ -28,12 +30,14 @@ export const Tooltip = ({
  isDisabled,
  position = "top",
  size = "md",
  rootProps,
  ...props
 }: TooltipProps) =>
  // just render children if tooltip content is empty
  content ? (
    <TooltipPrimitive.Root
      delayDuration={50}
      {...rootProps}
      open={isOpen}
      defaultOpen={defaultOpen}
      onOpenChange={onOpenChange}
--- a/frontend/src/helpers/appConnections.ts
+++ b/frontend/src/helpers/appConnections.ts
@@ -24,7 +24,6 @@ import {
  GcpConnectionMethod,
  GitHubConnectionMethod,
  GitHubRadarConnectionMethod,
  GitLabConnectionMethod,
  HCVaultConnectionMethod,
  HumanitecConnectionMethod,
  LdapConnectionMethod,
@@ -87,7 +86,6 @@ export const APP_CONNECTION_MAP: Record<
  [AppConnection.Heroku]: { name: "Heroku", image: "Heroku.png" },
  [AppConnection.Render]: { name: "Render", image: "Render.png" },
  [AppConnection.Flyio]: { name: "Fly.io", image: "Flyio.svg" },
  [AppConnection.Gitlab]: { name: "GitLab", image: "GitLab.png" },
  [AppConnection.Cloudflare]: { name: "Cloudflare", image: "Cloudflare.png" }
 };
@@ -102,7 +100,6 @@ export const getAppConnectionMethodDetails = (method: TAppConnection["method"])
    case AzureDevOpsConnectionMethod.OAuth:
    case GitHubConnectionMethod.OAuth:
    case HerokuConnectionMethod.OAuth:
    case GitLabConnectionMethod.OAuth:
      return { name: "OAuth", icon: faPassport };
    case AwsConnectionMethod.AccessKey:
    case OCIConnectionMethod.AccessKey:
--- a/frontend/src/helpers/secretSyncs.ts
+++ b/frontend/src/helpers/secretSyncs.ts
@@ -74,10 +74,6 @@ export const SECRET_SYNC_MAP: Record<SecretSync, { name: string; image: string }
    name: "Fly.io",
    image: "Flyio.svg"
  },
  [SecretSync.GitLab]: {
    name: "GitLab",
    image: "GitLab.png"
  },
  [SecretSync.CloudflarePages]: {
    name: "Cloudflare Pages",
    image: "Cloudflare.png"
@@ -105,7 +101,6 @@ export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
  [SecretSync.Heroku]: AppConnection.Heroku,
  [SecretSync.Render]: AppConnection.Render,
  [SecretSync.Flyio]: AppConnection.Flyio,
  [SecretSync.GitLab]: AppConnection.Gitlab,
  [SecretSync.CloudflarePages]: AppConnection.Cloudflare
 };
--- a/frontend/src/hooks/api/appConnections/enums.ts
+++ b/frontend/src/hooks/api/appConnections/enums.ts
@@ -26,6 +26,5 @@ export enum AppConnection {
  Heroku = "heroku",
  Render = "render",
  Flyio = "flyio",
  Gitlab = "gitlab",
  Cloudflare = "cloudflare"
 }
--- a/frontend/src/hooks/api/appConnections/gitlab/index.ts
+++ b/frontend/src/hooks/api/appConnections/gitlab/index.ts
@@ -1,2 +0,0 @@
 export * from "./queries";
 export * from "./types";
--- a/frontend/src/hooks/api/appConnections/gitlab/queries.tsx
+++ b/frontend/src/hooks/api/appConnections/gitlab/queries.tsx
@@ -1,64 +0,0 @@
 import { useQuery, UseQueryOptions } from "@tanstack/react-query";
 import { apiRequest } from "@app/config/request";
 import { appConnectionKeys } from "../queries";
 import { TGitLabGroup, TGitLabProject } from "./types";
 const gitlabConnectionKeys = {
  all: [...appConnectionKeys.all, "gitlab"] as const,
  listProjects: (connectionId: string) =>
    [...gitlabConnectionKeys.all, "projects", connectionId] as const,
  listGroups: (connectionId: string) =>
    [...gitlabConnectionKeys.all, "groups", connectionId] as const
 };
 export const useGitlabConnectionListProjects = (
  connectionId: string,
  options?: Omit<
    UseQueryOptions<
      TGitLabProject[],
      unknown,
      TGitLabProject[],
      ReturnType<typeof gitlabConnectionKeys.listProjects>
    >,
    "queryKey" | "queryFn"
  >
 ) => {
  return useQuery({
    queryKey: gitlabConnectionKeys.listProjects(connectionId),
    queryFn: async () => {
      const { data } = await apiRequest.get<TGitLabProject[]>(
        `/api/v1/app-connections/gitlab/${connectionId}/projects`
      );
      return data;
    },
    ...options
  });
 };
 export const useGitlabConnectionListGroups = (
  connectionId: string,
  options?: Omit<
    UseQueryOptions<
      TGitLabGroup[],
      unknown,
      TGitLabGroup[],
      ReturnType<typeof gitlabConnectionKeys.listGroups>
    >,
    "queryKey" | "queryFn"
  >
 ) => {
  return useQuery({
    queryKey: gitlabConnectionKeys.listGroups(connectionId),
    queryFn: async () => {
      const { data } = await apiRequest.get<TGitLabGroup[]>(
        `/api/v1/app-connections/gitlab/${connectionId}/groups`
      );
      return data;
    },
    ...options
  });
 };
--- a/frontend/src/hooks/api/appConnections/gitlab/types.ts
+++ b/frontend/src/hooks/api/appConnections/gitlab/types.ts
@@ -1,14 +0,0 @@
 export type TGitLabProject = {
  id: string;
  name: string;
 };
 export type TGitLabGroup = {
  id: string;
  name: string;
 };
 export enum GitLabAccessTokenType {
  Personal = "personal",
  Project = "project"
 }
--- a/frontend/src/hooks/api/appConnections/types/app-options.ts
+++ b/frontend/src/hooks/api/appConnections/types/app-options.ts
@@ -123,11 +123,6 @@ export type TFlyioConnectionOption = TAppConnectionOptionBase & {
  app: AppConnection.Flyio;
 };
 export type TGitlabConnectionOption = TAppConnectionOptionBase & {
  app: AppConnection.Gitlab;
  oauthClientId?: string;
 };
 export type TCloudflareConnectionOption = TAppConnectionOptionBase & {
  app: AppConnection.Cloudflare;
 };
@@ -158,7 +153,6 @@ export type TAppConnectionOption =
  | THerokuConnectionOption
  | TRenderConnectionOption
  | TFlyioConnectionOption
  | TGitlabConnectionOption
  | TCloudflareConnectionOption;
 export type TAppConnectionOptionMap = {
@@ -189,6 +183,5 @@ export type TAppConnectionOptionMap = {
  [AppConnection.Heroku]: THerokuConnectionOption;
  [AppConnection.Render]: TRenderConnectionOption;
  [AppConnection.Flyio]: TFlyioConnectionOption;
  [AppConnection.Gitlab]: TGitlabConnectionOption;
  [AppConnection.Cloudflare]: TCloudflareConnectionOption;
 };
--- a/frontend/src/hooks/api/appConnections/types/gitlab-connection.ts
+++ b/frontend/src/hooks/api/appConnections/types/gitlab-connection.ts
@@ -1,27 +0,0 @@
 import { AppConnection } from "@app/hooks/api/appConnections/enums";
 import { TRootAppConnection } from "@app/hooks/api/appConnections/types/root-connection";
 import { GitLabAccessTokenType } from "../gitlab";
 export enum GitLabConnectionMethod {
  AccessToken = "access-token",
  OAuth = "oauth"
 }
 export type TGitLabConnection = TRootAppConnection & { app: AppConnection.Gitlab } & (
    | {
        method: GitLabConnectionMethod.AccessToken;
        credentials: {
          instanceUrl?: string;
          accessToken: string;
          accessTokenType: GitLabAccessTokenType;
        };
      }
    | {
        method: GitLabConnectionMethod.OAuth;
        credentials: {
          code: string;
          instanceUrl?: string;
        };
      }
  );
--- a/frontend/src/hooks/api/appConnections/types/index.ts
+++ b/frontend/src/hooks/api/appConnections/types/index.ts
@@ -14,7 +14,6 @@ import { TFlyioConnection } from "./flyio-connection";
 import { TGcpConnection } from "./gcp-connection";
 import { TGitHubConnection } from "./github-connection";
 import { TGitHubRadarConnection } from "./github-radar-connection";
 import { TGitLabConnection } from "./gitlab-connection";
 import { THCVaultConnection } from "./hc-vault-connection";
 import { THerokuConnection } from "./heroku-connection";
 import { THumanitecConnection } from "./humanitec-connection";
@@ -38,13 +37,11 @@ export * from "./azure-client-secrets-connection";
 export * from "./azure-devops-connection";
 export * from "./azure-key-vault-connection";
 export * from "./camunda-connection";
 export * from "./cloudflare-connection";
 export * from "./databricks-connection";
 export * from "./flyio-connection";
 export * from "./gcp-connection";
 export * from "./github-connection";
 export * from "./github-radar-connection";
 export * from "./gitlab-connection";
 export * from "./hc-vault-connection";
 export * from "./heroku-connection";
 export * from "./humanitec-connection";
@@ -59,6 +56,7 @@ export * from "./teamcity-connection";
 export * from "./terraform-cloud-connection";
 export * from "./vercel-connection";
 export * from "./windmill-connection";
 export * from "./cloudflare-connection";
 export type TAppConnection =
  | TAwsConnection
@@ -88,7 +86,6 @@ export type TAppConnection =
  | THerokuConnection
  | TRenderConnection
  | TFlyioConnection
  | TGitLabConnection
  | TCloudflareConnection;
 export type TAvailableAppConnection = Pick<TAppConnection, "name" | "id">;
@@ -144,6 +141,5 @@ export type TAppConnectionMap = {
  [AppConnection.Heroku]: THerokuConnection;
  [AppConnection.Render]: TRenderConnection;
  [AppConnection.Flyio]: TFlyioConnection;
  [AppConnection.Gitlab]: TGitLabConnection;
  [AppConnection.Cloudflare]: TCloudflareConnection;
 };
--- a/frontend/src/hooks/api/secretSyncs/enums.ts
+++ b/frontend/src/hooks/api/secretSyncs/enums.ts
@@ -19,7 +19,6 @@ export enum SecretSync {
  Heroku = "heroku",
  Render = "render",
  Flyio = "flyio",
  GitLab = "gitlab",
  CloudflarePages = "cloudflare-pages"
 }
--- a/frontend/src/hooks/api/secretSyncs/types/gitlab-sync.ts
+++ b/frontend/src/hooks/api/secretSyncs/types/gitlab-sync.ts
@@ -1,36 +0,0 @@
 import { AppConnection } from "@app/hooks/api/appConnections/enums";
 import { SecretSync } from "@app/hooks/api/secretSyncs";
 import { TRootSecretSync } from "@app/hooks/api/secretSyncs/types/root-sync";
 export enum GitLabSyncScope {
  Project = "project",
  Group = "group"
 }
 export type TGitLabSync = TRootSecretSync & {
  destination: SecretSync.GitLab;
  destinationConfig:
    | {
        scope: GitLabSyncScope.Project;
        projectId: string;
        projectName: string;
        targetEnvironment?: string;
        shouldProtectSecrets?: boolean;
        shouldMaskSecrets?: boolean;
        shouldHideSecrets?: boolean;
      }
    | {
        scope: GitLabSyncScope.Group;
        groupId: string;
        groupName: string;
        targetEnvironment?: string;
        shouldProtectSecrets?: boolean;
        shouldMaskSecrets?: boolean;
        shouldHideSecrets?: boolean;
      };
  connection: {
    app: AppConnection.Gitlab;
    name: string;
    id: string;
  };
 };
--- a/frontend/src/hooks/api/secretSyncs/types/index.ts
+++ b/frontend/src/hooks/api/secretSyncs/types/index.ts
@@ -14,7 +14,6 @@ import { TDatabricksSync } from "./databricks-sync";
 import { TFlyioSync } from "./flyio-sync";
 import { TGcpSync } from "./gcp-sync";
 import { TGitHubSync } from "./github-sync";
 import { TGitLabSync } from "./gitlab-sync";
 import { THCVaultSync } from "./hc-vault-sync";
 import { THerokuSync } from "./heroku-sync";
 import { THumanitecSync } from "./humanitec-sync";
@@ -52,7 +51,6 @@ export type TSecretSync =
  | THerokuSync
  | TRenderSync
  | TFlyioSync
  | TGitLabSync
  | TCloudflarePagesSync;
 export type TListSecretSyncs = { secretSyncs: TSecretSync[] };
--- a/frontend/src/pages/organization/AppConnections/AppConnectionsPage/components/AppConnectionForm/AppConnectionForm.tsx
+++ b/frontend/src/pages/organization/AppConnections/AppConnectionsPage/components/AppConnectionForm/AppConnectionForm.tsx
@@ -23,7 +23,6 @@ import { FlyioConnectionForm } from "./FlyioConnectionForm";
 import { GcpConnectionForm } from "./GcpConnectionForm";
 import { GitHubConnectionForm } from "./GitHubConnectionForm";
 import { GitHubRadarConnectionForm } from "./GitHubRadarConnectionForm";
 import { GitLabConnectionForm } from "./GitLabConnectionForm";
 import { HCVaultConnectionForm } from "./HCVaultConnectionForm";
 import { HerokuConnectionForm } from "./HerokuAppConnectionForm";
 import { HumanitecConnectionForm } from "./HumanitecConnectionForm";
@@ -130,8 +129,6 @@ const CreateForm = ({ app, onComplete }: CreateFormProps) => {
      return <RenderConnectionForm onSubmit={onSubmit} />;
    case AppConnection.Flyio:
      return <FlyioConnectionForm onSubmit={onSubmit} />;
    case AppConnection.Gitlab:
      return <GitLabConnectionForm onSubmit={onSubmit} />;
    case AppConnection.Cloudflare:
      return <CloudflareConnectionForm onSubmit={onSubmit} />;
    default:
@@ -224,8 +221,6 @@ const UpdateForm = ({ appConnection, onComplete }: UpdateFormProps) => {
      return <RenderConnectionForm onSubmit={onSubmit} appConnection={appConnection} />;
    case AppConnection.Flyio:
      return <FlyioConnectionForm onSubmit={onSubmit} appConnection={appConnection} />;
    case AppConnection.Gitlab:
      return <GitLabConnectionForm onSubmit={onSubmit} appConnection={appConnection} />;
    case AppConnection.Cloudflare:
      return <CloudflareConnectionForm onSubmit={onSubmit} appConnection={appConnection} />;
    default:
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Scott Wilson	e8d19eb823	improvement: disable tooltip hover content for env name tooltip	2025-06-26 09:12:11 -07:00
Scott Wilson	5d30215ea7	improvement: increase env tooltip max width and adjust alignment	2025-06-26 07:56:47 -07:00
Scott Wilson	86c145301e	improvement: add collapsed environment view to secret overview page and minor ui adjustments	2025-06-25 16:49:34 -07:00
		`@@ -1,2 +0,0 @@`
			`export * from "./queries";`
			`export * from "./types";`