increase chart version

add owner reference
throw bad request when max uses reached
2025-03-15 19:33:32 +00:00 · 2023-12-18 19:20:17 -05:00 · 2023-12-18 19:17:25 -05:00 · 2023-12-15 15:40:20 -05:00 · 2023-12-14 15:19:39 -05:00 · 2023-12-14 15:17:14 -05:00
113 changed files with 4533 additions and 2005 deletions
--- a/backend/spec.json
+++ b/backend/spec.json
--- a/backend/src/controllers/v1/universalAuthController.ts
+++ b/backend/src/controllers/v1/universalAuthController.ts
@ -60,6 +60,52 @@ const packageUniversalAuthClientSecretData = (identityUniversalAuthClientSecret:
 * @param res 
 */
 export const renewAccessToken = async (req: Request, res: Response) => {
+    /*
+        #swagger.summary = 'Renew access token'
+        #swagger.description = 'Renew access token'
+        
+        #swagger.requestBody = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "accessToken": {
+                                "type": "string",
+                                "description": "Access token to renew",
+                                "example": "..."
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        #swagger.responses[200] = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "accessToken": {
+                                "type": "string",
+                                "description": "(Same) Access token after successful renewal"
+                            },
+                            "expiresIn": {
+                                "type": "number",
+                                "description": "TTL of access token in seconds"
+                            },
+                            "tokenType": {
+                                "type": "string",
+                                "description": "Type of access token (e.g. Bearer)"
+                            }
+                        },
+                        "description": "Access token and its details"
+                    }
+                }
+            }
+        }
+    */
    const {
        body: {
            accessToken
@ -83,9 +129,14 @@ export const renewAccessToken = async (req: Request, res: Response) => {
        accessTokenTTL,
        accessTokenLastRenewedAt,
        accessTokenMaxTTL,
-        createdAt: accessTokenCreatedAt
+        createdAt: accessTokenCreatedAt,
+        accessTokenNumUses,
+        accessTokenNumUsesLimit
    } = identityAccessToken;

+    if (accessTokenNumUses >= accessTokenNumUsesLimit) {
+        throw BadRequestError({ message: "Unable to renew because access token number of uses limit reached" })
+    }

    // ttl check
    if (accessTokenTTL > 0) {
@ -150,6 +201,57 @@ export const renewAccessToken = async (req: Request, res: Response) => {
 * @param res 
 */
 export const loginIdentityUniversalAuth = async (req: Request, res: Response) => {
+    /*
+        #swagger.summary = 'Login with Universal Auth'
+        #swagger.description = 'Login with Universal Auth'
+        
+        #swagger.requestBody = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "clientId": {
+                                "type": "string",
+                                "description": "Client ID for identity to login with Universal Auth",
+                                "example": "..."
+                            },
+                            "clientSecret": {
+                                "type": "string",
+                                "description": "Client Secret for identity to login with Universal Auth",
+                                "example": "..."
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        #swagger.responses[200] = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "accessToken": {
+                                "type": "string",
+                                "description": "Access token issued after successful login"
+                            },
+                            "expiresIn": {
+                                "type": "number",
+                                "description": "TTL of access token in seconds"
+                            },
+                            "tokenType": {
+                                "type": "string",
+                                "description": "Type of access token (e.g. Bearer)"
+                            }
+                        },
+                        "description": "Access token and its details"
+                    }
+                }
+            }
+        }
+    */
    const {
        body: {
            clientId,
@ -303,7 +405,105 @@ export const loginIdentityUniversalAuth = async (req: Request, res: Response) =>
    });
 }

-export const addIdentityUniversalAuth = async (req: Request, res: Response) => {
+/**
+ * Attach identity universal auth method onto identity with id [identityId]
+ * @param req 
+ * @param res 
+ */
+export const attachIdentityUniversalAuth = async (req: Request, res: Response) => {
+    /*
+        #swagger.summary = 'Attach Universal Auth configuration onto identity'
+        #swagger.description = 'Attach Universal Auth configuration onto identity'
+
+        #swagger.security = [{
+            "bearerAuth": []
+        }]
+        
+        #swagger.parameters['identityId'] = {
+            "description": "ID of identity to attach Universal Auth onto",
+            "required": true,
+            "type": "string",
+            "in": "path"
+        }
+        
+        #swagger.requestBody = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "clientSecretTrustedIps": {
+                                type: "array",
+                                items: {
+                                    type: "object",
+                                    "properties": {
+                                        "ipAddress": {
+                                            type: "string",
+                                            description: "IP address to trust",
+                                            default: "0.0.0.0/0"
+                                        }
+                                    }
+                                },
+                                "description": "List of IPs or CIDR ranges that the Client Secret can be used from together with the Client ID to get back an access token. By default, Client Secrets are given the 0.0.0.0/0 entry representing all possible IPv4 addresses.",
+                                "example": "...",
+                                "default": [{ ipAddress: "0.0.0.0/0" }]
+                            },
+                            "accessTokenTTL": {
+                                "type": "number",
+                                "description": "The incremental lifetime for an acccess token in seconds; a value of 0 implies an infinite incremental lifetime.",
+                                "example": "...",
+                                "default": 100
+                            },
+                            "accessTokenMaxTTL": {
+                                "type": "number",
+                                "description": "The maximum lifetime for an acccess token in seconds; a value of 0 implies an infinite maximum lifetime.",
+                                "example": "...",
+                                "default": 2592000
+                            },
+                            "accessTokenNumUsesLimit": {
+                                "type": "number",
+                                "description": "The maximum number of times that an access token can be used; a value of 0 implies infinite number of uses.",
+                                "example": "...",
+                                "default": 0
+                            },
+                            "accessTokenTrustedIps": {
+                                type: "array",
+                                items: {
+                                    type: "object",
+                                    "properties": {
+                                        "ipAddress": {
+                                            type: "string",
+                                            description: "IP address to trust",
+                                            default: "0.0.0.0/0"
+                                        }
+                                    }
+                                },
+                                "description": "List of IPs or CIDR ranges that access tokens can be used from. By default, each token is given the 0.0.0.0/0 entry representing all possible IPv4 addresses.",
+                                "example": "...",
+                                "default": [{ ipAddress: "0.0.0.0/0" }]
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        #swagger.responses[200] = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "identityUniversalAuth": {
+                                $ref: '#/definitions/IdentityUniversalAuth'
+                            }
+                        },
+                        "description": "Details of attached Universal Auth"
+                    }
+                }
+            }
+        }
+    */
    const {
        params: { identityId },
        body: {
@ -414,7 +614,98 @@ export const addIdentityUniversalAuth = async (req: Request, res: Response) => {
    });
 }

+/**
+ * Update identity universal auth method on identity with id [identityId]
+ * @param req 
+ * @param res 
+ */
 export const updateIdentityUniversalAuth = async (req: Request, res: Response) => {
+    /*
+        #swagger.summary = 'Update Universal Auth configuration on identity'
+        #swagger.description = 'Update Universal Auth configuration on identity'
+
+        #swagger.security = [{
+            "bearerAuth": []
+        }]
+        
+        #swagger.parameters['identityId'] = {
+            "description": "ID of identity to update Universal Auth on",
+            "required": true,
+            "type": "string",
+            "in": "path"
+        }
+        
+        #swagger.requestBody = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "clientSecretTrustedIps": {
+                                type: "array",
+                                items: {
+                                    type: "object",
+                                    "properties": {
+                                        "ipAddress": {
+                                            type: "string",
+                                            description: "IP address to trust"
+                                        }
+                                    }
+                                },
+                                "description": "List of IPs or CIDR ranges that the Client Secret can be used from together with the Client ID to get back an access token. By default, Client Secrets are given the 0.0.0.0/0 entry representing all possible IPv4 addresses.",
+                                "example": "...",
+                            },
+                            "accessTokenTTL": {
+                                "type": "number",
+                                "description": "The incremental lifetime for an acccess token in seconds; a value of 0 implies an infinite incremental lifetime.",
+                                "example": "...",
+                            },
+                            "accessTokenMaxTTL": {
+                                "type": "number",
+                                "description": "The maximum lifetime for an acccess token in seconds; a value of 0 implies an infinite maximum lifetime.",
+                                "example": "...",
+                            },
+                            "accessTokenNumUsesLimit": {
+                                "type": "number",
+                                "description": "The maximum number of times that an access token can be used; a value of 0 implies infinite number of uses.",
+                                "example": "...",
+                            },
+                            "accessTokenTrustedIps": {
+                                type: "array",
+                                items: {
+                                    type: "object",
+                                    "properties": {
+                                        "ipAddress": {
+                                            type: "string",
+                                            description: "IP address to trust"
+                                        }
+                                    }
+                                },
+                                "description": "List of IPs or CIDR ranges that access tokens can be used from. By default, each token is given the 0.0.0.0/0 entry representing all possible IPv4 addresses.",
+                                "example": "...",
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        #swagger.responses[200] = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "identityUniversalAuth": {
+                                $ref: '#/definitions/IdentityUniversalAuth'
+                            }
+                        },
+                        "description": "Details of updated Universal Auth"
+                    }
+                }
+            }
+        }
+    */
    const {
        params: { identityId },
        body: {
@ -526,7 +817,43 @@ export const updateIdentityUniversalAuth = async (req: Request, res: Response) =
    });
 }

+/**
+ * Return identity universal auth method on identity with id [identityId]
+ * @param req 
+ * @param res 
+ */
 export const getIdentityUniversalAuth = async (req: Request, res: Response) => {
+    /*
+        #swagger.summary = 'Retrieve Universal Auth configuration on identity'
+        #swagger.description = 'Retrieve Universal Auth configuration on identity'
+
+        #swagger.security = [{
+            "bearerAuth": []
+        }]
+        
+        #swagger.parameters['identityId'] = {
+            "description": "ID of identity to retrieve Universal Auth on",
+            "required": true,
+            "type": "string",
+            "in": "path"
+        }
+
+        #swagger.responses[200] = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "identityUniversalAuth": {
+                                $ref: '#/definitions/IdentityUniversalAuth'
+                            }
+                        },
+                        "description": "Details of retrieved Universal Auth"
+                    }
+                }
+            }
+        }
+    */
    const {
        params: { identityId }
    } = await validateRequest(reqValidator.GetUniversalAuthForIdentityV1, req);
@ -577,7 +904,77 @@ export const getIdentityUniversalAuth = async (req: Request, res: Response) => {
    });
 }

+
+/**
+ * Create client secret for identity universal auth method on identity with id [identityId]
+ * @param req 
+ * @param res 
+ */
 export const createUniversalAuthClientSecret = async (req: Request, res: Response) => {
+    /*
+        #swagger.summary = 'Create Universal Auth Client Secret for identity'
+        #swagger.description = 'Create Universal Auth Client Secret for identity'
+
+        #swagger.security = [{
+            "bearerAuth": []
+        }]
+        
+        #swagger.parameters['identityId'] = {
+            "description": "ID of identity to create Universal Auth Client Secret for",
+            "required": true,
+            "type": "string",
+            "in": "path"
+        }
+        
+        #swagger.requestBody = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "description": {
+                                "type": "string",
+                                "description": "A description for the Client Secret to create.",
+                                "example": "..."
+                            },
+                            "ttl": {
+                                "type": "number",
+                                "description": "The time-to-live for the Client Secret to create. By default, the TTL will be set to 0 which implies that the Client Secret will never expire; a value of 0 implies an infinite lifetime.",
+                                "example": "...",
+                                "default": 0
+                            },
+                            "numUsesLimit": {
+                                "type": "number",
+                                "description": "The maximum number of times that the Client Secret can be used together with the Client ID to get back an access token; a value of 0 implies infinite number of uses.",
+                                "example": "...",
+                                "default": 0
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        #swagger.responses[200] = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "clientSecret": {
+                                "type": "string",
+                                "description": "The created Client Secret"
+                            },
+                            "clientSecretData": {
+                                $ref: '#/definitions/IdentityUniversalAuthClientSecretData'
+                            }
+                        },
+                        "description": "Details of the created Client Secret"
+                    }
+                }
+            }
+        }
+    */
    const {
        params: { identityId },
        body: {
@ -660,7 +1057,46 @@ export const createUniversalAuthClientSecret = async (req: Request, res: Respons
    });
 }

-export const getUniversalAuthClientSecrets = async (req: Request, res: Response) => {
+/**
+ * Return list of client secret details for identity universal auth method on identity with id [identityId]
+ * @param req 
+ * @param res 
+ */
+export const getUniversalAuthClientSecretsDetails = async (req: Request, res: Response) => {
+    /*
+        #swagger.summary = 'List Universal Auth Client Secrets for identity'
+        #swagger.description = 'List Universal Auth Client Secrets for identity'
+
+        #swagger.security = [{
+            "bearerAuth": []
+        }]
+        
+        #swagger.parameters['identityId'] = {
+            "description": "ID of identity for which to get Client Secrets for",
+            "required": true,
+            "type": "string",
+            "in": "path"
+        }
+
+        #swagger.responses[200] = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "clientSecretData": {
+                                type: "array",
+                                items: {
+                                    $ref: '#/definitions/IdentityUniversalAuthClientSecretData'
+                                }
+                            }
+                        },
+                        "description": "Details of the Client Secrets"
+                    }
+                }
+            }
+        }
+    */
    const {
        params: { identityId }
    } = await validateRequest(reqValidator.GetUniversalAuthClientSecretsV1, req);
@ -720,7 +1156,50 @@ export const getUniversalAuthClientSecrets = async (req: Request, res: Response)
    });
 }

+/**
+ * Revoke client secret for identity universal auth method on identity with id [identityId]
+ * @param req 
+ * @param res 
+ */
 export const revokeUniversalAuthClientSecret = async (req: Request, res: Response) => {
+    /*
+        #swagger.summary = 'Revoke Universal Auth Client Secret for identity'
+        #swagger.description = 'Revoke Universal Auth Client Secret for identity'
+
+        #swagger.security = [{
+            "bearerAuth": []
+        }]
+        
+        #swagger.parameters['identityId'] = {
+            "description": "ID of identity under which Client Secret was issued for",
+            "required": true,
+            "type": "string",
+            "in": "path"
+        }
+
+        #swagger.parameters['clientSecretId'] = {
+            "description": "ID of Client Secret to revoke",
+            "required": true,
+            "type": "string",
+            "in": "path"
+        }
+
+        #swagger.responses[200] = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "clientSecretData": {
+                                $ref: '#/definitions/IdentityUniversalAuthClientSecretData'
+                            }
+                        },
+                        "description": "Details of the revoked Client Secret"
+                    }
+                }
+            }
+        }
+    */
    const {
        params: { identityId, clientSecretId }
    } = await validateRequest(reqValidator.RevokeUniversalAuthClientSecretV1, req);
--- a/backend/src/controllers/v2/organizationsController.ts
+++ b/backend/src/controllers/v2/organizationsController.ts
@ -33,11 +33,12 @@ import { ForbiddenError } from "@casl/ability";
 */
 export const getOrganizationMemberships = async (req: Request, res: Response) => {
  /* 
-    #swagger.summary = 'Return organization memberships'
-    #swagger.description = 'Return organization memberships'
+    #swagger.summary = 'Return organization user memberships'
+    #swagger.description = 'Return organization user memberships'
    
    #swagger.security = [{
-        "apiKeyAuth": []
+        "apiKeyAuth": [],
+        "bearerAuth": []
    }]

 	#swagger.parameters['organizationId'] = {
@ -94,11 +95,12 @@ export const getOrganizationMemberships = async (req: Request, res: Response) =>
 */
 export const updateOrganizationMembership = async (req: Request, res: Response) => {
  /* 
-    #swagger.summary = 'Update organization membership'
-    #swagger.description = 'Update organization membership'
+    #swagger.summary = 'Update organization user membership'
+    #swagger.description = 'Update organization user membership'
    
    #swagger.security = [{
-        "apiKeyAuth": []
+        "apiKeyAuth": [],
+        "bearerAuth": []
    }]

 	#swagger.parameters['organizationId'] = {
@ -214,11 +216,12 @@ export const updateOrganizationMembership = async (req: Request, res: Response)
 */
 export const deleteOrganizationMembership = async (req: Request, res: Response) => {
  /* 
-    #swagger.summary = 'Delete organization membership'
-    #swagger.description = 'Delete organization membership'
+    #swagger.summary = 'Delete organization user membership'
+    #swagger.description = 'Delete organization user membership'
    
    #swagger.security = [{
-        "apiKeyAuth": []
+        "apiKeyAuth": [],
+        "bearerAuth": []
    }]

 	#swagger.parameters['organizationId'] = {
@ -425,6 +428,40 @@ export const deleteOrganizationById = async (req: Request, res: Response) => {
 * @returns 
 */
 export const getOrganizationIdentityMemberships = async (req: Request, res: Response) => {
+   /*
+    #swagger.summary = 'Return organization identity memberships'
+    #swagger.description = 'Return organization identity memberships'
+
+    #swagger.security = [{
+        "bearerAuth": []
+    }]
+    
+    #swagger.parameters['organizationId'] = {
+        "description": "ID of organization",
+        "required": true,
+        "type": "string",
+        "in": "path"
+    }
+
+    #swagger.responses[200] = {
+        content: {
+            "application/json": {
+              "schema": { 
+                "type": "object",
+                "properties": {
+                  "identityMemberships": {
+                    "type": "array",
+                    "items": {
+                      $ref: "#/components/schemas/IdentityMembershipOrg" 
+                    },
+                    "description": "Identity memberships of organization"
+                  }
+                }
+              }
+            }           
+        }
+    }
+  */
  const {
    params: { organizationId }
  } = await validateRequest(reqValidator.GetOrgIdentityMembershipsV2, req);
--- a/backend/src/controllers/v2/workspaceController.ts
+++ b/backend/src/controllers/v2/workspaceController.ts
@ -249,11 +249,12 @@ export const getWorkspaceServiceTokenData = async (req: Request, res: Response)
 */
 export const getWorkspaceMemberships = async (req: Request, res: Response) => {
  /* 
-    #swagger.summary = 'Return project memberships'
-    #swagger.description = 'Return project memberships'
+    #swagger.summary = 'Return project user memberships'
+    #swagger.description = 'Return project user memberships'
    
    #swagger.security = [{
-        "apiKeyAuth": []
+        "apiKeyAuth": [],
+        "bearerAuth": []
    }]

  #swagger.parameters['workspaceId'] = {
@ -312,11 +313,12 @@ export const getWorkspaceMemberships = async (req: Request, res: Response) => {
 */
 export const updateWorkspaceMembership = async (req: Request, res: Response) => {
  /* 
-    #swagger.summary = 'Update project membership'
-    #swagger.description = 'Update project membership'
+    #swagger.summary = 'Update project user membership'
+    #swagger.description = 'Update project user membership'
    
    #swagger.security = [{
-        "apiKeyAuth": []
+        "apiKeyAuth": [],
+        "bearerAuth": []
    }]

  #swagger.parameters['workspaceId'] = {
@ -340,7 +342,7 @@ export const updateWorkspaceMembership = async (req: Request, res: Response) =>
            "properties": {
                "role": {
                    "type": "string",
-                    "description": "Role of membership - either admin or member",
+                    "description": "Role to update to for project membership",
                }
            }
          }
@ -402,11 +404,12 @@ export const updateWorkspaceMembership = async (req: Request, res: Response) =>
 */
 export const deleteWorkspaceMembership = async (req: Request, res: Response) => {
  /* 
-    #swagger.summary = 'Delete project membership'
-    #swagger.description = 'Delete project membership'
+    #swagger.summary = 'Delete project user membership'
+    #swagger.description = 'Delete project user membership'
    
    #swagger.security = [{
-        "apiKeyAuth": []
+        "apiKeyAuth": [],
+        "bearerAuth": []
    }]

  #swagger.parameters['workspaceId'] = {
@ -594,7 +597,60 @@ export const addIdentityToWorkspace = async (req: Request, res: Response) => {
 * @param req 
 * @param res 
 */
-export const updateIdentityWorkspaceRole = async (req: Request, res: Response) => {
+ export const updateIdentityWorkspaceRole = async (req: Request, res: Response) => {
+   /* 
+    #swagger.summary = 'Update project identity membership'
+    #swagger.description = 'Update project identity membership'
+    
+    #swagger.security = [{
+        "bearerAuth": []
+    }]
+
+	#swagger.parameters['workspaceId'] = {
+		"description": "ID of project",
+		"required": true,
+		"type": "string"
+	} 
+
+	#swagger.parameters['identityId'] = {
+		"description": "ID of identity whose membership to update in project",
+		"required": true,
+		"type": "string"
+	} 
+
+	#swagger.requestBody = {
+      "required": true,
+      "content": {
+        "application/json": {
+          "schema": {
+            "type": "object",
+            "properties": {
+                "role": {
+                    "type": "string",
+                    "description": "Role to update to for identity project membership",
+                }
+            }
+          }
+        }
+      }
+    }
+
+    #swagger.responses[200] = {
+        content: {
+          "application/json": {
+            "schema": { 
+              "type": "object",
+              "properties": {
+                "identityMembership": {
+                  $ref: "#/components/schemas/IdentityMembership",
+                  "description": "Updated identity membership"
+                }
+              }
+            }
+          }           
+        }
+    }   
+    */
  const {
    params: { workspaceId, identityId },
    body: {
@ -676,12 +732,48 @@ export const updateIdentityWorkspaceRole = async (req: Request, res: Response) =
 }

 /**
- * Delete identity with id [identityId] to workspace
+ * Delete identity with id [identityId] from workspace
 * with id [workspaceId]
 * @param req 
 * @param res 
 */
-export const deleteIdentityFromWorkspace = async (req: Request, res: Response) => {
+ export const deleteIdentityFromWorkspace = async (req: Request, res: Response) => {
+   /* 
+    #swagger.summary = 'Delete project identity membership'
+    #swagger.description = 'Delete project identity membership'
+    
+    #swagger.security = [{
+        "bearerAuth": []
+    }]
+
+	#swagger.parameters['workspaceId'] = {
+		"description": "ID of project",
+		"required": true,
+		"type": "string"
+	} 
+
+	#swagger.parameters['identityId'] = {
+		"description": "ID of identity whose membership to delete in project",
+		"required": true,
+		"type": "string"
+	} 
+
+    #swagger.responses[200] = {
+        content: {
+          "application/json": {
+            "schema": { 
+              "type": "object",
+              "properties": {
+                "identityMembership": {
+                  $ref: "#/components/schemas/IdentityMembership",
+                  "description": "Deleted identity membership"
+                }
+              }
+            }
+          }           
+        }
+    }   
+    */
  const {
    params: { workspaceId, identityId }
  } = await validateRequest(reqValidator.DeleteIdentityFromWorkspaceV2, req);
@ -732,7 +824,41 @@ export const deleteIdentityFromWorkspace = async (req: Request, res: Response) =
 * @param res 
 * @returns 
 */
-export const getWorkspaceIdentityMemberships = async (req: Request, res: Response) => {
+ export const getWorkspaceIdentityMemberships = async (req: Request, res: Response) => {
+   /*
+    #swagger.summary = 'Return project identity memberships'
+    #swagger.description = 'Return project identity memberships'
+
+    #swagger.security = [{
+        "bearerAuth": []
+    }]
+    
+    #swagger.parameters['workspaceId'] = {
+        "description": "ID of project",
+        "required": true,
+        "type": "string",
+        "in": "path"
+    }
+
+    #swagger.responses[200] = {
+        content: {
+            "application/json": {
+              "schema": { 
+                "type": "object",
+                "properties": {
+                  "identityMemberships": {
+                    "type": "array",
+                    "items": {
+                      $ref: "#/components/schemas/IdentityMembership" 
+                    },
+                    "description": "Identity memberships of project"
+                  }
+                }
+              }
+            }           
+        }
+    }
+  */
  const {
    params: { workspaceId }
  } = await validateRequest(reqValidator.GetWorkspaceIdentityMembersV2, req);
--- a/backend/src/ee/controllers/v1/identitiesController.ts
+++ b/backend/src/ee/controllers/v1/identitiesController.ts
@ -42,6 +42,58 @@ import { ForbiddenError } from "@casl/ability";
 * @returns 
 */
 export const createIdentity = async (req: Request, res: Response) => {
+    /*
+        #swagger.summary = 'Create identity'
+        #swagger.description = 'Create identity'
+
+        #swagger.security = [{
+            "bearerAuth": []
+        }]
+        
+        #swagger.requestBody = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "name": {
+                                "type": "string",
+                                "description": "Name of entity to create",
+                                "example": "development"
+                            },
+                            "organizationId": {
+                                "type": "string",
+                                "description": "ID of organization where to create identity",
+                                "example": "dev-environment"
+                            },
+                            "role": {
+                                "type": "string",
+                                "description": "Role to assume for organization membership",
+                                "example": "no-access"
+                            }
+                        },
+                        "required": ["name", "organizationId", "role"]
+                    }
+                }
+            }
+        }
+
+        #swagger.responses[200] = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "identity": {
+                                $ref: '#/definitions/Identity'
+                            }
+                        },
+                        "description": "Details of the created identity"
+                    }
+                }
+            }
+        }
+    */
    const {
        body: {
            name,
@ -120,6 +172,59 @@ export const createIdentity = async (req: Request, res: Response) => {
 * @returns 
 */
 export const updateIdentity = async (req: Request, res: Response) => {
+    /*
+        #swagger.summary = 'Update identity'
+        #swagger.description = 'Update identity'
+
+        #swagger.security = [{
+            "bearerAuth": []
+        }]
+
+        #swagger.parameters['identityId'] = {
+            "description": "ID of identity to update",
+            "required": true,
+            "type": "string",
+            "in": "path"
+        }
+        
+        #swagger.requestBody = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "name": {
+                                "type": "string",
+                                "description": "Name of entity to update to",
+                                "example": "development"
+                            },
+                            "role": {
+                                "type": "string",
+                                "description": "Role to update to for organization membership",
+                                "example": "no-access"
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        #swagger.responses[200] = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "identity": {
+                                $ref: '#/definitions/Identity'
+                            }
+                        },
+                        "description": "Details of the updated identity"
+                    }
+                }
+            }
+        }
+    */
    const {
        params: { identityId  },
        body: {
@ -242,6 +347,37 @@ export const createIdentity = async (req: Request, res: Response) => {
 * @returns 
 */
 export const deleteIdentity = async (req: Request, res: Response) => {
+     /*
+        #swagger.summary = 'Delete identity'
+        #swagger.description = 'Delete identity'
+
+        #swagger.security = [{
+            "bearerAuth": []
+        }]
+
+        #swagger.parameters['identityId'] = {
+            "description": "ID of identity",
+            "required": true,
+            "type": "string",
+            "in": "path"
+        }
+
+        #swagger.responses[200] = {
+            content: {
+                "application/json": {
+                    "schema": {
+                        "type": "object",
+                        "properties": {
+                            "identity": {
+                                $ref: '#/definitions/Identity'
+                            }
+                        },
+                        "description": "Details of the deleted identity"
+                    }
+                }
+            }
+        }
+    */
    const {
        params: { identityId }
    } = await validateRequest(reqValidator.DeleteIdentityV1, req);
--- a/backend/src/ee/controllers/v1/workspaceController.ts
+++ b/backend/src/ee/controllers/v1/workspaceController.ts
@ -62,15 +62,30 @@ export const getWorkspaceSecretSnapshots = async (req: Request, res: Response) =
    #swagger.description = 'Return project secret snapshots ids'
    
    #swagger.security = [{
-        "apiKeyAuth": []
+        "apiKeyAuth": [],
+        "bearerAuth": []
    }]

 	#swagger.parameters['workspaceId'] = {
-		"description": "ID of project",
+		"description": "ID of project where to get secret snapshots for",
 		"required": true,
 		"type": "string"
 	} 

+	#swagger.parameters['environment'] = {
+      "description": "Slug of environment where to get secret snapshots for",
+      "required": true,
+      "type": "string",
+      "in": "query"
+  }
+
+  #swagger.parameters['directory'] = {
+      "description": "Path where to get secret snapshots for like / or /foo/bar. Default is /",
+      "required": false,
+      "type": "string",
+      "in": "query"
+  }
+
 	#swagger.parameters['offset'] = {
 		"description": "Number of secret snapshots to skip",
 		"required": false,
@ -195,11 +210,12 @@ export const rollbackWorkspaceSecretSnapshot = async (req: Request, res: Respons
    #swagger.description = 'Roll back project secrets to those captured in a secret snapshot version.'
    
    #swagger.security = [{
-        "apiKeyAuth": []
+        "apiKeyAuth": [],
+        "bearerAuth": []
    }]

 	#swagger.parameters['workspaceId'] = {
-		"description": "ID of project",
+		"description": "ID of project where to roll back",
 		"required": true,
 		"type": "string"
 	} 
@ -211,6 +227,14 @@ export const rollbackWorkspaceSecretSnapshot = async (req: Request, res: Respons
          "schema": {
            "type": "object",
            "properties": {
+                "environment": {
+                  "type": "string",
+                  "description": "Slug of environment where to roll back"
+                },
+                "directory": {
+                  "type": "string",
+                  "description": "Path where to roll back for like / or /foo/bar. Default is /"
+                },
                "version": {
                    "type": "integer",
                    "description": "Version of secret snapshot to roll back to",
--- a/backend/src/ee/routes/v1/workspace.ts
+++ b/backend/src/ee/routes/v1/workspace.ts
@ -7,7 +7,7 @@ import { workspaceController } from "../../controllers/v1";
 router.get(
  "/:workspaceId/secret-snapshots",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  workspaceController.getWorkspaceSecretSnapshots
 );
@ -23,7 +23,7 @@ router.get(
 router.post(
  "/:workspaceId/secret-snapshots/rollback",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  workspaceController.rollbackWorkspaceSecretSnapshot
 );
@ -31,7 +31,7 @@ router.post(
 router.get(
  "/:workspaceId/audit-logs",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  workspaceController.getWorkspaceAuditLogs
 );
--- a/backend/src/helpers/bot.ts
+++ b/backend/src/helpers/bot.ts
@ -13,7 +13,7 @@ import {
  SECRET_SHARED
 } from "../variables";
 import { client, getEncryptionKey, getRootEncryptionKey } from "../config";
-import { InternalServerError } from "../utils/errors";
+import { BotNotFoundError, InternalServerError } from "../utils/errors";
 import { Folder } from "../models";
 import { getFolderByPath } from "../services/FolderService";
 import { getAllImportedSecrets } from "../services/SecretImportService";
@ -223,7 +223,7 @@ export const getKey = async ({ workspaceId }: { workspaceId: Types.ObjectId }) =
    workspace: workspaceId
  }).populate<{ sender: IUser }>("sender", "publicKey");

-  if (!botKey) throw new Error("Failed to find bot key");
+  if (!botKey) throw BotNotFoundError({ message: `getKey: Failed to find bot key for [workspaceId=${workspaceId}]` })

  const bot = await Bot.findOne({
    workspace: workspaceId
--- a/backend/src/routes/v1/secretImps.ts
+++ b/backend/src/routes/v1/secretImps.ts
@ -7,7 +7,7 @@ import { AuthMode } from "../../variables";
 router.post(
  "/",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  secretImpsController.createSecretImp
 );
@ -15,7 +15,7 @@ router.post(
 router.put(
  "/:id",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  secretImpsController.updateSecretImport
 );
@ -23,7 +23,7 @@ router.put(
 router.delete(
  "/:id",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  secretImpsController.deleteSecretImport
 );
@ -31,7 +31,7 @@ router.delete(
 router.get(
  "/",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  secretImpsController.getSecretImports
 );
--- a/backend/src/routes/v1/secretsFolder.ts
+++ b/backend/src/routes/v1/secretsFolder.ts
@ -12,7 +12,7 @@ import { AuthMode } from "../../variables";
 router.post(
  "/",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  createFolder
 );
@ -20,7 +20,7 @@ router.post(
 router.patch(
  "/:folderName",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  updateFolderById
 );
@ -28,7 +28,7 @@ router.patch(
 router.delete(
  "/:folderName",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  deleteFolder
 );
@ -36,7 +36,7 @@ router.delete(
 router.get(
  "/",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.SERVICE_TOKEN, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  getFolders
 );
--- a/backend/src/routes/v1/universalAuth.ts
+++ b/backend/src/routes/v1/universalAuth.ts
@ -18,15 +18,15 @@ router.post(
 router.post(
    "/universal-auth/identities/:identityId",
    requireAuth({
-    acceptedAuthModes: [AuthMode.JWT]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]
    }),
-    universalAuthController.addIdentityUniversalAuth
+    universalAuthController.attachIdentityUniversalAuth
 );

 router.patch(
    "/universal-auth/identities/:identityId",
    requireAuth({
-    acceptedAuthModes: [AuthMode.JWT]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]
    }),
    universalAuthController.updateIdentityUniversalAuth
 );
@ -34,7 +34,7 @@ router.patch(
 router.get(
    "/universal-auth/identities/:identityId",
    requireAuth({
-    acceptedAuthModes: [AuthMode.JWT]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]
    }),
    universalAuthController.getIdentityUniversalAuth
 );
@ -42,7 +42,7 @@ router.get(
 router.post(
    "/universal-auth/identities/:identityId/client-secrets",
    requireAuth({
-    acceptedAuthModes: [AuthMode.JWT]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]
    }),
    universalAuthController.createUniversalAuthClientSecret
 );
@ -50,15 +50,15 @@ router.post(
 router.get(
    "/universal-auth/identities/:identityId/client-secrets",
    requireAuth({
-    acceptedAuthModes: [AuthMode.JWT]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]
    }),
-    universalAuthController.getUniversalAuthClientSecrets
+    universalAuthController.getUniversalAuthClientSecretsDetails
 );

 router.post(
    "/universal-auth/identities/:identityId/client-secrets/:clientSecretId/revoke",
    requireAuth({
-    acceptedAuthModes: [AuthMode.JWT]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]
    }),
    universalAuthController.revokeUniversalAuthClientSecret
 );
--- a/backend/src/routes/v2/environment.ts
+++ b/backend/src/routes/v2/environment.ts
@ -7,7 +7,7 @@ import { AuthMode } from "../../variables";
 router.post(
  "/:workspaceId/environments",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  environmentController.createWorkspaceEnvironment
 );
@ -15,7 +15,7 @@ router.post(
 router.put(
  "/:workspaceId/environments",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  environmentController.renameWorkspaceEnvironment
 );
@ -23,7 +23,7 @@ router.put(
 router.patch(
  "/:workspaceId/environments",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  environmentController.reorderWorkspaceEnvironments
 );
@ -31,7 +31,7 @@ router.patch(
 router.delete(
  "/:workspaceId/environments",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  environmentController.deleteWorkspaceEnvironment
 );
--- a/backend/src/routes/v2/organizations.ts
+++ b/backend/src/routes/v2/organizations.ts
@ -9,7 +9,7 @@ import { organizationsController } from "../../controllers/v2";
 router.get(
  "/:organizationId/memberships",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  organizationsController.getOrganizationMemberships
 );
@ -17,7 +17,7 @@ router.get(
 router.patch(
  "/:organizationId/memberships/:membershipId",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  organizationsController.updateOrganizationMembership
 );
@ -25,7 +25,7 @@ router.patch(
 router.delete(
  "/:organizationId/memberships/:membershipId",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  organizationsController.deleteOrganizationMembership
 );
@ -33,7 +33,7 @@ router.delete(
 router.get(
  "/:organizationId/workspaces",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  organizationsController.getOrganizationWorkspaces
 );
--- a/backend/src/routes/v2/workspace.ts
+++ b/backend/src/routes/v2/workspace.ts
@ -62,7 +62,7 @@ router.get(
  // new - TODO: rewire dashboard to this route
  "/:workspaceId/memberships",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  workspaceController.getWorkspaceMemberships
 );
@ -71,7 +71,7 @@ router.patch(
  // TODO - rewire dashboard to this route
  "/:workspaceId/memberships/:membershipId",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  workspaceController.updateWorkspaceMembership
 );
@ -80,7 +80,7 @@ router.delete(
  // TODO - rewire dashboard to this route
  "/:workspaceId/memberships/:membershipId",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  workspaceController.deleteWorkspaceMembership
 );
@ -96,7 +96,7 @@ router.patch(
 router.post(
  "/:workspaceId/identity-memberships/:identityId",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  workspaceController.addIdentityToWorkspace
 );
@ -104,7 +104,7 @@ router.post(
 router.patch(
  "/:workspaceId/identity-memberships/:identityId",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  workspaceController.updateIdentityWorkspaceRole
 );
@ -112,7 +112,7 @@ router.patch(
 router.delete(
  "/:workspaceId/identity-memberships/:identityId",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT, AuthMode.API_KEY]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  workspaceController.deleteIdentityFromWorkspace
 );
@ -120,7 +120,7 @@ router.delete(
 router.get(
  "/:workspaceId/identity-memberships",
  requireAuth({
-    acceptedAuthModes: [AuthMode.JWT]
+    acceptedAuthModes: [AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]
  }),
  workspaceController.getWorkspaceIdentityMemberships
 );
--- a/backend/src/services/TelemetryService.ts
+++ b/backend/src/services/TelemetryService.ts
@ -8,12 +8,12 @@ import {
  getTelemetryEnabled,
 } from "../config";
 import {
+  Identity,
  ServiceTokenData,
-  User,
+  User
 } from "../models";
 import {
  AccountNotFoundError,
-  BadRequestError,
 } from "../utils/errors";

 class Telemetry {
@ -22,7 +22,7 @@ class Telemetry {
   */
  static logTelemetryMessage = async () => {

-    if(!(await getTelemetryEnabled())){
+    if (!(await getTelemetryEnabled())) {
      [
        "To improve, Infisical collects telemetry data about general usage.",
        "This helps us understand how the product is doing and guide our product development to create the best possible platform; it also helps us demonstrate growth as we support Infisical as open-source software.",
@ -42,8 +42,8 @@ class Telemetry {
      postHogClient = new PostHog(await getPostHogProjectApiKey(), {
        host: await getPostHogHost(),
      });
-    } 
-    
+    }
+
    return postHogClient;
  }

@ -52,6 +52,7 @@ class Telemetry {
  }: {
    authData: AuthData;
  }) => {
+
    let distinctId = "";
    if (authData.authPayload instanceof User) {
      distinctId = authData.authPayload.email;
@ -59,14 +60,14 @@ class Telemetry {
      if (authData.authPayload.user) {
        const user = await User.findById(authData.authPayload.user, "email");
        if (!user) throw AccountNotFoundError();
-        distinctId = user.email; 
+        distinctId = user.email;
      }
+    } else if (authData.authPayload instanceof Identity) {
+      distinctId = `identity-${authData.authPayload._id.toString()}`
+    } else {
+      distinctId = "unknown-auth-data"
    }
-    
-    if (distinctId === "") throw BadRequestError({
-      message: "Failed to obtain distinct id for logging telemetry",
-    });
-    
+
    return distinctId;
  }
 }
--- a/backend/src/utils/authn/passport/saml.ts
+++ b/backend/src/utils/authn/passport/saml.ts
@ -75,7 +75,7 @@ export const initializeSamlStrategy = async () => {
          const organization = await Organization.findById(req.ssoConfig.organization);
          
          if (!organization) return done(OrganizationNotFoundError());
-    
+          
          const email = profile.email;
          const firstName = profile.firstName;
          const lastName = profile.lastName;
@ -154,6 +154,7 @@ export const initializeSamlStrategy = async () => {
              firstName,
              lastName,
              organizationName: organization?.name,
+              organizationId: organization?._id,
              authMethod: req.ssoConfig.authProvider,
              isUserCompleted,
              ...(req.body.RelayState ? {
--- a/backend/src/validation/auth.ts
+++ b/backend/src/validation/auth.ts
@ -149,7 +149,7 @@ export const UpdateUniversalAuthToIdentityV1 = z.object({
    accessTokenNumUsesLimit: z.number().int().min(0).optional(),
    accessTokenMaxTTL: z.number().int().refine(value => value !== 0, {
      message: "accessTokenMaxTTL must have a non zero number",
-    }).default(2592000),
+    }).optional(),
  }),
 });

--- a/backend/swagger/index.ts
+++ b/backend/swagger/index.ts
@ -30,7 +30,7 @@ const generateOpenAPISpec = async () => {
        type: "http",
        scheme: "bearer",
        bearerFormat: "JWT",
-        description: "A service token in Infisical"
+        description: "An access token in Infisical"
      },
      apiKeyAuth: {
        type: "apiKey",
@ -52,6 +52,41 @@ const generateOpenAPISpec = async () => {
        updatedAt: "2023-01-13T14:16:12.210Z",
        createdAt: "2023-01-13T14:16:12.210Z"
      },
+      Identity: {
+        _id: "",
+        name: "Machine 1",
+        authMethod: "universal-auth"
+      },
+      IdentityUniversalAuth: {
+        _id: "",
+        identity: "",
+        clientId: "...",
+        clientSecretTrustedIps: [{
+          ipAddress: "0.0.0.0",
+          type: "ipv4",
+          prefix: "0"
+        }],
+        accessTokenTTL: 7200,
+        accessTokenMaxTTL: 2592000,
+        accessTokenNumUsesLimit: 0,
+        accessTokenTrustedIps: [{
+          ipAddress: "0.0.0.0",
+          type: "ipv4",
+          prefix: "0"
+        }]
+      },
+      IdentityUniversalAuthClientSecretData: {
+        _id: "",
+        identityUniversalAuth: "",
+        isClientSecretRevoked: false,
+        description: "",
+        clientSecretPrefix: "abc",
+        clientSecretNumUses: 0,
+        clientSecretNumUsesLimit: 0,
+        clientSecretTTL: 0,
+        createdAt: "2023-01-13T14:16:12.210Z",
+        updatedAt: "2023-01-13T14:16:12.210Z"
+      },
      Membership: {
        user: {
          _id: "",
@ -79,6 +114,25 @@ const generateOpenAPISpec = async () => {
        role: "owner",
        status: "accepted"
      },
+      IdentityMembership: {
+        identity: {
+          _id: "",
+          name: "Machine 1",
+          authMethod: "universal-auth"
+        },
+        workspace: "",
+        role: "member"
+      },
+      IdentityMembershipOrg: {
+        identity: {
+          _id: "",
+          name: "Machine 1",
+          authMethod: "universal-auth"
+        },
+        organization: "",
+        role: "member",
+        status: "accepted"
+      },
      Organization: {
        _id: "",
        name: "Acme Corp.",
--- a/cli/packages/api/api.go
+++ b/cli/packages/api/api.go
@ -481,12 +481,12 @@ func CallGetRawSecretsV3(httpClient *resty.Client, request GetRawSecretsV3Reques
 		return GetRawSecretsV3Response{}, fmt.Errorf("CallGetRawSecretsV3: Unable to complete api request [err=%w]", err)
 	}

-	if response.IsError() && strings.Contains(response.String(), "Failed to find bot key") {
+	if response.IsError() && strings.Contains(response.String(), "bot_not_found_error") {
 		return GetRawSecretsV3Response{}, fmt.Errorf("project with id %s is a legacy project type, please navigate to project settings and disable end to end encryption then try again", request.WorkspaceId)
 	}

 	if response.IsError() {
-		return GetRawSecretsV3Response{}, fmt.Errorf("CallUniversalAuthLogin: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
+		return GetRawSecretsV3Response{}, fmt.Errorf("CallGetRawSecretsV3: Unsuccessful response [%v %v] [status-code=%v] [response=%v]", response.Request.Method, response.Request.URL, response.StatusCode(), response.String())
 	}

 	return getRawSecretsV3Response, nil
--- a/cli/packages/cmd/agent.go
+++ b/cli/packages/cmd/agent.go
@ -9,6 +9,7 @@ import (
 	"io/ioutil"
 	"os"
 	"os/signal"
+	"path"
 	"strings"
 	"sync"
 	"syscall"
@ -189,7 +190,9 @@ func ProcessTemplate(templatePath string, data interface{}, accessToken string)
 		"secret": secretFunction,
 	}

-	tmpl, err := template.New(templatePath).Funcs(funcs).ParseFiles(templatePath)
+	templateName := path.Base(templatePath)
+
+	tmpl, err := template.New(templateName).Funcs(funcs).ParseFiles(templatePath)
 	if err != nil {
 		return nil, err
 	}
--- a/docs/api-reference/endpoints/environments/create.mdx
+++ b/docs/api-reference/endpoints/environments/create.mdx
@ -1,4 +1,4 @@
 ---
 title: "Create"
-openapi: "POST /api/v1/workspace/{workspaceId}/environments"
+openapi: "POST /api/v2/workspace/{workspaceId}/environments"
 ---
--- a/docs/api-reference/endpoints/identities/create.mdx
+++ b/docs/api-reference/endpoints/identities/create.mdx
@ -0,0 +1,4 @@
+---
+title: "Create"
+openapi: "POST /api/v1/identities/"
+---
--- a/docs/api-reference/endpoints/identities/delete.mdx
+++ b/docs/api-reference/endpoints/identities/delete.mdx
@ -0,0 +1,4 @@
+---
+title: "Delete"
+openapi: "DELETE /api/v1/identities/{identityId}"
+---
--- a/docs/api-reference/endpoints/identities/update.mdx
+++ b/docs/api-reference/endpoints/identities/update.mdx
@ -0,0 +1,4 @@
+---
+title: "Update"
+openapi: "PATCH /api/v1/identities/{identityId}"
+---
--- a/docs/api-reference/endpoints/organizations/delete-membership.mdx
+++ b/docs/api-reference/endpoints/organizations/delete-membership.mdx
@ -1,4 +1,4 @@
 ---
-title: "Delete Membership"
+title: "Delete User Membership"
 openapi: "DELETE /api/v2/organizations/{organizationId}/memberships/{membershipId}"
 ---
--- a/docs/api-reference/endpoints/organizations/list-identity-memberships.mdx
+++ b/docs/api-reference/endpoints/organizations/list-identity-memberships.mdx
@ -0,0 +1,4 @@
+---
+title: "List Identity Memberships"
+openapi: "GET /api/v2/organizations/{organizationId}/identity-memberships"
+---
--- a/docs/api-reference/endpoints/organizations/memberships.mdx
+++ b/docs/api-reference/endpoints/organizations/memberships.mdx
@ -1,4 +1,4 @@
 ---
-title: "Get Memberships"
+title: "Get User Memberships"
 openapi: "GET /api/v2/organizations/{organizationId}/memberships"
 ---
--- a/docs/api-reference/endpoints/organizations/update-membership.mdx
+++ b/docs/api-reference/endpoints/organizations/update-membership.mdx
@ -1,4 +1,4 @@
 ---
-title: "Update Membership"
+title: "Update User Membership"
 openapi: "PATCH /api/v2/organizations/{organizationId}/memberships/{membershipId}"
 ---
--- a/docs/api-reference/endpoints/organizations/workspaces.mdx
+++ b/docs/api-reference/endpoints/organizations/workspaces.mdx
@ -2,3 +2,9 @@
 title: "Get Projects"
 openapi: "GET /api/v2/organizations/{organizationId}/workspaces"
 ---
+
+<Warning>
+    This endpoint will be deprecated in the near future in Q1/Q2 2024.
+
+    We recommend switching to using [identities](/documentation/platform/identities/overview).
+</Warning>
--- a/docs/api-reference/endpoints/service-tokens/get.mdx
+++ b/docs/api-reference/endpoints/service-tokens/get.mdx
@ -2,3 +2,9 @@
 title: "Get"
 openapi: "GET /api/v2/service-token/"
 ---
+
+<Warning>
+    This endpoint will be deprecated in the near future with the removal of service tokens in Q1/Q2 2024.
+
+    We recommend switching to using [identities](/documentation/platform/identities/overview) if your client supports it.
+</Warning>
--- a/docs/api-reference/endpoints/universal-auth/attach.mdx
+++ b/docs/api-reference/endpoints/universal-auth/attach.mdx
@ -0,0 +1,4 @@
+---
+title: "Attach"
+openapi: "POST /api/v1/auth/universal-auth/identities/{identityId}"
+---
--- a/docs/api-reference/endpoints/universal-auth/create-client-secret.mdx
+++ b/docs/api-reference/endpoints/universal-auth/create-client-secret.mdx
@ -0,0 +1,4 @@
+---
+title: "Create Client Secret"
+openapi: "POST /api/v1/auth/universal-auth/identities/{identityId}/client-secrets"
+---
--- a/docs/api-reference/endpoints/universal-auth/list-client-secrets.mdx
+++ b/docs/api-reference/endpoints/universal-auth/list-client-secrets.mdx
@ -0,0 +1,4 @@
+---
+title: "List Client Secrets"
+openapi: "GET /api/v1/auth/universal-auth/identities/{identityId}/client-secrets"
+---
--- a/docs/api-reference/endpoints/universal-auth/login.mdx
+++ b/docs/api-reference/endpoints/universal-auth/login.mdx
@ -0,0 +1,4 @@
+---
+title: "Login"
+openapi: "POST /api/v1/auth/universal-auth/login"
+---
--- a/docs/api-reference/endpoints/universal-auth/renew-access-token.mdx
+++ b/docs/api-reference/endpoints/universal-auth/renew-access-token.mdx
@ -0,0 +1,4 @@
+---
+title: "Renew Access Token"
+openapi: "POST /api/v1/auth/token/renew"
+---
--- a/docs/api-reference/endpoints/universal-auth/retrieve.mdx
+++ b/docs/api-reference/endpoints/universal-auth/retrieve.mdx
@ -0,0 +1,4 @@
+---
+title: "Retrieve"
+openapi: "GET /api/v1/auth/universal-auth/identities/{identityId}"
+---
--- a/docs/api-reference/endpoints/universal-auth/revoke-client-secret.mdx
+++ b/docs/api-reference/endpoints/universal-auth/revoke-client-secret.mdx
@ -0,0 +1,4 @@
+---
+title: "Revoke Client Secret"
+openapi: "POST /api/v1/auth/universal-auth/identities/{identityId}/client-secrets/{clientSecretId}/revoke"
+---
--- a/docs/api-reference/endpoints/universal-auth/update.mdx
+++ b/docs/api-reference/endpoints/universal-auth/update.mdx
@ -0,0 +1,4 @@
+---
+title: "Update"
+openapi: "PATCH /api/v1/auth/universal-auth/identities/{identityId}"
+---
--- a/docs/api-reference/endpoints/users/me.mdx
+++ b/docs/api-reference/endpoints/users/me.mdx
@ -2,3 +2,9 @@
 title: "Get My User"
 openapi: "GET /api/v2/users/me"
 ---
+
+<Warning>
+    This endpoint will be deprecated in the near future in Q1/Q2 2024.
+
+    We recommend switching to using [identities](/documentation/platform/identities/overview).
+</Warning>
--- a/docs/api-reference/endpoints/users/my-organizations.mdx
+++ b/docs/api-reference/endpoints/users/my-organizations.mdx
@ -2,3 +2,9 @@
 title: "Get My Organizations"
 openapi: "GET /api/v2/users/me/organizations"
 ---
+
+<Warning>
+    This endpoint will be deprecated in the near future in Q1/Q2 2024.
+
+    We recommend switching to using [identities](/documentation/platform/identities/overview).
+</Warning>
--- a/docs/api-reference/endpoints/workspaces/delete-identity-membership.mdx
+++ b/docs/api-reference/endpoints/workspaces/delete-identity-membership.mdx
@ -0,0 +1,4 @@
+---
+title: "Delete Identity Membership"
+openapi: "DELETE /api/v2/workspace/{workspaceId}/identity-memberships/{identityId}"
+---
--- a/docs/api-reference/endpoints/workspaces/delete-membership.mdx
+++ b/docs/api-reference/endpoints/workspaces/delete-membership.mdx
@ -1,4 +1,4 @@
 ---
-title: "Delete Membership"
+title: "Delete User Membership"
 openapi: "DELETE /api/v2/workspace/{workspaceId}/memberships/{membershipId}"
 ---
--- a/docs/api-reference/endpoints/workspaces/list-identity-memberships.mdx
+++ b/docs/api-reference/endpoints/workspaces/list-identity-memberships.mdx
@ -0,0 +1,4 @@
+---
+title: "List Identity Memberships"
+openapi: "GET /api/v2/workspace/{workspaceId}/identity-memberships"
+---
--- a/docs/api-reference/endpoints/workspaces/memberships.mdx
+++ b/docs/api-reference/endpoints/workspaces/memberships.mdx
@ -1,4 +1,4 @@
 ---
-title: "Get Memberships"
+title: "Get User Memberships"
 openapi: "GET /api/v2/workspace/{workspaceId}/memberships"
 ---
--- a/docs/api-reference/endpoints/workspaces/update-identity-membership.mdx
+++ b/docs/api-reference/endpoints/workspaces/update-identity-membership.mdx
@ -0,0 +1,4 @@
+---
+title: "Update Identity Membership"
+openapi: "PATCH /api/v2/workspace/{workspaceId}/identity-memberships/{identityId}"
+---
--- a/docs/api-reference/endpoints/workspaces/update-membership.mdx
+++ b/docs/api-reference/endpoints/workspaces/update-membership.mdx
@ -1,4 +1,4 @@
 ---
-title: "Update Membership"
+title: "Update User Membership"
 openapi: "PATCH /api/v2/workspace/{workspaceId}/memberships/{membershipId}"
 ---
--- a/docs/api-reference/endpoints/workspaces/workspace-key.mdx
+++ b/docs/api-reference/endpoints/workspaces/workspace-key.mdx
@ -2,3 +2,8 @@
 title: "Get Key"
 openapi: "GET /api/v2/workspace/{workspaceId}/encrypted-key"
 ---
+<Warning>
+    This endpoint will be deprecated in the near future in Q1/Q2 2024.
+
+    We recommend using Infisical in non-E2EE mode going forward.
+</Warning>
--- a/docs/api-reference/overview/authentication.mdx
+++ b/docs/api-reference/overview/authentication.mdx
@ -3,29 +3,34 @@ title: "Authentication"
 description: "How to authenticate with the Infisical Public API"
 ---

-The Public API accepts multiple modes of authentication being via [Infisical Token](/documentation/platform/token) or API Key.
+You can authenticate with the Infisical API using [Identities](/documentation/platform/identities/overview) paired with authentication modes such as [Universal Auth](/documentation/platform/identities/universal-auth).

- [Infisical Token](/documentation/platform/token): Provides short-lived, scoped CRUD access to the secrets of a specific project and environment.
- API Key: Provides full access to all endpoints representing the user without ability to encrypt/decrypt secrets for **E2EE** endpoints.
+To interact with the Infisical API, you will need to obtain an access token. Follow the step by [step guide](/documentation/platform/identities/universal-auth) to get an access token via Universal Auth.

-<Tabs>
-    <Tab title="Infisical Token">
-        The Infisical Token mode uses an Infisical Token to authenticate with the API.

-        To authenticate requests with Infisical using the Infisical Token, you must include your Infisical Token in the `Authorization` header of HTTP requests made to the platform with the value `Bearer <infisical_token>`.
+**FAQ**

-        You can obtain an Infisical Token in Project Settings > Service Tokens.
+<AccordionGroup>
+<Accordion title="What happened to the Service Token and API Key authentication modes?">
+    The Service Token and API Key authentication modes are being deprecated out in favor of [Identities](/documentation/platform/identity).
+    We expect to make a deprecation notice in the coming months alongside a larger deprecation initiative planned for Q1/Q2 2024.

-        ![token add](../../images/project-token-add.png)
-    </Tab>
-    <Tab title="API Key">
-        The API key mode uses an API key to authenticate with the API.
-
-        To authenticate requests with Infisical using the API Key, you must include an API key in the `X-API-KEY` header of HTTP requests made to the platform. 
-
-        You can obtain an API key in User Settings > API Keys
-
-        ![API key dashboard](../../images/api-key-dashboard.png)
-        ![API key in personal settings](../../images/api-key-settings.png)
-    </Tab>
-</Tabs>
+    With identities, we're improving significantly over the shortcomings of Service Tokens and API Keys. Amongst many differences, identities provide broader access over the Infisical API, utilizes the same role-based
+    permission system used by users, and comes with ample more configurable security measures.
+</Accordion>
+<Accordion title="Why can I not create, read, update, or delete an identity?">
+  There are a few reasons for why this might happen:
+  
+  - You have insufficient organization permissions to create, read, update, delete identities.
+  - The identity you are trying to read, update, or delete is more privileged than yourself.
+  - The role you are trying to create an identity for or update an identity to is more privileged than yours.
+</Accordion>
+<Accordion title="Why is the Infisical API rejecting my identity credentials?">
+  There are a few reasons for why this might happen:
+  
+  - The client secret or access token has expired.
+  - The identity is insufficently permissioned to interact with the resources you wish to access.
+  - You are attempting to access a `/raw` secrets endpoint that requires your project to disable E2EE.
+  - The client secret/access token is being used from an untrusted IP.
+</Accordion>
+</AccordionGroup>
--- a/docs/api-reference/overview/blind-indices.mdx
+++ b/docs/api-reference/overview/blind-indices.mdx
@ -1,18 +0,0 @@
---
-title: "Blind Indices"
---
-
-In April 2023, we added the capability for users to query for secrets by name to improve the user experience of Infisical. Previously, it was only possible to query by id of the secret or fetch all secrets belonging to a project and environment.
-
-Blind indexing must be enabled for projects created prior to April 2023 to take effect. If your project can be blind indexed, then you'll see a section in your project settings appear as shown below:
-
-![project enable blind indices](../../images/project-settings-blind-indices.png)
-
-
-It works using virtually irreversible blind indices generated by applying `argon2id` to the name of each secret and a random 128-bit salt assigned to each project on the server. We continue to keep the values of secrets E2EE by default. 
-
-You can read more about it [here](/security/mechanics).
-
-<Note>
-    As previously mentioned, all projects made after April 2023 are automatically blind indexed. If you created a project before this date, you have to enable it manually in your project settings.
-</Note>
--- a/docs/api-reference/overview/examples/e2ee-enabled.mdx
+++ b/docs/api-reference/overview/examples/e2ee-enabled.mdx
@ -2,6 +2,10 @@
 title: "E2EE Enabled"
 ---

+<Note>
+    E2EE enabled mode only works with [Service Tokens](/documentation/platform/token) and cannot be used with [Identities](/documentation/platform/identities/overview).
+</Note>
+
 Using Infisical's API to read/write secrets with E2EE enabled allows you to create, update, and retrieve secrets
 but requires you to perform client-side encryption/decryption operations. For this reason, we recommend using one of the available
 SDKs instead.
--- a/docs/api-reference/overview/introduction.mdx
+++ b/docs/api-reference/overview/introduction.mdx
@ -6,8 +6,4 @@ Infisical's Public (REST) API provides users an alternative way to programmatica
 secrets via HTTPS requests. This can be useful for automating tasks, such as
 rotating credentials, or for integrating secret management into a larger system.

-With the Public API, users can create, read, update, and delete secrets, as well as manage access control, query audit logs, and more.
-
-<Warning>
-  In April 2023, we added the capability for users to query for secrets by name to improve the user experience of Infisical. If your project was created prior to April 2023, please read and follow the section on [blind indices](./blind-indices) and how to enable them for better usage of Infisical.
-</Warning>
+With the Public API, you can create, read, update, and delete secrets, as well as manage access control, query audit logs, and more.
--- a/docs/documentation/getting-started/api.mdx
+++ b/docs/documentation/getting-started/api.mdx
@ -2,58 +2,127 @@
 title: "REST API"
 ---

-Infisical's Public (REST) API is the most flexible, platform-agnostic way to read/write secrets for your application.
+Infisical's REST API is the most flexible way to read/write secrets for your application.

-Prerequisites:
+In this brief, we'll explore how to fetch a secret back from a project on [Infisical Cloud](https://app.infisical.com) via the REST API.

- Have a project with secrets ready in [Infisical Cloud](https://app.infisical.com).
- Create an [Infisical Token](/documentation/platform/token) scoped to an environment in your project in Infisical.
+<Steps>
+    <Step title="Create a project with a secret">
+        To create a project, head to your Organization Overview and press **Add New Project**; we'll call the project **Demo App**.
+        ![create project](../../images/getting-started/api/org-create-project-1.png)
+        
+        ![create project](../../images/getting-started/api/org-create-project-2.png)
+        
+        Next, let's head to the **Development** environment of the project and add a secret `FOO=BAR` to it.
+        
+        ![explore project env](../../images/getting-started/api/project-explore-env.png)
+        
+        ![create secret](../../images/getting-started/api/project-create-secret.png)
+        
+        ![project dashboard](../../images/getting-started/api/project-dashboard.png)

-To keep it simple, we're going to fetch secrets from the API with **End-to-End Encryption (E2EE)** disabled.
+        <Note>
+            For this brief, you'll need to disable end-to-end encryption in your Project Settings
+        </Note>
+    </Step>
+    <Step title="Create an identity">
+        Next, we need to create an identity to represent your application. To create one, head to your Organization Settings > Access Control > Machine Identities and press **Create identity**.

-<Note>
-    It's possible to use the API with **E2EE** enabled but this means learning about how encryption works with Infisical and performing client-side encryption/decryption operations yourself.
-    yourself. 
-    
-    If **E2EE** is a must for your team, we recommend either using one of the [Infisical SDKs](/documentation/getting-started/sdks) or checking out the [examples for E2EE](/api-reference/overview/examples/e2ee-disabled).
-</Note>
+        ![identities organization](../../images/platform/identities/identities-org.png)
+        
+        When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+        
+        ![identities organization create](../../images/platform/identities/identities-org-create.png)
+        
+        Once you've created an identity, you'll be prompted to configure the **Universal Auth** authentication method for it.
+        
+        ![identities organization create auth method](../../images/platform/identities/identities-org-create-auth-method.png)

-## Configuration
+    </Step>
+    <Step title="Create a Client Secret">
+        In order to use the identity, you'll need the non-sensitive **Client ID**
+        of the identity and a **Client Secret** for it; you can think of these credentials akin to a username
+        and password used to authenticate with the Infisical API. With that, press on the key icon on the identity to generate a **Client Secret**
+        for it.
+        
+        ![identities client secret create](../../images/platform/identities/identities-org-client-secret.png)
+        ![identities client secret create](../../images/platform/identities/identities-org-client-secret-create-1.png)
+        ![identities client secret create](../../images/platform/identities/identities-org-client-secret-create-2.png)
+    </Step>
+    <Step title="Add the identity to the project">
+        To enable the identity to access your project, we need to add it to the project. To do this, head over to the **Demo App** Project Settings > Access Control > Machine Identities and press **Add identity**.

-Head to your Project Settings, where you created your service token, and un-check the **E2EE** setting.
+        Next, select the identity you want to add to the project and the role you want to assign it.

-## Retrieve Secret
+        ![identities project](../../images/platform/identities/identities-project.png)
+        
+        ![identities project create](../../images/platform/identities/identities-project-create.png)
+    </Step>
+    <Step title="Get an access token for the Infisical API">
+        To access the Infisical API as the identity, you should first perform a login operation
+        that is to exchange the **Client ID** and **Client Secret** of the identity for an access token
+        by making a request to the `/api/v1/auth/universal-auth/login` endpoint.
+        
+        #### Sample request

-Retrieve a secret from the project and environment in Infisical scoped to your service token by making a HTTP request with the following format/details:
+        ```
+        curl --location --request POST 'https://app.infisical.com/api/v1/auth/universal-auth/login' \
+        --header 'Content-Type: application/x-www-form-urlencoded' \
+        --data-urlencode 'clientSecret=<client_secret>' \
+        --data-urlencode 'clientId=<client_id>'
+        ```
+        
+        #### Sample response
+        
+        ```
+        {
+        "accessToken": "...",
+        "expiresIn": 7200,
+        "tokenType": "Bearer"
+        }
+        ```

-```bash
-curl --location --request GET 'https://app.infisical.com/api/v3/secrets/raw/secretName?workspaceId=workspaceId&environment=environment' \
-    --header 'Authorization: Bearer serviceToken'
-```
+        Next, we can use the access token to authenticate with the [Infisical API](/api-reference/overview/introduction) to read/write secrets
+        
+        <Note>
+        Each identity access token has a time-to-live (TLL) which you can infer from the response of the login operation;
+        the default TTL is `7200` seconds which can be adjusted.

-<ParamField path="secretName" type="string" required>
-    Name of secret to retrieve
-</ParamField>
-<ParamField query="workspaceId" type="string" required>
-    The ID of the workspace
-</ParamField>
-<ParamField query="environment" type="string" required>
-    The environment slug
-</ParamField>
-<ParamField query="secretPath" type="string" default="/" optional>
-    Path to secrets in workspace
-</ParamField>
-<ParamField query="type" type="string" optional default="personal">
-    The type of the secret. Valid options are “shared” or “personal”
-</ParamField>
+        If an identity access token expires, it can no longer authenticate with the Infisical API. In this case,
+        a new access token should be obtained from the aforementioned login operation.
+        </Note>
+    </Step>
+    <Step title="Fetch back secret">
+        Finally, you can fetch the secret `FOO=BAR` back from **Step 1** by including the access token in the previous step in another request to the `/api/v3/secrets/raw/{secretName}` endpoint.

-Depending on your application requirements, you may wish to use Infisical's API in different ways such as by retaining **E2EE**
-or fetching multiple secrets at once instead of one at a time.
+        ### Sample request
+        
+        ```
+        curl --location --request GET 'http://localhost:8080/api/v3/secrets/raw/FOO?workspaceId=657830d579cfc8415d06ce5b&environment=dev' \
+            --header 'Authorization: Bearer <access_token>'
+        ```
+        
+        ### Sample response

-Whatever the case, we recommend glossing over the [API Examples](/api-reference/overview/examples/note)
-to gain a deeper understanding of how you to best leverage the Infisical API for your use-case.
+        ```
+        {
+            "secret": {
+                "_id": "6564234b934d634e1fcd6cdf",
+                "version": 1,
+                "workspace": "6564173e934d634e1fcd6950",
+                "type": "shared",
+                "environment": "dev",
+                "secretKey": "FOO2",
+                "secretValue": "BAR2",
+                "secretComment": ""
+            }
+        }
+        ```
+        
+        Note that you can fetch a list of secrets back by making a request to the `/api/v3/secrets/raw` endpoint.
+    </Step>
+</Steps>

 See also:

- Explore the [API Examples](/api-reference/overview/examples/note)
 - [API Reference](/api-reference/overview/introduction)
--- a/docs/documentation/platform/identities/overview.mdx
+++ b/docs/documentation/platform/identities/overview.mdx
@ -0,0 +1,54 @@
+---
+title:  Identities
+description: "Programmatically interact with Infisical"
+---
+
+<Note>
+  Currently, identities can only be used to make authenticated requests to the Infisical API and do not work with any clients such as [Node SDK](https://github.com/Infisical/infisical-node)
+  , [Python SDK](https://github.com/Infisical/infisical-python), CLI, K8s operator, Terraform Provider, etc.
+
+  We will be releasing compatibility with it across clients in the coming quarter.
+</Note>
+
+## Concept
+
+A (machine) identity is an entity that you can create in an Infisical organization to represent a workload or application that requires access to the Infisical API. This is conceptually similar to an IAM user in AWS or service account in Google Cloud Platform (GCP).
+
+Each identity must authenticate with the API using a supported authentication method like [Universal Auth](/documentation/platform/identities/universal-auth) to get back a short-lived access token to be used in subsequent requests.
+
+Key Features:
+
+- Role Assignment: Identities must be assigned [roles](/documentation/platform/role-based-access-controls). These roles determine the scope of access to resources, either at the organization level or project level.
+- Auth/Token Configuration: Identities must be configured with auth methods and access token properties to securely interact with the Infisical API.
+
+## Workflow
+
+A typical workflow for using identities consists of four steps:
+
+1. Creating the identity with a name and [role](/documentation/platform/role-based-access-controls) in Organization Access Control > Machine Identities.
+This step also involves configuring an authentication method for it such as [Universal Auth](/documentation/platform/identities/universal-auth).
+2. Adding the identity to the project(s) you want it to have access to.
+3. Authenticating the identity with the Infisical API based on the configured authentication method on it and receiving a short-lived access token back.
+4. Authenticating subsequent requests with the Infisical API using the short-lived access token.
+
+Check out the following authentication method-specific guides for step-by-step instruction on how to use identities to access Infisical:
+
+- [Universal Auth](/documentation/platform/identities/universal-auth)
+
+**FAQ**
+
+<AccordionGroup>
+<Accordion title="What is the difference between an identity and service token?">
+  A service token is a project-level authentication method that is being phased out in favor of identities.
+  
+  Amongst many differences, identities provide broader access over the Infisical API, utilizes the same role-based
+  permission system used by users, and comes with ample more configurable authentication and security features.
+</Accordion>
+<Accordion title="Why can I not create, read, update, or delete an identity?">
+  There are a few reasons for why this might happen:
+  
+  - You have insufficient organization permissions to create, read, update, delete identities.
+  - The identity you are trying to read, update, or delete is more privileged than yourself.
+  - The role you are trying to create an identity for or update an identity to is more privileged than yours.
+</Accordion>
+</AccordionGroup>
--- a/docs/documentation/platform/identities/universal-auth.mdx
+++ b/docs/documentation/platform/identities/universal-auth.mdx
@ -0,0 +1,140 @@
+---
+title: Universal Auth
+description: "Authenticate with Infisical from any platform/environment"
+---
+
+**Universal Auth** is the most versatile authentication method that can be configured on an identity from any platform/environment to access Infisical.
+
+In this method, each identity is given a **Client ID** for which you can generate one or more **Client Secret(s)**. Together, a **Client ID** and **Client Secret** can be exchanged for an access token to authenticate with the Infisical API.
+
+## Properties
+
+Universal Auth supports many settings that can be beneficial for tightening your workflow security configuration:
+
+- Support for restrictions on the number of times that the **Client Secret(s)** and access token(s) can be used.
+- Support for expiration, so, if specified, the **Client Secret** of the identity will automatically be defunct after a period of time.
+- Support for IP allowlisting; this means you can restrict the usage of **Client Secret(s)** and access token to a specific IP or CIDR range.
+
+## Workflow
+
+In the following steps, we explore how to create and use identities for your workloads and applications to access the Infisical API
+using the Universal Auth authentication method.
+
+<Steps>
+  <Step title="Creating an identity">
+    To create an identity, head to your Organization Settings > Access Control > Machine Identities and press **Create identity**.
+
+    ![identities organization](/images/platform/identities/identities-org.png)
+
+    When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+    
+    ![identities organization create](/images/platform/identities/identities-org-create.png)
+
+    Now input a few details for your new identity. Here's some guidance for each field:
+
+    - Name (required): A friendly name for the identity.
+    - Role (required): A role from the **Organization Roles** tab for the identity to assume. The organization role assigned will determine what organization level resources this identity can have access to.
+    
+    Once you've created an identity, you'll be prompted to configure the **Universal Auth** authentication method for it.
+    
+    ![identities organization create auth method](/images/platform/identities/identities-org-create-auth-method.png)
+    
+    Here's some more guidance on each field:
+
+    - Access Token TTL (default is `2592000` equivalent to 30 days): The lifetime for an acccess token in seconds. This value will be referenced at renewal time.
+    - Access Token Max TTL (default is `2592000`  equivalent to 30 days): The maximum lifetime for an acccess token in seconds. This value will be referenced at renewal time.
+    - Access Token Max Number of Uses (default is `0`): The maximum number of times that an access token can be used; a value of `0` implies infinite number of uses.
+    - Client Secret Trusted IPs: The IPs or CIDR ranges that the **Client Secret** can be used from together with the **Client ID** to get back an access token. By default, **Client Secrets** are given the `0.0.0.0/0`, allowing usage from any network address.
+    - Access Token Trusted IPs: The IPs or CIDR ranges that access tokens can be used from. By default, each token is given the `0.0.0.0/0`, allowing usage from any network address.
+
+    <Warning>
+    Restricting **Client Secret** and access token usage to specific trusted IPs is a paid feature.
+
+    If you’re using Infisical Cloud, then it is available under the Pro Tier. If you’re self-hosting Infisical, then you should contact team@infisical.com to purchase an enterprise license to use it.
+    </Warning>
+
+  </Step>
+  <Step title="Creating a Client Secret">
+    In order to use the identity, you'll need the non-sensitive **Client ID**
+    of the identity and a **Client Secret** for it; you can think of these credentials akin to a username
+    and password used to authenticate with the Infisical API. With that, press on the key icon on the identity to generate a **Client Secret**
+    for it.
+    
+    ![identities client secret create](/images/platform/identities/identities-org-client-secret.png)
+    ![identities client secret create](/images/platform/identities/identities-org-client-secret-create-1.png)
+    ![identities client secret create](/images/platform/identities/identities-org-client-secret-create-2.png)
+    
+    Feel free to input any (optional) details for the **Client Secret** configuration:
+    
+    - Description: A description for the **Client Secret**.
+    - TTL (default is `0`): The time-to-live for the **Client Secret**. By default, the TTL will be set to 0 which implies that the **Client Secret** will never expire; a value of `0` implies an infinite lifetime.
+    - Max Number of Uses (default is `0`): The maximum number of times that the **Client Secret** can be used together with the **Client ID** to get back an access token; a value of `0` implies infinite number of uses.
+  </Step>
+  <Step title="Adding an identity to a project">
+    To enable the identity to access project-level resources such as secrets within a specific project, you should add it to that project.
+
+    To do this, head over to the project you want to add the identity to and go to Project Settings > Access Control > Machine Identities and press **Add identity**.
+
+    Next, select the identity you want to add to the project and the project level role you want to allow it to assume. The project role assigned will determine what project level resources this identity can have access to.
+
+    ![identities project](/images/platform/identities/identities-project.png)
+    
+    ![identities project create](/images/platform/identities/identities-project-create.png)
+  </Step>
+  <Step title="Accessing the Infisical API with the identity">
+    To access the Infisical API as the identity, you should first perform a login operation
+    that is to exchange the **Client ID** and **Client Secret** of the identity for an access token
+    by making a request to the `/api/v1/auth/universal-auth/login` endpoint.
+    
+    #### Sample request
+
+    ```
+    curl --location --request POST 'https://app.infisical.com/api/v1/auth/universal-auth/login' \
+      --header 'Content-Type: application/x-www-form-urlencoded' \
+      --data-urlencode 'clientSecret=...' \
+      --data-urlencode 'clientId=...'
+    ```
+    
+    #### Sample response
+    
+    ```
+    {
+      "accessToken": "...",
+      "expiresIn": 7200,
+      "accessTokenMaxTTL": 43244
+      "tokenType": "Bearer"
+    }
+    ```
+
+    Next, you can use the access token to authenticate with the [Infisical API](/api-reference/overview/introduction)
+    
+    <Note>
+      Each identity access token has a time-to-live (TLL) which you can infer from the response of the login operation;
+      the default TTL is `7200` seconds which can be adjusted.
+
+      If an identity access token expires, it can no longer authenticate with the Infisical API. In this case,
+      a new access token should be obtained by performing another login operation.
+    </Note>
+  </Step>
+</Steps>
+
+**FAQ**
+
+<AccordionGroup>
+<Accordion title="Why is the Infisical API rejecting my identity credentials?">
+  There are a few reasons for why this might happen:
+  
+  - The client secret or access token has expired.
+  - The identity is insufficently permissioned to interact with the resources you wish to access.
+  - You are attempting to access a `/raw` secrets endpoint that requires your project to disable E2EE.
+  - The client secret/access token is being used from an untrusted IP.
+</Accordion>
+<Accordion title="What is access token renewal and TTL/Max TTL?">
+  A identity access token can have a time-to-live (TTL) or incremental lifetime afterwhich it expires.
+  
+  In certain cases, you may want to extend the lifespan of an access token; to do so, you must set a max TTL parameter.
+
+  A token can be renewed any number of time and each call to renew it will extend the toke life by increments of access token TTL. 
+  Regardless of how frequently an access token is renewed, its lifespan remains bound to the maximum TTL determined at its creation
+</Accordion>
+</AccordionGroup>
--- a/docs/documentation/platform/identity.mdx
+++ b/docs/documentation/platform/identity.mdx
@ -1,168 +0,0 @@
---
-title:  Identity
-description: "Programmatically interact with Infisical"
---
-
-A (machine) identity is an entity that you can create in Infisical. 
-Each identity represents a workload that wishes to access the Infisical API via an authentication method; this is similar to an IAM user in AWS or service account in GCP.
-
-An identity can be provisioned scoped access to resources at the organization or project-level via [role-based access controls (RBAC)](/documentation/platform/role-based-access-controls). For instance, you may create a identity with scoped access to
-fetch secrets back from the `/` path of the `development` environment in some project.
-
-<Note>
-  The identity feature is in beta.
-  
-  Currently, an identity can only be used to make authenticated requests to the Infisical API and does not work with any clients such as [Node SDK](https://github.com/Infisical/infisical-node)
-  , [Python SDK](https://github.com/Infisical/infisical-python), CLI, K8s operator, Terraform Provider, etc.
-
-  We will be releasing compatibility with it across clients in the coming quarter.
-</Note>
-
-Each identity can be configured an authentication method. The only supported method at the moment is **Universal Auth (UA)**
-which has the following properties:
-
- In UA, each identity is assigned a **Client ID** for which you can generate one or more **Client Secret(s)**. Together, a **Client ID** and **Client Secret** can be exchanged for an access token (i.e. login operation) to authenticate with the Infisical API.
- UA supports restrictions on the number of times that the **Client Secret(s)** and access token(s) can be used.
- UA supports token renewal that is the ability to extend the lifetime of a token by its TTL up to its maximum TTL since its creation.
- UA supports IP allowlisting; this means you can restrict the usage of **Client Secret(s)** and access token to a specific IP or CIDR range.
- UA support expiration, so, if specified, the client secret of the identity will automatically be defunct after a period of time.
- UA tracks most recent usage of their client secrets and access tokens; it also keeps track of each token's usage count.
-
-## Using identities
-
-In the following steps, we explore how to create and use identities for your applications to access the Infisical API.
-
-<Steps>
-  <Step title="Creating an identity">
-    To create an identity, head to your Organization Settings > Access Control > Machine Identities and press **Create identity**.
-
-    ![machine identities organization](../../images/platform/machine-identity/machine-identity-org.png)
-    
-    ![machine identities organization create](../../images/platform/machine-identity/machine-identity-org-create.png)
-
-    Now input a few details for your new identity. Here's some guidance for each field:
-
-    - Name (required): A friendly name for the identity.
-    - Role (required): A role from the **Organization Roles** tab to permit the identity to access certain resources.
-    
-    Once you've created an identity, you'll be prompted to configure the **Universal Auth** authentication method for it.
-
-    - Access Token TTL (default is `7200`): The incremental lifetime for an acccess token in seconds; a value of `0` implies an infinite incremental lifetime.
-    - Access Token Max TTL (default is `7200`): The maximum lifetime for an acccess token in seconds; a value of `0` implies an infinite maximum lifetime.
-    - Access Token Max Number of Uses (default is `0`): The maximum number of times that an access token can be used; a value of `0` implies infinite number of uses.
-    - Client Secret Trusted IPs: The IPs or CIDR ranges that the **Client Secret** can be used from together with the **Client ID** to get back an access token. By default, **Client Secrets** are given the `0.0.0.0/0` entry representing all possible IPv4 addresses.
-    - Access Token Trusted IPs: The IPs or CIDR ranges that access tokens can be used from. By default, each token is given the `0.0.0.0/0` entry representing all possible IPv4 addresses.
-
-    <Warning>
-    Restricting **Client Secret** and access token usage to specific trusted IPs is a paid feature.
-
-    If you’re using Infisical Cloud, then it is available under the Pro Tier. If you’re self-hosting Infisical, then you should contact team@infisical.com to purchase an enterprise license to use it.
-    </Warning>
-
-  </Step>
-  <Step title="Creating a Client Secret">
-    In order to use the identity, you'll need the non-sensitive **Client ID**
-    of the identity and a **Client Secret** for it; you can think of these credentials akin to a username
-    and password used to authenticate with the Infisical API. With that, press on the key icon on the identity to generate a **Client Secret**
-    for it.
-    
-    ![machine identities client secret create](../../images/platform/machine-identity/machine-identity-org-client-secret.png)
-    ![machine identities client secret create](../../images/platform/machine-identity/machine-identity-org-client-secret-create-1.png)
-    ![machine identities client secret create](../../images/platform/machine-identity/machine-identity-org-client-secret-create-2.png)
-    
-    Feel free to input any (optional) details for the **Client Secret** configuration:
-    
-    - Description: A description for the **Client Secret**.
-    - TTL (default is `0`): The time-to-live for the **Client Secret**. By default, the TTL will be set to 0 which implies that the **Client Secret** will never expire; a value of `0` implies an infinite lifetime.
-    - Max Number of Uses (default is `0`): The maximum number of times that the **Client Secret** can be used together with the **Client ID** to get back an access token; a value of `0` implies infinite number of uses.
-  </Step>
-  <Step title="Adding an identity to a project">
-    To enable the identity to access project-level resources such as secrets within a specific project, you should add it to that project.
-
-    To do this, head over to the project you want to add the identity to and go to Project Settings > Access Control > Machine Identities and press **Add identity**.
-
-    Next, select the identity you want to add to the project and the role you want to assign it.
-
-    ![machine identities project](../../images/platform/machine-identity/machine-identity-project.png)
-    
-    ![machine identities project create](../../images/platform/machine-identity/machine-identity-project-create.png)
-  </Step>
-  <Step title="Accessing the Infisical API with the identity">
-    To access the Infisical API as the identity, you should first perform a login operation
-    that is to exchange the **Client ID** and **Client Secret** of the MI for an access token
-    by making a request to the `/api/v1/auth/universal-auth/login` endpoint.
-    
-    #### Sample request
-
-    ```
-    curl --location --request POST 'https://app.infisical.com/api/v1/auth/universal-auth/login' \
-      --header 'Content-Type: application/x-www-form-urlencoded' \
-      --data-urlencode 'clientSecret=...' \
-      --data-urlencode 'clientId=...'
-    ```
-    
-    #### Sample response
-    
-    ```
-    {
-      "accessToken": "...",
-      "expiresIn": 7200,
-      "tokenType": "Bearer"
-    }
-    ```
-
-    Next, you can use the access token to authenticate with the [Infisical API](/api-reference/overview/introduction)
-    
-    <Note>
-      Each identity access token has a time-to-live (TLL) which you can infer from the response of the login operation;
-      the default TTL is `7200` seconds which can be adjusted.
-
-      If an identity access token expires, it can no longer authenticate with the Infisical API. In this case,
-      a new access token should be obtained from the aforementioned login operation.
-    </Note>
-  </Step>
-</Steps>
-
-**FAQ**
-
-<AccordionGroup>
-<Accordion title="What is the difference between an identity and service token?">
-  A service token is a project-level authentication method that is being phased out in favor of identities.
-  
-  Amongst many differences, identities provide broader access over the Infisical API, utilizes the same role-based
-  permission system used by users, and comes with ample more configurable security measures.
-</Accordion>
-<Accordion title="Why is the Infisical API rejecting my identity credentials?">
-  There are a few reasons for why this might happen:
-  
-  - The client secret or access token has expired.
-  - The identity is insufficently permissioned to interact with the resources you wish to access.
-  - You are attempting to access a `/raw` secrets endpoint that requires your project to disable E2EE.
-  - The client secret/access token is being used from an untrusted IP.
-</Accordion>
-<Accordion title="What is token renewal and TTL/Max TTL?">
-  A identity access token can have a time-to-live (TTL) or incremental lifetime afterwhich it expires.
-  
-  In certain cases, you may want to extend the lifespan of an access token; to do so, you must use the max TTL parameter.
-  When TTL and max TTL are equal, a token is not renewable; when max TTL is greater than TTL, a token is renewable.
-  In the latter case, a token still expires at its TTL but its lifetime can be extended/renewed up until its max TLL.
-  
-  Note that the max TTL cannot be less than the TTL for an access token.
-</Accordion>
-<Accordion title="Why can I not create, read, update, or delete an identity?">
-  There are a few reasons for why this might happen:
-  
-  - You have insufficient organization permissions to create, read, update, delete identities.
-  - The identity you are trying to read, update, or delete is more privileged than yourself.
-  - The role you are trying to create an identity for or update an identity to is more privileged than yours.
-</Accordion>
-<Accordion title="Can you provide examples for using glob patterns?">
-  1. `/**`: This pattern matches all folders at any depth in the directory structure. For example, it would match folders like `/folder1/`, `/folder1/subfolder/`, and so on.
-
-  2. `/*`: This pattern matches all immediate subfolders in the current directory. It does not match any folders at a deeper level. For example, it would match folders like `/folder1/`, `/folder2/`, but not `/folder1/subfolder/`.
-
-  3. `/*/*`: This pattern matches all subfolders at a depth of two levels in the current directory. It does not match any folders at a shallower or deeper level. For example, it would match folders like `/folder1/subfolder/`, `/folder2/subfolder/`, but not `/folder1/` or `/folder1/subfolder/subsubfolder/`.
-
-  4. `/folder1/*`: This pattern matches all immediate subfolders within the `/folder1/` directory. It does not match any folders outside of `/folder1/`, nor does it match any subfolders within those immediate subfolders. For example, it would match folders like `/folder1/subfolder1/`, `/folder1/subfolder2/`, but not `/folder2/subfolder/`.
-</Accordion>
-</AccordionGroup>
--- a/docs/images/getting-started/api/org-create-project-1.png
+++ b/docs/images/getting-started/api/org-create-project-1.png
--- a/docs/images/getting-started/api/org-create-project-2.png
+++ b/docs/images/getting-started/api/org-create-project-2.png
--- a/docs/images/getting-started/api/project-create-secret.png
+++ b/docs/images/getting-started/api/project-create-secret.png
--- a/docs/images/getting-started/api/project-dashboard.png
+++ b/docs/images/getting-started/api/project-dashboard.png
--- a/docs/images/getting-started/api/project-explore-env.png
+++ b/docs/images/getting-started/api/project-explore-env.png
--- a/docs/images/platform/identities/identities-org-client-secret-create-1.png
+++ b/docs/images/platform/identities/identities-org-client-secret-create-1.png
--- a/docs/images/platform/identities/identities-org-client-secret-create-2.png
+++ b/docs/images/platform/identities/identities-org-client-secret-create-2.png
--- a/docs/images/platform/identities/identities-org-client-secret.png
+++ b/docs/images/platform/identities/identities-org-client-secret.png
--- a/docs/images/platform/identities/identities-org-create-auth-method.png
+++ b/docs/images/platform/identities/identities-org-create-auth-method.png
--- a/docs/images/platform/identities/identities-org-create.png
+++ b/docs/images/platform/identities/identities-org-create.png
--- a/docs/images/platform/identities/identities-org.png
+++ b/docs/images/platform/identities/identities-org.png
--- a/docs/images/platform/identities/identities-project-create.png
+++ b/docs/images/platform/identities/identities-project-create.png
--- a/docs/images/platform/identities/identities-project.png
+++ b/docs/images/platform/identities/identities-project.png
--- a/docs/images/platform/machine-identity/machine-identity-org-client-secret-create-1.png
+++ b/docs/images/platform/machine-identity/machine-identity-org-client-secret-create-1.png
--- a/docs/images/platform/machine-identity/machine-identity-org-client-secret-create-2.png
+++ b/docs/images/platform/machine-identity/machine-identity-org-client-secret-create-2.png
--- a/docs/images/platform/machine-identity/machine-identity-org-client-secret.png
+++ b/docs/images/platform/machine-identity/machine-identity-org-client-secret.png
--- a/docs/images/platform/machine-identity/machine-identity-org-create.png
+++ b/docs/images/platform/machine-identity/machine-identity-org-create.png
--- a/docs/images/platform/machine-identity/machine-identity-org.png
+++ b/docs/images/platform/machine-identity/machine-identity-org.png
--- a/docs/images/platform/machine-identity/machine-identity-project-create.png
+++ b/docs/images/platform/machine-identity/machine-identity-project-create.png
--- a/docs/images/platform/machine-identity/machine-identity-project.png
+++ b/docs/images/platform/machine-identity/machine-identity-project.png
--- a/docs/infisical-agent/overview.mdx
+++ b/docs/infisical-agent/overview.mdx
@ -56,7 +56,9 @@ While specifying an authentication method is mandatory to start the agent, confi
 ## Quick start Infisical Agent
 To install the Infisical agent, you must first install the [Infisical CLI](../cli/overview) in the desired environment where you'd like the agent to run. This is because the Infisical agent is a sub-command of the Infisical CLI.

-Once you have the CLI installed, you will need to create a agent configuration file in yaml. 
+Once you have the CLI installed, you will need to provision programmatic access for the agent via [Universal Auth](/documentation/platform/identities/universal-auth). To obtain a **Client ID** and a **Client Secret**, follow the step by step guide outlined [here](/documentation/platform/identities/universal-auth).
+
+Next, create agent config file as shown below.

 ```yaml example-agent-config-file.yaml
 infisical:
--- a/docs/integrations/cicd/bitbucket.mdx
+++ b/docs/integrations/cicd/bitbucket.mdx
@ -7,25 +7,26 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Bitbucket">
+    Navigate to your project's integrations tab in Infisical.

-![integrations](../../images/integrations.png)
+    ![integrations](../../images/integrations.png)

-## Authorize Infisical for Bitbucket
+    Press on the Bitbucket tile and grant Infisical access to your Bitbucket account.

-Press on the Bitbucket tile and grant Infisical access to your Bitbucket account.
+    ![integrations bitbucket authorization](../../images/integrations/bitbucket/integrations-bitbucket-auth.png)

-![integrations bitbucket authorization](../../images/integrations/bitbucket/integrations-bitbucket-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Bitbucket repo and press start integration to start syncing secrets to the repo.

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Bitbucket repo and press start integration to start syncing secrets to the repo.
-
-![integrations bitbucket](../../images/integrations/bitbucket/integrations-bitbucket.png)
+    ![integrations bitbucket](../../images/integrations/bitbucket/integrations-bitbucket.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cicd/circleci.mdx
+++ b/docs/integrations/cicd/circleci.mdx
@ -7,30 +7,31 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for CircleCI">
+    Obtain an API token in User Settings > Personal API Tokens

-![integrations](../../images/integrations.png)
+    ![integrations circleci token](../../images/integrations/circleci/integrations-circleci-token.png)

-## Authorize Infisical for CircleCI
+    Navigate to your project's integrations tab in Infisical.

-Obtain an API token in User Settings > Personal API Tokens
+    ![integrations](../../images/integrations.png)

-![integrations circleci token](../../images/integrations/circleci/integrations-circleci-token.png)
+    Press on the CircleCI tile and input your CircleCI API token to grant Infisical access to your CircleCI account.

-Press on the CircleCI tile and input your CircleCI API token to grant Infisical access to your CircleCI account.
+    ![integrations circleci authorization](../../images/integrations/circleci/integrations-circleci-auth.png)

-![integrations circleci authorization](../../images/integrations/circleci/integrations-circleci-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which CircleCI project and press create integration to start syncing secrets to CircleCI.

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which CircleCI project and press create integration to start syncing secrets to CircleCI.
-
-![create integration circleci](../../images/integrations/circleci/integrations-circleci-create.png)
-![integrations circleci](../../images/integrations/circleci/integrations-circleci.png)
+    ![create integration circleci](../../images/integrations/circleci/integrations-circleci-create.png)
+    ![integrations circleci](../../images/integrations/circleci/integrations-circleci.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cicd/codefresh.mdx
+++ b/docs/integrations/cicd/codefresh.mdx
@ -7,31 +7,32 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Codefresh">
+    Obtain an API key in User Settings > API Keys

-![integrations](../../images/integrations.png)
+    ![integrations codefresh dashboard](../../images/integrations/codefresh/integrations-codefresh-dashboard.png)
+    ![integrations codefresh token](../../images/integrations/codefresh/integrations-codefresh-token.png)
+    
+    Navigate to your project's integrations tab in Infisical.

-## Authorize Infisical for Codefresh
+    ![integrations](../../images/integrations.png)
+    
+    Press on the Codefresh tile and input your Codefresh API key to grant Infisical access to your Codefresh account.

-Obtain an API key in User Settings > API Keys
+    ![integrations codefresh authorization](../../images/integrations/codefresh/integrations-codefresh-auth.png)

-![integrations codefresh dashboard](../../images/integrations/codefresh/integrations-codefresh-dashboard.png)
-![integrations codefresh token](../../images/integrations/codefresh/integrations-codefresh-token.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Codefresh service and press create integration to start syncing secrets to Codefresh.

-Press on the Codefresh tile and input your Codefresh API key to grant Infisical access to your Codefresh account.
-
-![integrations codefresh authorization](../../images/integrations/codefresh/integrations-codefresh-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Codefresh service and press create integration to start syncing secrets to Codefresh.
-
-![create integration codefresh](../../images/integrations/codefresh/integrations-codefresh-create.png)
-![integrations codefresh](../../images/integrations/codefresh/integrations-codefresh.png)
+    ![create integration codefresh](../../images/integrations/codefresh/integrations-codefresh-create.png)
+    ![integrations codefresh](../../images/integrations/codefresh/integrations-codefresh.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cicd/githubactions.mdx
+++ b/docs/integrations/cicd/githubactions.mdx
@ -5,71 +5,71 @@ description: "How to sync secrets from Infisical to GitHub Actions"

 <Tabs>
  <Tab title="Usage">
-  <Warning>
-    Infisical can sync secrets to GitHub repo secrets only. If your repo uses environment secrets, then stay tuned with this [issue](https://github.com/Infisical/infisical/issues/54).
-</Warning>
+    <Warning>
+        Infisical can sync secrets to GitHub repo secrets only. If your repo uses environment secrets, then stay tuned with this [issue](https://github.com/Infisical/infisical/issues/54).
+    </Warning>

-Prerequisites:
+    Prerequisites:

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
- Ensure you have admin privileges to the repo you want to sync secrets to.
+    - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+    - Ensure you have admin privileges to the repo you want to sync secrets to.

-## Navigate to your project's integrations tab
+    <Steps>
+      <Step title="Authorize Infisical for GitHub">
+        Navigate to your project's integrations tab in Infisical.

-![integrations](../../images/integrations.png)
+        ![integrations](../../images/integrations.png)

-## Authorize Infisical for GitHub
+        Press on the GitHub tile and grant Infisical access to your GitHub account (repo privileges only).

-Press on the GitHub tile and grant Infisical access to your GitHub account (repo privileges only).
+        ![integrations github authorization](../../images/integrations/github/integrations-github-auth.png)

-![integrations github authorization](../../images/integrations/github/integrations-github-auth.png)
+        <Info>
+          If this is your project's first cloud integration, then you'll have to grant Infisical access to your project's environment variables.
+          Although this step breaks E2EE, it's necessary for Infisical to sync the environment variables to the cloud platform.
+        </Info>
+      </Step>
+      <Step title="Start integration">
+        Select which Infisical environment secrets you want to sync to which GitHub repo and press start integration to start syncing secrets to the repo.

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant Infisical access to your project's environment variables.
-  Although this step breaks E2EE, it's necessary for Infisical to sync the environment variables to the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which GitHub repo and press start integration to start syncing secrets to the repo.
-
-![integrations github](../../images/integrations/github/integrations-github.png)
+        ![integrations github](../../images/integrations/github/integrations-github.png)
+      </Step>
+    </Steps>
  </Tab>
  <Tab title="Self-Hosted Setup">
    Using the GitHub integration on a self-hosted instance of Infisical requires configuring an OAuth application in GitHub
    and registering your instance with it.
-    
-    ## Create an OAuth application in GitHub
-    
-    Navigate to your user Settings > Developer settings > OAuth Apps to create a new GitHub OAuth application.
-    
-   ![integrations github config](../../images/integrations/github/integrations-github-config-settings.png) 
-   ![integrations github config](../../images/integrations/github/integrations-github-config-dev-settings.png) 
-   ![integrations github config](../../images/integrations/github/integrations-github-config-new-app.png) 
+    <Steps>
+      <Step title="Create an OAuth application in GitHub">
+        Navigate to your user Settings > Developer settings > OAuth Apps to create a new GitHub OAuth application.
+        
+        ![integrations github config](../../images/integrations/github/integrations-github-config-settings.png) 
+        ![integrations github config](../../images/integrations/github/integrations-github-config-dev-settings.png) 
+        ![integrations github config](../../images/integrations/github/integrations-github-config-new-app.png) 

-    Create the OAuth application. As part of the form, set the **Homepage URL** to your self-hosted domain `https://your-domain.com`
-    and the **Authorization callback URL** to `https://your-domain.com/integrations/github/oauth2/callback`.
+        Create the OAuth application. As part of the form, set the **Homepage URL** to your self-hosted domain `https://your-domain.com`
+        and the **Authorization callback URL** to `https://your-domain.com/integrations/github/oauth2/callback`.

-   ![integrations github config](../../images/integrations/github/integrations-github-config-new-app-form.png) 
-    
-    <Note>
-      If you have a GitHub organization, you can create an OAuth application under it
-      in your organization Settings > Developer settings > OAuth Apps > New Org OAuth App.
-    </Note>
-    
-    ## Add your OAuth application credentials to Infisical
-    
-    Obtain the **Client ID** and generate a new **Client Secret** for your GitHub OAuth application.
-   
-   ![integrations github config](../../images/integrations/github/integrations-github-config-credentials.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your GitHub OAuth application:
+        ![integrations github config](../../images/integrations/github/integrations-github-config-new-app-form.png) 
+        
+        <Note>
+          If you have a GitHub organization, you can create an OAuth application under it
+          in your organization Settings > Developer settings > OAuth Apps > New Org OAuth App.
+        </Note>
+      </Step>
+      <Step title="Add your OAuth application credentials to Infisical">
+        Obtain the **Client ID** and generate a new **Client Secret** for your GitHub OAuth application.
+      
+        ![integrations github config](../../images/integrations/github/integrations-github-config-credentials.png) 
+      
+        Back in your Infisical instance, add two new environment variables for the credentials of your GitHub OAuth application:

-   - `CLIENT_ID_GITHUB`: The **Client ID** of your GitHub OAuth application.
-   - `CLIENT_SECRET_GITHUB`: The **Client Secret** of your GitHub OAuth application.
-   
-  Once added, restart your Infisical instance and use the GitHub integration.
-   
+        - `CLIENT_ID_GITHUB`: The **Client ID** of your GitHub OAuth application.
+        - `CLIENT_SECRET_GITHUB`: The **Client Secret** of your GitHub OAuth application.
+      
+        Once added, restart your Infisical instance and use the GitHub integration.
+      </Step>
+    </Steps>
  </Tab>
 </Tabs>

--- a/docs/integrations/cicd/gitlab.mdx
+++ b/docs/integrations/cicd/gitlab.mdx
@ -5,112 +5,112 @@ description: "How to sync secrets from Infisical to GitLab"

 <Tabs>
  <Tab title="Usage">
-  Prerequisites:
+    Prerequisites:
+    - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+    <AccordionGroup>
+      <Accordion title="Standard">
+        <Steps>
+          <Step title="Authorize Infisical for GitLab">
+            Navigate to your project's integrations tab in Infisical.

-<AccordionGroup>
-  <Accordion title="Standard">
-  ## Navigate to your project's integrations tab
+            ![integrations](../../images/integrations.png)

-![integrations](../../images/integrations.png)
+            Press on the GitLab tile and grant Infisical access to your GitLab account.

-## Authorize Infisical for GitLab
+            ![integrations gitlab authorization](../../images/integrations/gitlab/integrations-gitlab-auth.png)

-Press on the GitLab tile and grant Infisical access to your GitLab account.
+            <Info>
+              If this is your project's first cloud integration, then you'll have to grant
+              Infisical access to your project's environment variables. Although this step
+              breaks E2EE, it's necessary for Infisical to sync the environment variables to
+              the cloud platform.
+            </Info>
+          </Step>
+          <Step title="Start integration">
+            Select which Infisical environment secrets you want to sync to which GitLab repository and press create integration to start syncing secrets to GitLab.

-![integrations gitlab authorization](../../images/integrations/gitlab/integrations-gitlab-auth.png)
+            ![integrations gitlab](../../images/integrations/gitlab/integrations-gitlab-create.png)

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-## Start integration
+            Note that the GitLab integration supports a few options in the **Options** tab:

-Select which Infisical environment secrets you want to sync to which GitLab repository and press create integration to start syncing secrets to GitLab.
+            - Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
+            - Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.

-![integrations gitlab](../../images/integrations/gitlab/integrations-gitlab-create.png)
+            Setting a secret prefix or suffix ensures that existing secrets in GitLab are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GitLab without the specified prefix or suffix.

-Note that the GitLab integration supports a few options in the **Options** tab:
+            ![integrations gitlab options](../../images/integrations/gitlab/integrations-gitlab-create-options.png)

- Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
- Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
+            ![integrations gitlab](../../images/integrations/gitlab/integrations-gitlab.png)
+          </Step>
+        </Steps>
+      </Accordion>
+      <Accordion title="Pipeline">
+        <Steps>
+          <Step title="Authorize Infisical for GitLab">
+            Generate an [Infisical Token](/documentation/platform/token) for the specific project and environment in Infisical.

-Setting a secret prefix or suffix ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GitLab without the specified prefix or suffix.
+            Next, create a new variable called `INFISICAL_TOKEN` with the value set to the token from the previous step in Settings > CI/CD > Variables of your GitLab repository.
+          </Step>
+          <Step title="Configure Infisical in your pipeline">
+            Edit your `.gitlab-ci.yml` to include the Infisical CLI installation. This will allow you to use the CLI for fetching and injecting secrets into any script or command within your Gitlab CI/CD process.

-![integrations gitlab options](../../images/integrations/gitlab/integrations-gitlab-create-options.png)
+            #### Example

-![integrations gitlab](../../images/integrations/gitlab/integrations-gitlab.png)
-  </Accordion>
-  <Accordion title="Pipeline">
-  ## Generate service token
+            ```yaml
+            image: ubuntu

-Generate an [Infisical Token](/documentation/platform/token) for the specific project and environment in Infisical.
+            stages:
+              - build
+              - test
+              - deploy

-## Set the Infisical Token in Gitlab
-
-Create a new variable called `INFISICAL_TOKEN` with the value set to the token from the previous step in Settings > CI/CD > Variables of your GitLab repository.
-
-## Configure Infisical in your pipeline
-
-Edit your `.gitlab-ci.yml` to include the Infisical CLI installation. This will allow you to use the CLI for fetching and injecting secrets into any script or command within your Gitlab CI/CD process.
-
-#### Example
-
-```yaml
-image: ubuntu
-
-stages:
-  - build
-  - test
-  - deploy
-
-build-job:
-  stage: build
-  script:
-    - apt update && apt install -y curl
-    - curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash
-    - apt-get update && apt-get install -y infisical
-    - infisical run -- npm run build
-```
-  </Accordion>
-</AccordionGroup>
+            build-job:
+              stage: build
+              script:
+                - apt update && apt install -y curl
+                - curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash
+                - apt-get update && apt-get install -y infisical
+                - infisical run -- npm run build
+            ```
+          </Step>
+        </Steps>
+      </Accordion>
+    </AccordionGroup>
  </Tab>
  <Tab title="Self-Hosted Setup">
-  Using the GitLab integration on a self-hosted instance of Infisical requires configuring an application in GitLab
-  and registering your instance with it.
-
-  ## Create an OAuth application in GitLab
+    Using the GitLab integration on a self-hosted instance of Infisical requires configuring an application in GitLab
+    and registering your instance with it.
    
-    Navigate to your user Settings > Applications to create a new GitLab application.
-   
-   ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-edit-profile.png) 
-   ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-new-app.png) 
-    
-    Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/gitlab/oauth2/callback`.
+    <Steps>
+      <Step title="Create an OAuth application in GitLab">
+        Navigate to your user Settings > Applications to create a new GitLab application.
+      
+        ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-edit-profile.png) 
+        ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-new-app.png) 
+        
+        Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/gitlab/oauth2/callback`.

-   ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-new-app-form.png) 
-   
-    <Note>
-      If you have a GitLab group, you can create an OAuth application under it
-      in your group Settings > Applications.
-    </Note>
-   
-   ## Add your OAuth application credentials to Infisical
-   
-   Obtain the **Application ID** and **Secret** for your GitLab application.
-   
-   ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-credentials.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your GitLab application:
+        ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-new-app-form.png) 
+      
+        <Note>
+          If you have a GitLab group, you can create an OAuth application under it
+          in your group Settings > Applications.
+        </Note>
+      </Step>
+      <Step title="Add your OAuth application credentials to Infisical">
+        Obtain the **Application ID** and **Secret** for your GitLab application.
+        
+        ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-credentials.png) 
+        
+        Back in your Infisical instance, add two new environment variables for the credentials of your GitLab application:

-   - `CLIENT_ID_GITLAB`: The **Client ID** of your GitLab application.
-   - `CLIENT_SECRET_GITLAB`: The **Secret** of your GitLab application.
-   
-  Once added, restart your Infisical instance and use the GitLab integration.
-  
+        - `CLIENT_ID_GITLAB`: The **Client ID** of your GitLab application.
+        - `CLIENT_SECRET_GITLAB`: The **Secret** of your GitLab application.
+        
+        Once added, restart your Infisical instance and use the GitLab integration.
+      </Step>
+    </Steps>
  </Tab>
 </Tabs>

--- a/docs/integrations/cicd/travisci.mdx
+++ b/docs/integrations/cicd/travisci.mdx
@ -7,30 +7,31 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Travis CI">
+    Obtain your API token in User Settings > API authentication > Token

-![integrations](../../images/integrations.png)
+    ![integrations travis ci token](../../images/integrations/travis-ci/integrations-travisci-token.png)

-## Authorize Infisical for Travis CI
+    Navigate to your project's integrations tab in Infisical.

-Obtain your API token in User Settings > API authentication > Token
+    ![integrations](../../images/integrations.png)

-![integrations travis ci token](../../images/integrations/travis-ci/integrations-travisci-token.png)
+    Press on the Travis CI tile and input your Travis CI API token to grant Infisical access to your Travis CI account.

-Press on the Travis CI tile and input your Travis CI API token to grant Infisical access to your Travis CI account.
+    ![integrations travis ci authorization](../../images/integrations/travis-ci/integrations-travisci-auth.png)

-![integrations travis ci authorization](../../images/integrations/travis-ci/integrations-travisci-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Travis CI repository and press create integration to start syncing secrets to Travis CI.

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Travis CI repository and press create integration to start syncing secrets to Travis CI.
-
-![create integration travis ci](../../images/integrations/travis-ci/integrations-travisci-create.png)
-![integrations travis ci](../../images/integrations/travis-ci/integrations-travisci.png)
+    ![create integration travis ci](../../images/integrations/travis-ci/integrations-travisci-create.png)
+    ![integrations travis ci](../../images/integrations/travis-ci/integrations-travisci.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/aws-parameter-store.mdx
+++ b/docs/integrations/cloud/aws-parameter-store.mdx
@ -8,68 +8,69 @@ Prerequisites:
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 - Set up AWS and have/create an IAM user

-## Grant the IAM user permissions to access AWS Parameter Store
+<Steps>
+  <Step title="Grant the IAM user permissions to access AWS Parameter Store">
+    Navigate to your IAM user permissions and add a permission policy to grant access to AWS Parameter Store.

-Navigate to your IAM user permissions and add a permission policy to grant access to AWS Parameter Store.
+    ![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png)
+    ![integration IAM 2](../../images/integrations/aws/integrations-aws-parameter-store-iam-2.png)
+    ![integrations IAM 3](../../images/integrations/aws/integrations-aws-parameter-store-iam-3.png)

-![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png)
-![integration IAM 2](../../images/integrations/aws/integrations-aws-parameter-store-iam-2.png)
-![integrations IAM 3](../../images/integrations/aws/integrations-aws-parameter-store-iam-3.png)
+    For enhanced security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Parameter Store for the IAM user that you can use:

-For enhanced security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Parameter Store for the IAM user that you can use:
-
-```json
-{
-  "Version": "2012-10-17",
-  "Statement": [
+    ```json
    {
-      "Sid": "AllowSSMAccess",
-      "Effect": "Allow",
-      "Action": [
-        "ssm:PutParameter",
-        "ssm:DeleteParameter",
-        "ssm:GetParametersByPath",
-        "ssm:DeleteParameters"
-      ],
-      "Resource": "*"
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Sid": "AllowSSMAccess",
+          "Effect": "Allow",
+          "Action": [
+            "ssm:PutParameter",
+            "ssm:DeleteParameter",
+            "ssm:GetParametersByPath",
+            "ssm:DeleteParameters"
+          ],
+          "Resource": "*"
+        }
+      ]
    }
-  ]
-}
-```
+    ```
+  </Step>
+  <Step title="Authorize Infisical for AWS Parameter store">
+    Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys

-## Navigate to your project's integrations tab
+      ![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png)
+      ![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
+      ![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
+      
+      Navigate to your project's integrations tab in Infisical.

-![integrations](../../images/integrations.png)
+      ![integrations](../../images/integrations.png)

-## Authorize Infisical for AWS Parameter store
+      Press on the AWS Parameter Store tile and input your AWS access key ID and secret access key from the previous step.

-Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys
+      ![integration auth](../../images/integrations/aws/integrations-aws-parameter-store-auth.png)

-![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png)
-![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
-![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
+      <Info>
+        If this is your project's first cloud integration, then you'll have to grant
+        Infisical access to your project's environment variables. Although this step
+        breaks E2EE, it's necessary for Infisical to sync the environment variables to
+        the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which AWS Parameter Store region and indicate the path for your secrets. Then, press create integration to start syncing secrets to AWS Parameter Store.

-Press on the AWS Parameter Store tile and input your AWS access key ID and secret access key from the previous step.
+    ![integration create](../../images/integrations/aws/integrations-aws-parameter-store-create.png)

-![integration auth](../../images/integrations/aws/integrations-aws-parameter-store-auth.png)
+    <Tip>
+      Infisical requires you to add a path for your secrets to be stored in AWS
+      Parameter Store and recommends setting the path structure to
+      `/[project_name]/[environment]/` according to best practices. This enables a
+      secret like `TEST` to be stored as `/[project_name]/[environment]/TEST` in AWS
+      Parameter Store.
+    </Tip>
+  </Step>
+</Steps>

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which AWS Parameter Store region and indicate the path for your secrets. Then, press create integration to start syncing secrets to AWS Parameter Store.
-
-![integration create](../../images/integrations/aws/integrations-aws-parameter-store-create.png)
-
-<Tip>
-  Infisical requires you to add a path for your secrets to be stored in AWS
-  Parameter Store and recommends setting the path structure to
-  `/[project_name]/[environment]/` according to best practices. This enables a
-  secret like `TEST` to be stored as `/[project_name]/[environment]/TEST` in AWS
-  Parameter Store.
-</Tip>
--- a/docs/integrations/cloud/aws-secret-manager.mdx
+++ b/docs/integrations/cloud/aws-secret-manager.mdx
@ -8,66 +8,66 @@ Prerequisites:
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 - Set up AWS and have/create an IAM user

-## Grant the IAM user permissions to access AWS Secrets Manager
+<Steps>
+  <Step title="Grant the IAM user permissions to access AWS Secrets Manager">
+    Navigate to your IAM user permissions and add a permission policy to grant access to AWS Secrets Manager.

-Navigate to your IAM user permissions and add a permission policy to grant access to AWS Secrets Manager.
+    ![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png)
+    ![integration IAM 2](../../images/integrations/aws/integrations-aws-secret-manager-iam-2.png)
+    ![integrations IAM 3](../../images/integrations/aws/integrations-aws-secret-manager-iam-3.png)

-![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png)
-![integration IAM 2](../../images/integrations/aws/integrations-aws-secret-manager-iam-2.png)
-![integrations IAM 3](../../images/integrations/aws/integrations-aws-secret-manager-iam-3.png)
+    For better security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Secrets Manager for the IAM user that you can use:

-For better security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Secrets Manager for the IAM user that you can use:
-
-```json
-{
-  "Version": "2012-10-17",
-  "Statement": [
+    ```json
    {
-      "Sid": "AllowSecretsManagerAccess",
-      "Effect": "Allow",
-      "Action": [
-        "secretsmanager:GetSecretValue",
-        "secretsmanager:CreateSecret",
-        "secretsmanager:UpdateSecret"
-      ],
-      "Resource": "*"
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Sid": "AllowSecretsManagerAccess",
+          "Effect": "Allow",
+          "Action": [
+            "secretsmanager:GetSecretValue",
+            "secretsmanager:CreateSecret",
+            "secretsmanager:UpdateSecret"
+          ],
+          "Resource": "*"
+        }
+      ]
    }
-  ]
-}
-```
+    ```
+  </Step>
+  <Step title="Authorize Infisical for AWS Secrets Manager">
+    Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys

-## Navigate to your project's integrations tab
+    ![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png)
+    ![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
+    ![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
+    
+    Navigate to your project's integrations tab in Infisical.

-![integrations](../../images/integrations.png)
+    ![integrations](../../images/integrations.png)

-## Authorize Infisical for AWS Secrets Manager
+    Press on the AWS Secrets Manager tile and input your AWS access key ID and secret access key from the previous step.

-Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys
+    ![integration auth](../../images/integrations/aws/integrations-aws-secret-manager-auth.png)

-![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png)
-![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
-![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which AWS Secrets Manager region and under which secret name. Then, press create integration to start syncing secrets to AWS Secrets Manager.

-Press on the AWS Secrets Manager tile and input your AWS access key ID and secret access key from the previous step.
+    ![integration create](../../images/integrations/aws/integrations-aws-secret-manager-create.png)

-![integration auth](../../images/integrations/aws/integrations-aws-secret-manager-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which AWS Secrets Manager region and under which secret name. Then, press create integration to start syncing secrets to AWS Secrets Manager.
-
-![integration create](../../images/integrations/aws/integrations-aws-secret-manager-create.png)
-
-<Info>
-  Infisical currently syncs environment variables to AWS Secrets Manager as
-  key-value pairs under one secret. We're actively exploring ways to help users
-  group environment variable key-pairs under multiple secrets for greater
-  control.
-</Info>
+    <Info>
+      Infisical currently syncs environment variables to AWS Secrets Manager as
+      key-value pairs under one secret. We're actively exploring ways to help users
+      group environment variable key-pairs under multiple secrets for greater
+      control.
+    </Info>
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/azure-key-vault.mdx
+++ b/docs/integrations/cloud/azure-key-vault.mdx
@ -5,69 +5,69 @@ description: "How to sync secrets from Infisical to Azure Key Vault"

 <Tabs>
  <Tab title="Usage">
-  Prerequisites:
+    Prerequisites:

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
- Set up Azure and have an existing key vault
+    - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+    - Set up Azure and have an existing key vault

-## Navigate to your project's integrations tab
+    <Steps>
+      <Step title="Authorize Infisical for Azure Key Vault">
+        Navigate to your project's integrations tab

-![integrations](../../images/integrations.png)
+        ![integrations](../../images/integrations.png)

-## Authorize Infisical for Azure Key Vault
+        Press on the Azure Key Vault tile and grant Infisical access to Azure Key Vault.
+      </Step>
+      <Step title="Start integration">
+        Obtain the Vault URI of your key vault in the Overview tab.

-Press on the Azure Key Vault tile and grant Infisical access to Azure Key Vault.
+        ![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault-vault-uri.png)

-## Start Integration
+        Select which Infisical environment secrets you want to sync to your key vault. Then, input your Vault URI from the previous step. Finally, press create integration to start syncing secrets to Azure Key Vault.

-Obtain the Vault URI of your key vault in the Overview tab.
+        ![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault-create.png)

-![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault-vault-uri.png)
+        ![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault.png)

-Select which Infisical environment secrets you want to sync to your key vault. Then, input your Vault URI from the previous step. Finally, press create integration to start syncing secrets to Azure Key Vault.
-
-![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault-create.png)
-
-![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+        <Info>
+          If this is your project's first cloud integration, then you'll have to grant
+          Infisical access to your project's environment variables. Although this step
+          breaks E2EE, it's necessary for Infisical to sync the environment variables to
+          the cloud platform.
+        </Info>
+      </Step>
+    </Steps>
  </Tab>
  <Tab title="Self-Hosted Setup">
-  Using the Azure KV integration on a self-hosted instance of Infisical requires configuring an application in Azure
-  and registering your instance with it.
-  
-  ## Create an application in Azure
-  
-  Navigate to Azure Active Directory > App registrations to create a new application.
-  
-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-aad.png) 
-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-new-app.png) 
+    Using the Azure KV integration on a self-hosted instance of Infisical requires configuring an application in Azure
+    and registering your instance with it.

-    Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/azure-key-vault/oauth2/callback`.
-   
-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-new-app-form.png) 
-   
-   ## Add your application credentials to Infisical
-   
-   Obtain the **Application (Client) ID** in Overview and generate a **Client Secret** in Certificate & secrets for your Azure application.
+    <Steps>
+      <Step title="Create an application in Azure">
+        Navigate to Azure Active Directory > App registrations to create a new application.
+        
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-aad.png) 
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-new-app.png) 

-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-1.png) 
-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-2.png) 
-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-3.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your Azure application.
+        Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/azure-key-vault/oauth2/callback`.
+        
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-new-app-form.png) 
+      </Step>
+      <Step title="Add your application credentials to Infisical">
+        Obtain the **Application (Client) ID** in Overview and generate a **Client Secret** in Certificate & secrets for your Azure application.

-   - `CLIENT_ID_AZURE`: The **Application (Client) ID** of your Azure application.
-   - `CLIENT_SECRET_AZURE`: The **Client Secret** of your Azure application.
-   
-  Once added, restart your Infisical instance and use the Azure KV integration.
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-1.png) 
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-2.png) 
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-3.png) 
+        
+        Back in your Infisical instance, add two new environment variables for the credentials of your Azure application.

-  
+        - `CLIENT_ID_AZURE`: The **Application (Client) ID** of your Azure application.
+        - `CLIENT_SECRET_AZURE`: The **Client Secret** of your Azure application.
+        
+        Once added, restart your Infisical instance and use the Azure KV integration.
+      </Step>
+    </Steps>
  </Tab>
 </Tabs>

--- a/docs/integrations/cloud/checkly.mdx
+++ b/docs/integrations/cloud/checkly.mdx
@ -7,44 +7,45 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Checkly">
+    Obtain a Checkly API Key in User Settings > API Keys.

-![integrations](../../images/integrations.png)
+    ![integrations checkly dashboard](../../images/integrations/checkly/integrations-checkly-dashboard.png)
+    ![integrations checkly token](../../images/integrations/checkly/integrations-checkly-token.png)

-## Enter your Checkly API Key
+    Navigate to your project's integrations tab in Infisical.

-Obtain a Checkly API Key in User Settings > API Keys.
+    ![integrations](../../images/integrations.png)

-![integrations checkly dashboard](../../images/integrations/checkly/integrations-checkly-dashboard.png)
-![integrations checkly token](../../images/integrations/checkly/integrations-checkly-token.png)
+    Press on the Checkly tile and input your Checkly API Key to grant Infisical access to your Checkly account.

-Press on the Checkly tile and input your Checkly API Key to grant Infisical access to your Checkly account.
+    ![integrations checkly authorization](../../images/integrations/checkly/integrations-checkly-auth.png)

-![integrations checkly authorization](../../images/integrations/checkly/integrations-checkly-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to Checkly and press create integration to start syncing secrets.

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+    ![integrations checkly](../../images/integrations/checkly/integrations-checkly-create.png)

-## Start integration
+    <Note>
+      Infisical integrates with Checkly's environment variables at the **global** and **group** levels.
+      
+      To sync secrets to a specific group, you can select a group from the Checkly Group dropdown; otherwise, leaving it empty will sync secrets globally.
+    </Note>

-Select which Infisical environment secrets you want to sync to Checkly and press create integration to start syncing secrets.
+    ![integrations checkly](../../images/integrations/checkly/integrations-checkly.png)

-![integrations checkly](../../images/integrations/checkly/integrations-checkly-create.png)
-
-<Note>
-  Infisical integrates with Checkly's environment variables at the **global** and **group** levels.
-  
-  To sync secrets to a specific group, you can select a group from the Checkly Group dropdown; otherwise, leaving it empty will sync secrets globally.
-</Note>
-
-![integrations checkly](../../images/integrations/checkly/integrations-checkly.png)
-
-<Info>
-  In the new version of the Checkly integration, you are able to specify suffixes that depend on the secrets' environment and path. 
-  If you choose to do so, you should utilize such suffixes for ALL Checkly integrations – otherwise the integration system 
-  might run into issues with deleting secrets from the wrong environments.
-</Info>
+    <Info>
+      In the new version of the Checkly integration, you are able to specify suffixes that depend on the secrets' environment and path. 
+      If you choose to do so, you should utilize such suffixes for ALL Checkly integrations – otherwise the integration system 
+      might run into issues with deleting secrets from the wrong environments.
+    </Info>
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/cloudflare-pages.mdx
+++ b/docs/integrations/cloud/cloudflare-pages.mdx
@ -7,38 +7,39 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Cloudflare Pages">
+    Obtain a Cloudflare [API token](https://dash.cloudflare.com/profile/api-tokens) and [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/):

-![integrations](../../images/integrations.png)
+    Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens

-## Authorize Infisical for Cloudflare Pages
+    ![integrations cloudflare credentials 1](../../images/integrations/cloudflare/integrations-cloudflare-credentials-1.png)
+    ![integrations cloudflare credentials 2](../../images/integrations/cloudflare/integrations-cloudflare-credentials-2.png)
+    ![integrations cloudflare credentials 3](../../images/integrations/cloudflare/integrations-cloudflare-credentials-3.png)

-Obtain a Cloudflare [API token](https://dash.cloudflare.com/profile/api-tokens) and [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/):
+    Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview

-1. Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens
+    ![integrations cloudflare credentials 4](../../images/integrations/cloudflare/integrations-cloudflare-credentials-4.png)
+    
+    Navigate to your project's integrations tab in Infisical.

-![integrations cloudflare credentials 1](../../images/integrations/cloudflare/integrations-cloudflare-credentials-1.png)
-![integrations cloudflare credentials 2](../../images/integrations/cloudflare/integrations-cloudflare-credentials-2.png)
-![integrations cloudflare credentials 3](../../images/integrations/cloudflare/integrations-cloudflare-credentials-3.png)
+    ![integrations](../../images/integrations.png)

-2. Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview
+    Press on the Cloudflare Pages tile and input your Cloudflare API token and account ID to grant Infisical access to your Cloudflare Pages.

-![integrations cloudflare credentials 4](../../images/integrations/cloudflare/integrations-cloudflare-credentials-4.png)
+    ![integrations cloudflare authorization](../../images/integrations/cloudflare/integrations-cloudflare-auth.png)

-Press on the Cloudflare Pages tile and input your Cloudflare API token and account ID to grant Infisical access to your Cloudflare Pages.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to Cloudflare and press create integration to start syncing secrets.

-![integrations cloudflare authorization](../../images/integrations/cloudflare/integrations-cloudflare-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to Cloudflare and press create integration to start syncing secrets.
-
-![integrations cloudflare](../../images/integrations/cloudflare/integrations-cloudflare-create.png)
-![integrations cloudflare](../../images/integrations/cloudflare/integrations-cloudflare.png)
+    ![integrations cloudflare](../../images/integrations/cloudflare/integrations-cloudflare-create.png)
+    ![integrations cloudflare](../../images/integrations/cloudflare/integrations-cloudflare.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/cloudflare-workers.mdx
+++ b/docs/integrations/cloud/cloudflare-workers.mdx
@ -7,37 +7,38 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Cloudflare Workers">
+    Obtain a Cloudflare [API token](https://dash.cloudflare.com/profile/api-tokens) and [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/):

-![integrations](../../images/integrations.png)
+    Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens

-## Authorize Infisical for Cloudflare Workers
+    ![integrations cloudflare credentials 1](../../images/integrations/cloudflare/integrations-cloudflare-credentials-1.png)
+    ![integrations cloudflare credentials 2](../../images/integrations/cloudflare/integrations-cloudflare-credentials-2.png)
+    ![integrations cloudflare credentials 3](../../images/integrations/cloudflare/integrations-cloudflare-credentials-3.png)

-Obtain a Cloudflare [API token](https://dash.cloudflare.com/profile/api-tokens) and [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/):
+    Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview

-1. Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens
+    ![integrations cloudflare credentials 4](../../images/integrations/cloudflare/integrations-cloudflare-credentials-4.png)

-![integrations cloudflare credentials 1](../../images/integrations/cloudflare/integrations-cloudflare-credentials-1.png)
-![integrations cloudflare credentials 2](../../images/integrations/cloudflare/integrations-cloudflare-credentials-2.png)
-![integrations cloudflare credentials 3](../../images/integrations/cloudflare/integrations-cloudflare-credentials-3.png)
+    Navigate to your project's integrations tab in Infisical.

-2. Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview
+    ![integrations](../../images/integrations.png)

-![integrations cloudflare credentials 4](../../images/integrations/cloudflare/integrations-cloudflare-credentials-4.png)
+    Press on the Cloudflare Workers tile and input your Cloudflare API token and account ID to grant Infisical access to your Cloudflare Workers.

-Press on the Cloudflare Workers tile and input your Cloudflare API token and account ID to grant Infisical access to your Cloudflare Workers.
+    ![integrations cloudflare authorization](../../images/integrations/cloudflare/integration-cloudflare-workers-connect.png)

-![integrations cloudflare authorization](../../images/integrations/cloudflare/integration-cloudflare-workers-connect.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to Cloudflare Workers and press create integration to start syncing secrets.

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to Cloudflare Workers and press create integration to start syncing secrets.
-
-![integrations cloudflare](../../images/integrations/cloudflare/integration-cloudflare-workers-create.png)
+    ![integrations cloudflare](../../images/integrations/cloudflare/integration-cloudflare-workers-create.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/flyio.mdx
+++ b/docs/integrations/cloud/flyio.mdx
@ -7,31 +7,32 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Fly.io">
+    Obtain a Fly.io access token in Access Tokens

-![integrations](../../images/integrations.png)
+    ![integrations fly dashboard](../../images/integrations/flyio/integrations-flyio-dashboard.png)
+    ![integrations fly token](../../images/integrations/flyio/integrations-flyio-token.png)

-## Enter your Fly.io Access Token
+    Navigate to your project's integrations tab in Infisical.

-Obtain a Fly.io access token in Access Tokens
+    ![integrations](../../images/integrations.png)

-![integrations fly dashboard](../../images/integrations/flyio/integrations-flyio-dashboard.png)
-![integrations fly token](../../images/integrations/flyio/integrations-flyio-token.png)
+    Press on the Fly.io tile and input your Fly.io access token to grant Infisical access to your Fly.io account.

-Press on the Fly.io tile and input your Fly.io access token to grant Infisical access to your Fly.io account.
+    ![integrations fly authorization](../../images/integrations/flyio/integrations-flyio-auth.png)

-![integrations fly authorization](../../images/integrations/flyio/integrations-flyio-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Fly.io app and press create integration to start syncing secrets to Fly.io.

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Fly.io app and press create integration to start syncing secrets to Fly.io.
-
-![integrations fly](../../images/integrations/flyio/integrations-flyio-create.png)
-![integrations fly](../../images/integrations/flyio/integrations-flyio.png)
+    ![integrations fly](../../images/integrations/flyio/integrations-flyio-create.png)
+    ![integrations fly](../../images/integrations/flyio/integrations-flyio.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/gcp-secret-manager.mdx
+++ b/docs/integrations/cloud/gcp-secret-manager.mdx
@ -5,148 +5,145 @@ description: "How to sync secrets from Infisical to GCP Secret Manager"

 <Tabs>
  <Tab title="Usage">
+    <AccordionGroup>
+      <Accordion title="Connect with OAuth2">
+        Prerequisites:
+        - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-<AccordionGroup>
-  <Accordion title="Connect with OAuth2">
-  
-  Prerequisites:
+        <Steps>
+          <Step title="Authorize Infisical for GCP">
+            Navigate to your project's integrations tab in Infisical.

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
-  ## Navigate to your project's integrations tab
+            ![integrations](../../images/integrations.png)

-![integrations](../../images/integrations.png)
+            Press on the GCP Secret Manager tile and select **Continue with OAuth**

-## Authorize Infisical for GCP
+            ![integrations GCP authorization options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth-options.png)

-Press on the GCP Secret Manager tile and select **Continue with OAuth**
+            Grant Infisical access to GCP.

-![integrations GCP authorization options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth-options.png)
+            ![integrations GCP authorization](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth.png)

-Grant Infisical access to GCP.
+            <Info>
+              If this is your project's first cloud integration, then you'll have to grant
+              Infisical access to your project's environment variables. Although this step
+              breaks E2EE, it's necessary for Infisical to sync the environment variables to
+              the cloud platform.
+            </Info>
+          </Step>
+          <Step title="Start integration">
+            In the **Connection** tab, select which Infisical environment secrets you want to sync to which GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager.

-![integrations GCP authorization](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth.png)
+            ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png)

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+            Note that the GCP Secret Manager integration supports a few options in the **Options** tab:

-## Start integration
+            - Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
+            - Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
+            - Label in GCP Secret Manager: If selected, every secret will be labeled in GCP Secret Manager (e.g. as `managed-by:infisical`); labels can be customized.

-In the **Connection** tab, select which Infisical environment secrets you want to sync to which GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager.
+            Setting a secret prefix, suffix, or enabling the labeling option ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GCP Secret Manager without the specified prefix, suffix, or attached label.

-![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png)
+            ![integrations GCP secret manager options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create-options.png)

-Note that the GCP Secret Manager integration supports a few options in the **Options** tab:
+            ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager.png)

- Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
- Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
- Label in GCP Secret Manager: If selected, every secret will be labeled in GCP Secret Manager (e.g. as `managed-by:infisical`); labels can be customized.
+            <Warning>
+                Using Infisical to sync secrets to GCP Secret Manager requires that you enable
+                the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment).
+            </Warning>
+          </Step>
+        </Steps>
+      </Accordion>
+      <Accordion title="Connect with Service Account JSON">
+        Prerequisites:
+        - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+        - Have a GCP project and have/create a [service account](https://cloud.google.com/iam/docs/service-account-overview) in it

-Setting a secret prefix, suffix, or enabling the labeling option ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GCP Secret Manager without the specified prefix, suffix, or attached label.
+        <Steps>
+          <Step title="Authorize Infisical for GCP">
+            Navigate to **IAM & Admin** page in GCP and add the **Secret Manager Admin** and **Service Usage Admin** roles to the service account.

-![integrations GCP secret manager options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create-options.png)
+            ![integrations GCP secret manager IAM](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-iam.png)

-![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager.png)
+            <Info>
+              For enhanced security, you may want to assign more granular permissions to the service account. At minimum,
+              the service account should be able to read/write secrets from/to GCP Secret Manager (e.g. **Secret Manager Admin** role)
+              and list which GCP services are enabled/disabled (e.g. **Service Usage Admin** role).
+            </Info>

-<Warning>
-    Using Infisical to sync secrets to GCP Secret Manager requires that you enable
-    the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment).
-</Warning>
-  </Accordion>
-  <Accordion title="Connect with Service Account JSON">
-  Prerequisites:
+            Navigate to your project's integrations tab in Infisical.

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
- Have a GCP project and have/create a [service account](https://cloud.google.com/iam/docs/service-account-overview) in it
+            ![integrations](../../images/integrations.png)

-## Grant the service account permissions for GCP Secret Manager
+            Press on the GCP Secret Manager tile and paste in your **GCP Service Account JSON** (you can create and download the JSON for your
+            service account in IAM & Admin > Service Accounts > Service Account > Keys).

-Navigate to **IAM & Admin** page in GCP and add the **Secret Manager Admin** and **Service Usage Admin** roles to the service account.
+            ![integrations GCP authorization IAM key](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-iam-key.png)

-![integrations GCP secret manager IAM](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-iam.png)
+            ![integrations GCP authorization options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth-options.png)

-<Info>
-  For enhanced security, you may want to assign more granular permissions to the service account. At minimum,
-  the service account should be able to read/write secrets from/to GCP Secret Manager (e.g. **Secret Manager Admin** role)
-  and list which GCP services are enabled/disabled (e.g. **Service Usage Admin** role).
-</Info>
+            <Info>
+              If this is your project's first cloud integration, then you'll have to grant
+              Infisical access to your project's environment variables. Although this step
+              breaks E2EE, it's necessary for Infisical to sync the environment variables to
+              the cloud platform.
+            </Info>
+          </Step>
+          <Step title="Start integration">
+            In the **Connection** tab, select which Infisical environment secrets you want to sync to the GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager.

-## Navigate to your project's integrations tab
+            ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png)

-![integrations](../../images/integrations.png)
+            Note that the GCP Secret Manager integration supports a few options in the **Options** tab:

-## Authorize Infisical for GCP
+            - Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
+            - Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
+            - Label in GCP Secret Manager: If selected, every secret will be labeled in GCP Secret Manager (e.g. as `managed-by:infisical`); labels can be customized.

-Press on the GCP Secret Manager tile and paste in your **GCP Service Account JSON** (you can create and download the JSON for your
-service account in IAM & Admin > Service Accounts > Service Account > Keys).
+            Setting a secret prefix, suffix, or enabling the labeling option ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GCP Secret Manager without the specified prefix, suffix, or attached label.

-![integrations GCP authorization IAM key](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-iam-key.png)
+            ![integrations GCP secret manager options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create-options.png)

-![integrations GCP authorization options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth-options.png)
+            ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager.png)

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-In the **Connection** tab, select which Infisical environment secrets you want to sync to the GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager.
-
-![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png)
-
-Note that the GCP Secret Manager integration supports a few options in the **Options** tab:
-
- Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
- Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
- Label in GCP Secret Manager: If selected, every secret will be labeled in GCP Secret Manager (e.g. as `managed-by:infisical`); labels can be customized.
-
-Setting a secret prefix, suffix, or enabling the labeling option ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GCP Secret Manager without the specified prefix, suffix, or attached label.
-
-![integrations GCP secret manager options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create-options.png)
-
-![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager.png)
-
-<Warning>
-    Using Infisical to sync secrets to GCP Secret Manager requires that you enable
-    the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment).
-</Warning>
-  </Accordion>
-</AccordionGroup>
+            <Warning>
+                Using Infisical to sync secrets to GCP Secret Manager requires that you enable
+                the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment).
+            </Warning>
+          </Step>
+        </Steps>
+      </Accordion>
+    </AccordionGroup>
  </Tab>
  <Tab title="Self-Hosted Setup">
-  Using the GCP Secret Manager integration (via the OAuth2 method) on a self-hosted instance of Infisical requires configuring an OAuth2 application in GCP
-  and registering your instance with it.
-  
-  ## Create an OAuth2 application in GCP
-  
-  Navigate to your project API & Services > Credentials to create a new OAuth2 application.
-   
-   ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-api-services.png) 
-   ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-new-app.png) 
-    
-    Create the application. As part of the form, add to **Authorized redirect URIs**: `https://your-domain.com/integrations/gcp-secret-manager/oauth2/callback`.
-   
-   ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-new-app-form.png) 
-   
-   ## Add your OAuth2 application credentials to Infisical
-   
-   Obtain the **Client ID** and **Client Secret** for your GCP OAuth2 application.
-   
-   ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-credentials.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your GCP OAuth2 application:
+    Using the GCP Secret Manager integration (via the OAuth2 method) on a self-hosted instance of Infisical requires configuring an OAuth2 application in GCP
+    and registering your instance with it.

-   - `CLIENT_ID_GCP_SECRET_MANAGER`: The **Client ID** of your GCP OAuth2 application.
-   - `CLIENT_SECRET_GCP_SECRET_MANAGER`: The **Client Secret** of your GCP OAuth2 application.
-   
-  Once added, restart your Infisical instance and use the GCP Secret Manager integration.
+    <Steps>
+      <Step title="Create an OAuth2 application in GCP">
+        Navigate to your project API & Services > Credentials to create a new OAuth2 application.
+        
+        ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-api-services.png) 
+        ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-new-app.png) 
+          
+          Create the application. As part of the form, add to **Authorized redirect URIs**: `https://your-domain.com/integrations/gcp-secret-manager/oauth2/callback`.
+        
+        ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-new-app-form.png) 
+      </Step>
+      <Step title="Add your OAuth2 application credentials to Infisical">
+        Obtain the **Client ID** and **Client Secret** for your GCP OAuth2 application.
+        
+        ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-credentials.png) 
+        
+        Back in your Infisical instance, add two new environment variables for the credentials of your GCP OAuth2 application:

+        - `CLIENT_ID_GCP_SECRET_MANAGER`: The **Client ID** of your GCP OAuth2 application.
+        - `CLIENT_SECRET_GCP_SECRET_MANAGER`: The **Client Secret** of your GCP OAuth2 application.
+        
+        Once added, restart your Infisical instance and use the GCP Secret Manager integration.
+      </Step>
+    </Steps>
  </Tab>
 </Tabs>

--- a/docs/integrations/cloud/hasura-cloud.mdx
+++ b/docs/integrations/cloud/hasura-cloud.mdx
@ -7,30 +7,31 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Hasura Cloud">
+    Obtain a Hasura Cloud Access Token in My Account > Access Tokens

-![integrations](../../images/integrations.png)
+    ![integrations hasura cloud tokens](../../images/integrations/hasura-cloud/integrations-hasura-cloud-tokens.png)

-## Enter your Hasura Cloud Access Token
+    Navigate to your project's integrations tab in Infisical.

-Obtain a Hasura Cloud Access Token in My Account > Access Tokens
+    ![integrations](../../images/integrations.png)
+    
+    Press on the Hasura Cloud tile and input your Hasura Cloud access token to grant Infisical access to your Hasura Cloud account.

-![integrations hasura cloud tokens](../../images/integrations/hasura-cloud/integrations-hasura-cloud-tokens.png)
+    ![integrations hasura cloud authorization](../../images/integrations/hasura-cloud/integrations-hasura-cloud-auth.png)

-Press on the Hasura Cloud tile and input your Hasura Cloud access token to grant Infisical access to your Hasura Cloud account.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Hasura Cloud project and press create integration to start syncing secrets to Hasura Cloud.

-![integrations hasura cloud authorization](../../images/integrations/hasura-cloud/integrations-hasura-cloud-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Hasura Cloud project and press create integration to start syncing secrets to Hasura Cloud.
-
-![integrations hasura cloud](../../images/integrations/hasura-cloud/integrations-hasura-cloud-create.png)
-![integrations hasura cloud](../../images/integrations/hasura-cloud/integrations-hasura-cloud.png)
+    ![integrations hasura cloud](../../images/integrations/hasura-cloud/integrations-hasura-cloud-create.png)
+    ![integrations hasura cloud](../../images/integrations/hasura-cloud/integrations-hasura-cloud.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/heroku.mdx
+++ b/docs/integrations/cloud/heroku.mdx
@ -5,63 +5,63 @@ description: "How to sync secrets from Infisical to Heroku"

 <Tabs>
  <Tab title="Usage">
-  Prerequisites:
+    Prerequisites:

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+    - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+    <Steps>
+      <Step title="Authorize Infisical for Heroku">
+        Navigate to your project's integrations tab in Infisical.

-![integrations](../../images/integrations.png)
+        ![integrations](../../images/integrations.png)

-## Authorize Infisical for Heroku
+        Press on the Heroku tile and grant Infisical access to your Heroku account.

-Press on the Heroku tile and grant Infisical access to your Heroku account.
+        ![integrations heroku authorization](../../images/integrations/heroku/integrations-heroku-auth.png)

-![integrations heroku authorization](../../images/integrations/heroku/integrations-heroku-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Heroku app and press create integration to start syncing secrets to Heroku.
-
-![integrations heroku](../../images/integrations/heroku/integrations-heroku-create.png)
-![integrations heroku](../../images/integrations/heroku/integrations-heroku.png)
+        <Info>
+          If this is your project's first cloud integration, then you'll have to grant
+          Infisical access to your project's environment variables. Although this step
+          breaks E2EE, it's necessary for Infisical to sync the environment variables to
+          the cloud platform.
+        </Info>
+      </Step>
+      <Step title="Start integration">
+        Select which Infisical environment secrets you want to sync to which Heroku app and press create integration to start syncing secrets to Heroku.
+        
+        ![integrations heroku](../../images/integrations/heroku/integrations-heroku-create.png)
+        ![integrations heroku](../../images/integrations/heroku/integrations-heroku.png)
+      </Step>
+    </Steps>
  </Tab>
  <Tab title="Self-Hosted Setup">
-  Using the Heroku integration on a self-hosted instance of Infisical requires configuring an API client in Heroku
-  and registering your instance with it.
-  
-  ## Create an API client in Heroku
-  
-  Navigate to your user Account settings > Applications to create a new API client.
+    Using the Heroku integration on a self-hosted instance of Infisical requires configuring an API client in Heroku
+    and registering your instance with it.
+    <Steps>
+      <Step title="Create an API client in Heroku">
+        Navigate to your user Account settings > Applications to create a new API client.

-   ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-settings.png) 
-   ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-applications.png) 
-   ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-new-app.png) 
-   
-    Create the API client. As part of the form, set the **OAuth callback URL** to `https://your-domain.com/integrations/heroku/oauth2/callback`.
+        ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-settings.png) 
+        ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-applications.png) 
+        ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-new-app.png) 
+        
+          Create the API client. As part of the form, set the **OAuth callback URL** to `https://your-domain.com/integrations/heroku/oauth2/callback`.

-   ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-new-app-form.png) 
-   
-   ## Add your Heroku API client credentials to Infisical
-   
-   Obtain the **Client ID** and **Client Secret** for your Heroku API client.
-   
-   ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-credentials.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your Heroku API client.
-
-   - `CLIENT_ID_HEROKU`: The **Client ID** of your Heroku API client.
-   - `CLIENT_SECRET_HEROKU`: The **Client Secret** of your Heroku API client.
-   
-  Once added, restart your Infisical instance and use the Heroku integration.
+        ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-new-app-form.png) 
+      </Step>
+      <Step title="Add your Heroku API client credentials to Infisical">
+        Obtain the **Client ID** and **Client Secret** for your Heroku API client.
+        
+        ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-credentials.png) 
+        
+        Back in your Infisical instance, add two new environment variables for the credentials of your Heroku API client.

+        - `CLIENT_ID_HEROKU`: The **Client ID** of your Heroku API client.
+        - `CLIENT_SECRET_HEROKU`: The **Client Secret** of your Heroku API client.
+        
+        Once added, restart your Infisical instance and use the Heroku integration.
+      </Step>
+    </Steps>
  </Tab>
 </Tabs>

--- a/docs/integrations/cloud/laravel-forge.mdx
+++ b/docs/integrations/cloud/laravel-forge.mdx
@ -7,36 +7,38 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Laravel Forge">
+    Obtain a Laravel Forge access token in API Tokens

-![integrations](../../images/integrations.png)
+    ![integrations laravel forge dashboard](../../images/integrations/laravel-forge/integrations-laravelforge-dashboard.png)
+    ![integrations laravel forge api tokens](../../images/integrations/laravel-forge/integrations-laravelforge-api.png)

-## Enter your Laravel Forge Access Token and Server Id
+    Obtain your Laravel Forge Server ID in Servers > Server ID

-Obtain a Laravel Forge access token in API Tokens
+    ![integrations laravel forge server](../../images/integrations/laravel-forge/integrations-laravelforge-servers.png)
+    ![integrations laravel forge server id](../../images/integrations/laravel-forge/integrations-laravelforge-serverid.png)
+    
+    Navigate to your project's integrations tab in Infisical.

-![integrations laravel forge dashboard](../../images/integrations/laravel-forge/integrations-laravelforge-dashboard.png)
-![integrations laravel forge api tokens](../../images/integrations/laravel-forge/integrations-laravelforge-api.png)
+    ![integrations](../../images/integrations.png)

-Obtain your Laravel Forge Server ID in Servers > Server ID
+    Press on the Laravel Forge tile and input your Laravel Forge access token and server ID to grant Infisical access to your Laravel Forge account.

-![integrations laravel forge server](../../images/integrations/laravel-forge/integrations-laravelforge-servers.png)
-![integrations laravel forge server id](../../images/integrations/laravel-forge/integrations-laravelforge-serverid.png)
+    ![integrations laravel forge authorization](../../images/integrations/laravel-forge/integrations-laravelforge-auth.png)

-Press on the Laravel Forge tile and input your Laravel Forge access token and server ID to grant Infisical access to your Laravel Forge account.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Laravel Forge site and press create integration to start syncing secrets to Laravel Forge.

-![integrations laravel forge authorization](../../images/integrations/laravel-forge/integrations-laravelforge-auth.png)
+    ![integrations laravel forge](../../images/integrations/laravel-forge/integrations-laravelforge-create.png)
+    ![integrations laravel forge](../../images/integrations/laravel-forge/integrations-laravelforge.png)
+  </Step>
+</Steps>

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Laravel Forge site and press create integration to start syncing secrets to Laravel Forge.
-
-![integrations laravel forge](../../images/integrations/laravel-forge/integrations-laravelforge-create.png)
-![integrations laravel forge](../../images/integrations/laravel-forge/integrations-laravelforge.png)
--- a/docs/integrations/cloud/netlify.mdx
+++ b/docs/integrations/cloud/netlify.mdx
@ -5,68 +5,68 @@ description: "How to sync secrets from Infisical to Netlify"

 <Tabs>
  <Tab title="Usage">
-  <Warning>
-  Infisical integrates with Netlify's new environment variable experience. If
-  your site uses Netlify's old environment variable experience, you'll have to
-  upgrade it to the new one to use this integration.
-</Warning>
+    <Warning>
+      Infisical integrates with Netlify's new environment variable experience. If
+      your site uses Netlify's old environment variable experience, you'll have to
+      upgrade it to the new one to use this integration.
+    </Warning>
+    
+    Prerequisites:

-Prerequisites:
+    - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+    <Steps>
+      <Step title="Authorize Infisical for Netlify">
+        Navigate to your project's integrations tab in Infisical.
+        
+        ![integrations](../../images/integrations.png)

-## Navigate to your project's integrations tab
+        Press on the Netlify tile and grant Infisical access to your Netlify account.

-![integrations](../../images/integrations.png)
+        ![integrations netlify authorization](../../images/integrations/netlify/integrations-netlify-auth.png)

-## Authorize Infisical for Netlify
-
-Press on the Netlify tile and grant Infisical access to your Netlify account.
-
-![integrations netlify authorization](../../images/integrations/netlify/integrations-netlify-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Netlify app and context. Lastly, press create integration to start syncing secrets to Netlify.
-
-![integrations netlify](../../images/integrations/netlify/integrations-netlify-create.png)
-![integrations netlify](../../images/integrations/netlify/integrations-netlify.png)
+        <Info>
+          If this is your project's first cloud integration, then you'll have to grant
+          Infisical access to your project's environment variables. Although this step
+          breaks E2EE, it's necessary for Infisical to sync the environment variables to
+          the cloud platform.
+        </Info>
+      </Step>
+      <Step title="Start integration">
+        Select which Infisical environment secrets you want to sync to which Netlify app and context. Lastly, press create integration to start syncing secrets to Netlify.

+        ![integrations netlify](../../images/integrations/netlify/integrations-netlify-create.png)
+        ![integrations netlify](../../images/integrations/netlify/integrations-netlify.png)
+      </Step>
+    </Steps>
  </Tab>
  <Tab title="Self-Hosted Setup">
    Using the Netlify integration on a self-hosted instance of Infisical requires configuring an OAuth application in Netlify
  and registering your instance with it.
-  
-  ## Create an OAuth application in Netlify
-  
-  Navigate to your User settings > Applications > OAuth to create a new OAuth application.
-  
-   ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-user-settings.png) 
-   ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-new-app.png) 
-    
-    Create the OAuth application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/netlify/oauth2/callback`.
+    <Steps>
+      <Step title="Create an OAuth application in Netlify">
+        Navigate to your User settings > Applications > OAuth to create a new OAuth application.
+        
+        ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-user-settings.png) 
+        ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-new-app.png) 
+          
+          Create the OAuth application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/netlify/oauth2/callback`.

-   ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-new-app-form.png) 
+        ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-new-app-form.png) 
+      </Step>
+      <Step title="Add your Netlify OAuth application credentials to Infisical">
+        Obtain the **Client ID** and **Secret** for your Netlify OAuth application.
+        
+        ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-credentials.png) 
+        
+        Back in your Infisical instance, add two new environment variables for the credentials of your Netlify OAuth application.

-   ## Add your Netlify OAuth application credentials to Infisical
-   
-   Obtain the **Client ID** and **Secret** for your Netlify OAuth application.
-   
-   ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-credentials.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your Netlify OAuth application.
-
-   - `CLIENT_ID_NETLIFY`: The **Client ID** of your Netlify OAuth application.
-   - `CLIENT_SECRET_NETLIFY`: The **Secret** of your Netlify OAuth application.
-   
-  Once added, restart your Infisical instance and use the Netlify integration.
+        - `CLIENT_ID_NETLIFY`: The **Client ID** of your Netlify OAuth application.
+        - `CLIENT_SECRET_NETLIFY`: The **Secret** of your Netlify OAuth application.
+        
+        Once added, restart your Infisical instance and use the Netlify integration.
+      </Step>
+    </Steps>
  </Tab>
 </Tabs>

--- a/docs/integrations/cloud/northflank.mdx
+++ b/docs/integrations/cloud/northflank.mdx
@ -8,31 +8,32 @@ Prerequisites:
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 - Have a [Northflank](https://northflank.com) project with a secret group ready

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Northflank">
+    Obtain a Northflank API token in Account settings > API > Tokens

-![integrations](../../images/integrations.png)
+    ![integrations northflank dashboard](../../images/integrations/northflank/integrations-northflank-dashboard.png)
+    ![integrations northflank token](../../images/integrations/northflank/integrations-northflank-token.png)
+    
+    Navigate to your project's integrations tab in Infisical.

-## Enter your Northflank API Token
+    ![integrations](../../images/integrations.png)

-Obtain a Northflank API token in Account settings > API > Tokens
+    Press on the Northflank tile and input your Northflank API token to grant Infisical access to your Northflank account.

-![integrations northflank dashboard](../../images/integrations/northflank/integrations-northflank-dashboard.png)
-![integrations northflank token](../../images/integrations/northflank/integrations-northflank-token.png)
+    ![integrations northflank authorization](../../images/integrations/northflank/integrations-northflank-auth.png)

-Press on the Northflank tile and input your Northflank API token to grant Infisical access to your Northflank account.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Northflank project and secret group. Finally, press create integration to start syncing secrets to Northflank.

-![integrations northflank authorization](../../images/integrations/northflank/integrations-northflank-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Northflank project and secret group. Finally, press create integration to start syncing secrets to Northflank.
-
-![integrations northflank](../../images/integrations/northflank/integrations-northflank-create.png)
-![integrations northflank](../../images/integrations/northflank/integrations-northflank.png)
+    ![integrations northflank](../../images/integrations/northflank/integrations-northflank-create.png)
+    ![integrations northflank](../../images/integrations/northflank/integrations-northflank.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/qovery.mdx
+++ b/docs/integrations/cloud/qovery.mdx
@ -7,37 +7,38 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Qovery">
+    Obtain a Qovery API Token in Settings > API Token.

-![integrations](../../images/integrations.png)
+    ![integrations qovery api token](../../images/integrations/qovery/integrations-qovery-token.png)

-## Enter your Qovery API Token
+    Navigate to your project's integrations tab in Infisical.

-Obtain a Qovery API Token in Settings > API Token.
+    ![integrations](../../images/integrations.png)

-![integrations qovery api token](../../images/integrations/qovery/integrations-qovery-token.png)
+    Press on the Qovery tile and input your Qovery API Token to grant Infisical access to your Qovery account.

-Press on the Qovery tile and input your Qovery API Token to grant Infisical access to your Qovery account.
+    ![integrations qovery authorization](../../images/integrations/qovery/integrations-qovery-auth.png)

-![integrations qovery authorization](../../images/integrations/qovery/integrations-qovery-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it is necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to Qovery and press create integration to start syncing secrets.

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it is necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+    ![integrations qovery create](../../images/integrations/qovery/integrations-qovery-create-1.png)

-## Start integration
+    ![integrations qovery create](../../images/integrations/qovery/integrations-qovery-create-2.png)

-Select which Infisical environment secrets you want to sync to Qovery and press create integration to start syncing secrets.
+    <Note>
+      Infisical supports syncing secrets to various Qovery scopes including applications, jobs, or containers.
+    </Note>

-![integrations qovery create](../../images/integrations/qovery/integrations-qovery-create-1.png)
-
-![integrations qovery create](../../images/integrations/qovery/integrations-qovery-create-2.png)
-
-<Note>
-  Infisical supports syncing secrets to various Qovery scopes including applications, jobs, or containers.
-</Note>
-
-![integrations qovery settings](../../images/integrations/qovery/integrations-qovery.png)
+    ![integrations qovery settings](../../images/integrations/qovery/integrations-qovery.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/railway.mdx
+++ b/docs/integrations/cloud/railway.mdx
@ -7,48 +7,47 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

+<Steps>
+  <Step title="Authorize Infisical for Railway">
+    Obtain a Railway API Token in your Railway [Account Settings > Tokens](https://railway.app/account/tokens).

-## Navigate to your project's integrations tab
+    ![integrations railway dashboard](../../images/integrations/railway/integrations-railway-dashboard.png)
+    ![integrations railway token](../../images/integrations/railway/integrations-railway-token.png)

-![integrations](../../images/integrations.png)
+    <Note>
+        If this is your first time creating a Railway API token, then you'll be prompted to join
+        Railway's Private Boarding Beta program on the Railway Account Settings > Tokens page. 
+        
+        Note that Railway project tokens will not work for this integration since they don't work with
+        Railway's Public API.
+    </Note>

-## Enter your Railway API Token
+    Navigate to your project's integrations tab in Infisical.

-Obtain a Railway API Token in your Railway [Account Settings > Tokens](https://railway.app/account/tokens).
+    ![integrations](../../images/integrations.png)

-![integrations railway dashboard](../../images/integrations/railway/integrations-railway-dashboard.png)
-![integrations railway token](../../images/integrations/railway/integrations-railway-token.png)
+    Press on the Railway tile and input your Railway API Key to grant Infisical access to your Railway account.

-<Note>
-    If this is your first time creating a Railway API token, then you'll be prompted to join
-    Railway's Private Boarding Beta program on the Railway Account Settings > Tokens page. 
-    
-    Note that Railway project tokens will not work for this integration since they don't work with
-    Railway's Public API.
-</Note>
+    ![integrations railway authorization](../../images/integrations/railway/integrations-railway-authorization.png)

-Press on the Railway tile and input your Railway API Key to grant Infisical access to your Railway account.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Railway project and environment (and optionally service). Lastly, press create integration to start syncing secrets to Railway.

-![integrations railway authorization](../../images/integrations/railway/integrations-railway-authorization.png)
+    ![integrations create railway](../../images/integrations/railway/integrations-railway-create.png)

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Railway project and environment (and optionally service). Lastly, press create integration to start syncing secrets to Railway.
-
-![integrations create railway](../../images/integrations/railway/integrations-railway-create.png)
-
-<Note>
-  Infisical integrates with both Railway's [shared variables](https://blog.railway.app/p/shared-variables-release) at the project environment level as well as service variables at the service level.
-  
-  To sync secrets to a specific service in a project, you can select a service from the Railway Service dropdown; otherwise, leaving it empty will sync secrets to the shared variables of that project.
-</Note>
-
-![integrations railway](../../images/integrations/railway/integrations-railway.png)
+    <Note>
+      Infisical integrates with both Railway's [shared variables](https://blog.railway.app/p/shared-variables-release) at the project environment level as well as service variables at the service level.
+      
+      To sync secrets to a specific service in a project, you can select a service from the Railway Service dropdown; otherwise, leaving it empty will sync secrets to the shared variables of that project.
+    </Note>

+    ![integrations railway](../../images/integrations/railway/integrations-railway.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/render.mdx
+++ b/docs/integrations/cloud/render.mdx
@ -7,31 +7,32 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Render">
+    Obtain a Render API Key in your Render Account Settings > API Keys.

-![integrations](../../images/integrations.png)
+    ![integrations render dashboard](../../images/integrations/render/integrations-render-dashboard.png)
+    ![integrations render token](../../images/integrations/render/integrations-render-token.png)

-## Enter your Render API Key
+    Navigate to your project's integrations tab in Infisical.

-Obtain a Render API Key in your Render Account Settings > API Keys.
+    ![integrations](../../images/integrations.png)

-![integrations render dashboard](../../images/integrations/render/integrations-render-dashboard.png)
-![integrations render token](../../images/integrations/render/integrations-render-token.png)
+    Press on the Render tile and input your Render API Key to grant Infisical access to your Render account.

-Press on the Render tile and input your Render API Key to grant Infisical access to your Render account.
+    ![integrations render authorization](../../images/integrations/render/integrations-render-auth.png)

-![integrations render authorization](../../images/integrations/render/integrations-render-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Render service and press create integration to start syncing secrets to Render.

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Render service and press create integration to start syncing secrets to Render.
-
-![integrations render](../../images/integrations/render/integrations-render-create.png)
-![integrations render](../../images/integrations/render/integrations-render.png)
+    ![integrations render](../../images/integrations/render/integrations-render-create.png)
+    ![integrations render](../../images/integrations/render/integrations-render.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/supabase.mdx
+++ b/docs/integrations/cloud/supabase.mdx
@ -14,31 +14,32 @@ Prerequisites:
 - Have an account and project set up at [Supabase](https://supabase.com/)
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Supabase">
+    Obtain a Supabase Access Token in your Supabase [Account > Access Tokens](https://app.supabase.com/account/tokens).
+    ![integrations supabase dashboard](../../images/integrations/supabase/integrations-supabase-dashboard.png)
+    ![integrations supabase token](../../images/integrations/supabase/integrations-supabase-token.png)
+    
+    Navigate to your project's integrations tab in Infisical.

-![integrations](../../images/integrations.png)
+    ![integrations](../../images/integrations.png)
+    
+    Press on the Supabase tile and input your Supabase Access Token to grant Infisical access to your Supabase account.

-## Enter your Supabase Access Token
+    ![integrations supabase authorization](../../images/integrations/supabase/integrations-supabase-authorization.png)

-Obtain a Supabase Access Token in your Supabase [Account > Access Tokens](https://app.supabase.com/account/tokens).
-![integrations supabase dashboard](../../images/integrations/supabase/integrations-supabase-dashboard.png)
-![integrations supabase token](../../images/integrations/supabase/integrations-supabase-token.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Supabase project. Lastly, press create integration to start syncing secrets to Supabase.

-Press on the Supabase tile and input your Supabase Access Token to grant Infisical access to your Supabase account.
+    ![integrations supabase create](../../images/integrations/supabase/integrations-supabase-create.png)

-![integrations supabase authorization](../../images/integrations/supabase/integrations-supabase-authorization.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Supabase project. Lastly, press create integration to start syncing secrets to Supabase.
-
-![integrations supabase create](../../images/integrations/supabase/integrations-supabase-create.png)
-
-![integrations supabase](../../images/integrations/supabase/integrations-supabase.png)
+    ![integrations supabase](../../images/integrations/supabase/integrations-supabase.png)
+  </Step>
+</Steps>
--- a/docs/integrations/cloud/teamcity.mdx
+++ b/docs/integrations/cloud/teamcity.mdx
@ -7,44 +7,45 @@ Prerequisites:

 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)

-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for TeamCity">
+    Obtain a TeamCity Access Token in Profile > Access Tokens

-![integrations](../../images/integrations.png)
+    ![integrations teamcity dashboard](../../images/integrations/teamcity/integrations-teamcity-dashboard.png)
+    ![integrations teamcity token](../../images/integrations/teamcity/integrations-teamcity-token.png)

-## Enter your TeamCity Access Token and Server URL
+    <Note>
+      For this integration to work, the TeamCity Access Token must either have the
+      **Same as current user** account-wide permission enabled or, if **Limit per project**
+      is selected, then it must at minimum have the **View build configuration settings** and **Edit project** permissions enabled.
+    </Note>

-Obtain a TeamCity Access Token in Profile > Access Tokens
+    Navigate to your project's integrations tab in Infisical.

-![integrations teamcity dashboard](../../images/integrations/teamcity/integrations-teamcity-dashboard.png)
-![integrations teamcity token](../../images/integrations/teamcity/integrations-teamcity-token.png)
+    ![integrations](../../images/integrations.png)

-<Note>
-  For this integration to work, the TeamCity Access Token must either have the
-  **Same as current user** account-wide permission enabled or, if **Limit per project**
-  is selected, then it must at minimum have the **View build configuration settings** and **Edit project** permissions enabled.
-</Note>
+    Press on the TeamCity tile and input your TeamCity Access Token and Server URL to grant Infisical access to your TeamCity account.

-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+    ![integrations teamcity authorization](../../images/integrations/teamcity/integrations-teamcity-auth.png)

-Press on the TeamCity tile and input your TeamCity Access Token and Server URL to grant Infisical access to your TeamCity account.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which TeamCity project (and optionally build configuration) and press create integration to start syncing secrets to TeamCity.

-![integrations teamcity authorization](../../images/integrations/teamcity/integrations-teamcity-auth.png)
+    ![integrations teamcity](../../images/integrations/teamcity/integrations-teamcity-create.png)

-## Start integration
+    <Note>
+      Infisical integrates with both TeamCity's project-level and build configuration-level environment variables.
+      
+      To sync secrets to a specific build configuration in a TeamCity project, you can select a build configuration from the **TeamCity Build Config** dropdown; otherwise, leaving it empty will sync secrets to TeamCity at the project-level.
+    </Note>

-Select which Infisical environment secrets you want to sync to which TeamCity project (and optionally build configuration) and press create integration to start syncing secrets to TeamCity.
-
-![integrations teamcity](../../images/integrations/teamcity/integrations-teamcity-create.png)
-
-<Note>
-  Infisical integrates with both TeamCity's project-level and build configuration-level environment variables.
-  
-  To sync secrets to a specific build configuration in a TeamCity project, you can select a build configuration from the **TeamCity Build Config** dropdown; otherwise, leaving it empty will sync secrets to TeamCity at the project-level.
-</Note>
-
-![integrations teamcity](../../images/integrations/teamcity/integrations-teamcity.png)
+    ![integrations teamcity](../../images/integrations/teamcity/integrations-teamcity.png)
+  </Step>
+</Steps>
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Maidul Islam	95f6f2dcea	increase chart version	2023-12-18 19:20:17 -05:00
Maidul Islam	4ac8c004d7	add owner reference	2023-12-18 19:17:25 -05:00
Maidul Islam	68eb0f8dd9	throw bad request when max uses reached	2023-12-15 15:40:20 -05:00
Maidul Islam	7aa3cb53a2	Merge pull request #1246 from Infisical/patch-5 extract base from template source path	2023-12-14 15:19:39 -05:00
Maidul Islam	567309e848	extract base from template source path	2023-12-14 15:17:14 -05:00
BlackMagiq	f264340903	Merge pull request #1245 from Infisical/saml-org-redirect Update redirect to org after SAML SSO	2023-12-14 23:12:31 +07:00
Tuan Dang	51b788cc5b	Update redirect to org after SSO	2023-12-14 23:07:22 +07:00
BlackMagiq	8e0f424249	Merge pull request #1244 from Infisical/integrations-docs Add Mintlify steps to integration pages	2023-12-14 12:08:39 +07:00
Tuan Dang	f3767d3963	Add Mintlify steps to integration pages	2023-12-14 11:35:50 +07:00
Maidul Islam	51cbfdbc46	update uni auth doc image paths	2023-12-13 19:32:16 -05:00
Maidul Islam	f5a580eb72	fix broken link to uni auth	2023-12-13 19:15:06 -05:00
Maidul Islam	460ebf3296	patch getDistinctId	2023-12-13 19:12:02 -05:00
Maidul Islam	7f7f11c970	Merge pull request #1243 from Infisical/patch-4 parse bot not found in agent	2023-12-13 18:25:27 -05:00
Maidul Islam	f799e224a0	use RequestError instead of Error for bot	2023-12-13 18:22:29 -05:00
Maidul Islam	8a87277fe6	parse bot not found in agent	2023-12-13 18:07:39 -05:00
Maidul Islam	32805c726a	add docs for uni auth in agent	2023-12-13 17:27:30 -05:00
Maidul Islam	6c4a6d31e4	Merge pull request #1229 from Infisical/identities-docs Update Identities Documentation + related API Reference Items	2023-12-13 16:57:13 -05:00
Maidul Islam	e7b89b645f	Merge branch 'main' into identities-docs	2023-12-13 16:56:35 -05:00
Maidul Islam	b60cf2eb07	make minor updates to auth docs	2023-12-13 16:52:57 -05:00
Maidul Islam	cf5a79995f	revert defaults to 30 days	2023-12-13 16:52:23 -05:00
Maidul Islam	c51f09fd3a	Merge pull request #1241 from Infisical/patch-3 sync package.lock frontend	2023-12-13 14:45:48 -05:00
Maidul Islam	f9444c5205	sync package.lock frontend	2023-12-13 14:31:10 -05:00
Tuan Dang	6cda14328b	Update getting started guide for fetching secrets via API	2023-12-12 17:59:56 +07:00
Tuan Dang	b551ee50e7	Fix merge conflicts	2023-12-12 15:50:14 +07:00
Tuan Dang	93aeacc6b6	Add API reference docs for identity / universal auth endpoints	2023-12-12 13:42:17 +07:00
Tuan Dang	5f29562fad	Update existing endpoints in API reference to support Identities, update Identities docs	2023-12-11 20:01:32 +07:00