Merge branch 'main' into git-scanning-app

reload page after org link
update risk status names
2025-08-03 20:23:35 +00:00 · 2023-07-17 17:20:04 -04:00 · 2023-07-17 17:18:55 -04:00 · 2023-07-17 16:46:15 -04:00 · 2023-07-17 16:41:33 -04:00 · 2023-07-17 10:49:46 -04:00
207 changed files with 12256 additions and 6210 deletions
--- a/.github/workflows/build-staging-img.yml
+++ b/.github/workflows/build-staging-img.yml
@@ -105,6 +105,36 @@ jobs:
          platforms: linux/amd64,linux/arm64
          build-args: |
            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
+
+  secret-scanning-git-app:
+    name: Build secret scanning git app
+    runs-on: ubuntu-latest
+    steps:
+      - name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      - name: Save commit hashes for tag
+        id: commit
+        uses: pr-mpt/actions-commit-hash@v2
+      - name: 🔧 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: 🐋 Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Set up Depot CLI
+        uses: depot/setup-action@v1
+      - name: 🏗️ Build secret scanning git app and push
+        uses: depot/build-push-action@v1
+        with:
+          project: 64mmf0n610
+          push: true
+          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
+          context: secret-engine
+          tags: |
+            infisical/staging_deployment_secret-scanning-git-app:${{ steps.commit.outputs.short }}
+            infisical/staging_deployment_secret-scanning-git-app:latest
+          platforms: linux/amd64,linux/arm64
  gamma-deployment:
    name: Deploy to gamma
    runs-on: ubuntu-latest
--- a/.github/workflows/release-standalone-docker-img.yml
+++ b/.github/workflows/release-standalone-docker-img.yml
@@ -1,11 +1,17 @@
 name: Release standalone docker image
-on: [workflow_dispatch]
+on:
+  push:
+    tags:
+      - "infisical/v*.*.*"

 jobs:
  infisical-standalone:
    name: Build infisical standalone image
    runs-on: ubuntu-latest
    steps:
+      - name: Extract version from tag
+        id: extract_version
+        run: echo "::set-output name=version::${GITHUB_REF_NAME#infisical/}"
      - name: ☁️ Checkout source
        uses: actions/checkout@v3
        with:
@@ -64,5 +70,6 @@ jobs:
          tags: |
            infisical/infisical:latest
            infisical/infisical:${{ steps.commit.outputs.short }}
+            infisical/infisical:${{ steps.extract_version.outputs.version }}
          platforms: linux/amd64,linux/arm64
          file: Dockerfile.standalone-infisical
--- a/.github/workflows/release_docker_k8_operator.yaml
+++ b/.github/workflows/release_docker_k8_operator.yaml
@@ -1,10 +1,16 @@
-name: Release Docker image for K8 operator 
-on: [workflow_dispatch]
+name: Release Docker image for K8 operator
+on:
+  push:
+    tags:
+      - "infisical-k8-operator/v*.*.*"

 jobs:
  release:
    runs-on: ubuntu-latest
    steps:
+      - name: Extract version from tag
+        id: extract_version
+        run: echo "::set-output name=version::${GITHUB_REF_NAME#infisical-k8-operator/}"
      - uses: actions/checkout@v2

      - name: 🔧 Set up QEMU
@@ -26,4 +32,6 @@ jobs:
          context: k8-operator
          push: true
          platforms: linux/amd64,linux/arm64
-          tags: infisical/kubernetes-operator:latest
+          tags: |
+            infisical/kubernetes-operator:latest
+            infisical/kubernetes-operator:${{ steps.extract_version.outputs.version }}
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@
 </p>

 <h4 align="center">
-  <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1ye0tm8ab-899qZ6ZbpfESuo6TEikyOQ">Slack</a> |
+  <a href="https://infisical.com/slack">Slack</a> |
  <a href="https://infisical.com/">Infisical Cloud</a> |
  <a href="https://infisical.com/docs/self-hosting/overview">Self-Hosting</a> |
  <a href="https://infisical.com/docs/documentation/getting-started/introduction">Docs</a> |
@@ -36,7 +36,7 @@
  <a href="https://cloudsmith.io/~infisical/repos/">
    <img src="https://img.shields.io/badge/Downloads-395.8k-orange" alt="Cloudsmith downloads" />
  </a>
-  <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1wehzfnzn-1aMo5JcGENJiNAC2SD8Jlg">
+  <a href="https://infisical.com/slack">
    <img src="https://img.shields.io/badge/chat-on%20Slack-blueviolet" alt="Slack community channel" />
  </a>
  <a href="https://twitter.com/infisical">
@@ -135,15 +135,15 @@ Whether it's big or small, we love contributions. Check out our guide to see how
 Not sure where to get started? You can:

 -   [Book a free, non-pressure pairing session / code walkthrough with one of our teammates](https://cal.com/tony-infisical/30-min-meeting-contributing)!
-   Join our <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1wehzfnzn-1aMo5JcGENJiNAC2SD8Jlg">Slack</a>, and ask us any questions there.
+-   Join our <a href="https://infisical.com/slack">Slack</a>, and ask us any questions there.

 ## Resources

 - [Docs](https://infisical.com/docs/documentation/getting-started/introduction) for comprehensive documentation and guides
- [Slack](https://join.slack.com/t/infisical-users/shared_invite/zt-1wehzfnzn-1aMo5JcGENJiNAC2SD8Jlg) for discussion with the community and Infisical team.
+- [Slack](https://infisical.com/slack) for discussion with the community and Infisical team.
 - [GitHub](https://github.com/Infisical/infisical) for code, issues, and pull requests
 - [Twitter](https://twitter.com/infisical) for fast news
- [YouTube](https://www.youtube.com/@infisical_od) for videos on secret management
+- [YouTube](https://www.youtube.com/@infisical_os) for videos on secret management
 - [Blog](https://infisical.com/blog) for secret management insights, articles, tutorials, and updates
 - [Roadmap](https://www.notion.so/infisical/be2d2585a6694e40889b03aef96ea36b?v=5b19a8127d1a4060b54769567a8785fa) for planned features

--- a/backend/.eslintrc
+++ b/backend/.eslintrc
@@ -10,7 +10,6 @@
    "plugin:@typescript-eslint/recommended"
  ],
  "rules": {
-    "@typescript-eslint/no-empty-function": "off",
    "no-console": 2,
    "quotes": [
      "error",
@@ -25,6 +24,7 @@
    ],
    "@typescript-eslint/no-unused-vars": "off",
    "unused-imports/no-unused-imports": "error",
+    "@typescript-eslint/no-empty-function": "off",
    "unused-imports/no-unused-vars": [
      "warn",
      {
@@ -34,11 +34,6 @@
        "argsIgnorePattern": "^_"
      }
    ],
-    "sort-imports": [
-      "error",
-      {
-        "ignoreDeclarationSort": true
-      }
-    ]
+    "sort-imports": 1
  }
 }
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -19,6 +19,10 @@ RUN npm ci --only-production

 COPY --from=build /app .

+RUN apk add --no-cache bash curl && curl -1sLf \
+  'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
+  && apk add infisical=0.8.1
+
 HEALTHCHECK --interval=10s --timeout=3s --start-period=10s \  
  CMD node healthcheck.js

--- a/backend/package-lock.json
+++ b/backend/package-lock.json
--- a/backend/package.json
+++ b/backend/package.json
@@ -36,6 +36,7 @@
    "passport": "^0.6.0",
    "passport-google-oauth20": "^2.0.0",
    "posthog-node": "^2.6.0",
+    "probot": "^12.3.1",
    "query-string": "^7.1.3",
    "rate-limit-mongo": "^2.3.2",
    "rimraf": "^3.0.2",
@@ -103,6 +104,7 @@
    "jest-junit": "^15.0.0",
    "nodemon": "^2.0.19",
    "npm": "^8.19.3",
+    "smee-client": "^1.2.3",
    "supertest": "^6.3.3",
    "ts-jest": "^29.0.3",
    "ts-node": "^10.9.1"
--- a/backend/src/config/index.ts
+++ b/backend/src/config/index.ts
@@ -10,7 +10,7 @@ export const getEncryptionKey = async () => {
  return secretValue === "" ? undefined : secretValue;
 }
 export const getRootEncryptionKey = async () => {
-  const secretValue = (await client.getSecret("ROOT_ENCRYPTION_KEY")).secretValue; 
+  const secretValue = (await client.getSecret("ROOT_ENCRYPTION_KEY")).secretValue;
  return secretValue === "" ? undefined : secretValue;
 }
 export const getInviteOnlySignup = async () => (await client.getSecret("INVITE_ONLY_SIGNUP")).secretValue === "true"
@@ -57,6 +57,11 @@ export const getSmtpPassword = async () => (await client.getSecret("SMTP_PASSWOR
 export const getSmtpFromAddress = async () => (await client.getSecret("SMTP_FROM_ADDRESS")).secretValue;
 export const getSmtpFromName = async () => (await client.getSecret("SMTP_FROM_NAME")).secretValue || "Infisical";

+export const getSecretScanningWebhookProxy = async () => (await client.getSecret("SECRET_SCANNING_WEBHOOK_PROXY")).secretValue;
+export const getSecretScanningWebhookSecret = async () => (await client.getSecret("SECRET_SCANNING_WEBHOOK_SECRET")).secretValue;
+export const getSecretScanningGitAppId = async () => (await client.getSecret("SECRET_SCANNING_GIT_APP_ID")).secretValue;
+export const getSecretScanningPrivateKey = async () => (await client.getSecret("SECRET_SCANNING_PRIVATE_KEY")).secretValue;
+
 export const getLicenseKey = async () => {
  const secretValue = (await client.getSecret("LICENSE_KEY")).secretValue;
  return secretValue === "" ? undefined : secretValue;
--- a/backend/src/controllers/v1/index.ts
+++ b/backend/src/controllers/v1/index.ts
@@ -13,21 +13,25 @@ import * as signupController from "./signupController";
 import * as userActionController from "./userActionController";
 import * as userController from "./userController";
 import * as workspaceController from "./workspaceController";
+import * as secretScanningController from "./secretScanningController";
+import * as webhookController from "./webhookController";

 export {
-	authController,
-	botController,
-	integrationAuthController,
-	integrationController,
-	keyController,
-	membershipController,
-	membershipOrgController,
-	organizationController,
-	passwordController,
-	secretController,
-	serviceTokenController,
-	signupController,
-	userActionController,
-	userController,
-	workspaceController,
+  authController,
+  botController,
+  integrationAuthController,
+  integrationController,
+  keyController,
+  membershipController,
+  membershipOrgController,
+  organizationController,
+  passwordController,
+  secretController,
+  serviceTokenController,
+  signupController,
+  userActionController,
+  userController,
+  workspaceController,
+  secretScanningController,
+  webhookController
 };
--- a/backend/src/controllers/v1/integrationController.ts
+++ b/backend/src/controllers/v1/integrationController.ts
@@ -2,7 +2,7 @@ import { Request, Response } from "express";
 import { Types } from "mongoose";
 import { Integration } from "../../models";
 import { EventService } from "../../services";
-import { eventPushSecrets } from "../../events";
+import { eventPushSecrets, eventStartIntegration } from "../../events";
 import Folder from "../../models/folder";
 import { getFolderByPath } from "../../services/FolderService";
 import { BadRequestError } from "../../utils/errors";
@@ -27,19 +27,19 @@ export const createIntegration = async (req: Request, res: Response) => {
    owner,
    path,
    region,
-    secretPath,
+    secretPath
  } = req.body;

  const folders = await Folder.findOne({
    workspace: req.integrationAuth.workspace._id,
-    environment: sourceEnvironment,
+    environment: sourceEnvironment
  });

  if (folders) {
    const folder = getFolderByPath(folders.nodes, secretPath);
    if (!folder) {
      throw BadRequestError({
-        message: "Path for service token does not exist",
+        message: "Path for service token does not exist"
      });
    }
  }
@@ -62,21 +62,21 @@ export const createIntegration = async (req: Request, res: Response) => {
    region,
    secretPath,
    integration: req.integrationAuth.integration,
-    integrationAuth: new Types.ObjectId(integrationAuthId),
+    integrationAuth: new Types.ObjectId(integrationAuthId)
  }).save();

  if (integration) {
    // trigger event - push secrets
    EventService.handleEvent({
-      event: eventPushSecrets({
+      event: eventStartIntegration({
        workspaceId: integration.workspace,
-        environment: sourceEnvironment,
-      }),
+        environment: sourceEnvironment
+      })
    });
  }

  return res.status(200).send({
-    integration,
+    integration
  });
 };

@@ -97,26 +97,26 @@ export const updateIntegration = async (req: Request, res: Response) => {
    appId,
    targetEnvironment,
    owner, // github-specific integration param
-    secretPath,
+    secretPath
  } = req.body;

  const folders = await Folder.findOne({
    workspace: req.integration.workspace,
-    environment,
+    environment
  });

  if (folders) {
    const folder = getFolderByPath(folders.nodes, secretPath);
    if (!folder) {
      throw BadRequestError({
-        message: "Path for service token does not exist",
+        message: "Path for service token does not exist"
      });
    }
  }

  const integration = await Integration.findOneAndUpdate(
    {
-      _id: req.integration._id,
+      _id: req.integration._id
    },
    {
      environment,
@@ -125,25 +125,25 @@ export const updateIntegration = async (req: Request, res: Response) => {
      appId,
      targetEnvironment,
      owner,
-      secretPath,
+      secretPath
    },
    {
-      new: true,
+      new: true
    }
  );

  if (integration) {
    // trigger event - push secrets
    EventService.handleEvent({
-      event: eventPushSecrets({
+      event: eventStartIntegration({
        workspaceId: integration.workspace,
-        environment,
-      }),
+        environment
+      })
    });
  }

  return res.status(200).send({
-    integration,
+    integration
  });
 };

@@ -158,12 +158,12 @@ export const deleteIntegration = async (req: Request, res: Response) => {
  const { integrationId } = req.params;

  const integration = await Integration.findOneAndDelete({
-    _id: integrationId,
+    _id: integrationId
  });

  if (!integration) throw new Error("Failed to find integration");

  return res.status(200).send({
-    integration,
+    integration
  });
 };
--- a/backend/src/controllers/v1/secretController.ts
+++ b/backend/src/controllers/v1/secretController.ts
@@ -80,7 +80,8 @@ export const pushSecrets = async (req: Request, res: Response) => {
  EventService.handleEvent({
    event: eventPushSecrets({
      workspaceId: new Types.ObjectId(workspaceId),
-      environment
+      environment,
+      secretPath: "/"
    })
  });

--- a/backend/src/controllers/v1/secretScanningController.ts
+++ b/backend/src/controllers/v1/secretScanningController.ts
@@ -0,0 +1,91 @@
+import { Request, Response } from "express";
+import GitAppInstallationSession from "../../models/gitAppInstallationSession";
+import crypto from "crypto";
+import { Types } from "mongoose";
+import { UnauthorizedRequestError } from "../../utils/errors";
+import GitAppOrganizationInstallation from "../../models/gitAppOrganizationInstallation";
+import { MembershipOrg } from "../../models";
+import GitRisks, { STATUS_RESOLVED_FALSE_POSITIVE, STATUS_RESOLVED_NOT_REVOKED, STATUS_RESOLVED_REVOKED } from "../../models/gitRisks";
+
+export const createInstallationSession = async (req: Request, res: Response) => {
+  const sessionId = crypto.randomBytes(16).toString("hex");
+  await GitAppInstallationSession.findByIdAndUpdate(
+    req.organization,
+    {
+      organization: new Types.ObjectId(req.organization),
+      sessionId: sessionId,
+      user: new Types.ObjectId(req.user._id)
+    },
+    { upsert: true }
+  ).lean();
+
+  res.send({
+    sessionId: sessionId
+  })
+}
+
+export const linkInstallationToOrganization = async (req: Request, res: Response) => {
+  const { installationId, sessionId } = req.body
+
+  const installationSession = await GitAppInstallationSession.findOneAndDelete({ sessionId: sessionId })
+  if (!installationSession) {
+    throw UnauthorizedRequestError()
+  }
+
+  const userMembership = await MembershipOrg.find({ user: req.user._id, organization: installationSession.organization })
+  if (!userMembership) {
+    throw UnauthorizedRequestError()
+  }
+
+  const installationLink = await GitAppOrganizationInstallation.findOneAndUpdate({
+    organizationId: installationSession.organization,
+  }, {
+    installationId: installationId,
+    organizationId: installationSession.organization,
+    user: installationSession.user
+  }, {
+    upsert: true
+  }).lean()
+
+  res.json(installationLink)
+}
+
+export const getCurrentOrganizationInstallationStatus = async (req: Request, res: Response) => {
+  const { organizationId } = req.params
+  try {
+    const appInstallation = await GitAppOrganizationInstallation.findOne({ organizationId: organizationId }).lean()
+    if (!appInstallation) {
+      res.json({
+        appInstallationComplete: false
+      })
+    }
+
+    res.json({
+      appInstallationComplete: true
+    })
+  } catch {
+    res.json({
+      appInstallationComplete: false
+    })
+  }
+}
+
+export const getRisksForOrganization = async (req: Request, res: Response) => {
+  const { organizationId } = req.params
+  const risks = await GitRisks.find({ organization: organizationId }).sort({ createdAt: -1 }).lean()
+  res.json({
+    risks: risks
+  })
+}
+
+export const updateRisksStatus = async (req: Request, res: Response) => {
+  const { riskId } = req.params
+  const { status } = req.body
+  const isRiskResolved = status == STATUS_RESOLVED_FALSE_POSITIVE || status == STATUS_RESOLVED_REVOKED || status == STATUS_RESOLVED_NOT_REVOKED ? true : false
+  const risk = await GitRisks.findByIdAndUpdate(riskId, {
+    status: status,
+    isResolved: isRiskResolved
+  }).lean()
+
+  res.json(risk)
+}
--- a/backend/src/controllers/v1/webhookController.ts
+++ b/backend/src/controllers/v1/webhookController.ts
@@ -0,0 +1,140 @@
+import { Request, Response } from "express";
+import { Types } from "mongoose";
+import { client, getRootEncryptionKey } from "../../config";
+import { validateMembership } from "../../helpers";
+import Webhook from "../../models/webhooks";
+import { getWebhookPayload, triggerWebhookRequest } from "../../services/WebhookService";
+import { BadRequestError } from "../../utils/errors";
+import { ADMIN, ALGORITHM_AES_256_GCM, ENCODING_SCHEME_BASE64, MEMBER } from "../../variables";
+
+export const createWebhook = async (req: Request, res: Response) => {
+  const { webhookUrl, webhookSecretKey, environment, workspaceId, secretPath } = req.body;
+  const webhook = new Webhook({
+    workspace: workspaceId,
+    environment,
+    secretPath,
+    url: webhookUrl,
+    algorithm: ALGORITHM_AES_256_GCM,
+    keyEncoding: ENCODING_SCHEME_BASE64
+  });
+
+  if (webhookSecretKey) {
+    const rootEncryptionKey = await getRootEncryptionKey();
+    const { ciphertext, iv, tag } = client.encryptSymmetric(webhookSecretKey, rootEncryptionKey);
+    webhook.iv = iv;
+    webhook.tag = tag;
+    webhook.encryptedSecretKey = ciphertext;
+  }
+
+  await webhook.save();
+
+  return res.status(200).send({
+    webhook,
+    message: "successfully created webhook"
+  });
+};
+
+export const updateWebhook = async (req: Request, res: Response) => {
+  const { webhookId } = req.params;
+  const { isDisabled } = req.body;
+  const webhook = await Webhook.findById(webhookId);
+  if (!webhook) {
+    throw BadRequestError({ message: "Webhook not found!!" });
+  }
+
+  // check that user is a member of the workspace
+  await validateMembership({
+    userId: req.user._id.toString(),
+    workspaceId: webhook.workspace,
+    acceptedRoles: [ADMIN, MEMBER]
+  });
+
+  if (typeof isDisabled !== undefined) {
+    webhook.isDisabled = isDisabled;
+  }
+  await webhook.save();
+
+  return res.status(200).send({
+    webhook,
+    message: "successfully updated webhook"
+  });
+};
+
+export const deleteWebhook = async (req: Request, res: Response) => {
+  const { webhookId } = req.params;
+  const webhook = await Webhook.findById(webhookId);
+  if (!webhook) {
+    throw BadRequestError({ message: "Webhook not found!!" });
+  }
+
+  await validateMembership({
+    userId: req.user._id.toString(),
+    workspaceId: webhook.workspace,
+    acceptedRoles: [ADMIN, MEMBER]
+  });
+  await webhook.remove();
+
+  return res.status(200).send({
+    message: "successfully removed webhook"
+  });
+};
+
+export const testWebhook = async (req: Request, res: Response) => {
+  const { webhookId } = req.params;
+  const webhook = await Webhook.findById(webhookId);
+  if (!webhook) {
+    throw BadRequestError({ message: "Webhook not found!!" });
+  }
+
+  await validateMembership({
+    userId: req.user._id.toString(),
+    workspaceId: webhook.workspace,
+    acceptedRoles: [ADMIN, MEMBER]
+  });
+
+  try {
+    await triggerWebhookRequest(
+      webhook,
+      getWebhookPayload(
+        "test",
+        webhook.workspace.toString(),
+        webhook.environment,
+        webhook.secretPath
+      )
+    );
+    await Webhook.findByIdAndUpdate(webhookId, {
+      lastStatus: "success",
+      lastRunErrorMessage: null
+    });
+  } catch (err) {
+    await Webhook.findByIdAndUpdate(webhookId, {
+      lastStatus: "failed",
+      lastRunErrorMessage: (err as Error).message
+    });
+    return res.status(400).send({
+      message: "Failed to receive response",
+      error: (err as Error).message
+    });
+  }
+
+  return res.status(200).send({
+    message: "Successfully received response"
+  });
+};
+
+export const listWebhooks = async (req: Request, res: Response) => {
+  const { environment, workspaceId, secretPath } = req.query;
+
+  const optionalFilters: Record<string, string> = {};
+  if (environment) optionalFilters.environment = environment as string;
+  if (secretPath) optionalFilters.secretPath = secretPath as string;
+
+  const webhooks = await Webhook.find({
+    workspace: new Types.ObjectId(workspaceId as string),
+    ...optionalFilters
+  });
+
+  return res.status(200).send({
+    webhooks
+  });
+};
--- a/backend/src/controllers/v2/secretsController.ts
+++ b/backend/src/controllers/v2/secretsController.ts
@@ -30,9 +30,11 @@ import Folder from "../../models/folder";
 import {
  getFolderByPath,
  getFolderIdFromServiceToken,
-  searchByFolderId
+  searchByFolderId,
+  searchByFolderIdWithDir
 } from "../../services/FolderService";
 import { isValidScope } from "../../helpers/secrets";
+import path from "path";

 /**
 * Peform a batch of any specified CUD secret operations
@@ -47,14 +49,13 @@ export const batchSecrets = async (req: Request, res: Response) => {
  const {
    workspaceId,
    environment,
-    requests,
-    secretPath
+    requests
  }: {
    workspaceId: string;
    environment: string;
    requests: BatchSecretRequest[];
-    secretPath: string;
  } = req.body;
+  let secretPath = req.body.secretPath as string;
  let folderId = req.body.folderId as string;

  const createSecrets: BatchSecret[] = [];
@@ -68,10 +69,6 @@ export const batchSecrets = async (req: Request, res: Response) => {
  });

  const folders = await Folder.findOne({ workspace: workspaceId, environment });
-  if (folders && folderId !== "root") {
-    const folder = searchByFolderId(folders.nodes, folderId as string);
-    if (!folder) throw BadRequestError({ message: "Folder not found" });
-  }

  if (req.authData.authPayload instanceof ServiceTokenData) {
    const isValidScopeAccess = isValidScope(req.authData.authPayload, environment, secretPath);
@@ -87,6 +84,15 @@ export const batchSecrets = async (req: Request, res: Response) => {
    folderId = await getFolderIdFromServiceToken(workspaceId, environment, secretPath);
  }

+  if (folders && folderId !== "root") {
+    const folder = searchByFolderIdWithDir(folders.nodes, folderId as string);
+    if (!folder?.folder) throw BadRequestError({ message: "Folder not found" });
+    secretPath = path.join(
+      "/",
+      ...folder.dir.map(({ name }) => name).filter((name) => name !== "root")
+    );
+  }
+
  for await (const request of requests) {
    // do a validation

@@ -319,7 +325,10 @@ export const batchSecrets = async (req: Request, res: Response) => {
  // // trigger event - push secrets
  await EventService.handleEvent({
    event: eventPushSecrets({
-      workspaceId: new Types.ObjectId(workspaceId)
+      workspaceId: new Types.ObjectId(workspaceId),
+      environment,
+      // root condition else this will be filled according to the path or folderid
+      secretPath: secretPath || "/"
    })
  });

@@ -535,7 +544,9 @@ export const createSecrets = async (req: Request, res: Response) => {
    // trigger event - push secrets
    await EventService.handleEvent({
      event: eventPushSecrets({
-        workspaceId: new Types.ObjectId(workspaceId)
+        workspaceId: new Types.ObjectId(workspaceId),
+        environment,
+        secretPath: secretPath || "/"
      })
    });
  }, 5000);
@@ -1033,13 +1044,16 @@ export const updateSecrets = async (req: Request, res: Response) => {

  Object.keys(workspaceSecretObj).forEach(async (key) => {
    // trigger event - push secrets
-    setTimeout(async () => {
-      await EventService.handleEvent({
-        event: eventPushSecrets({
-          workspaceId: new Types.ObjectId(key)
-        })
-      });
-    }, 10000);
+    // This route is not used anymore thus keep it commented out as it does not expose environment
+    // it will end up creating a lot of requests from the server
+    // setTimeout(async () => {
+    //   await EventService.handleEvent({
+    //     event: eventPushSecrets({
+    //       workspaceId: new Types.ObjectId(key),
+    //       environment,
+    //     })
+    //   });
+    // }, 10000);

    const updateAction = await EELogService.createAction({
      name: ACTION_UPDATE_SECRETS,
@@ -1174,11 +1188,13 @@ export const deleteSecrets = async (req: Request, res: Response) => {

  Object.keys(workspaceSecretObj).forEach(async (key) => {
    // trigger event - push secrets
-    await EventService.handleEvent({
-      event: eventPushSecrets({
-        workspaceId: new Types.ObjectId(key)
-      })
-    });
+    // DEPRECIATED(akhilmhdh): as this would cause server to send so many request
+    // and this route is not used anymore thus like snapshot keeping it commented out
+    // await EventService.handleEvent({
+    //   event: eventPushSecrets({
+    //     workspaceId: new Types.ObjectId(key)
+    //   })
+    // });
    const deleteAction = await EELogService.createAction({
      name: ACTION_DELETE_SECRETS,
      userId: req.user?._id,
--- a/backend/src/controllers/v2/workspaceController.ts
+++ b/backend/src/controllers/v2/workspaceController.ts
@@ -1,34 +1,29 @@
 import { Request, Response } from "express";
 import { Types } from "mongoose";
+import { Key, Membership, ServiceTokenData, Workspace } from "../../models";
 import {
-	Key,
-	Membership,
-	ServiceTokenData,
-	Workspace,
-} from "../../models";
-import {
-	pullSecrets as pull,
-	v2PushSecrets as push,
-	reformatPullSecrets,
+  pullSecrets as pull,
+  v2PushSecrets as push,
+  reformatPullSecrets
 } from "../../helpers/secret";
 import { pushKeys } from "../../helpers/key";
 import { EventService, TelemetryService } from "../../services";
 import { eventPushSecrets } from "../../events";

 interface V2PushSecret {
-	type: string; // personal or shared
-	secretKeyCiphertext: string;
-	secretKeyIV: string;
-	secretKeyTag: string;
-	secretKeyHash: string;
-	secretValueCiphertext: string;
-	secretValueIV: string;
-	secretValueTag: string;
-	secretValueHash: string;
-	secretCommentCiphertext?: string;
-	secretCommentIV?: string;
-	secretCommentTag?: string;
-	secretCommentHash?: string;
+  type: string; // personal or shared
+  secretKeyCiphertext: string;
+  secretKeyIV: string;
+  secretKeyTag: string;
+  secretKeyHash: string;
+  secretValueCiphertext: string;
+  secretValueIV: string;
+  secretValueTag: string;
+  secretValueHash: string;
+  secretCommentCiphertext?: string;
+  secretCommentIV?: string;
+  secretCommentTag?: string;
+  secretCommentHash?: string;
 }

 /**
@@ -39,7 +34,7 @@ interface V2PushSecret {
 * @returns
 */
 export const pushWorkspaceSecrets = async (req: Request, res: Response) => {
-	// upload (encrypted) secrets to workspace with id [workspaceId]
+  // upload (encrypted) secrets to workspace with id [workspaceId]
  const postHogClient = await TelemetryService.getPostHogClient();
  let { secrets }: { secrets: V2PushSecret[] } = req.body;
  const { keys, environment, channel } = req.body;
@@ -62,13 +57,13 @@ export const pushWorkspaceSecrets = async (req: Request, res: Response) => {
    environment,
    secrets,
    channel: channel ? channel : "cli",
-    ipAddress: req.realIP,
+    ipAddress: req.realIP
  });

  await pushKeys({
    userId: req.user._id,
    workspaceId,
-    keys,
+    keys
  });

  if (postHogClient) {
@@ -79,8 +74,8 @@ export const pushWorkspaceSecrets = async (req: Request, res: Response) => {
        numberOfSecrets: secrets.length,
        environment,
        workspaceId,
-        channel: channel ? channel : "cli",
-      },
+        channel: channel ? channel : "cli"
+      }
    });
  }

@@ -89,12 +84,13 @@ export const pushWorkspaceSecrets = async (req: Request, res: Response) => {
    event: eventPushSecrets({
      workspaceId: new Types.ObjectId(workspaceId),
      environment,
-    }),
+      secretPath: "/"
+    })
  });

-	return res.status(200).send({
-		message: "Successfully uploaded workspace secrets",
-	});
+  return res.status(200).send({
+    message: "Successfully uploaded workspace secrets"
+  });
 };

 /**
@@ -105,7 +101,7 @@ export const pushWorkspaceSecrets = async (req: Request, res: Response) => {
 * @returns
 */
 export const pullSecrets = async (req: Request, res: Response) => {
-	let secrets;
+  let secrets;
  const postHogClient = await TelemetryService.getPostHogClient();
  const environment: string = req.query.environment as string;
  const channel: string = req.query.channel as string;
@@ -128,7 +124,7 @@ export const pullSecrets = async (req: Request, res: Response) => {
    workspaceId,
    environment,
    channel: channel ? channel : "cli",
-    ipAddress: req.realIP,
+    ipAddress: req.realIP
  });

  if (channel !== "cli") {
@@ -144,18 +140,18 @@ export const pullSecrets = async (req: Request, res: Response) => {
        numberOfSecrets: secrets.length,
        environment,
        workspaceId,
-        channel: channel ? channel : "cli",
-      },
+        channel: channel ? channel : "cli"
+      }
    });
  }

-	return res.status(200).send({
-		secrets,
-	});
+  return res.status(200).send({
+    secrets
+  });
 };

 export const getWorkspaceKey = async (req: Request, res: Response) => {
-	/* 
+  /* 
    #swagger.summary = 'Return encrypted project key'
    #swagger.description = 'Return encrypted project key'
    
@@ -183,43 +179,38 @@ export const getWorkspaceKey = async (req: Request, res: Response) => {
        }
    }   
    */
-	let key;
+  let key;
  const { workspaceId } = req.params;

  key = await Key.findOne({
    workspace: workspaceId,
-    receiver: req.user._id,
+    receiver: req.user._id
  }).populate("sender", "+publicKey");

  if (!key) throw new Error("Failed to find workspace key");

-	return res.status(200).json(key);
-}
-export const getWorkspaceServiceTokenData = async (
-	req: Request,
-	res: Response
-) => {
+  return res.status(200).json(key);
+};
+export const getWorkspaceServiceTokenData = async (req: Request, res: Response) => {
  const { workspaceId } = req.params;

-  const serviceTokenData = await ServiceTokenData
-    .find({
-      workspace: workspaceId,
-    })
-    .select("+encryptedKey +iv +tag");
+  const serviceTokenData = await ServiceTokenData.find({
+    workspace: workspaceId
+  }).select("+encryptedKey +iv +tag");

-	return res.status(200).send({
-		serviceTokenData,
-	});
-}
+  return res.status(200).send({
+    serviceTokenData
+  });
+};

 /**
 * Return memberships for workspace with id [workspaceId]
- * @param req 
- * @param res 
- * @returns 
+ * @param req
+ * @param res
+ * @returns
 */
 export const getWorkspaceMemberships = async (req: Request, res: Response) => {
-	/* 
+  /* 
    #swagger.summary = 'Return project memberships'
    #swagger.description = 'Return project memberships'
    
@@ -255,22 +246,22 @@ export const getWorkspaceMemberships = async (req: Request, res: Response) => {
  const { workspaceId } = req.params;

  const memberships = await Membership.find({
-    workspace: workspaceId,
+    workspace: workspaceId
  }).populate("user", "+publicKey");

-	return res.status(200).send({
-		memberships,
-	});
-}
+  return res.status(200).send({
+    memberships
+  });
+};

 /**
 * Update role of membership with id [membershipId] to role [role]
- * @param req 
- * @param res 
- * @returns 
+ * @param req
+ * @param res
+ * @returns
 */
 export const updateWorkspaceMembership = async (req: Request, res: Response) => {
-	/* 
+  /* 
    #swagger.summary = 'Update project membership'
    #swagger.description = 'Update project membership'
    
@@ -323,33 +314,32 @@ export const updateWorkspaceMembership = async (req: Request, res: Response) =>
        }
    }   
    */
-  const {
-    membershipId,
-  } = req.params;
+  const { membershipId } = req.params;
  const { role } = req.body;
-  
+
  const membership = await Membership.findByIdAndUpdate(
    membershipId,
    {
-      role,
-    }, {
-      new: true,
+      role
+    },
+    {
+      new: true
    }
  );

-	return res.status(200).send({
-		membership,
-	}); 
-}
+  return res.status(200).send({
+    membership
+  });
+};

 /**
 * Delete workspace membership with id [membershipId]
- * @param req 
- * @param res 
- * @returns 
+ * @param req
+ * @param res
+ * @returns
 */
 export const deleteWorkspaceMembership = async (req: Request, res: Response) => {
-	/* 
+  /* 
    #swagger.summary = 'Delete project membership'
    #swagger.description = 'Delete project membership'
    
@@ -385,23 +375,21 @@ export const deleteWorkspaceMembership = async (req: Request, res: Response) =>
        }
    }   
    */
-  const { 
-    membershipId,
-  } = req.params;
-  
+  const { membershipId } = req.params;
+
  const membership = await Membership.findByIdAndDelete(membershipId);
-  
+
  if (!membership) throw new Error("Failed to delete workspace membership");
-  
+
  await Key.deleteMany({
    receiver: membership.user,
-    workspace: membership.workspace,
+    workspace: membership.workspace
  });
-	
-	return res.status(200).send({
-		membership,
-	});
-}
+
+  return res.status(200).send({
+    membership
+  });
+};

 /**
 * Change autoCapitilzation Rule of workspace
@@ -415,18 +403,18 @@ export const toggleAutoCapitalization = async (req: Request, res: Response) => {

  const workspace = await Workspace.findOneAndUpdate(
    {
-      _id: workspaceId,
+      _id: workspaceId
    },
    {
-      autoCapitalization,
+      autoCapitalization
    },
    {
-      new: true,
+      new: true
    }
  );

-	return res.status(200).send({
-		message: "Successfully changed autoCapitalization setting",
-		workspace,
-	});
+  return res.status(200).send({
+    message: "Successfully changed autoCapitalization setting",
+    workspace
+  });
 };
--- a/backend/src/controllers/v3/secretsController.ts
+++ b/backend/src/controllers/v3/secretsController.ts
@@ -21,22 +21,22 @@ export const getSecretsRaw = async (req: Request, res: Response) => {
    workspaceId: new Types.ObjectId(workspaceId),
    environment,
    secretPath,
-    authData: req.authData,
+    authData: req.authData
  });

  const key = await BotService.getWorkspaceKeyWithBot({
-    workspaceId: new Types.ObjectId(workspaceId),
+    workspaceId: new Types.ObjectId(workspaceId)
  });

  return res.status(200).send({
    secrets: secrets.map((secret) => {
      const rep = repackageSecretToRaw({
        secret,
-        key,
+        key
      });

      return rep;
-    }),
+    })
  });
 };

@@ -58,54 +58,47 @@ export const getSecretByNameRaw = async (req: Request, res: Response) => {
    environment,
    type,
    secretPath,
-    authData: req.authData,
+    authData: req.authData
  });

  const key = await BotService.getWorkspaceKeyWithBot({
-    workspaceId: new Types.ObjectId(workspaceId),
+    workspaceId: new Types.ObjectId(workspaceId)
  });

  return res.status(200).send({
    secret: repackageSecretToRaw({
      secret,
-      key,
-    }),
+      key
+    })
  });
 };

 /**
 * Create secret with name [secretName] in plaintext
 * @param req
- * @param res 
+ * @param res
 */
 export const createSecretRaw = async (req: Request, res: Response) => {
  const { secretName } = req.params;
-  const {
-    workspaceId,
-    environment,
-    type,
-    secretValue,
-    secretComment,
-    secretPath = "/",
-  } = req.body;
+  const { workspaceId, environment, type, secretValue, secretComment, secretPath = "/" } = req.body;

  const key = await BotService.getWorkspaceKeyWithBot({
-    workspaceId: new Types.ObjectId(workspaceId),
+    workspaceId: new Types.ObjectId(workspaceId)
  });

  const secretKeyEncrypted = encryptSymmetric128BitHexKeyUTF8({
    plaintext: secretName,
-    key,
+    key
  });

  const secretValueEncrypted = encryptSymmetric128BitHexKeyUTF8({
    plaintext: secretValue,
-    key,
+    key
  });

  const secretCommentEncrypted = encryptSymmetric128BitHexKeyUTF8({
    plaintext: secretComment,
-    key,
+    key
  });

  const secret = await SecretService.createSecret({
@@ -123,14 +116,15 @@ export const createSecretRaw = async (req: Request, res: Response) => {
    secretPath,
    secretCommentCiphertext: secretCommentEncrypted.ciphertext,
    secretCommentIV: secretCommentEncrypted.iv,
-    secretCommentTag: secretCommentEncrypted.tag,
+    secretCommentTag: secretCommentEncrypted.tag
  });

  await EventService.handleEvent({
    event: eventPushSecrets({
      workspaceId: new Types.ObjectId(workspaceId),
      environment,
-    }),
+      secretPath
+    })
  });

  const secretWithoutBlindIndex = secret.toObject();
@@ -139,10 +133,10 @@ export const createSecretRaw = async (req: Request, res: Response) => {
  return res.status(200).send({
    secret: repackageSecretToRaw({
      secret: secretWithoutBlindIndex,
-      key,
-    }),
+      key
+    })
  });
-}
+};

 /**
 * Update secret with name [secretName]
@@ -151,21 +145,15 @@ export const createSecretRaw = async (req: Request, res: Response) => {
 */
 export const updateSecretByNameRaw = async (req: Request, res: Response) => {
  const { secretName } = req.params;
-  const {
-    workspaceId,
-    environment,
-    type,
-    secretValue,
-    secretPath = "/",
-  } = req.body;
+  const { workspaceId, environment, type, secretValue, secretPath = "/" } = req.body;

  const key = await BotService.getWorkspaceKeyWithBot({
-    workspaceId: new Types.ObjectId(workspaceId),
+    workspaceId: new Types.ObjectId(workspaceId)
  });

  const secretValueEncrypted = encryptSymmetric128BitHexKeyUTF8({
    plaintext: secretValue,
-    key,
+    key
  });

  const secret = await SecretService.updateSecret({
@@ -177,21 +165,22 @@ export const updateSecretByNameRaw = async (req: Request, res: Response) => {
    secretValueCiphertext: secretValueEncrypted.ciphertext,
    secretValueIV: secretValueEncrypted.iv,
    secretValueTag: secretValueEncrypted.tag,
-    secretPath,
+    secretPath
  });

  await EventService.handleEvent({
    event: eventPushSecrets({
      workspaceId: new Types.ObjectId(workspaceId),
      environment,
-    }),
+      secretPath
+    })
  });

  return res.status(200).send({
    secret: repackageSecretToRaw({
      secret,
-      key,
-    }),
+      key
+    })
  });
 };

@@ -202,12 +191,7 @@ export const updateSecretByNameRaw = async (req: Request, res: Response) => {
 */
 export const deleteSecretByNameRaw = async (req: Request, res: Response) => {
  const { secretName } = req.params;
-  const {
-    workspaceId,
-    environment,
-    type,
-    secretPath = "/",
-  } = req.body;
+  const { workspaceId, environment, type, secretPath = "/" } = req.body;

  const { secret } = await SecretService.deleteSecret({
    secretName,
@@ -215,25 +199,26 @@ export const deleteSecretByNameRaw = async (req: Request, res: Response) => {
    environment,
    type,
    authData: req.authData,
-    secretPath,
+    secretPath
  });

  await EventService.handleEvent({
    event: eventPushSecrets({
      workspaceId: new Types.ObjectId(workspaceId),
      environment,
-    }),
+      secretPath
+    })
  });

  const key = await BotService.getWorkspaceKeyWithBot({
-    workspaceId: new Types.ObjectId(workspaceId),
+    workspaceId: new Types.ObjectId(workspaceId)
  });

  return res.status(200).send({
    secret: repackageSecretToRaw({
      secret,
-      key,
-    }),
+      key
+    })
  });
 };

@@ -252,11 +237,11 @@ export const getSecrets = async (req: Request, res: Response) => {
    workspaceId: new Types.ObjectId(workspaceId),
    environment,
    secretPath,
-    authData: req.authData,
+    authData: req.authData
  });

  return res.status(200).send({
-    secrets,
+    secrets
  });
 };

@@ -278,11 +263,11 @@ export const getSecretByName = async (req: Request, res: Response) => {
    environment,
    type,
    secretPath,
-    authData: req.authData,
+    authData: req.authData
  });

  return res.status(200).send({
-    secret,
+    secret
  });
 };

@@ -306,7 +291,7 @@ export const createSecret = async (req: Request, res: Response) => {
    secretCommentCiphertext,
    secretCommentIV,
    secretCommentTag,
-    secretPath = "/",
+    secretPath = "/"
  } = req.body;

  const secret = await SecretService.createSecret({
@@ -324,25 +309,25 @@ export const createSecret = async (req: Request, res: Response) => {
    secretPath,
    secretCommentCiphertext,
    secretCommentIV,
-    secretCommentTag,
+    secretCommentTag
  });

  await EventService.handleEvent({
    event: eventPushSecrets({
      workspaceId: new Types.ObjectId(workspaceId),
      environment,
-    }),
+      secretPath
+    })
  });

  const secretWithoutBlindIndex = secret.toObject();
  delete secretWithoutBlindIndex.secretBlindIndex;

  return res.status(200).send({
-    secret: secretWithoutBlindIndex,
+    secret: secretWithoutBlindIndex
  });
 };

-
 /**
 * Update secret with name [secretName]
 * @param req
@@ -357,7 +342,7 @@ export const updateSecretByName = async (req: Request, res: Response) => {
    secretValueCiphertext,
    secretValueIV,
    secretValueTag,
-    secretPath = "/",
+    secretPath = "/"
  } = req.body;

  const secret = await SecretService.updateSecret({
@@ -369,18 +354,19 @@ export const updateSecretByName = async (req: Request, res: Response) => {
    secretValueCiphertext,
    secretValueIV,
    secretValueTag,
-    secretPath,
+    secretPath
  });

  await EventService.handleEvent({
    event: eventPushSecrets({
      workspaceId: new Types.ObjectId(workspaceId),
      environment,
-    }),
+      secretPath
+    })
  });

  return res.status(200).send({
-    secret,
+    secret
  });
 };

@@ -391,12 +377,7 @@ export const updateSecretByName = async (req: Request, res: Response) => {
 */
 export const deleteSecretByName = async (req: Request, res: Response) => {
  const { secretName } = req.params;
-  const {
-    workspaceId,
-    environment,
-    type,
-    secretPath = "/",
-  } = req.body;
+  const { workspaceId, environment, type, secretPath = "/" } = req.body;

  const { secret } = await SecretService.deleteSecret({
    secretName,
@@ -404,17 +385,18 @@ export const deleteSecretByName = async (req: Request, res: Response) => {
    environment,
    type,
    authData: req.authData,
-    secretPath,
+    secretPath
  });

  await EventService.handleEvent({
    event: eventPushSecrets({
      workspaceId: new Types.ObjectId(workspaceId),
      environment,
-    }),
+      secretPath
+    })
  });

  return res.status(200).send({
-    secret,
+    secret
  });
 };
--- a/backend/src/ee/controllers/v1/organizationsController.ts
+++ b/backend/src/ee/controllers/v1/organizationsController.ts
@@ -27,6 +27,30 @@ export const getOrganizationPlan = async (req: Request, res: Response) => {
    });
 }

+/**
+ * Return checkout url for pro trial
+ * @param req 
+ * @param res 
+ * @returns 
+ */
+export const startOrganizationTrial = async (req: Request, res: Response) => {
+    const { organizationId } = req.params;
+    const { success_url } = req.body;
+
+    const { data: { url } } = await licenseServerKeyRequest.post(
+        `${await getLicenseServerUrl()}/api/license-server/v1/customers/${req.organization.customerId}/session/trial`,
+        {
+            success_url
+        }
+    ); 
+    
+    EELicenseService.delPlan(organizationId);
+    
+    return res.status(200).send({
+        url
+    });
+}
+
 /**
 * Return the organization's current plan's billing info
 * @param req 
--- a/backend/src/ee/routes/v1/organizations.ts
+++ b/backend/src/ee/routes/v1/organizations.ts
@@ -41,6 +41,21 @@ router.get(
    organizationsController.getOrganizationPlan
 );

+router.post(
+    "/:organizationId/session/trial",
+    requireAuth({
+		acceptedAuthModes: ["jwt"],
+	}),
+    requireOrganizationAuth({
+        acceptedRoles: [OWNER, ADMIN, MEMBER],
+        acceptedStatuses: [ACCEPTED],
+    }),
+    param("organizationId").exists().trim(),
+    body("success_url").exists().trim(),
+    validateRequest,
+    organizationsController.startOrganizationTrial
+);
+
 router.get(
    "/:organizationId/plan/billing",
    requireAuth({
--- a/backend/src/ee/services/EELicenseService.ts
+++ b/backend/src/ee/services/EELicenseService.ts
@@ -32,6 +32,7 @@ interface FeatureSet {
    auditLogs: boolean;
    status: 'incomplete' | 'incomplete_expired' | 'trialing' | 'active' | 'past_due' | 'canceled' | 'unpaid' | null;
    trial_end: number | null;
+    has_used_trial: boolean;
 }

 /**
@@ -63,7 +64,8 @@ class EELicenseService {
        customAlerts: true,
        auditLogs: false,
        status: null,
-        trial_end: null
+        trial_end: null,
+        has_used_trial: true
    }

    public localFeatureSet: NodeCache;
@@ -71,7 +73,7 @@ class EELicenseService {
    constructor() {
        this._isLicenseValid = true;
        this.localFeatureSet = new NodeCache({
-            stdTTL: 300,
+            stdTTL: 60,
        });
    }
    
@@ -112,6 +114,12 @@ class EELicenseService {
            await this.getPlan(organizationId, workspaceId);
        }
    }
+    
+    public async delPlan(organizationId: string) {
+        if (this.instanceType === "cloud") {
+            this.localFeatureSet.del(`${organizationId}-`);
+        }
+    }

    public async initGlobalFeatureSet() {
        const licenseServerKey = await getLicenseServerKey();
--- a/backend/src/events/index.ts
+++ b/backend/src/events/index.ts
@@ -1,5 +1,4 @@
-import { eventPushSecrets } from "./secret"
+import { eventPushSecrets } from "./secret";
+import { eventStartIntegration } from "./integration";

-export {
-    eventPushSecrets,
-}
+export { eventPushSecrets, eventStartIntegration };
--- a/backend/src/events/integration.ts
+++ b/backend/src/events/integration.ts
@@ -0,0 +1,23 @@
+import { Types } from "mongoose";
+import { EVENT_START_INTEGRATION } from "../variables";
+
+/*
+ * Return event for starting integrations
+ * @param {Object} obj
+ * @param {String} obj.workspaceId - id of workspace to push secrets to
+ * @returns
+ */
+export const eventStartIntegration = ({
+  workspaceId,
+  environment
+}: {
+  workspaceId: Types.ObjectId;
+  environment: string;
+}) => {
+  return {
+    name: EVENT_START_INTEGRATION,
+    workspaceId,
+    environment,
+    payload: {}
+  };
+};
--- a/backend/src/events/secret.ts
+++ b/backend/src/events/secret.ts
@@ -1,64 +1,54 @@
 import { Types } from "mongoose";
-import { 
-    EVENT_PULL_SECRETS, 
-    EVENT_PUSH_SECRETS, 
-} from "../variables";
+import { EVENT_PULL_SECRETS, EVENT_PUSH_SECRETS } from "../variables";

 interface PushSecret {
-	ciphertextKey: string;
-	ivKey: string;
-	tagKey: string;
-	hashKey: string;
-	ciphertextValue: string;
-	ivValue: string;
-	tagValue: string;
-	hashValue: string;
-	type: "shared" | "personal";
+  ciphertextKey: string;
+  ivKey: string;
+  tagKey: string;
+  hashKey: string;
+  ciphertextValue: string;
+  ivValue: string;
+  tagValue: string;
+  hashValue: string;
+  type: "shared" | "personal";
 }

 /**
 * Return event for pushing secrets
 * @param {Object} obj
 * @param {String} obj.workspaceId - id of workspace to push secrets to
- * @returns 
+ * @returns
 */
 const eventPushSecrets = ({
+  workspaceId,
+  environment,
+  secretPath
+}: {
+  workspaceId: Types.ObjectId;
+  environment: string;
+  secretPath: string;
+}) => {
+  return {
+    name: EVENT_PUSH_SECRETS,
    workspaceId,
    environment,
-}: {
-    workspaceId: Types.ObjectId;
-    environment?: string;
-}) => {
-    return ({
-        name: EVENT_PUSH_SECRETS,
-        workspaceId,
-        environment,
-        payload: {
-
-        },
-    });
-}
+    secretPath,
+    payload: {}
+  };
+};

 /**
 * Return event for pulling secrets
 * @param {Object} obj
 * @param {String} obj.workspaceId - id of workspace to pull secrets from
- * @returns 
+ * @returns
 */
-const eventPullSecrets = ({
+const eventPullSecrets = ({ workspaceId }: { workspaceId: string }) => {
+  return {
+    name: EVENT_PULL_SECRETS,
    workspaceId,
-}: {
-    workspaceId: string;
-}) => {
-    return ({
-        name: EVENT_PULL_SECRETS,
-        workspaceId,
-        payload: {
+    payload: {}
+  };
+};

-        },
-    });
-}
-
-export {
-    eventPushSecrets,
-}
+export { eventPushSecrets };
--- a/backend/src/helpers/event.ts
+++ b/backend/src/helpers/event.ts
@@ -1,12 +1,14 @@
 import { Types } from "mongoose";
 import { Bot } from "../models";
-import { EVENT_PUSH_SECRETS } from "../variables";
+import { EVENT_PUSH_SECRETS, EVENT_START_INTEGRATION } from "../variables";
 import { IntegrationService } from "../services";
+import { triggerWebhook } from "../services/WebhookService";

 interface Event {
  name: string;
  workspaceId: Types.ObjectId;
  environment?: string;
+  secretPath?: string;
  payload: any;
 }

@@ -19,22 +21,31 @@ interface Event {
 * @param {Object} obj.event.payload - payload of event (depends on event)
 */
 export const handleEventHelper = async ({ event }: { event: Event }) => {
-  const { workspaceId, environment } = event;
+  const { workspaceId, environment, secretPath } = event;

  // TODO: moduralize bot check into separate function
  const bot = await Bot.findOne({
    workspace: workspaceId,
-    isActive: true,
+    isActive: true
  });

-  if (!bot) return;
-
  switch (event.name) {
    case EVENT_PUSH_SECRETS:
-      IntegrationService.syncIntegrations({
-        workspaceId,
-        environment,
-      });
+      if (bot) {
+        await IntegrationService.syncIntegrations({
+          workspaceId,
+          environment
+        });
+      }
+      triggerWebhook(workspaceId.toString(), environment || "", secretPath || "");
+      break;
+    case EVENT_START_INTEGRATION:
+      if (bot) {
+        IntegrationService.syncIntegrations({
+          workspaceId,
+          environment
+        });
+      }
      break;
  }
-};
+};
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@@ -5,11 +5,12 @@ import express from "express";
 require("express-async-errors");
 import helmet from "helmet";
 import cors from "cors";
-import { DatabaseService } from "./services";
+import { DatabaseService, GithubSecretScanningService } from "./services";
 import { EELicenseService } from "./ee/services";
 import { setUpHealthEndpoint } from "./services/health";
 import cookieParser from "cookie-parser";
 import swaggerUi = require("swagger-ui-express");
+import { Probot, createNodeMiddleware } from "probot";
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const swaggerFile = require("../spec.json");
 // eslint-disable-next-line @typescript-eslint/no-var-requires
@@ -20,7 +21,7 @@ import {
  organizations as eeOrganizationsRouter,
  secret as eeSecretRouter,
  secretSnapshot as eeSecretSnapshotRouter,
-  workspace as eeWorkspaceRouter,
+  workspace as eeWorkspaceRouter
 } from "./ee/routes/v1";
 import {
  auth as v1AuthRouter,
@@ -34,40 +35,44 @@ import {
  organization as v1OrganizationRouter,
  password as v1PasswordRouter,
  secret as v1SecretRouter,
+  secretScanning as v1SecretScanningRouter,
  secretsFolder as v1SecretsFolder,
  serviceToken as v1ServiceTokenRouter,
  signup as v1SignupRouter,
  userAction as v1UserActionRouter,
  user as v1UserRouter,
  workspace as v1WorkspaceRouter,
+  webhooks as v1WebhooksRouter
 } from "./routes/v1";
 import {
-  signup as v2SignupRouter,
  auth as v2AuthRouter,
-  users as v2UsersRouter,
  organizations as v2OrganizationsRouter,
+  signup as v2SignupRouter,
+  users as v2UsersRouter,
  workspace as v2WorkspaceRouter,
  secret as v2SecretRouter, // begin to phase out
  secrets as v2SecretsRouter,
  serviceTokenData as v2ServiceTokenDataRouter,
  serviceAccounts as v2ServiceAccountsRouter,
  environment as v2EnvironmentRouter,
-  tags as v2TagsRouter,
+  tags as v2TagsRouter
 } from "./routes/v2";
 import {
  auth as v3AuthRouter,
  secrets as v3SecretsRouter,
  signup as v3SignupRouter,
-  workspaces as v3WorkspacesRouter,
+  workspaces as v3WorkspacesRouter
 } from "./routes/v3";
 import { healthCheck } from "./routes/status";
 import { getLogger } from "./utils/logger";
 import { RouteNotFoundError } from "./utils/errors";
 import { requestErrorHandler } from "./middleware/requestErrorHandler";
-import { getNodeEnv, getPort, getSiteURL } from "./config";
+import { getNodeEnv, getPort, getSecretScanningGitAppId, getSecretScanningPrivateKey, getSecretScanningWebhookProxy, getSecretScanningWebhookSecret, getSiteURL } from "./config";
 import { setup } from "./utils/setup";
+const SmeeClient = require('smee-client') // eslint-disable-line

 const main = async () => {
+
  await setup();

  await EELicenseService.initGlobalFeatureSet();
@@ -79,10 +84,30 @@ const main = async () => {
  app.use(
    cors({
      credentials: true,
-      origin: await getSiteURL(),
+      origin: await getSiteURL()
    })
  );

+  if (await getSecretScanningGitAppId()) {
+    const probot = new Probot({
+      appId: await getSecretScanningGitAppId(),
+      privateKey: await getSecretScanningPrivateKey(),
+      secret: await getSecretScanningWebhookSecret(),
+    });
+
+    if ((await getNodeEnv()) != "production") {
+      const smee = new SmeeClient({
+        source: await getSecretScanningWebhookProxy(),
+        target: "http://backend:4000/ss-webhook",
+        logger: console
+      })
+
+      smee.start()
+    }
+
+    app.use(createNodeMiddleware(GithubSecretScanningService, { probot, webhooksPath: "/ss-webhook" })); // secret scanning webhook
+  }
+
  if ((await getNodeEnv()) === "production") {
    // enable app-wide rate-limiting + helmet security
    // in production
@@ -124,6 +149,8 @@ const main = async () => {
  app.use("/api/v1/integration", v1IntegrationRouter);
  app.use("/api/v1/integration-auth", v1IntegrationAuthRouter);
  app.use("/api/v1/folders", v1SecretsFolder);
+  app.use("/api/v1/secret-scanning", v1SecretScanningRouter);
+  app.use("/api/v1/webhooks", v1WebhooksRouter);

  // v2 routes (improvements)
  app.use("/api/v2/signup", v2SignupRouter);
@@ -155,7 +182,7 @@ const main = async () => {
    if (res.headersSent) return next();
    next(
      RouteNotFoundError({
-        message: `The requested source '(${req.method})${req.url}' was not found`,
+        message: `The requested source '(${req.method})${req.url}' was not found`
      })
    );
  });
@@ -163,9 +190,7 @@ const main = async () => {
  app.use(requestErrorHandler);

  const server = app.listen(await getPort(), async () => {
-    (await getLogger("backend-main")).info(
-      `Server started listening at port ${await getPort()}`
-    );
+    (await getLogger("backend-main")).info(`Server started listening at port ${await getPort()}`);
  });

  // await createTestUserForDevelopment();
--- a/backend/src/models/gitAppInstallationSession.ts
+++ b/backend/src/models/gitAppInstallationSession.ts
@@ -0,0 +1,34 @@
+import { Schema, Types, model } from "mongoose";
+
+type GitAppInstallationSession = {
+  id: string;
+  sessionId: string;
+  organization: Types.ObjectId;
+  user: Types.ObjectId;
+}
+
+const gitAppInstallationSession = new Schema<GitAppInstallationSession>({
+  id: {
+    required: true,
+    type: String,
+  },
+  sessionId: {
+    type: String,
+    required: true,
+    unique: true
+  },
+  organization: {
+    type: Schema.Types.ObjectId,
+    required: true,
+    unique: true
+  },
+  user: {
+    type: Schema.Types.ObjectId,
+    ref: "User"
+  }
+});
+
+
+const GitAppInstallationSession = model<GitAppInstallationSession>("git_app_installation_session", gitAppInstallationSession);
+
+export default GitAppInstallationSession;
--- a/backend/src/models/gitAppOrganizationInstallation.ts
+++ b/backend/src/models/gitAppOrganizationInstallation.ts
@@ -0,0 +1,31 @@
+import { Schema, model } from "mongoose";
+
+type Installation = {
+  installationId: string
+  organizationId: string
+  user: Schema.Types.ObjectId
+};
+
+
+const gitAppOrganizationInstallation = new Schema<Installation>({
+  installationId: {
+    type: String,
+    required: true,
+    unique: true
+  },
+  organizationId: {
+    type: String,
+    required: true,
+    unique: true
+  },
+  user: {
+    type: Schema.Types.ObjectId,
+    ref: "User",
+    required: true,
+  }
+});
+
+
+const GitAppOrganizationInstallation = model<Installation>("git_app_organization_installation", gitAppOrganizationInstallation);
+
+export default GitAppOrganizationInstallation;
--- a/backend/src/models/gitRisks.ts
+++ b/backend/src/models/gitRisks.ts
@@ -0,0 +1,152 @@
+import { Schema, model } from "mongoose";
+
+export const STATUS_RESOLVED_FALSE_POSITIVE = "RESOLVED_FALSE_POSITIVE";
+export const STATUS_RESOLVED_REVOKED = "RESOLVED_REVOKED";
+export const STATUS_RESOLVED_NOT_REVOKED = "RESOLVED_NOT_REVOKED";
+export const STATUS_UNRESOLVED = "UNRESOLVED";
+
+export type GitRisks = {
+  id: string;
+  description: string;
+  startLine: string;
+  endLine: string;
+  startColumn: string;
+  endColumn: string;
+  match: string;
+  secret: string;
+  file: string;
+  symlinkFile: string;
+  commit: string;
+  entropy: string;
+  author: string;
+  email: string;
+  date: string;
+  message: string;
+  tags: string[];
+  ruleID: string;
+  fingerprint: string;
+  fingerPrintWithoutCommitId: string
+
+  isFalsePositive: boolean; // New field for marking risks as false positives
+  isResolved: boolean; // New field for marking risks as resolved
+  riskOwner: string | null; // New field for setting a risk owner (nullable string)
+  installationId: string,
+  repositoryId: string,
+  repositoryLink: string
+  repositoryFullName: string
+  status: string
+  pusher: {
+    name: string,
+    email: string
+  },
+  organization: Schema.Types.ObjectId,
+}
+
+const gitRisks = new Schema<GitRisks>({
+  id: {
+    type: String,
+  },
+  description: {
+    type: String,
+  },
+  startLine: {
+    type: String,
+  },
+  endLine: {
+    type: String,
+  },
+  startColumn: {
+    type: String,
+  },
+  endColumn: {
+    type: String,
+  },
+  file: {
+    type: String,
+  },
+  symlinkFile: {
+    type: String,
+  },
+  commit: {
+    type: String,
+  },
+  entropy: {
+    type: String,
+  },
+  author: {
+    type: String,
+  },
+  email: {
+    type: String,
+  },
+  date: {
+    type: String,
+  },
+  message: {
+    type: String,
+  },
+  tags: {
+    type: [String],
+  },
+  ruleID: {
+    type: String,
+  },
+  fingerprint: {
+    type: String,
+    unique: true
+  },
+  fingerPrintWithoutCommitId: {
+    type: String,
+  },
+  isFalsePositive: {
+    type: Boolean,
+    default: false
+  },
+  isResolved: {
+    type: Boolean,
+    default: false
+  },
+  riskOwner: {
+    type: String,
+    default: null
+  },
+  installationId: {
+    type: String,
+    require: true
+  },
+  repositoryId: {
+    type: String
+  },
+  repositoryLink: {
+    type: String
+  },
+  repositoryFullName: {
+    type: String
+  },
+  pusher: {
+    name: {
+      type: String
+    },
+    email: {
+      type: String
+    },
+  },
+  organization: {
+    type: Schema.Types.ObjectId,
+    ref: "Organization",
+  },
+  status: {
+    type: String,
+    enum: [
+      STATUS_RESOLVED_FALSE_POSITIVE,
+      STATUS_RESOLVED_REVOKED,
+      STATUS_RESOLVED_NOT_REVOKED,
+      STATUS_UNRESOLVED
+    ],
+    default: STATUS_UNRESOLVED
+  }
+}, { timestamps: true });
+
+const GitRisks = model<GitRisks>("GitRisks", gitRisks);
+
+export default GitRisks;
--- a/backend/src/models/index.ts
+++ b/backend/src/models/index.ts
@@ -16,13 +16,14 @@ import ServiceAccountKey, { IServiceAccountKey } from "./serviceAccountKey"; //
 import ServiceAccountOrganizationPermission, { IServiceAccountOrganizationPermission } from "./serviceAccountOrganizationPermission"; // new
 import ServiceAccountWorkspacePermission, { IServiceAccountWorkspacePermission } from "./serviceAccountWorkspacePermission"; // new
 import TokenData, { ITokenData } from "./tokenData";
-import User,{ AuthProvider, IUser } from "./user";
+import User, { AuthProvider, IUser } from "./user";
 import UserAction, { IUserAction } from "./userAction";
 import Workspace, { IWorkspace } from "./workspace";
 import ServiceTokenData, { IServiceTokenData } from "./serviceTokenData";
 import APIKeyData, { IAPIKeyData } from "./apiKeyData";
 import LoginSRPDetail, { ILoginSRPDetail } from "./loginSRPDetail";
 import TokenVersion, { ITokenVersion } from "./tokenVersion";
+import GitRisks, { STATUS_RESOLVED_FALSE_POSITIVE } from "./gitRisks";

 export {
 	AuthProvider,
@@ -76,4 +77,6 @@ export {
 	ILoginSRPDetail,
 	TokenVersion,
 	ITokenVersion,
+	GitRisks,
+	STATUS_RESOLVED_FALSE_POSITIVE
 };
--- a/backend/src/models/webhooks.ts
+++ b/backend/src/models/webhooks.ts
@@ -0,0 +1,85 @@
+import { Document, Schema, Types, model } from "mongoose";
+import { ALGORITHM_AES_256_GCM, ENCODING_SCHEME_BASE64, ENCODING_SCHEME_UTF8 } from "../variables";
+
+export interface IWebhook extends Document {
+  _id: Types.ObjectId;
+  workspace: Types.ObjectId;
+  environment: string;
+  secretPath: string;
+  url: string;
+  lastStatus: "success" | "failed";
+  lastRunErrorMessage?: string;
+  isDisabled: boolean;
+  encryptedSecretKey: string;
+  iv: string;
+  tag: string;
+  algorithm: "aes-256-gcm";
+  keyEncoding: "base64" | "utf8";
+}
+
+const WebhookSchema = new Schema<IWebhook>(
+  {
+    workspace: {
+      type: Schema.Types.ObjectId,
+      ref: "Workspace",
+      required: true
+    },
+    environment: {
+      type: String,
+      required: true
+    },
+    secretPath: {
+      type: String,
+      required: true,
+      default: "/"
+    },
+    url: {
+      type: String,
+      required: true
+    },
+    lastStatus: {
+      type: String,
+      enum: ["success", "failed"]
+    },
+    lastRunErrorMessage: {
+      type: String
+    },
+    isDisabled: {
+      type: Boolean,
+      default: false
+    },
+    // used for webhook signature
+    encryptedSecretKey: {
+      type: String,
+      select: false
+    },
+    iv: {
+      type: String,
+      select: false
+    },
+    tag: {
+      type: String,
+      select: false
+    },
+    algorithm: {
+      // the encryption algorithm used
+      type: String,
+      enum: [ALGORITHM_AES_256_GCM],
+      required: true,
+      select: false
+    },
+    keyEncoding: {
+      type: String,
+      enum: [ENCODING_SCHEME_UTF8, ENCODING_SCHEME_BASE64],
+      required: true,
+      select: false
+    }
+  },
+  {
+    timestamps: true
+  }
+);
+
+const Webhook = model<IWebhook>("Webhook", WebhookSchema);
+
+export default Webhook;
--- a/backend/src/routes/v1/index.ts
+++ b/backend/src/routes/v1/index.ts
@@ -15,23 +15,27 @@ import password from "./password";
 import integration from "./integration";
 import integrationAuth from "./integrationAuth";
 import secretsFolder from "./secretsFolder";
+import secretScanning from "./secretScanning";
+import webhooks from "./webhook";

 export {
-	signup,
-	auth,
-	bot,
-	user,
-	userAction,
-	organization,
-	workspace,
-	membershipOrg,
-	membership,
-	key,
-	inviteOrg,
-	secret,
-	serviceToken,
-	password,
-	integration,
-	integrationAuth,
-	secretsFolder,
+  signup,
+  auth,
+  bot,
+  user,
+  userAction,
+  organization,
+  workspace,
+  membershipOrg,
+  membership,
+  key,
+  inviteOrg,
+  secret,
+  serviceToken,
+  password,
+  integration,
+  integrationAuth,
+  secretsFolder,
+  secretScanning,
+  webhooks
 };
--- a/backend/src/routes/v1/secretScanning.ts
+++ b/backend/src/routes/v1/secretScanning.ts
@@ -0,0 +1,81 @@
+import express from "express";
+const router = express.Router();
+import {
+  requireAuth,
+  requireOrganizationAuth,
+  validateRequest,
+} from "../../middleware";
+import { body, param } from "express-validator";
+import { createInstallationSession, getCurrentOrganizationInstallationStatus, getRisksForOrganization, linkInstallationToOrganization, updateRisksStatus } from "../../controllers/v1/secretScanningController";
+import { ACCEPTED, ADMIN, MEMBER, OWNER } from "../../variables";
+
+router.post(
+  "/create-installation-session/organization/:organizationId",
+  requireAuth({
+    acceptedAuthModes: ["jwt"],
+  }),
+  param("organizationId").exists().trim(),
+  requireOrganizationAuth({
+    acceptedRoles: [OWNER, ADMIN, MEMBER],
+    acceptedStatuses: [ACCEPTED],
+  }),
+  validateRequest,
+  createInstallationSession
+);
+
+router.post(
+  "/link-installation",
+  requireAuth({
+    acceptedAuthModes: ["jwt"],
+  }),
+  body("installationId").exists().trim(),
+  body("sessionId").exists().trim(),
+  validateRequest,
+  linkInstallationToOrganization
+);
+
+router.get(
+  "/installation-status/organization/:organizationId",
+  requireAuth({
+    acceptedAuthModes: ["jwt"],
+  }),
+  param("organizationId").exists().trim(),
+  requireOrganizationAuth({
+    acceptedRoles: [OWNER, ADMIN, MEMBER],
+    acceptedStatuses: [ACCEPTED],
+  }),
+  validateRequest,
+  getCurrentOrganizationInstallationStatus
+);
+
+router.get(
+  "/organization/:organizationId/risks",
+  requireAuth({
+    acceptedAuthModes: ["jwt"],
+  }),
+  param("organizationId").exists().trim(),
+  requireOrganizationAuth({
+    acceptedRoles: [OWNER, ADMIN, MEMBER],
+    acceptedStatuses: [ACCEPTED],
+  }),
+  validateRequest,
+  getRisksForOrganization
+);
+
+router.post(
+  "/organization/:organizationId/risks/:riskId/status",
+  requireAuth({
+    acceptedAuthModes: ["jwt"],
+  }),
+  param("organizationId").exists().trim(),
+  param("riskId").exists().trim(),
+  body("status").exists(),
+  requireOrganizationAuth({
+    acceptedRoles: [OWNER, ADMIN, MEMBER],
+    acceptedStatuses: [ACCEPTED],
+  }),
+  validateRequest,
+  updateRisksStatus
+);
+
+export default router;
--- a/backend/src/routes/v1/webhook.ts
+++ b/backend/src/routes/v1/webhook.ts
@@ -0,0 +1,75 @@
+import express from "express";
+const router = express.Router();
+import { requireAuth, requireWorkspaceAuth, validateRequest } from "../../middleware";
+import { body, param, query } from "express-validator";
+import { ADMIN, AUTH_MODE_JWT, AUTH_MODE_SERVICE_ACCOUNT, MEMBER } from "../../variables";
+import { webhookController } from "../../controllers/v1";
+
+router.post(
+  "/",
+  requireAuth({
+    acceptedAuthModes: [AUTH_MODE_JWT]
+  }),
+  requireWorkspaceAuth({
+    acceptedRoles: [ADMIN, MEMBER],
+    locationWorkspaceId: "body",
+    locationEnvironment: "body"
+  }),
+  body("workspaceId").exists().isString().trim(),
+  body("environment").exists().isString().trim(),
+  body("webhookUrl").exists().isString().isURL().trim(),
+  body("webhookSecretKey").isString().trim(),
+  body("secretPath").default("/").isString().trim(),
+  validateRequest,
+  webhookController.createWebhook
+);
+
+router.patch(
+  "/:webhookId",
+  requireAuth({
+    acceptedAuthModes: [AUTH_MODE_JWT]
+  }),
+  param("webhookId").exists().isString().trim(),
+  body("isDisabled").default(false).isBoolean(),
+  validateRequest,
+  webhookController.updateWebhook
+);
+
+router.post(
+  "/:webhookId/test",
+  requireAuth({
+    acceptedAuthModes: [AUTH_MODE_JWT]
+  }),
+  param("webhookId").exists().isString().trim(),
+  validateRequest,
+  webhookController.testWebhook
+);
+
+router.delete(
+  "/:webhookId",
+  requireAuth({
+    acceptedAuthModes: [AUTH_MODE_JWT]
+  }),
+  param("webhookId").exists().isString().trim(),
+  validateRequest,
+  webhookController.deleteWebhook
+);
+
+router.get(
+  "/",
+  requireAuth({
+    acceptedAuthModes: [AUTH_MODE_JWT]
+  }),
+  requireWorkspaceAuth({
+    acceptedRoles: [ADMIN, MEMBER],
+    locationWorkspaceId: "query",
+    locationEnvironment: "query"
+  }),
+  query("workspaceId").exists().isString().trim(),
+  query("environment").optional().isString().trim(),
+  query("secretPath").optional().isString().trim(),
+  validateRequest,
+  webhookController.listWebhooks
+);
+
+export default router;
--- a/backend/src/routes/v2/secrets.ts
+++ b/backend/src/routes/v2/secrets.ts
@@ -5,7 +5,7 @@ import {
  requireAuth,
  requireSecretsAuth,
  requireWorkspaceAuth,
-  validateRequest,
+  validateRequest
 } from "../../middleware";
 import { validateClientForSecrets } from "../../validation";
 import { body, query } from "express-validator";
@@ -20,22 +20,18 @@ import {
  PERMISSION_READ_SECRETS,
  PERMISSION_WRITE_SECRETS,
  SECRET_PERSONAL,
-  SECRET_SHARED,
+  SECRET_SHARED
 } from "../../variables";
 import { BatchSecretRequest } from "../../types/secret";

 router.post(
  "/batch",
  requireAuth({
-    acceptedAuthModes: [
-      AUTH_MODE_JWT,
-      AUTH_MODE_API_KEY,
-      AUTH_MODE_SERVICE_TOKEN,
-    ],
+    acceptedAuthModes: [AUTH_MODE_JWT, AUTH_MODE_API_KEY, AUTH_MODE_SERVICE_TOKEN]
  }),
  requireWorkspaceAuth({
    acceptedRoles: [ADMIN, MEMBER],
-    locationWorkspaceId: "body",
+    locationWorkspaceId: "body"
  }),
  body("workspaceId").exists().isString().trim(),
  body("folderId").default("root").isString().trim(),
@@ -52,10 +48,8 @@ router.post(
        if (secretIds.length > 0) {
          req.secrets = await validateClientForSecrets({
            authData: req.authData,
-            secretIds: secretIds.map(
-              (secretId: string) => new Types.ObjectId(secretId)
-            ),
-            requiredPermissions: [],
+            secretIds: secretIds.map((secretId: string) => new Types.ObjectId(secretId)),
+            requiredPermissions: []
          });
        }
      }
@@ -76,14 +70,11 @@ router.post(
    .custom((value) => {
      if (Array.isArray(value)) {
        // case: create multiple secrets
-        if (value.length === 0)
-          throw new Error("secrets cannot be an empty array");
+        if (value.length === 0) throw new Error("secrets cannot be an empty array");
        for (const secret of value) {
          if (
            !secret.type ||
-            !(
-              secret.type === SECRET_PERSONAL || secret.type === SECRET_SHARED
-            ) ||
+            !(secret.type === SECRET_PERSONAL || secret.type === SECRET_SHARED) ||
            !secret.secretKeyCiphertext ||
            !secret.secretKeyIV ||
            !secret.secretKeyTag ||
@@ -108,9 +99,7 @@ router.post(
          !value.secretValueIV ||
          !value.secretValueTag
        ) {
-          throw new Error(
-            "secrets object is missing required secret properties"
-          );
+          throw new Error("secrets object is missing required secret properties");
        }
      } else {
        throw new Error("secrets must be an object or an array of objects");
@@ -120,17 +109,13 @@ router.post(
    }),
  validateRequest,
  requireAuth({
-    acceptedAuthModes: [
-      AUTH_MODE_JWT,
-      AUTH_MODE_API_KEY,
-      AUTH_MODE_SERVICE_TOKEN,
-    ],
+    acceptedAuthModes: [AUTH_MODE_JWT, AUTH_MODE_API_KEY, AUTH_MODE_SERVICE_TOKEN]
  }),
  requireWorkspaceAuth({
    acceptedRoles: [ADMIN, MEMBER],
    locationWorkspaceId: "body",
    locationEnvironment: "body",
-    requiredPermissions: [PERMISSION_WRITE_SECRETS],
+    requiredPermissions: [PERMISSION_WRITE_SECRETS]
  }),
  secretsController.createSecrets
 );
@@ -148,14 +133,14 @@ router.get(
      AUTH_MODE_JWT,
      AUTH_MODE_API_KEY,
      AUTH_MODE_SERVICE_TOKEN,
-      AUTH_MODE_SERVICE_ACCOUNT,
-    ],
+      AUTH_MODE_SERVICE_ACCOUNT
+    ]
  }),
  requireWorkspaceAuth({
    acceptedRoles: [ADMIN, MEMBER],
    locationWorkspaceId: "query",
    locationEnvironment: "query",
-    requiredPermissions: [PERMISSION_READ_SECRETS],
+    requiredPermissions: [PERMISSION_READ_SECRETS]
  }),
  secretsController.getSecrets
 );
@@ -167,8 +152,7 @@ router.patch(
    .custom((value) => {
      if (Array.isArray(value)) {
        // case: update multiple secrets
-        if (value.length === 0)
-          throw new Error("secrets cannot be an empty array");
+        if (value.length === 0) throw new Error("secrets cannot be an empty array");
        for (const secret of value) {
          if (!secret.id) {
            throw new Error("Each secret must contain a ID property");
@@ -187,15 +171,11 @@ router.patch(
    }),
  validateRequest,
  requireAuth({
-    acceptedAuthModes: [
-      AUTH_MODE_JWT,
-      AUTH_MODE_API_KEY,
-      AUTH_MODE_SERVICE_TOKEN,
-    ],
+    acceptedAuthModes: [AUTH_MODE_JWT, AUTH_MODE_API_KEY, AUTH_MODE_SERVICE_TOKEN]
  }),
  requireSecretsAuth({
    acceptedRoles: [ADMIN, MEMBER],
-    requiredPermissions: [PERMISSION_WRITE_SECRETS],
+    requiredPermissions: [PERMISSION_WRITE_SECRETS]
  }),
  secretsController.updateSecrets
 );
@@ -210,8 +190,7 @@ router.delete(

      if (Array.isArray(value)) {
        // case: delete multiple secrets
-        if (value.length === 0)
-          throw new Error("secrets cannot be an empty array");
+        if (value.length === 0) throw new Error("secrets cannot be an empty array");
        return value.every((id: string) => typeof id === "string");
      }

@@ -221,15 +200,11 @@ router.delete(
    .isEmpty(),
  validateRequest,
  requireAuth({
-    acceptedAuthModes: [
-      AUTH_MODE_JWT,
-      AUTH_MODE_API_KEY,
-      AUTH_MODE_SERVICE_TOKEN,
-    ],
+    acceptedAuthModes: [AUTH_MODE_JWT, AUTH_MODE_API_KEY, AUTH_MODE_SERVICE_TOKEN]
  }),
  requireSecretsAuth({
    acceptedRoles: [ADMIN, MEMBER],
-    requiredPermissions: [PERMISSION_WRITE_SECRETS],
+    requiredPermissions: [PERMISSION_WRITE_SECRETS]
  }),
  secretsController.deleteSecrets
 );
--- a/backend/src/services/GithubSecretScanningService.ts
+++ b/backend/src/services/GithubSecretScanningService.ts
@@ -0,0 +1,243 @@
+import { Probot } from "probot";
+import { exec } from "child_process";
+import { mkdir, readFile, rm, writeFile } from "fs";
+import { tmpdir } from "os";
+import { join } from "path"
+import GitRisks from "../models/gitRisks";
+import GitAppOrganizationInstallation from "../models/gitAppOrganizationInstallation";
+import MembershipOrg from "../models/membershipOrg";
+import { ADMIN, OWNER } from "../variables";
+import User from "../models/user";
+import { sendMail } from "../helpers";
+
+type SecretMatch = {
+  Description: string;
+  StartLine: number;
+  EndLine: number;
+  StartColumn: number;
+  EndColumn: number;
+  Match: string;
+  Secret: string;
+  File: string;
+  SymlinkFile: string;
+  Commit: string;
+  Entropy: number;
+  Author: string;
+  Email: string;
+  Date: string;
+  Message: string;
+  Tags: string[];
+  RuleID: string;
+  Fingerprint: string;
+  FingerPrintWithoutCommitId: string
+};
+
+export default async (app: Probot) => {
+  app.on("installation.deleted", async (context) => {
+    const { payload } = context;
+    const { installation, repositories } = payload;
+    if (installation.repository_selection == "all") {
+      await GitRisks.deleteMany({ installationId: installation.id })
+      await GitAppOrganizationInstallation.deleteOne({ installationId: installation.id })
+    } else {
+      if (repositories) {
+        for (const repository of repositories) {
+          await GitRisks.deleteMany({ repositoryId: repository.id })
+        }
+      }
+    }
+  })
+
+  app.on("push", async (context) => {
+    const { payload } = context;
+    const { commits, repository, installation, pusher } = payload;
+    const [owner, repo] = repository.full_name.split("/");
+
+    if (!commits || !repository || !installation || !pusher) {
+      return
+    }
+
+    const installationLinkToOrgExists = await GitAppOrganizationInstallation.findOne({ installationId: installation?.id }).lean()
+    if (!installationLinkToOrgExists) {
+      return
+    }
+
+    const allFindingsByFingerprint: { [key: string]: SecretMatch; } = {}
+
+    for (const commit of commits) {
+      for (const filepath of [...commit.added, ...commit.modified]) {
+        try {
+          const fileContentsResponse = await context.octokit.repos.getContent({
+            owner,
+            repo,
+            path: filepath,
+          });
+
+          const data: any = fileContentsResponse.data;
+          const fileContent = Buffer.from(data.content, "base64").toString();
+
+          const findings = await scanContentAndGetFindings(`\n${fileContent}`) // extra line to count lines correctly
+
+          for (const finding of findings) {
+            const fingerPrintWithCommitId = `${commit.id}:${filepath}:${finding.RuleID}:${finding.StartLine}`
+            const fingerPrintWithoutCommitId = `${filepath}:${finding.RuleID}:${finding.StartLine}`
+            finding.Fingerprint = fingerPrintWithCommitId
+            finding.FingerPrintWithoutCommitId = fingerPrintWithoutCommitId
+            finding.Commit = commit.id
+            finding.File = filepath
+            finding.Author = commit.author.name
+            finding.Email = commit?.author?.email ? commit?.author?.email : ""
+
+            allFindingsByFingerprint[fingerPrintWithCommitId] = finding
+          }
+
+        } catch (error) {
+          console.error(`Error fetching content for ${filepath}`, error); // eslint-disable-line
+        }
+      }
+    }
+
+    // change to update
+    for (const key in allFindingsByFingerprint) {
+      const risk = await GitRisks.findOneAndUpdate({ fingerprint: allFindingsByFingerprint[key].Fingerprint },
+        {
+          ...convertKeysToLowercase(allFindingsByFingerprint[key]),
+          installationId: installation.id,
+          organization: installationLinkToOrgExists.organizationId,
+          repositoryFullName: repository.full_name,
+          repositoryId: repository.id
+        }, {
+        upsert: true
+      }).lean()
+    }
+    // get emails of admins
+    const adminsOfWork = await MembershipOrg.find({
+      organization: installationLinkToOrgExists.organizationId,
+      $or: [
+        { role: OWNER },
+        { role: ADMIN }
+      ]
+    }).lean()
+
+    const userEmails = await User.find({
+      _id: {
+        $in: [adminsOfWork.map(orgMembership => orgMembership.user)]
+      }
+    }).select("email").lean()
+
+    const adminOrOwnerEmails = userEmails.map(userObject => userObject.email)
+
+
+    // TODO
+    // don't notify if the risk is marked as false positive
+
+    // loop through each finding and check if the finger print without commit has a status of false positive, if so don't add it to the list of risks that need to be notified 
+
+
+
+
+    await sendMail({
+      template: "secretLeakIncident.handlebars",
+      subjectLine: `Incident alert: leaked secrets found in Github repository ${repository.full_name}`,
+      recipients: ["pusher.email", ...adminOrOwnerEmails],
+      substitutions: {
+        numberOfSecrets: Object.keys(allFindingsByFingerprint).length,
+        pusher_email: pusher.email,
+        pusher_name: pusher.name
+      }
+    });
+  });
+};
+
+async function scanContentAndGetFindings(textContent: string): Promise<SecretMatch[]> {
+  const tempFolder = await createTempFolder();
+  const filePath = join(tempFolder, "content.txt");
+  const findingsPath = join(tempFolder, "findings.json");
+
+  try {
+    await writeTextToFile(filePath, textContent);
+    await runInfisicalScan(filePath, findingsPath);
+    const findingsData = await readFindingsFile(findingsPath);
+    return JSON.parse(findingsData);
+  } finally {
+    await deleteTempFolder(tempFolder);
+  }
+}
+
+function createTempFolder(): Promise<string> {
+  return new Promise((resolve, reject) => {
+    const tempDir = tmpdir()
+    const tempFolderName = Math.random().toString(36).substring(2);
+    const tempFolderPath = join(tempDir, tempFolderName);
+
+    mkdir(tempFolderPath, (err: any) => {
+      if (err) {
+        reject(err);
+      } else {
+        resolve(tempFolderPath);
+      }
+    });
+  });
+}
+
+function writeTextToFile(filePath: string, content: string): Promise<void> {
+  return new Promise((resolve, reject) => {
+    writeFile(filePath, content, (err) => {
+      if (err) {
+        reject(err);
+      } else {
+        resolve();
+      }
+    });
+  });
+}
+
+function runInfisicalScan(inputPath: string, outputPath: string): Promise<void> {
+  return new Promise((resolve, reject) => {
+    const command = `cat "${inputPath}" | infisical scan --exit-code=77 --pipe -r "${outputPath}"`;
+    exec(command, (error) => {
+      if (error && error.code != 77) {
+        reject(error);
+      } else {
+        resolve();
+      }
+    });
+  });
+}
+
+function readFindingsFile(filePath: string): Promise<string> {
+  return new Promise((resolve, reject) => {
+    readFile(filePath, "utf8", (err, data) => {
+      if (err) {
+        reject(err);
+      } else {
+        resolve(data);
+      }
+    });
+  });
+}
+
+function deleteTempFolder(folderPath: string): Promise<void> {
+  return new Promise((resolve, reject) => {
+    rm(folderPath, { recursive: true }, (err) => {
+      if (err) {
+        reject(err);
+      } else {
+        resolve();
+      }
+    });
+  });
+}
+
+function convertKeysToLowercase<T>(obj: T): T {
+  const convertedObj = {} as T;
+
+  for (const key in obj) {
+    if (Object.prototype.hasOwnProperty.call(obj, key)) {
+      const lowercaseKey = key.charAt(0).toLowerCase() + key.slice(1);
+      convertedObj[lowercaseKey as keyof T] = obj[key];
+    }
+  }
+
+  return convertedObj;
+}
--- a/backend/src/services/WebhookService.ts
+++ b/backend/src/services/WebhookService.ts
@@ -0,0 +1,93 @@
+import axios from "axios";
+import crypto from "crypto";
+import { Types } from "mongoose";
+import picomatch from "picomatch";
+import { client, getRootEncryptionKey } from "../config";
+import Webhook, { IWebhook } from "../models/webhooks";
+
+export const triggerWebhookRequest = async (
+  { url, encryptedSecretKey, iv, tag }: IWebhook,
+  payload: Record<string, unknown>
+) => {
+  const headers: Record<string, string> = {};
+  payload["timestamp"] = Date.now();
+
+  if (encryptedSecretKey) {
+    const rootEncryptionKey = await getRootEncryptionKey();
+    const secretKey = client.decryptSymmetric(encryptedSecretKey, rootEncryptionKey, iv, tag);
+    const webhookSign = crypto
+      .createHmac("sha256", secretKey)
+      .update(JSON.stringify(payload))
+      .digest("hex");
+    headers["x-infisical-signature"] = `t=${payload["timestamp"]};${webhookSign}`;
+  }
+
+  const req = await axios.post(url, payload, { headers });
+  return req;
+};
+
+export const getWebhookPayload = (
+  eventName: string,
+  workspaceId: string,
+  environment: string,
+  secretPath?: string
+) => ({
+  event: eventName,
+  project: {
+    workspaceId,
+    environment,
+    secretPath
+  }
+});
+
+export const triggerWebhook = async (
+  workspaceId: string,
+  environment: string,
+  secretPath: string
+) => {
+  const webhooks = await Webhook.find({ workspace: workspaceId, environment, isDisabled: false });
+  // TODO(akhilmhdh): implement retry policy later, for that a cron job based approach is needed
+  // for exponential backoff
+  const toBeTriggeredHooks = webhooks.filter(({ secretPath: hookSecretPath }) =>
+    picomatch.isMatch(secretPath, hookSecretPath, { strictSlashes: false })
+  );
+  const webhooksTriggered = await Promise.allSettled(
+    toBeTriggeredHooks.map((hook) =>
+      triggerWebhookRequest(
+        hook,
+        getWebhookPayload("secrets.modified", workspaceId, environment, secretPath)
+      )
+    )
+  );
+  const successWebhooks: Types.ObjectId[] = [];
+  const failedWebhooks: Array<{ id: Types.ObjectId; error: string }> = [];
+  webhooksTriggered.forEach((data, index) => {
+    if (data.status === "rejected") {
+      failedWebhooks.push({ id: toBeTriggeredHooks[index]._id, error: data.reason.message });
+      return;
+    }
+    successWebhooks.push(toBeTriggeredHooks[index]._id);
+  });
+  // dont remove the workspaceid and environment filter. its used to reduce the dataset before $in check
+  await Webhook.bulkWrite([
+    {
+      updateMany: {
+        filter: { workspace: workspaceId, environment, _id: { $in: successWebhooks } },
+        update: { lastStatus: "success", lastRunErrorMessage: null }
+      }
+    },
+    ...failedWebhooks.map(({ id, error }) => ({
+      updateOne: {
+        filter: {
+          workspace: workspaceId,
+          environment,
+          _id: id
+        },
+        update: {
+          lastStatus: "failed",
+          lastRunErrorMessage: error
+        }
+      }
+    }))
+  ]);
+};
--- a/backend/src/services/index.ts
+++ b/backend/src/services/index.ts
@@ -6,6 +6,7 @@ import EventService from "./EventService";
 import IntegrationService from "./IntegrationService";
 import TokenService from "./TokenService";
 import SecretService from "./SecretService";
+import GithubSecretScanningService from "./GithubSecretScanningService"

 export {
    TelemetryService,
@@ -15,4 +16,5 @@ export {
    IntegrationService,
    TokenService,
    SecretService,
+    GithubSecretScanningService
 }
--- a/backend/src/services/smtp.ts
+++ b/backend/src/services/smtp.ts
@@ -2,9 +2,10 @@ import nodemailer from "nodemailer";
 import {
  SMTP_HOST_GMAIL,
  SMTP_HOST_MAILGUN,
+  SMTP_HOST_OFFICE365,
  SMTP_HOST_SENDGRID,
  SMTP_HOST_SOCKETLABS,
-  SMTP_HOST_ZOHOMAIL,
+  SMTP_HOST_ZOHOMAIL
 } from "../variables";
 import SMTPConnection from "nodemailer/lib/smtp-connection";
 import * as Sentry from "@sentry/node";
@@ -15,6 +16,7 @@ import {
  getSmtpSecure,
  getSmtpUsername,
 } from "../config";
+import { getLogger } from "../utils/logger";

 export const initSmtp = async () => {
  const mailOpts: SMTPConnection.Options = {
@@ -58,6 +60,12 @@ export const initSmtp = async () => {
          ciphers: "TLSv1.2",
        }
        break;
+      case SMTP_HOST_OFFICE365:
+        mailOpts.requireTLS = true;
+        mailOpts.tls = {
+          ciphers: "TLSv1.2"
+        }
+        break;
      default:
        if ((await getSmtpHost()).includes("amazonaws.com")) {
          mailOpts.tls = {
@@ -73,10 +81,12 @@ export const initSmtp = async () => {
  const transporter = nodemailer.createTransport(mailOpts);
  transporter
    .verify()
-    .then((err) => {
+    .then(async () => {
      Sentry.setUser(null);
      Sentry.captureMessage("SMTP - Successfully connected");
-      console.log("SMTP - Successfully connected")
+      (await getLogger("backend-main")).info(
+        "SMTP - Successfully connected"
+      );
    })
    .catch(async (err) => {
      Sentry.setUser(null);
--- a/backend/src/templates/secretLeakIncident.handlebars
+++ b/backend/src/templates/secretLeakIncident.handlebars
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="x-ua-compatible" content="ie=edge">
+  <title>Incident alert: secret leaked</title>
+</head>
+
+<body>
+  <h3>Infisical has uncovered {{numberOfSecrets}} secret(s) from your recent push</h3>
+  <p><a href="https://app.infisical.com/secret-scanning"><strong>View leaked secrets</strong></a></p>
+  <p>One or more secret leaks have been detected in a recent commit pushed by {{pusher_name}} ({{pusher_email}}). If
+    these are test secrets, please add `infisical-scan:ignore` at the end of the line containing the secret as comment
+    in the given programming. This will prevent future notifications from being sent out for the given secret(s).</p>
+
+  <p>If these are production secrets, please rotate them immediately.</p>
+
+  <p>Once you have taken action, be sure to update the status of the risk in your<a
+      href="https://app.infisical.com/">Infisical
+      dashboard</a>.</p>
+</body>
+
+</html>
--- a/backend/src/utils/errors.ts
+++ b/backend/src/utils/errors.ts
@@ -27,7 +27,7 @@ export const UnauthorizedRequestError = (error?: Partial<RequestErrorContext>) =
    context: error?.context,
    stack: error?.stack,
 });
-  
+
 export const ForbiddenRequestError = (error?: Partial<RequestErrorContext>) => new RequestError({
    logLevel: error?.logLevel ?? LogLevel.INFO,
    statusCode: error?.statusCode ?? 403,
@@ -46,6 +46,15 @@ export const BadRequestError = (error?: Partial<RequestErrorContext>) => new Req
    stack: error?.stack,
 });

+export const ResourceNotFound = (error?: Partial<RequestErrorContext>) => new RequestError({
+    logLevel: error?.logLevel ?? LogLevel.INFO,
+    statusCode: error?.statusCode ?? 404,
+    type: error?.type ?? "resource_not_found",
+    message: error?.message ?? "The requested resource is not found",
+    context: error?.context,
+    stack: error?.stack,
+});
+
 export const InternalServerError = (error?: Partial<RequestErrorContext>) => new RequestError({
    logLevel: error?.logLevel ?? LogLevel.ERROR,
    statusCode: error?.statusCode ?? 500,
@@ -229,6 +238,6 @@ export const BotNotFoundError = (error?: Partial<RequestErrorContext>) => new Re
    message: error?.message ?? "The requested bot was not found",
    context: error?.context,
    stack: error?.stack,
-})    
+})

 //* ----->[MISC ERRORS]<-----
--- a/backend/src/variables/event.ts
+++ b/backend/src/variables/event.ts
@@ -1,2 +1,3 @@
 export const EVENT_PUSH_SECRETS = "pushSecrets";
-export const EVENT_PULL_SECRETS = "pullSecrets";
+export const EVENT_PULL_SECRETS = "pullSecrets";
+export const EVENT_START_INTEGRATION = "startIntegration";
--- a/backend/src/variables/smtp.ts
+++ b/backend/src/variables/smtp.ts
@@ -3,3 +3,4 @@ export const SMTP_HOST_MAILGUN = "smtp.mailgun.org";
 export const SMTP_HOST_SOCKETLABS = "smtp.socketlabs.com";
 export const SMTP_HOST_ZOHOMAIL = "smtp.zoho.com";
 export const SMTP_HOST_GMAIL = "smtp.gmail.com";
+export const SMTP_HOST_OFFICE365 = "smtp.office365.com";
--- a/cli/packages/cmd/login.go
+++ b/cli/packages/cmd/login.go
@@ -73,7 +73,6 @@ var loginCmd = &cobra.Command{
 				return
 			}
 		}
-
 		//override domain
 		domainQuery := true
 		if config.INFISICAL_URL_MANUAL_OVERRIDE != "" && config.INFISICAL_URL_MANUAL_OVERRIDE != util.INFISICAL_DEFAULT_API_URL {
@@ -322,6 +321,8 @@ func DomainOverridePrompt() (bool, error) {
 	)

 	options := []string{PRESET, OVERRIDE}
+	//trim the '/' from the end of the domain url
+	config.INFISICAL_URL_MANUAL_OVERRIDE = strings.TrimRight(config.INFISICAL_URL_MANUAL_OVERRIDE, "/")
 	optionsPrompt := promptui.Select{
 		Label: fmt.Sprintf("Current INFISICAL_API_URL Domain Override: %s", config.INFISICAL_URL_MANUAL_OVERRIDE),
 		Items: options,
@@ -380,7 +381,8 @@ func askForDomain() error {
 	if err != nil {
 		return err
 	}
-
+	//trimmed the '/' from the end of the self hosting url
+	domain = strings.TrimRight(domain, "/")
 	//set api and login url
 	config.INFISICAL_URL = fmt.Sprintf("%s/api", domain)
 	config.INFISICAL_LOGIN_URL = fmt.Sprintf("%s/login", domain)
--- a/cli/packages/cmd/vault.go
+++ b/cli/packages/cmd/vault.go
@@ -48,7 +48,7 @@ var vaultSetCmd = &cobra.Command{
 				return
 			}

-			fmt.Printf("\nSuccessfully, switched vault backend from [%s] to [%s]. Please login in again to store your login details in the new vault with [infisical login]", currentVaultBackend, wantedVaultTypeName)
+			fmt.Printf("\nSuccessfully, switched vault backend from [%s] to [%s]. Please login in again to store your login details in the new vault with [infisical login]\n", currentVaultBackend, wantedVaultTypeName)

 			Telemetry.CaptureEvent("cli-command:vault set", posthog.NewProperties().Set("currentVault", currentVaultBackend).Set("wantedVault", wantedVaultTypeName).Set("version", util.CLI_VERSION))
 		} else {
@@ -81,7 +81,7 @@ func printAvailableVaultBackends() {

 	Telemetry.CaptureEvent("cli-command:vault", posthog.NewProperties().Set("currentVault", currentVaultBackend).Set("version", util.CLI_VERSION))

-	fmt.Printf("\n\nYou are currently using [%s] vault to store your login credentials", string(currentVaultBackend))
+	fmt.Printf("\n\nYou are currently using [%s] vault to store your login credentials\n", string(currentVaultBackend))
 }

 // Checks if the vault that the user wants to switch to is a valid available vault
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -41,6 +41,20 @@ services:
    networks:
      - infisical

+  # secret-scanning-git-app:
+  #   container_name: infisical-secret-scanning-git-app
+  #   restart: unless-stopped
+  #   depends_on:
+  #     - backend
+  #     - frontend
+  #     - mongo
+  #   ports:
+  #     - "3000:3001"
+  #   image: infisical/staging_deployment_secret-scanning-git-app
+  #   env_file: .env
+  #   networks:
+  #     - infisical
+
  mongo:
    container_name: infisical-mongo
    image: mongo
--- a/docs/changelog/overview.mdx
+++ b/docs/changelog/overview.mdx
@@ -4,6 +4,21 @@ title: "Changelog"

 The changelog below reflects new product developments and updates on a monthly basis; it will be updated later this quarter to include issues-addressed on a weekly basis.

+## July 2023
+
+- Released [secret referencing](https://infisical.com/docs/documentation/platform/secret-reference) across folders and environments. 
+- Added the [intergation with Laravel Forge](https://infisical.com/docs/integrations/cloud/laravel-forge).
+- Redesigned the project/organization experience.
+
+## June 2023
+
+- Released the [Terraform Provider](https://infisical.com/docs/integrations/frameworks/terraform#5-run-terraform).
+- Updated the usage and billing page. Added the free trial for the professional tier.
+- Added the intergation with [Checkly](https://infisical.com/docs/integrations/cloud/checkly), [Hashicorp Vault](https://infisical.com/docs/integrations/cloud/hashicorp-vault), and [Cloudflare Pages](https://infisical.com/docs/integrations/cloud/cloudflare-pages).
+- Comleted a penetration test with a `very good` result.
+- Added support for multi-line secrets.
+
+
 ## May 2023

 - Released secret scanning capability for the CLI.
@@ -11,8 +26,7 @@ The changelog below reflects new product developments and updates on a monthly b
 - Completed penetration test.
 - Released new landing page.
 - Started SOC 2 (Type II) compliance certification preparation.
-
-More coming soon.
+- Released new deployment options for Fly.io, Digital Ocean and Render. 

 ## April 2023

@@ -107,4 +121,4 @@ More coming soon.
 - Added search bar to dashboard to query for keys on client-side.
 - Added capability to rename a project.
 - Added user roles for projects.
- Added incident contacts.
+- Added incident contacts.
--- a/docs/cli/commands/secrets.mdx
+++ b/docs/cli/commands/secrets.mdx
@@ -99,13 +99,12 @@ $ infisical secrets set STRIPE_API_KEY=sjdgwkeudyjwe DOMAIN=example.com HASH=jeb
    Default value: `dev`
  </Accordion>
  <Accordion title="--path">
-    The `--path` flag indicates which project folder secrets will be injected from.
+    Used to select the project folder in which the secrets will be set. This is useful when creating new secrets under a particular path.

    ```bash
    # Example
-    infisical secrets set <key1=value1> <key2=value2>... --path="/"
+    infisical secrets set DOMAIN=example.com --path="common/backend"
    ```
-
  </Accordion>
 </Accordion>

--- a/docs/cli/overview.mdx
+++ b/docs/cli/overview.mdx
@@ -3,9 +3,7 @@ title: 'Install'
 description: "Infisical's CLI is one of the best way to manage environments and secrets. Install it here"
 ---

-Prerequisite: Set up an account with [Infisical Cloud](https://app.infisical.com) or via a [self-hosted installation](/self-hosting/overview).
-
-The Infisical CLI provides a way to inject environment variables from the platform into your apps and infrastructure.
+The Infisical CLI can be used to access secrets across various environments, whether it's local development, CI/CD, staging, or production.

 ## Installation

@@ -100,49 +98,3 @@ The Infisical CLI provides a way to inject environment variables from the platfo
   </Tab>
 </Tabs>

-### Log in to the Infisical CLI
-
-```bash
-infisical login
-```
-
-<Accordion title="Optional: point CLI to self-hosted">
-The CLI is set to connect to Infisical Cloud by default, but if you're running your own instance of Infisical, you can direct the CLI to it using one of the methods provided below.
-
-#### Method 1: Use the updated CLI
-Beginning with CLI version V0.4.0, it is now possible to choose between logging in through the Infisical cloud or your own self-hosted instance. Simply execute the `infisical login` command and follow the on-screen instructions.
-
-#### Method 2: Export environment variable 
-You can point the CLI to the self hosted Infisical instance by exporting the environment variable `INFISICAL_API_URL` in your terminal.
-
-<Tabs>
-  <Tab title="Linux/MacOs">
-		```bash
-		# Set backend host 
-		export INFISICAL_API_URL="https://your-self-hosted-infisical.com/api"
-
-		# Remove backend host 
-		unset INFISICAL_API_URL
-		```
-  </Tab>
-  <Tab title="Windows Powershell">
-		```bash
-		# Set backend host 
-		setx INFISICAL_API_URL "https://your-self-hosted-infisical.com/api"
-
-		# Remove backend host 
-		setx INFISICAL_API_URL ""
-
-		# NOTE: Once set or removed, please restart powershell for the change to take effect
-		```
-  </Tab>
-</Tabs>
-
-#### Method 3: Set manually on every command
-Another option to point the CLI to your self hosted Infisical instance is to set it via a flag on every command you run.
-
-```bash 
-# Example
-infisical <any-command> --domain="https://your-self-hosted-infisical.com/api"
-```
-</Accordion>
--- a/docs/cli/usage.mdx
+++ b/docs/cli/usage.mdx
@@ -1,77 +1,137 @@
 ---
-title: "Usage"
-description: "How to manage you secrets with Infisical's CLI?"
+title: "Quick usage"
+description: "Manage secrets with Infisical CLI"
 ---

-Prerequisite: [Install the CLI](/cli/overview)
+The CLI is designed for a variety of applications, ranging from local secret management to CI/CD and production scenarios. 
+The distinguishing factor, however, is the authentication method used.

-## Authenticate
 <Tabs>
  <Tab title="Local development">
-    To use the Infisical CLI in your development environment, you can run the command below.
-    This will allow you to access the features and functionality provided by the CLI.
+    To use the Infisical CLI in your development environment, simply run the following command and follow the interactive guide. 

    ```bash 
    infisical login 
    ```
+
+    <Note>
+      If you are in a containerized environment such as WSL 2 or Codespaces, run `infisical login -i` to avoid browser based login 
+    </Note>
+
+    ## Initialize Infisical for your project
+
+    ```bash
+    # navigate to your project
+    cd /path/to/project
+
+    # initialize infisical
+    infisical init
+    ```
+
+    This will create `.infisical.json` file at the location the command was executed. This file contains your [local project settings](./project-config). It does not contain any sensitive data. 
+    
  </Tab>

-  <Tab title="Infisical Token">
-    To use Infisical CLI in environments where you cannot run the `infisical login` command, you can authenticate via a
-    Infisical Token instead. Learn more about [Infisical Token](/documentation/platform/token).
+  <Tab title="CI/CD, Production usage, etc">
+    To use Infisical for non local development scenarios, please create a [service token](../documentation/platform/token). The service token will allow you to authenticate and interact with Infisical. 
+    Once you have created a service token with the required permissions, you'll need to feed the token to the CLI. 
+
+    #### Pass as flag
+    You may use the --token flag to set the token 
+
+    ```
+    infisical export --token=<>
+    infisical secrets --token=<>
+    infisical run --token=<> -- npm run dev
+    ```
+
+    #### Pass via shell environment variable
+    The CLI is configured to look for an environment variable named `INFISICAL_TOKEN`. If set, it'll attempt to use it for authentication.
+
+    ```
+    export INFISICAL_TOKEN=<>
+    ```
+    
+
  </Tab>
 </Tabs>

-## Initialize Infisical for your project
-
-```bash
-# navigate to your project
-cd /path/to/project
-
-# initialize infisical
-infisical init
-```

 ## Inject environment variables
+<Tabs>
+  <Tab title="Feed secrets to your application">
+    ```bash
+    infisical run -- [your application start command]

-<Accordion title="Injecting environment variables directly" defaultOpen="true">
-  ```bash
-  # inject environment variables into app
-  infisical run -- [your application start command]
-  ```
-</Accordion>
+    # example with node (nodemon)
+    infisical run --env=dev --path=/apps/firefly -- nodemon index.js

-<Accordion title="Injecting environment variables in custom aliases">
-  Custom aliases can utilize secrets from Infisical. Suppose there is a custom alias `yd` in `custom.sh` that runs `yarn dev` and needs the secrets provided by Infisical.
-  ```bash
-  #!/bin/sh
+    # example with flask
+    infisical run -- flask run

-  yd() {
-    yarn dev
-  }
-  ```
+    # example with spring boot - maven
+    infisical run -- ./mvnw spring-boot:run --quiet
+    ```
+  </Tab>
+  <Tab title="Feed secrets via custom aliases (advanced)">
+    Custom aliases can utilize secrets from Infisical. Suppose there is a custom alias `yd` in `custom.sh` that runs `yarn dev` and needs the secrets provided by Infisical.
+    ```bash
+    #!/bin/sh

-  To make the secrets available from Infisical to `yd`, you can run the following command:
+    yd() {
+      yarn dev
+    }
+    ```

-  ```bash
-  infisical run --command="source custom.sh && yd"
-  ```
-</Accordion>
+    To make the secrets available from Infisical to `yd`, you can run the following command:
+
+    ```bash
+    infisical run --command="source custom.sh && yd"
+    ```
+  </Tab>
+</Tabs>

 View all available options for `run` command [here](./commands/run)

-## Examples:
+## Connect CLI to self hosted Infisical 

-```bash
-# example with node
-infisical run -- node index.js
+<Accordion title="Optional: point CLI to self-hosted">
+The CLI is set to connect to Infisical Cloud by default, but if you're running your own instance of Infisical, you can direct the CLI to it using one of the methods provided below.

-# example with node (nodemon)
-infisical run -- nodemon index.js
+#### Method 1: Use the updated CLI
+Beginning with CLI version V0.4.0, it is now possible to choose between logging in through the Infisical cloud or your own self-hosted instance. Simply execute the `infisical login` command and follow the on-screen instructions.

-# example with node (nodemon) pulling in secrets from test environment
-infisical run --env=test -- nodemon index.js
+#### Method 2: Export environment variable 
+You can point the CLI to the self hosted Infisical instance by exporting the environment variable `INFISICAL_API_URL` in your terminal.

-# example with flask
-infisical run -- flask run
+<Tabs>
+  <Tab title="Linux/MacOs">
+		```bash
+		# Set backend host 
+		export INFISICAL_API_URL="https://your-self-hosted-infisical.com/api"
+
+		# Remove backend host 
+		unset INFISICAL_API_URL
+		```
+  </Tab>
+  <Tab title="Windows Powershell">
+		```bash
+		# Set backend host 
+		setx INFISICAL_API_URL "https://your-self-hosted-infisical.com/api"
+
+		# Remove backend host 
+		setx INFISICAL_API_URL ""
+
+		# NOTE: Once set or removed, please restart powershell for the change to take effect
+		```
+  </Tab>
+</Tabs>
+
+#### Method 3: Set manually on every command
+Another option to point the CLI to your self hosted Infisical instance is to set it via a flag on every command you run.
+
+```bash 
+# Example
+infisical <any-command> --domain="https://your-self-hosted-infisical.com/api"
 ```
+</Accordion>
--- a/docs/contributing/overview.mdx
+++ b/docs/contributing/overview.mdx
@@ -30,7 +30,7 @@ If you're ever in doubt about whether or not a proposed feature aligns with Infi
 ## Writing and submitting code

 Anyone can contribute code to Infisical. To get started, check out the [local development guide](/contributing/developing), make your changes, and submit a pull request to the main repository
-adhering to the [pull request guide](/).
+adhering to the [pull request guide](/contributing/pull-requests).


 ## Licensing
--- a/docs/documentation/getting-started/introduction.mdx
+++ b/docs/documentation/getting-started/introduction.mdx
@@ -20,7 +20,7 @@ Start syncing environment variables with [Infisical Cloud](https://app.infisical
 ## Integrate with Infisical

 <CardGroup cols={2}>
-  <Card href="/documentation/getting-started/cli" title="Command Line Interface (CLI)" icon="square-terminal" color="#3775a9">
+  <Card href="../../cli/overview" title="Command Line Interface (CLI)" icon="square-terminal" color="#3775a9">
    Inject secrets into any application process/environment
  </Card>
  <Card
--- a/docs/documentation/platform/folder.mdx
+++ b/docs/documentation/platform/folder.mdx
@@ -1,48 +1,30 @@
 ---
-title: "Folder"
-description: "How Infisical structures secrets into folders"
+title: "Folders"
+description: "Organize your secrets with folders"
 ---

-Folders can be used to group secrets into multiple levels, which can help organize secrets in monorepos or microservice-based architectures. For example, you could create a folder for each environment, such as production, staging, and development. 
+Folders provide a powerful and intuitive way to structure your secrets.
+They offer a system to keep your secrets organized and easily accessible, which becomes increasingly important as your collection of secrets grow.

-Within each environment folder, you could create subfolders for different types of secrets, such as database credentials, API keys, and SSH keys. This can help to keep your secrets organized and easy to find.
+With folders in Infisical, you can now create a hierarchy of folders to organize your secrets, mirroring your application's architecture or any logical grouping that suits your needs. 
+Whether you follow a microservices architecture or work with monorepos, folders make it simpler to locate, manage and collaborate between teams.

-## Dashboard

-![dashboard with folders](../../images/dashboard-folders.png)
+## Creating a folder

-Only alphabets, numbers, and dashes are allowed in folder names. You can create a folder for each environment from the dashboard.
+To create a folder, head over to the environment where you'd like to create the folder. Once there, click the `Add folder` button as shown below.
+If you wish to create nested folders, simply click into the folder of choice and click `Add folder` button again.

 ![dashboard add folders](../../images/dashboard-add-folder.png)

-To create a nested folder or access the secrets of a folder, click on an existing folder to open it. You will then be able to modify the secrets of that folder and create new folders inside it.
+<Info>
+  Folder names can only contain alphabets, numbers, and dashes
+</Info>

-## Dashboard Secret Overview
+## Compare folders across environments

 The overview screen provides a comprehensive view of all your secrets and folders, organized by environment. 

 ![dashboard secret overview with folders](../../images/dashboard-folder-overview.png)

-When you click on a folder, the overview will be updated to show only the secrets and folders in that folder. This makes it easy to find the information you need, no matter how deeply nested it is.
-
-## Integrations
-
-You can easily scope injected secrets to a folder during integrations by providing the secret path option.
-
-![integrations scoped with folders](../../images/integration-folders.png)
-
-For more information on integrations, [refer infisical integration](/integrations/overview)
-
-## Service Tokens
-
-You can scope the secrets that can be read and written using an Infisical token by providing the secret path option when creating the token.
-
-You can provide the folder path as glob if you want to have access to multiple folders and the tokens do support multi-environment.
-
-![folder scoped service token](../../images/project-folder-token.png)
-
-For more information, [refer infisical token section.](./token)
-
-## Point-In-Time Recovery
-
-For more information on how PIT recovery works on folders, [please refer to this section.](./pit-recovery)
+When you click on a folder, the overview will be updated to show only the secrets and folders in that folder. This allows you to compare secrets across environment regardless of how deeply nested your folders are.
--- a/docs/documentation/platform/pit-recovery.mdx
+++ b/docs/documentation/platform/pit-recovery.mdx
@@ -3,28 +3,26 @@ title: "Point-in-Time Recovery"
 description: "How to rollback secrets and configs to any commit with Infisical."
 ---

-Point-in-time recovery allows environment variables to be rolled back to any point in time. It's powered by snapshots that get captured after mutations to environment variables.
+Point-in-time recovery allows secrets to be rolled back to any point in time. 
+It's powered by snapshots that get created after every mutations to a secret within a given [folder](./folder) and environment.

 ## Commits

-Similar to Git, a commit in Infisical is a snapshot of your project's secrets at a specific point in time. You can browse and view your project's snapshots via the "Point-in-Time Recovery" sidebar.
+Similar to Git, a commit in Infisical is a snapshot of your project's secrets at a specific point in time scoped to the environment and [folder](./folder) it is in. You can browse and view your project's snapshots via the "Point-in-Time Recovery" sidebar.

 ![PIT commits](../../images/pit-commits.png)
 ![PIT snapshots](../../images/pit-snapshots.png)

 ## Rolling back

-Environment variables can be rolled back to any point in time via the "Rollback to this snapshot" button.
+Secrets can be rolled back to any point in time via the "Rollback to this snapshot" button. This will roll back the changes within the given [folder](./folder) and environment to the chosen time.
+
+It's important to note that this rollback action is localized and does not affect other folders within the same environment. This means each [folder](./folder) maintains its own independent history of changes, offering precise and isolated control over rollback actions.
+In essence, every [folder](./folder) possesses a distinct and separate timeline, providing granular control when managing your secrets. 

 ![PIT snapshot](../../images/pit-snapshot.png)

 <Note>
-  Rolling back environment variables to a past snapshot creates a new commit and
-  snapshot at the top of the stack and updates secret versions.
+  Rolling back secrets to a past snapshot creates a new commit,
+  creates a snapshot at the top of the stack and updates secret versions.
 </Note>
-
-## Folders
-
-Any folder operation, such as creating, updating, or deleting a folder, will create a new commit.
-
-When you roll back the contents of a folder, the folder will be restored to its latest snapshot. The nested folders will also be restored to their respective latest versions.
--- a/docs/documentation/platform/secret-reference.mdx
+++ b/docs/documentation/platform/secret-reference.mdx
@@ -3,24 +3,35 @@ title: "Reference Secrets"
 description: "How to use reference secrets in Infisical"
 ---

-You can use the interpolation syntax to reference a secret in the same environment, another folder, or another environment
-The interpolation syntax is a way of referencing a secret by using a special placeholder. The placeholder is the name of the secret, followed by the environment or folder name, separated by a colon. 
+Secret referencing is a powerful feature that allows you to create a secret whose value is linked to one or more other secrets. 
+This is useful when you need to use a single secret's value across multiple other secrets. 

-For example, to reference a secret named mysecret in the same environment, you would use the placeholder `${mysecret}`.
+Consider a scenario where you have a database password. In order to utilize this password, you may need to incorporate it into a database connection string. 
+With secret referencing, you can easily construct these more intricate secrets by directly referencing the base secret.
+This centralizes the management of your base secret, as any updates made to it will automatically propagate to all the secrets that depend on it. 

-While for another environment like `test` would be `${test.mysecret}`
+## Referencing syntax
+<img src="../../images/example-secret-referencing.png" />

-Some more examples of referencing  are 
+Secret referencing relies on interpolation syntax. This syntax allows you to reference a secret in any environment or [folder](./folder). 

-| Syntax                | Environment | Folder       | Secret Key |
+To reference a secret named 'mysecret' in the same [folder](./folder) and environment, you'd use `${mysecret}`.
+However, to reference the same secret at the root of a different environment, for instance `dev` environment, you'd use `${dev.mysecret}`.
+
+Here are a few more examples to help you understand how to reference secrets in different contexts:
+
+| Reference syntax                | Environment | Folder       | Secret Key |
 | --------------------- | ----------- | ------------ | ---------- |
-| `${KEY1}`               | same env    | ssame folder | KEY1       |
-| `${dev.KEY2}`           | dev         | /            | KEY2       |
-| `${test.frontend.KEY2}` | test        | /frontend    | KEY2       |
+| `${KEY1}`               | same env    | same folder | KEY1       |
+| `${dev.KEY2}`           | `dev`         | `/` (root of dev environment)            | KEY2       |
+| `${prod.frontend.KEY2}` | `prod`        | `/frontend`    | KEY2       |

-# Permission system for reference
+## Fetching fully constructed values
+
+Secret referencing combines multiple secrets into one unified value, reconstructed only on the client side. To retrieve this value, you need access to read the environment and [folder](./folder) from where the secrets originate. 
+For instance, to access a secret 'A' composed of secrets 'B' and 'C' from different environments, you must have read access to both. 
+
+When using [service tokens](./token) to fetch referenced secrets, ensure the service token has read access to all referenced environments and folders. 
+Without proper permissions, the final secret value may be incomplete.

-When you use the infisical CLI to log in, the permission system will work the same way as your user permissions. 
-This means that if you have permission to access other environments, your references to those environments will be resolved.

-When using the Infisical CLI with a service token, the service token must have permissions to the referenced environment and folder path.
--- a/docs/documentation/platform/token.mdx
+++ b/docs/documentation/platform/token.mdx
@@ -1,21 +1,37 @@
 ---
-title: "Infisical Token"
-description: "Use the Infisical Token as one of the authentication methods."
+title: "Service token"
+description: "Infisical service tokens allows you to programmatically interact with Infisical"
 ---

-An Infisical Token is useful for:
+Service tokens play an integral role in allowing programmatic interactions with an Infisical project, functioning as digital token that open access to specific project resources such as secrets.

- Authenticating the [Infisical CLI](/cli/overview) when there isn't an easy way to input your login credentials.
- Granting the [Infisical SDKs](/sdks/overview) access to secrets scoped to a project and environment.
+When you generate a service token, you can define its access level, not only by specifying the paths and environments it can interact with, but also by determining the level of mutation it can perform, such as read-only, write, or both. 

-It's also useful for CI/CD environments and integrations such as [Docker](/integrations/platforms/docker) and [Docker Compose](/integrations/platforms/docker-compose).
+This level of control not only ensures maximum flexibility but also significantly enhances security as it allows you to define fine grained access to project resources. 

-To generate the the token, head over to your project settings as shown below. On creating a service token you can scope it to a path to limit the access.
+
+## Creating a service token
+
+To generate the token, head over to your project settings as shown below. On creating a service token you can scope it to a path to limit the access.

 ![token add](../../images/project-token-add.png)

-## Feeding Infisical Token to the CLI
+### Service token permissions
+![token add](../../images/service-token-permissions.png)

-The Infisical CLI checks for the presence of an environment variable called `INFISICAL_TOKEN`.
-If it detects this variable in the terminal where it is being run, it will use it to authenticate and retrieve the environment variables that the token is authorized to access.
-This allows you to use the CLI in environments where you are unable to run the `infisical login` command.
+
+Service tokens can be scoped to multiple environments and paths. To add a new permission, choose the environment you want to give access to and then choose the path you'd like to give access to within that environment.
+
+Permissions for paths are powered by [Glob pattern](https://www.malikbrowne.com/blog/a-beginners-guide-glob-patterns/). This means you can create advanced folder permissions with a simple Glob patterns.
+
+**Examples of common Glob pattens**
+
+<Accordion title="Examples of common Glob pattens">
+  1. `/**`: This pattern matches all folders at any depth in the directory structure. For example, it would match folders like `/folder1/`, `/folder1/subfolder/`, and so on.
+
+  2. `/*`: This pattern matches all immediate subfolders in the current directory. It does not match any folders at a deeper level. For example, it would match folders like `/folder1/`, `/folder2/`, but not `/folder1/subfolder/`.
+
+  3. `/*/*`: This pattern matches all subfolders at a depth of two levels in the current directory. It does not match any folders at a shallower or deeper level. For example, it would match folders like `/folder1/subfolder/`, `/folder2/subfolder/`, but not `/folder1/` or `/folder1/subfolder/subsubfolder/`.
+
+  4. `/folder1/*`: This pattern matches all immediate subfolders within the `/folder1/` directory. It does not match any folders outside of `/folder1/`, nor does it match any subfolders within those immediate subfolders. For example, it would match folders like `/folder1/subfolder1/`, `/folder1/subfolder2/`, but not `/folder2/subfolder/`.
+</Accordion>
--- a/docs/documentation/platform/webhooks.mdx
+++ b/docs/documentation/platform/webhooks.mdx
@@ -0,0 +1,36 @@
+---
+title: "Webhooks"
+description: "How Infisical webhooks works?"
+---
+
+Webhooks can be used to trigger changes to your integrations when secrets are modified, providing smooth integration with other third-party applications.
+
+![webhooks](../../images/webhooks.png)
+
+To create a webhook for a particular project, go to `Project Settings > Webhooks`.
+
+When creating a webhook, you can specify an environment and folder path (using glob patterns) to trigger only specific integrations. 
+
+## Secret Key Verification
+
+A secret key is a way for users to verify that a webhook request was sent by Infisical and is intended for the correct integration.
+
+When you provide a secret key, Infisical will sign the payload of the webhook request using the key and attach a header called `x-infisical-signature` to the request with a payload.
+
+The header will be in the format `t=<timestamp>;<signature>`. You can then generate the signature yourself by generating a SHA256 hash of the payload with the secret key that you know.
+
+If the signature in the header matches the signature that you generated, then you can be sure that the request was sent by Infisical and is intended for your integration. The timestamp in the header ensures that the request is not replayed.
+
+### Webhook Payload Format
+
+```json
+{
+  "event": "secret.modified",
+  "project": {
+    "workspaceId":"the workspace id",
+    "environment": "project environment",
+    "secretPath": "project folder path"
+  },
+  "timestamp": ""
+}
+```
--- a/docs/images/example-secret-referencing.png
+++ b/docs/images/example-secret-referencing.png
--- a/docs/images/service-token-permissions.png
+++ b/docs/images/service-token-permissions.png
--- a/docs/images/webhooks.png
+++ b/docs/images/webhooks.png
--- a/docs/integrations/platforms/kubernetes.mdx
+++ b/docs/integrations/platforms/kubernetes.mdx
@@ -15,23 +15,40 @@ The operator continuously updates secrets and can also reload dependent deployme
 The operator can be install via [Helm](helm.sh) or [kubectl](https://github.com/kubernetes/kubectl)

 <Tabs>
-	 <Tab title="Helm">
-		Install Infisical Helm repository 
+	 <Tab title="Helm (recommended)">
+		**Install the latest Infisical Helm repository**
    ```bash
    helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/' 
      
    helm repo update
    ```

-    Install the Helm chart
+    **Install the Helm chart**
+
+    For production deployments, it is highly recommended to set the chart version and the application version during installs and upgrades.
+    This will prevent the operator from being accidentally updated to the latest version and introduce unintended breaking changes. 
+    
+    View application versions [here](https://hub.docker.com/r/infisical/kubernetes-operator/tags) and chart versions [here](https://cloudsmith.io/~infisical/repos/helm-charts/packages/detail/helm/secrets-operator/#versions)
+
    ```bash
-    helm install --generate-name infisical-helm-charts/secrets-operator
+    helm install --generate-name infisical-helm-charts/secrets-operator --version=<PLACE-CHART-VERSION-HERE> --set controllerManager.manager.image.tag=<PLACE-APP-VERSION-HERE>
+
+    # Example installing app version v0.2.0 and chart version 0.1.4
+    helm install --generate-name infisical-helm-charts/secrets-operator --version=0.1.4 --set controllerManager.manager.image.tag=v0.2.0
    ```

   </Tab>
 	 <Tab title="Kubectl">
-   The operator will be installed in `infisical-operator-system` namespace
-		```
+   For production deployments, it is highly recommended to set the version of the Kubernetes operator manually instead of pointing to the latest version.
+   Doing so will help you avoid accidental updates to the newest release which may introduce unintended breaking changes. View all application versions [here](https://hub.docker.com/r/infisical/kubernetes-operator/tags).
+
+
+  The command below will install the most recent version of the Kubernetes operator. 
+  However, to set the version manually, download the manifest and set the image tag version of `infisical/kubernetes-operator` according to your desired version.
+
+  Once you apply the manifest, the operator will be installed in `infisical-operator-system` namespace. 
+
+    ```
    kubectl apply -f https://raw.githubusercontent.com/Infisical/infisical/main/k8-operator/kubectl-install/install-secrets-operator.yaml
 		```
   </Tab>
--- a/docs/mint.json
+++ b/docs/mint.json
@@ -21,6 +21,10 @@
      "to": "#F8B7BD"
    }
  },
+  "feedback": {
+    "suggestEdit": true,
+    "raiseIssue": true
+  },
  "api": {
    "baseUrl": ["https://app.infisical.com", "http://localhost:8080"],
    "auth": {
@@ -69,7 +73,7 @@
    {
      "name": "Slack",
      "icon": "slack",
-      "url": "https://join.slack.com/t/infisical-users/shared_invite/zt-1wehzfnzn-1aMo5JcGENJiNAC2SD8Jlg"
+      "url": "https://infisical.com/slack"
    },
    {
      "name": "GitHub",
@@ -87,7 +91,6 @@
            "documentation/getting-started/introduction",
            "documentation/getting-started/platform",
            "documentation/getting-started/sdks",
-            "documentation/getting-started/cli",
            "documentation/getting-started/docker",
            "documentation/getting-started/kubernetes",
            "documentation/getting-started/api"
@@ -111,6 +114,7 @@
        "documentation/platform/project",
        "documentation/platform/folder",
        "documentation/platform/secret-reference",
+        "documentation/platform/webhooks",
        "documentation/platform/pit-recovery",
        "documentation/platform/secret-versioning",
        "documentation/platform/audit-logs",
@@ -174,7 +178,12 @@
    {
      "group": "Integrations",
      "pages": [
-        "integrations/overview",
+        "integrations/overview"
+      ]
+    },
+    {
+      "group": "Infrastructure Integrations",
+      "pages": [
        {
          "group": "Docker",
          "pages": [
@@ -183,7 +192,12 @@
          ]
        },
        "integrations/platforms/kubernetes",
-        "integrations/frameworks/terraform",
+        "integrations/frameworks/terraform"
+      ]
+    },
+    {
+      "group": "3rd-party Integrations",
+      "pages": [
        {
          "group": "AWS",
          "pages": [
@@ -206,7 +220,12 @@
        "integrations/cicd/githubactions",
        "integrations/cicd/gitlab",
        "integrations/cicd/circleci",
-        "integrations/cicd/travisci",
+        "integrations/cicd/travisci"
+      ]
+    },
+    {
+      "group": "Framework Integrations",
+      "pages": [
        "integrations/frameworks/spring-boot-maven",
        "integrations/frameworks/react",
        "integrations/frameworks/vue",
@@ -231,18 +250,6 @@
      "group": "Overview",
      "pages": ["sdks/overview"]
    },
-    {
-      "group": "SDKs",
-      "pages": [
-        "sdks/languages/node",
-        "sdks/languages/python",
-        "sdks/languages/java",
-        "sdks/languages/ruby",
-        "sdks/languages/go",
-        "sdks/languages/rust",
-        "sdks/languages/php"
-      ]
-    },
    {
      "group": "Overview",
      "pages": [
--- a/docs/self-hosting/configuration/email.mdx
+++ b/docs/self-hosting/configuration/email.mdx
@@ -3,12 +3,12 @@ title: "Configure email service"
 description: "How to configure your email when self-hosting Infisical."
 ---

-By default, the core functions of Infisical work without any email service configuration. Without email service, basic sign up/login and secret operations will function without any issue. 
+By default, the core functions of Infisical work without any email service configuration. Without email service, basic sign up/login and secret operations will function without any issue.
 However, the following functionality will be disabled.

- Multi-factor authentication 
+- Multi-factor authentication
 - Sending invite links via email for projects to teammates
- Sending alerts such as suspicious login attempts 
+- Sending alerts such as suspicious login attempts

 ## General configuration

@@ -157,11 +157,30 @@ SMTP_FROM_NAME=Infisical
  As per the [notice](https://support.google.com/accounts/answer/6010255?hl=en) by Google, you should note that using Gmail credentials for SMTP configuration
  will only work for Google Workspace or Google Cloud Identity customers as of May 30, 2022.

-  Put differently, the SMTP configuration is only possible with business (not personal) Gmail credentials.
+Put differently, the SMTP configuration is only possible with business (not personal) Gmail credentials.
+
 </Warning>

 </Accordion>

+<Accordion title="Office365">
+
+1. Create an account and configure [Office365](https://www.office.com/) to send emails.
+
+2. With your login credentials, you can now set up your SMTP environment variables:
+
+```
+SMTP_HOST=smtp.office365.com
+SMTP_USERNAME=username@yourdomain.com # your username
+SMTP_PASSWORD=password # your password
+SMTP_PORT=587
+SMTP_SECURE=true
+SMTP_FROM_ADDRESS=username@yourdomain.com
+SMTP_FROM_NAME=Infisical
+```
+
+</Accordion>
+
 <Accordion title="Zoho Mail">

 1. Create an account and configure [Zoho Mail](https://www.zoho.com/mail/) to send emails.
--- a/docs/self-hosting/configuration/envars.mdx
+++ b/docs/self-hosting/configuration/envars.mdx
@@ -105,7 +105,7 @@ Other environment variables are listed below to increase the functionality of yo
    </ParamField>

    <ParamField query="CLIENT_SLUG_VERCEL" type="string" default="none" optional>
-      OAuth2 slug for Netlify integration
+      OAuth2 slug for Vercel integration
    </ParamField>
  </Tab>
  <Tab title="Auth Integrations">
--- a/frontend/.eslintrc.js
+++ b/frontend/.eslintrc.js
@@ -7,7 +7,8 @@ module.exports = {
  root: true,
  env: {
    browser: true,
-    es2021: true
+    es2021: true,
+    "es6": true
  },
  extends: [
    "airbnb",
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@@ -44,6 +44,7 @@
        "classnames": "^2.3.1",
        "cookies": "^0.8.0",
        "cva": "npm:class-variance-authority@^0.4.0",
+        "dayjs": "^1.11.9",
        "framer-motion": "^6.2.3",
        "fs": "^0.0.2",
        "gray-matter": "^4.0.3",
@@ -10571,6 +10572,11 @@
      "integrity": "sha512-sdQSFB7+llfUcQHUQO3+B8ERRj0Oa4w9POWMI/puGtuf7gFywGmkaLCElnudfTiKZV+NvHqL0ifzdrI8Ro7ESA==",
      "dev": true
    },
+    "node_modules/dayjs": {
+      "version": "1.11.9",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.9.tgz",
+      "integrity": "sha512-QvzAURSbQ0pKdIye2txOzNaHmxtUBXerpY0FJsFXUMKbIZeFm5ht1LS/jFsrncjnmtv8HsG0W2g6c0zUjZWmpA=="
+    },
    "node_modules/debug": {
      "version": "4.3.4",
      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
@@ -30438,6 +30444,11 @@
      "integrity": "sha512-sdQSFB7+llfUcQHUQO3+B8ERRj0Oa4w9POWMI/puGtuf7gFywGmkaLCElnudfTiKZV+NvHqL0ifzdrI8Ro7ESA==",
      "dev": true
    },
+    "dayjs": {
+      "version": "1.11.9",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.9.tgz",
+      "integrity": "sha512-QvzAURSbQ0pKdIye2txOzNaHmxtUBXerpY0FJsFXUMKbIZeFm5ht1LS/jFsrncjnmtv8HsG0W2g6c0zUjZWmpA=="
+    },
    "debug": {
      "version": "4.3.4",
      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -52,6 +52,7 @@
    "classnames": "^2.3.1",
    "cookies": "^0.8.0",
    "cva": "npm:class-variance-authority@^0.4.0",
+    "dayjs": "^1.11.9",
    "framer-motion": "^6.2.3",
    "fs": "^0.0.2",
    "gray-matter": "^4.0.3",
--- a/frontend/public/images/kubernetes-asset.png
+++ b/frontend/public/images/kubernetes-asset.png
--- a/frontend/public/locales/en/translations.json
+++ b/frontend/public/locales/en/translations.json
@@ -251,6 +251,10 @@
    }
  },
  "settings": {
+    "webhooks": {
+      "title": "Webhooks",
+      "description": "Manage webhooks to setup deployment hooks for your various integrations."
+    },
    "members": {
      "title": "Project Members",
      "description": "This page shows the members of the selected project, and allows you to modify their permissions."
--- a/frontend/public/lotties/system-outline-103-coin-cash-monetization.json
+++ b/frontend/public/lotties/system-outline-103-coin-cash-monetization.json
--- a/frontend/public/lotties/system-outline-165-view-carousel.json
+++ b/frontend/public/lotties/system-outline-165-view-carousel.json
--- a/frontend/public/lotties/system-outline-69-document-scan.json
+++ b/frontend/public/lotties/system-outline-69-document-scan.json
--- a/frontend/src/components/basic/Layout.tsx
+++ b/frontend/src/components/basic/Layout.tsx
@@ -1,385 +0,0 @@
-/* eslint-disable no-nested-ternary */
-/* eslint-disable no-unexpected-multiline */
-/* eslint-disable react-hooks/exhaustive-deps */
-import crypto from "crypto";
-
-import { useEffect, useMemo, useState } from "react";
-import { useTranslation } from "react-i18next";
-import Link from "next/link";
-import { useRouter } from "next/router";
-import {
-  faBookOpen,
-  faFileLines,
-  faGear,
-  faKey,
-  faMobile,
-  faPlug,
-  faPlus,
-  faUser
-} from "@fortawesome/free-solid-svg-icons";
-import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
-
-import getOrganizations from "@app/pages/api/organization/getOrgs";
-import getOrganizationUserProjects from "@app/pages/api/organization/GetOrgUserProjects";
-import getOrganizationUsers from "@app/pages/api/organization/GetOrgUsers";
-import getUser from "@app/pages/api/user/getUser";
-import addUserToWorkspace from "@app/pages/api/workspace/addUserToWorkspace";
-import createWorkspace from "@app/pages/api/workspace/createWorkspace";
-import getWorkspaces from "@app/pages/api/workspace/getWorkspaces";
-import uploadKeys from "@app/pages/api/workspace/uploadKeys";
-
-import NavBarDashboard from "../navigation/NavBarDashboard";
-import onboardingCheck from "../utilities/checks/OnboardingCheck";
-import { tempLocalStorage } from "../utilities/checks/tempLocalStorage";
-import { decryptAssymmetric, encryptAssymmetric } from "../utilities/cryptography/crypto";
-import Button from "./buttons/Button";
-import AddWorkspaceDialog from "./dialog/AddWorkspaceDialog";
-import Listbox from "./Listbox";
-
-interface LayoutProps {
-  children: React.ReactNode;
-}
-
-const Layout = ({ children }: LayoutProps) => {
-  const router = useRouter();
-  const [workspaceMapping, setWorkspaceMapping] = useState<Map<string, string>[]>([]);
-  const [workspaceSelected, setWorkspaceSelected] = useState("∞");
-  const [newWorkspaceName, setNewWorkspaceName] = useState("");
-  const [isOpen, setIsOpen] = useState(false);
-  const [loading, setLoading] = useState(false);
-  const [error, setError] = useState(false);
-  const [totalOnboardingActionsDone, setTotalOnboardingActionsDone] = useState(0);
-
-  const { t } = useTranslation();
-
-  const closeModal = () => {
-    setIsOpen(false);
-  };
-
-  const openModal = () => {
-    setIsOpen(true);
-  };
-
-  // TODO: what to do about the fact that 2ids can have the same name
-
-  /**
-   * When a user creates a new workspace, redirect them to the page of the new workspace.
-   * @param {*} workspaceName
-   */
-  const submitModal = async (workspaceName: string, addAllUsers: boolean) => {
-    setLoading(true);
-    // timeout code.
-    setTimeout(() => setLoading(false), 1500);
-
-    try {
-      const workspaces = await getWorkspaces();
-      const currentWorkspaces = workspaces.map((workspace) => workspace.name);
-      if (!currentWorkspaces.includes(workspaceName)) {
-        const newWorkspace = await createWorkspace({
-          workspaceName,
-          organizationId: tempLocalStorage("orgData.id")
-        });
-        const newWorkspaceId = newWorkspace._id;
-
-        const randomBytes = crypto.randomBytes(16).toString("hex");
-        const PRIVATE_KEY = String(localStorage.getItem("PRIVATE_KEY"));
-
-        const myUser = await getUser();
-
-        const { ciphertext, nonce } = encryptAssymmetric({
-          plaintext: randomBytes,
-          publicKey: myUser.publicKey,
-          privateKey: PRIVATE_KEY
-        });
-
-        await uploadKeys(newWorkspaceId, myUser._id, ciphertext, nonce);
-
-        if (addAllUsers) {
-          console.log("adding other users");
-          const orgUsers = await getOrganizationUsers({
-            orgId: tempLocalStorage("orgData.id")
-          });
-          orgUsers.map(async (user: any) => {
-            if (user.status === "accepted" && user.email !== myUser.email) {
-              const result = await addUserToWorkspace(user.user.email, newWorkspaceId);
-              if (result?.invitee && result?.latestKey) {
-                const TEMP_PRIVATE_KEY = tempLocalStorage("PRIVATE_KEY");
-
-                // assymmetrically decrypt symmetric key with local private key
-                const key = decryptAssymmetric({
-                  ciphertext: result.latestKey.encryptedKey,
-                  nonce: result.latestKey.nonce,
-                  publicKey: result.latestKey.sender.publicKey,
-                  privateKey: TEMP_PRIVATE_KEY
-                });
-
-                const { ciphertext: inviteeCipherText, nonce: inviteeNonce } = encryptAssymmetric({
-                  plaintext: key,
-                  publicKey: result.invitee.publicKey,
-                  privateKey: PRIVATE_KEY
-                });
-
-                uploadKeys(newWorkspaceId, result.invitee._id, inviteeCipherText, inviteeNonce);
-              }
-            }
-          });
-        }
-        setWorkspaceMapping((prevState) => ({
-          ...prevState,
-          [workspaceName]: newWorkspaceId
-        }));
-        setWorkspaceSelected(workspaceName);
-        setIsOpen(false);
-        setNewWorkspaceName("");
-      } else {
-        console.error("A project with this name already exists.");
-        setError(true);
-        setLoading(false);
-      }
-    } catch (err) {
-      console.error(err);
-      setError(true);
-      setLoading(false);
-    }
-  };
-
-  const menuItems = useMemo(
-    () => [
-      {
-        href: `/dashboard/${workspaceMapping[workspaceSelected as any]}`,
-        title: t("nav.menu.secrets"),
-        emoji: <FontAwesomeIcon icon={faKey} />
-      },
-      {
-        href: `/users/${workspaceMapping[workspaceSelected as any]}`,
-        title: t("nav.menu.members"),
-        emoji: <FontAwesomeIcon icon={faUser} />
-      },
-      {
-        href: `/integrations/${workspaceMapping[workspaceSelected as any]}`,
-        title: t("nav.menu.integrations"),
-        emoji: <FontAwesomeIcon icon={faPlug} />
-      },
-      {
-        href: `/activity/${workspaceMapping[workspaceSelected as any]}`,
-        title: "Audit Logs",
-        emoji: <FontAwesomeIcon icon={faFileLines} />
-      },
-      {
-        href: `/settings/project/${workspaceMapping[workspaceSelected as any]}`,
-        title: t("nav.menu.project-settings"),
-        emoji: <FontAwesomeIcon icon={faGear} />
-      }
-    ],
-    [t, workspaceMapping, workspaceSelected]
-  );
-
-  useEffect(() => {
-    // Put a user in a workspace if they're not in one yet
-    
-    const putUserInWorkSpace = async () => {
-      if (tempLocalStorage("orgData.id") === "") {
-        const userOrgs = await getOrganizations();
-        localStorage.setItem("orgData.id", userOrgs[0]._id);
-      }
-
-      const orgUserProjects = await getOrganizationUserProjects({
-        orgId: tempLocalStorage("orgData.id")
-      });
-      const userWorkspaces = orgUserProjects;
-      if (
-        (userWorkspaces.length === 0 &&
-          router.asPath !== "/noprojects" &&
-          !router.asPath.includes("home") &&
-          !router.asPath.includes("settings")) ||
-        router.asPath === "/dashboard/undefined"
-      ) {
-        router.push("/noprojects");
-      } else if (router.asPath !== "/noprojects") {
-        const intendedWorkspaceId = router.asPath
-          .split("/")
-          [router.asPath.split("/").length - 1].split("?")[0];
-
-        if (!["callback", "create", "authorize"].includes(intendedWorkspaceId)) {
-          localStorage.setItem("projectData.id", intendedWorkspaceId);
-        }
-        
-        // If a user is not a member of a workspace they are trying to access, just push them to one of theirs
-        if (
-          !["callback", "create", "authorize"].includes(intendedWorkspaceId) &&
-          !userWorkspaces
-            .map((workspace: { _id: string }) => workspace._id)
-            .includes(intendedWorkspaceId)
-        ) {
-          router.push(`/dashboard/${userWorkspaces[0]._id}`);
-        } else {
-          setWorkspaceMapping(
-            Object.fromEntries(
-              userWorkspaces.map((workspace: any) => [workspace.name, workspace._id])
-            ) as any
-          );
-          setWorkspaceSelected(
-            Object.fromEntries(
-              userWorkspaces.map((workspace: any) => [workspace._id, workspace.name])
-            )[router.asPath.split("/")[router.asPath.split("/").length - 1].split("?")[0]]
-          );
-        }
-      }
-    };
-    putUserInWorkSpace();
-    onboardingCheck({ setTotalOnboardingActionsDone });
-  }, [router.query.id]);
-
-  useEffect(() => {
-    try {
-      if (
-        workspaceMapping[workspaceSelected as any] &&
-        `${workspaceMapping[workspaceSelected as any]}` !==
-          router.asPath.split("/")[router.asPath.split("/").length - 1].split("?")[0]
-      ) {
-        localStorage.setItem("projectData.id", `${workspaceMapping[workspaceSelected as any]}`);
-        router.push(`/dashboard/${workspaceMapping[workspaceSelected as any]}`);
-      }
-    } catch (err) {
-      console.log(err);
-    }
-  }, [workspaceSelected]);
-
-  return (
-    <>
-      <div className="h-screen w-full flex-col overflow-x-hidden hidden md:flex">
-        <NavBarDashboard />
-        <div className="flex flex-grow flex-col overflow-y-hidden md:flex-row dark">
-          <aside className="w-full border-r border-mineshaft-500 bg-bunker-600 md:w-60">
-            <nav className="items-between flex h-full flex-col justify-between">
-              {/* <div className="py-6"></div> */}
-              <div>
-                <div className="mt-6 mb-6 flex h-20 w-full flex-col items-center justify-center bg-bunker-600 px-4">
-                  <div className="ml-1 mb-1 self-start text-xs font-semibold tracking-wide text-gray-400">
-                    {t("nav.menu.project")}
-                  </div>
-                  {Object.keys(workspaceMapping).length > 0 ? (
-                    <Listbox
-                      isSelected={workspaceSelected}
-                      onChange={setWorkspaceSelected}
-                      data={Object.keys(workspaceMapping)}
-                      buttonAction={openModal}
-                      text=""
-                    />
-                  ) : (
-                    <Button
-                      text="Add Project"
-                      onButtonPressed={openModal}
-                      color="mineshaft"
-                      size="md"
-                      icon={faPlus}
-                    />
-                  )}
-                </div>
-                <ul>
-                  {Object.keys(workspaceMapping).length > 0 &&
-                    menuItems.map(({ href, title, emoji }) => (
-                      <li className="mx-2 mt-0.5" key={title}>
-                        {router.asPath.split("/")[1] === href.split("/")[1] &&
-                        (["project", "billing", "org", "personal"].includes(
-                          router.asPath.split("/")[2]
-                        )
-                          ? router.asPath.split("/")[2] === href.split("/")[2]
-                          : true) ? (
-                          <div className="relative flex cursor-pointer rounded bg-primary-50/10 px-0.5 py-2.5 text-sm text-white">
-                            <div className="absolute inset-0 top-0 my-1 ml-1 mr-1 w-1 rounded-xl bg-primary" />
-                            <p className="ml-4 mr-2 flex w-6 items-center justify-center text-lg">
-                              {emoji}
-                            </p>
-                            {title}
-                          </div>
-                        ) : router.asPath === "/noprojects" ? (
-                          <div className="flex rounded p-2.5 text-sm text-white">
-                            <p className="flex w-10 items-center justify-center text-lg">{emoji}</p>
-                            {title}
-                          </div>
-                        ) : (
-                          <Link href={href}>
-                            <div className="flex cursor-pointer rounded p-2.5 text-sm text-white hover:bg-primary-50/5">
-                              <p className="flex w-10 items-center justify-center text-lg">
-                                {emoji}
-                              </p>
-                              {title}
-                            </div>
-                          </Link>
-                        )}
-                      </li>
-                    ))}
-                </ul>
-              </div>
-              <div className="mt-40 mb-4 w-full px-2">
-                {router.asPath.split("/")[1] === "home" ? (
-                  <div className="relative flex cursor-pointer rounded bg-primary-50/10 px-0.5 py-2.5 text-sm text-white">
-                    <div className="absolute inset-0 top-0 my-1 ml-1 mr-1 w-1 rounded-xl bg-primary" />
-                    <p className="ml-4 mr-2 flex w-6 items-center justify-center text-lg">
-                      <FontAwesomeIcon icon={faBookOpen} />
-                    </p>
-                    Infisical Guide
-                    <img
-                      src={`/images/progress-${totalOnboardingActionsDone === 0 ? "0" : ""}${
-                        totalOnboardingActionsDone === 1 ? "14" : ""
-                      }${totalOnboardingActionsDone === 2 ? "28" : ""}${
-                        totalOnboardingActionsDone === 3 ? "43" : ""
-                      }${totalOnboardingActionsDone === 4 ? "57" : ""}${
-                        totalOnboardingActionsDone === 5 ? "71" : ""
-                      }.svg`}
-                      height={58}
-                      width={58}
-                      alt="progress bar"
-                      className="absolute right-2 -top-2"
-                    />
-                  </div>
-                ) : (
-                  <Link href={`/home/${workspaceMapping[workspaceSelected as any]}`}>
-                    <div className="mt-max relative flex h-10 cursor-pointer overflow-visible rounded bg-white/10 p-2.5 text-sm text-white hover:bg-primary-50/[0.15]">
-                      <p className="flex w-10 items-center justify-center text-lg">
-                        <FontAwesomeIcon icon={faBookOpen} />
-                      </p>
-                      Infisical Guide
-                      <img
-                        src={`/images/progress-${totalOnboardingActionsDone === 0 ? "0" : ""}${
-                          totalOnboardingActionsDone === 1 ? "14" : ""
-                        }${totalOnboardingActionsDone === 2 ? "28" : ""}${
-                          totalOnboardingActionsDone === 3 ? "43" : ""
-                        }${totalOnboardingActionsDone === 4 ? "57" : ""}${
-                          totalOnboardingActionsDone === 5 ? "71" : ""
-                        }.svg`}
-                        height={58}
-                        width={58}
-                        alt="progress bar"
-                        className="absolute right-2 -top-2"
-                      />
-                    </div>
-                  </Link>
-                )}
-              </div>
-            </nav>
-          </aside>
-          <AddWorkspaceDialog
-            isOpen={isOpen}
-            closeModal={closeModal}
-            submitModal={submitModal}
-            workspaceName={newWorkspaceName}
-            setWorkspaceName={setNewWorkspaceName}
-            error={error}
-            loading={loading}
-          />
-          <main className="flex-1 overflow-y-auto overflow-x-hidden bg-bunker-800 dark:[color-scheme:dark]">{children}</main>
-        </div>
-      </div>
-      <div className="flex h-screen w-screen flex-col items-center justify-center bg-bunker-800 z-[200] md:hidden">
-        <FontAwesomeIcon icon={faMobile} className="mb-8 text-7xl text-gray-300" />
-        <p className="max-w-sm px-6 text-center text-lg text-gray-200">
-          {` ${t("common.no-mobile")} `}
-        </p>
-      </div>
-    </>
-  );
-};
-
-export default Layout;
--- a/frontend/src/components/basic/dialog/AddProjectMemberDialog.tsx
+++ b/frontend/src/components/basic/dialog/AddProjectMemberDialog.tsx
@@ -83,7 +83,7 @@ const AddProjectMemberDialog = ({
                              <button
                                type="button"
                                className="inline-flex justify-center rounded-md py-1 text-sm text-gray-500 focus:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 focus-visible:ring-offset-2"
-                                onClick={() => router.push(`/settings/org/${router.query.id}`)}
+                                onClick={() => router.push(`/org/${router.query.id}/members`)}
                                aria-label="add member"
                              />,
                              // eslint-disable-next-line react/jsx-key
@@ -91,7 +91,7 @@ const AddProjectMemberDialog = ({
                                type="button"
                                className="ml-1 inline-flex justify-center rounded-md py-1 text-sm text-gray-500 hover:text-primary focus:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 focus-visible:ring-offset-2"
                                onClick={() =>
-                                  router.push(`/settings/org/${router.query.id}?invite`)
+                                  router.push(`/org/${router.query.id}/members?action=invite`)
                                }
                                aria-label="add member"
                              />
--- a/frontend/src/components/basic/dialog/UpgradePlan.tsx
+++ b/frontend/src/components/basic/dialog/UpgradePlan.tsx
@@ -2,6 +2,8 @@ import { Fragment } from "react";
 import { useRouter } from "next/router";
 import { Dialog, Transition } from "@headlessui/react";

+import { useOrganization } from "@app/context";
+
 // REFACTOR: Move all these modals into one reusable one 
 type Props = {
  isOpen?: boolean;
@@ -15,6 +17,7 @@ const UpgradePlanModal = ({
  text,
 }:Props) => {
  const router = useRouter();
+  const { currentOrg } = useOrganization();

  return (
    <div>
@@ -61,7 +64,7 @@ const UpgradePlanModal = ({
                    <button
                      type='button'
                      className='inline-flex justify-center rounded-md border border-transparent bg-primary opacity-80 hover:opacity-100 px-4 py-2 text-sm font-medium text-black hover:text-semibold duration-200 focus:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 focus-visible:ring-offset-2'
-                      onClick={() => router.push(`/settings/billing/${localStorage.getItem("projectData.id")}`)}
+                      onClick={() => router.push(`/org/${currentOrg?._id}/billing`)}
                    >
                      Upgrade Now
                    </button>
--- a/frontend/src/components/dashboard/AddTagsMenu.tsx
+++ b/frontend/src/components/dashboard/AddTagsMenu.tsx
@@ -50,7 +50,7 @@ const AddTagsMenu = ({ allTags, currentTags, modifyTags, id }: { allTags: Tag[];
          <button
            type="button"
            className='w-full text-left bg-mineshaft-800 hover:bg-primary hover:text-black duration-200 px-2 py-0.5 text-bunker-200 rounded-sm'
-            onClick={() => router.push(`/settings/project/${String(router.query.id)}`)}
+            onClick={() => router.push(`/project/${String(router.query.id)}/settings`)}
          >
            <FontAwesomeIcon icon={faPlus} className="mr-2 text-xs" />Add more tags
          </button>
--- a/frontend/src/components/dashboard/DropZone.tsx
+++ b/frontend/src/components/dashboard/DropZone.tsx
@@ -182,7 +182,7 @@ const DropZone = ({

  return loading ? (
    <div className="mb-16 flex items-center justify-center pt-16">
-      <Image src="/images/loading/loading.gif" height={70} width={120} alt="google logo" />
+      <Image src="/images/loading/loading.gif" height={70} width={120} alt="loading animation" />
    </div>
  ) : keysExist ? (
    <div
--- a/frontend/src/components/login/InitialLoginStep.tsx
+++ b/frontend/src/components/login/InitialLoginStep.tsx
@@ -1,10 +1,11 @@
-import { useState } from "react";
+import { FormEvent, useState } from "react";
 import { useTranslation } from "react-i18next";
 import Link from "next/link";
 import { useRouter } from "next/router";
 import axios from "axios"

 import attemptLogin from "@app/components/utilities/attemptLogin";
+import getOrganizations from "@app/pages/api/organization/getOrgs";

 import Error from "../basic/Error";
 import attemptCliLogin from "../utilities/attemptCliLogin";
@@ -31,7 +32,8 @@ export default function InitialLoginStep({
    const [isLoading, setIsLoading] = useState(false);
    const [loginError, setLoginError] = useState(false);

-    const handleLogin = async () => {
+    const handleLogin = async (e: FormEvent<HTMLFormElement>) => {
+        e.preventDefault()
        try {
            if (!email || !password) {
                return;
@@ -84,9 +86,11 @@ export default function InitialLoginStep({
                        setIsLoading(false);
                        return;
                    }
+                    const userOrgs = await getOrganizations();
+                    const userOrg = userOrgs[0] && userOrgs[0]._id;

                    // case: login does not require MFA step
-                    router.push(`/dashboard/${localStorage.getItem("projectData.id")}`);
+                    router.push(`/org/${userOrg}/overview`);
                }
            }

@@ -98,7 +102,7 @@ export default function InitialLoginStep({
        setIsLoading(false);
    }
    
-    return <div className='flex flex-col mx-auto w-full justify-center items-center'>
+    return <form onSubmit={handleLogin} className='flex flex-col mx-auto w-full justify-center items-center'>
        <h1 className='text-xl font-medium text-transparent bg-clip-text bg-gradient-to-b from-white to-bunker-200 text-center mb-8' >Login to Infisical</h1>
        {/* <div className='lg:w-1/6 w-1/4 min-w-[20rem] rounded-md'>
            <Button
@@ -143,7 +147,7 @@ export default function InitialLoginStep({
        {!isLoading && loginError && <Error text={t("login.error-login") ?? ""} />}
        <div className='lg:w-1/6 w-1/4 min-w-[21.2rem] md:min-w-[20.1rem] text-center rounded-md mt-4'>
            <Button
-                onClick={async () => handleLogin()}
+                type="submit"
                size="sm"
                isFullWidth
                className='h-12'
@@ -180,5 +184,5 @@ export default function InitialLoginStep({
                <span className='hover:underline hover:underline-offset-4 hover:decoration-primary-700 hover:text-bunker-200 duration-200 cursor-pointer'>Recover your account</span>
            </Link>
        </div>
-    </div>
+    </form>
 }
--- a/frontend/src/components/login/LoginStep.tsx
+++ b/frontend/src/components/login/LoginStep.tsx
@@ -1,133 +0,0 @@
-import React, { useState } from "react";
-import { useTranslation } from "react-i18next";
-import Link from "next/link";
-import { useRouter } from "next/router";
-import { faWarning } from "@fortawesome/free-solid-svg-icons";
-import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
-
-import Error from "@app/components/basic/Error";
-import attemptLogin from "@app/components/utilities/attemptLogin";
-
-import { Button, Input } from "../v2";
-
-/**
- * 1st step of login - user enters their username and password
- * @param {Object} obj
- * @param {String} obj.email - email of user
- * @param {Function} obj.setEmail - function to set the email of user
- * @param {String} obj.password - password of user
- * @param {String} obj.setPassword - function to set the password of user
- * @param {Function} obj.setStep - function to set the login flow step
- * @returns
- */
-export default function LoginStep({
-  email,
-  setEmail,
-  password,
-  setPassword,
-  setStep
-}: {
-  email: string;
-  setEmail: (email: string) => void;
-  password: string;
-  setPassword: (password: string) => void;
-  setStep: (step: number) => void;
-}) {
-  const router = useRouter();
-  const [isLoading, setIsLoading] = useState(false);
-  const [loginError, setLoginError] = useState(false);
-
-  const { t } = useTranslation();
-
-  const handleLogin = async () => {
-    try {
-      if (!email || !password) {
-        return;
-      }
-
-      setIsLoading(true);
-      const isLoginSuccessful = await attemptLogin({
-        email,
-        password,
-      });
-      if (isLoginSuccessful && isLoginSuccessful.success) {
-        // case: login was successful
-
-        if (isLoginSuccessful.mfaEnabled) {
-          // case: login requires MFA step
-          setStep(2);
-          setIsLoading(false);
-          return;
-        }
-
-        // case: login does not require MFA step
-        router.push(`/dashboard/${localStorage.getItem("projectData.id")}`);
-      }
-
-    } catch (err) {
-      setLoginError(true);
-    }
-
-    setIsLoading(false);
-  }
-
-  return (
-    <form onSubmit={(e) => e.preventDefault()}>
-      <div className="w-full mx-auto h-full px-6">
-        <p className="text-xl w-max mx-auto flex justify-center text-transparent bg-clip-text bg-gradient-to-b from-white to-bunker-200 mb-6">
-          {t("login.login")}
-        </p>
-        <div className="flex items-center justify-center lg:w-1/6 w-1/4 min-w-[22rem] mx-auto w-full md:p-2 rounded-lg mt-4 md:mt-0 max-h-24 md:max-h-28">
-          <Input
-            value={email}
-            onChange={(e) => setEmail(e.target.value)}
-            type="email"
-            placeholder="Enter your email..."
-            isRequired
-            autoComplete="username"
-            className="h-12"
-          />
-        </div>
-        <div className="relative flex items-center justify-center lg:w-1/6 w-1/4 min-w-[22rem] mx-auto w-full rounded-lg max-h-24 md:max-h-28">
-          <div className="flex items-center justify-center w-full md:p-2 rounded-lg max-h-24 md:max-h-28">
-            <Input
-              value={password}
-              onChange={(e) => setPassword(e.target.value)}
-              type="password"
-              placeholder="Enter your password..."
-              isRequired
-              autoComplete="current-password"
-              id="current-password"
-              className="h-12"
-            />
-          </div>
-        </div>
-        {!isLoading && loginError && <Error text={t("login.error-login") ?? ""} />}
-        <div className="flex flex-col items-center justify-center lg:w-1/6 w-1/4 min-w-[22rem] px-2 mt-4 max-w-xs md:max-w-md mx-auto text-sm text-center md:text-left">
-          <div className="text-l py-1 text-lg w-full">
-            <Button
-              onClick={async () => handleLogin()}
-              size="sm"
-              isFullWidth
-              className='h-14'
-              colorSchema="primary"
-              variant="outline_bg"
-              isLoading={isLoading}
-            > {String(t("login.login"))} </Button>
-          </div>
-        </div>
-      </div>
-      <div className="text-bunker-400 text-sm flex flex-row w-max mx-auto">
-        <Link href="/verify-email">
-          <span className='hover:underline hover:underline-offset-4 hover:decoration-primary-700 hover:text-bunker-200 duration-200 cursor-pointer'>{t("login.forgot-password")}</span>
-        </Link>
-      </div>
-      {false && (
-        <div className="w-full p-2 flex flex-row items-center bg-white/10 text-gray-300 rounded-md max-w-md mx-auto mt-4">
-          <FontAwesomeIcon icon={faWarning} className="ml-2 mr-6 text-6xl" />
-          {t("common.maintenance-alert")}
-        </div>
-      )}
-    </form>
-  );
-}
--- a/frontend/src/components/login/MFAStep.tsx
+++ b/frontend/src/components/login/MFAStep.tsx
@@ -8,6 +8,7 @@ import axios from "axios"
 import attemptCliLoginMfa from "@app/components/utilities/attemptCliLoginMfa"
 import attemptLoginMfa from "@app/components/utilities/attemptLoginMfa";
 import { useSendMfaToken } from "@app/hooks/api/auth";
+import getOrganizations from "@app/pages/api/organization/getOrgs";

 import Error from "../basic/Error";
 import { Button } from "../v2";
@@ -101,7 +102,7 @@ export default function MFAStep({
          // cli page
          router.push("/cli-redirect");
        }
-      }else{
+      } else {
        const isLoginSuccessful = await attemptLoginMfa({
          email,
          password,
@@ -111,7 +112,11 @@ export default function MFAStep({
  
        if (isLoginSuccessful) {
          setIsLoading(false);
-          router.push(`/dashboard/${localStorage.getItem("projectData.id")}`);
+          const userOrgs = await getOrganizations();
+          const userOrg = userOrgs[0] && userOrgs[0]._id;
+
+          // case: login does not require MFA step
+          router.push(`/org/${userOrg}/overview`);
        }
      }
      
@@ -180,6 +185,7 @@ export default function MFAStep({
            className='h-14'
            colorSchema="primary"
            variant="outline_bg"
+            isLoading={isLoading}
          > {String(t("mfa.verify"))} </Button>
        </div>
      </div>
@@ -187,7 +193,7 @@ export default function MFAStep({
        <div className="flex flex-row items-baseline gap-1 text-sm">
          <span className="text-bunker-400">{t("signup.step2-resend-alert")}</span>
          <div className="mt-2 text-bunker-400 text-md flex flex-row">
-            <button disabled={isLoading} onClick={handleResendMfaCode} type="button">
+            <button disabled={isLoadingResend} onClick={handleResendMfaCode} type="button">
              <span className='hover:underline hover:underline-offset-4 hover:decoration-primary-700 hover:text-bunker-200 duration-200 cursor-pointer'>
                {isLoadingResend
                  ? t("signup.step2-resend-progress")
--- a/frontend/src/components/login/PasswordInputStep.tsx
+++ b/frontend/src/components/login/PasswordInputStep.tsx
@@ -5,6 +5,7 @@ import { useRouter } from "next/router";

 import Error from "@app/components/basic/Error";
 import attemptLogin from "@app/components/utilities/attemptLogin";
+import getOrganizations from "@app/pages/api/organization/getOrgs";

 import SecurityClient from "../utilities/SecurityClient";
 import { Button, Input } from "../v2";
@@ -50,7 +51,9 @@ export default function PasswordInputStep({
        }

        // case: login does not require MFA step
-        router.push(`/dashboard/${localStorage.getItem("projectData.id")}`);
+        const userOrgs = await getOrganizations();
+        const userOrg = userOrgs[0]._id;
+        router.push(`/org/${userOrg?._id}/overview`);
      }
    } catch (err) {
      setLoginError(true);
--- a/frontend/src/components/navigation/NavBarDashboard.tsx
+++ b/frontend/src/components/navigation/NavBarDashboard.tsx
@@ -1,316 +0,0 @@
-/* eslint-disable jsx-a11y/anchor-is-valid */
-/* eslint-disable react/jsx-key */
-import { Fragment, useEffect, useMemo, useState } from "react";
-import { useTranslation } from "react-i18next";
-import Image from "next/image";
-import { useRouter } from "next/router";
-import { faGithub, faSlack } from "@fortawesome/free-brands-svg-icons";
-import { faCircleQuestion } from "@fortawesome/free-regular-svg-icons";
-import {
-  faAngleDown,
-  faBook,
-  faCoins,
-  faEnvelope,
-  faGear,
-  faPlus,
-  faRightFromBracket
-} from "@fortawesome/free-solid-svg-icons";
-import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
-import { Menu, Transition } from "@headlessui/react";
-import {TFunction} from "i18next"
-
-import logout from "@app/pages/api/auth/Logout";
-
-import getOrganization from "../../pages/api/organization/GetOrg";
-import getOrganizations from "../../pages/api/organization/getOrgs";
-import getUser from "../../pages/api/user/getUser";
-import guidGenerator from "../utilities/randomId";
-
-const supportOptions = (t: TFunction) => [
-  [
-    <FontAwesomeIcon className="text-lg pl-1.5 pr-3" icon={faSlack} />,
-    t("nav.support.slack"),
-    "https://join.slack.com/t/infisical-users/shared_invite/zt-1wehzfnzn-1aMo5JcGENJiNAC2SD8Jlg"
-  ],
-  [
-    <FontAwesomeIcon className="text-lg pl-1.5 pr-3" icon={faBook} />,
-    t("nav.support.docs"),
-    "https://infisical.com/docs/documentation/getting-started/introduction"
-  ],
-  [
-    <FontAwesomeIcon className="text-lg pl-1.5 pr-3" icon={faGithub} />,
-    t("nav.support.issue"),
-    "https://github.com/Infisical/infisical-cli/issues"
-  ],
-  [
-    <FontAwesomeIcon className="text-lg pl-1.5 pr-3" icon={faEnvelope} />,
-    t("nav.support.email"),
-    "mailto:support@infisical.com"
-  ]
-];
-
-export interface ICurrentOrg {
-  name: string;
-}
-
-export interface IUser {
-  firstName: string;
-  lastName: string;
-  email: string;
-}
-
-/**
- * This is the navigation bar in the main app.
- * It has two main components: support options and user menu (inlcudes billing, logout, org/user settings)
- * @returns NavBar
- */
-export default function Navbar() {
-  const router = useRouter();
-  const [user, setUser] = useState<IUser | undefined>();
-  const [orgs, setOrgs] = useState([]);
-  const [currentOrg, setCurrentOrg] = useState<ICurrentOrg | undefined>();
-
-  const { t } = useTranslation();
-
-  const supportOptionsList = useMemo(() => supportOptions(t), [t]);
-
-  useEffect(() => {
-    (async () => {
-      const userData = await getUser();
-      setUser(userData);
-      const orgsData = await getOrganizations();
-      setOrgs(orgsData);
-      const currentUserOrg = await getOrganization({
-        orgId: String(localStorage.getItem("orgData.id"))
-      });
-      setCurrentOrg(currentUserOrg);
-    })();
-  }, []);
-
-  const closeApp = async () => {
-    await logout();
-    router.push("/login");
-  };
-
-  return (
-    <div className="flex flex-row justify-between w-full bg-bunker text-white border-b border-mineshaft-500 z-[71]">
-      <div className="m-auto flex justify-start items-center mx-4">
-        <div className="flex flex-row items-center">
-          <div className="flex justify-center py-4">
-            <Image src="/images/logotransparent.png" height={23} width={57} alt="logo" />
-          </div>
-          <a href="#" className="text-2xl text-white font-semibold mx-2">
-            Infisical
-          </a>
-        </div>
-      </div>
-      <div className="relative flex justify-start items-center mx-2 z-40">
-        <a
-          href="https://infisical.com/docs/documentation/getting-started/introduction"
-          target="_blank"
-          rel="noopener noreferrer"
-          className="text-gray-200 hover:bg-white/10 px-3 rounded-md duration-200 text-sm mr-4 py-2 flex items-center"
-        >
-          <FontAwesomeIcon icon={faBook} className="text-xl mr-2" />
-          Docs
-        </a>
-        <Menu as="div" className="relative inline-block text-left">
-          <div className="mr-4">
-            <Menu.Button className="inline-flex w-full justify-center px-2 py-2 text-sm font-medium text-gray-200 rounded-md hover:bg-white/10 duration-200 focus:outline-none focus-visible:ring-2 focus-visible:ring-white focus-visible:ring-opacity-75">
-              <FontAwesomeIcon className="text-xl" icon={faCircleQuestion} />
-            </Menu.Button>
-          </div>
-          <Transition
-            as={Fragment}
-            enter="transition ease-out duration-100"
-            enterFrom="transform opacity-0 scale-95"
-            enterTo="transform opacity-100 scale-100"
-            leave="transition ease-in duration-75"
-            leaveFrom="transform opacity-100 scale-100"
-            leaveTo="transform opacity-0 scale-95"
-          >
-            <Menu.Items className="absolute right-0 mt-0.5 w-64 origin-top-right rounded-md bg-bunker border border-mineshaft-700 shadow-lg ring-1 ring-black z-20 ring-opacity-5 focus:outline-none px-2 py-1.5">
-              {supportOptionsList.map(([icon, text, url]) => (
-                <a
-                  key={guidGenerator()}
-                  target="_blank"
-                  rel="noopener noreferrer"
-                  href={String(url)}
-                  className="font-normal text-gray-300 duration-200 rounded-md w-full flex items-center py-0.5"
-                >
-                  <div className="relative flex justify-start items-center cursor-pointer select-none py-2 px-2 rounded-md text-gray-400 hover:bg-white/10 duration-200 hover:text-gray-200 w-full">
-                    {icon}
-                    <div className="text-sm">{text}</div>
-                  </div>
-                </a>
-              ))}
-            </Menu.Items>
-          </Transition>
-        </Menu>
-        <Menu as="div" className="relative inline-block text-left mr-4">
-          <div>
-            <Menu.Button className="inline-flex w-full justify-center pr-2 pl-2 py-2 text-sm font-medium text-gray-200 rounded-md hover:bg-white/10 duration-200 focus:outline-none focus-visible:ring-2 focus-visible:ring-white focus-visible:ring-opacity-75">
-              {user?.firstName} {user?.lastName}
-              <FontAwesomeIcon
-                icon={faAngleDown}
-                className="ml-2 mt-1 text-sm text-gray-300 hover:text-lime-100"
-              />
-            </Menu.Button>
-          </div>
-          <Transition
-            as={Fragment}
-            enter="transition ease-out duration-100"
-            enterFrom="transform opacity-0 scale-95"
-            enterTo="transform opacity-100 scale-100"
-            leave="transition ease-in duration-75"
-            leaveFrom="transform opacity-100 scale-100"
-            leaveTo="transform opacity-0 scale-95"
-          >
-            <Menu.Items className="absolute right-0 mt-0.5 w-64 origin-top-right divide-y divide-gray-700 rounded-md bg-bunker border border-mineshaft-700 shadow-lg ring-1 ring-black z-[999] ring-opacity-5 focus:outline-none">
-              <div className="px-1 py-1 z-[100]">
-                <div className="text-gray-400 self-start ml-2 mt-2 text-xs font-semibold tracking-wide">
-                  {t("nav.user.signed-in-as")}
-                </div>
-                <div
-                  onKeyDown={() => null}
-                  role="button"
-                  tabIndex={0}
-                  onClick={() => router.push(`/settings/personal/${router.query.id}`)}
-                  className="flex flex-row items-center px-1 mx-1 my-1 hover:bg-white/5 cursor-pointer rounded-md"
-                >
-                  <div className="bg-white/10 h-8 w-9 rounded-full flex items-center justify-center text-gray-300">
-                    {user?.firstName?.charAt(0)}
-                  </div>
-                  <div className="flex items-center justify-between w-full">
-                    <div>
-                      <p className="text-gray-300 px-2 pt-1 text-sm">
-                        {" "}
-                        {user?.firstName} {user?.lastName}
-                      </p>
-                      <p className="text-gray-400 px-2 pb-1 text-xs"> {user?.email}</p>
-                    </div>
-                    <FontAwesomeIcon
-                      icon={faGear}
-                      className="text-lg text-gray-400 p-2 mr-1 rounded-md cursor-pointer hover:bg-white/10"
-                    />
-                  </div>
-                </div>
-              </div>
-              <div className="px-2 pt-2">
-                <div className="text-gray-400 self-start ml-2 mt-2 text-xs font-semibold tracking-wide">
-                  {t("nav.user.current-organization")}
-                </div>
-                <div
-                  onKeyDown={() => null}
-                  role="button"
-                  tabIndex={0}
-                  onClick={() => router.push(`/settings/org/${router.query.id}`)}
-                  className="flex flex-row items-center px-2 mt-2 py-1 hover:bg-white/5 cursor-pointer rounded-md"
-                >
-                  <div className="bg-white/10 h-7 w-8 rounded-md flex items-center justify-center text-gray-300">
-                    {currentOrg?.name?.charAt(0)}
-                  </div>
-                  <div className="flex items-center justify-between w-full">
-                    <p className="text-gray-300 px-2 text-sm">{currentOrg?.name}</p>
-                    <FontAwesomeIcon
-                      icon={faGear}
-                      className="text-lg text-gray-400 p-2 rounded-md cursor-pointer hover:bg-white/10"
-                    />
-                  </div>
-                </div>
-                <button
-                  // onClick={buttonAction}
-                  type="button"
-                  className="cursor-pointer w-full"
-                >
-                  <div
-                    onKeyDown={() => null}
-                    role="button"
-                    tabIndex={0}
-                    onClick={() => router.push(`/settings/billing/${router.query.id}`)}
-                    className="mt-1 relative flex justify-start cursor-pointer select-none py-2 px-2 rounded-md text-gray-400 hover:bg-white/5 duration-200 hover:text-gray-200"
-                  >
-                    <FontAwesomeIcon className="text-lg pl-1.5 pr-3" icon={faCoins} />
-                    <div className="text-sm">{t("nav.user.usage-billing")}</div>
-                  </div>
-                </button>
-                <button
-                  type="button"
-                  // onClick={buttonAction}
-                  className="cursor-pointer w-full mb-2"
-                >
-                  <div
-                    onKeyDown={() => null}
-                    role="button"
-                    tabIndex={0}
-                    onClick={() => router.push(`/settings/org/${router.query.id}?invite`)}
-                    className="relative flex justify-start cursor-pointer select-none py-2 pl-10 pr-4 rounded-md text-gray-400 hover:bg-primary/100 duration-200 hover:text-black hover:font-semibold mt-1"
-                  >
-                    <span className="rounded-lg absolute inset-y-0 left-0 flex items-center pl-3 pr-4">
-                      <FontAwesomeIcon icon={faPlus} className="ml-1" />
-                    </span>
-                    <div className="text-sm ml-1">{t("nav.user.invite")}</div>
-                  </div>
-                </button>
-              </div>
-              {orgs?.length > 1 && (
-                <div className="px-1 pt-1">
-                  <div className="text-gray-400 self-start ml-2 mt-2 text-xs font-semibold tracking-wide">
-                    {t("nav.user.other-organizations")}
-                  </div>
-                  <div className="flex flex-col items-start px-1 mt-3 mb-2">
-                    {orgs
-                      .filter(
-                        (org: { _id: string }) => org._id !== localStorage.getItem("orgData.id")
-                      )
-                      .map((org: { _id: string; name: string }) => (
-                        <div
-                          onKeyDown={() => null}
-                          role="button"
-                          tabIndex={0}
-                          key={guidGenerator()}
-                          onClick={() => {
-                            localStorage.setItem("orgData.id", org._id);
-                            router.reload();
-                          }}
-                          className="flex flex-row justify-start items-center hover:bg-white/5 w-full p-1.5 cursor-pointer rounded-md"
-                        >
-                          <div className="bg-white/10 h-7 w-8 rounded-md flex items-center justify-center text-gray-300">
-                            {org.name.charAt(0)}
-                          </div>
-                          <div className="flex items-center justify-between w-full">
-                            <p className="text-gray-300 px-2 text-sm">{org.name}</p>
-                          </div>
-                        </div>
-                      ))}
-                  </div>
-                </div>
-              )}
-              <div className="px-1 py-1">
-                <Menu.Item>
-                  {({ active }) => (
-                    <button
-                      type="button"
-                      onClick={closeApp}
-                      className={`${
-                        active ? "bg-red font-semibold text-white" : "text-gray-400"
-                      } group flex w-full items-center rounded-md px-2 py-2 text-sm`}
-                    >
-                      <div className="relative flex justify-start items-center cursor-pointer select-none">
-                        <FontAwesomeIcon
-                          className="text-lg ml-1.5 mr-3"
-                          icon={faRightFromBracket}
-                        />
-                        {t("common.logout")}
-                      </div>
-                    </button>
-                  )}
-                </Menu.Item>
-              </div>
-            </Menu.Items>
-          </Transition>
-        </Menu>
-      </div>
-    </div>
-  );
-}
--- a/frontend/src/components/navigation/NavHeader.tsx
+++ b/frontend/src/components/navigation/NavHeader.tsx
@@ -58,10 +58,16 @@ export default function NavHeader({

  return (
    <div className="flex flex-row items-center pt-6">
-      <div className="mr-2 flex h-6 w-6 items-center justify-center rounded-md bg-primary-900 text-mineshaft-100">
+      <div className="mr-2 flex h-5 w-5 items-center justify-center rounded-md bg-primary text-black text-sm">
        {currentOrg?.name?.charAt(0)}
      </div>
-      <div className="text-sm font-semibold text-bunker-300">{currentOrg?.name}</div>
+      <Link
+        passHref
+        legacyBehavior
+        href={`/org/${currentOrg?._id}/overview`}
+      >
+        <a className="text-sm font-semibold text-primary/80 hover:text-primary pl-0.5">{currentOrg?.name}</a>
+      </Link>
      {isProjectRelated && (
        <>
          <FontAwesomeIcon icon={faAngleRight} className="ml-3 mr-3 text-xs text-gray-400" />
@@ -79,7 +85,7 @@ export default function NavHeader({
        <Link
          passHref
          legacyBehavior
-          href={{ pathname: "/dashboard/[id]", query: { id: router.query.id } }}
+          href={{ pathname: "/project/[id]/secrets", query: { id: router.query.id } }}
        >
          <a className="text-sm font-semibold text-primary/80 hover:text-primary">{pageName}</a>
        </Link>
@@ -120,7 +126,7 @@ export default function NavHeader({
              {index + 1 === folders?.length ? (
                <span className="text-sm font-semibold text-bunker-300">{name}</span>
              ) : (
-                <Link passHref legacyBehavior href={{ pathname: "/dashboard/[id]", query }}>
+                <Link passHref legacyBehavior href={{ pathname: "/project/[id]/secrets", query }}>
                  <a className="text-sm font-semibold text-primary/80 hover:text-primary">
                    {name === "root" ? selectedEnv?.name : name}
                  </a>
--- a/frontend/src/components/signup/CodeInputStep.tsx
+++ b/frontend/src/components/signup/CodeInputStep.tsx
@@ -114,6 +114,7 @@ export default function CodeInputStep({
      <div className="flex flex-col items-center justify-center lg:w-[19%] w-1/4 min-w-[20rem] mt-2 max-w-xs md:max-w-md mx-auto text-sm text-center md:text-left">
        <div className="text-l py-1 text-lg w-full">
          <Button
+            type="submit"
            onClick={incrementStep}
            size="sm"
            isFullWidth
--- a/frontend/src/components/signup/EnterEmailStep.tsx
+++ b/frontend/src/components/signup/EnterEmailStep.tsx
@@ -70,6 +70,7 @@ export default function EnterEmailStep({
        <div className="flex flex-col items-center justify-center lg:w-1/6 w-1/4 min-w-[20rem] mt-2 max-w-xs md:max-w-md mx-auto text-sm text-center md:text-left">
          <div className="text-l py-1 text-lg w-full">
            <Button
+              type="submit"
              onClick={emailCheck}
              size="sm"
              isFullWidth
--- a/frontend/src/components/signup/TeamInviteStep.tsx
+++ b/frontend/src/components/signup/TeamInviteStep.tsx
@@ -5,7 +5,6 @@ import { useRouter } from "next/router";
 import { useFetchServerStatus } from "@app/hooks/api/serverDetails";
 import { usePopUp } from "@app/hooks/usePopUp";
 import addUserToOrg from "@app/pages/api/organization/addUserToOrg";
-import getWorkspaces from "@app/pages/api/workspace/getWorkspaces";

 import { Button, EmailServiceSetupModal } from "../v2";

@@ -21,9 +20,7 @@ export default function TeamInviteStep(): JSX.Element {

  // Redirect user to the getting started page
  const redirectToHome = async () => {
-    const userWorkspaces = await getWorkspaces();
-    const userWorkspace = userWorkspaces[0]._id;
-    router.push(`/dashboard/${userWorkspace}`);
+    router.push(`/org/${localStorage.getItem("orgData.id")}/overview`);
  };

  const inviteUsers = async ({ emails: inviteEmails }: { emails: string }) => {
--- a/frontend/src/components/signup/UserInfoStep.tsx
+++ b/frontend/src/components/signup/UserInfoStep.tsx
@@ -248,7 +248,6 @@ export default function UserInfoStep({
            placeholder=""
            onChange={(e) => setAttributionSource(e.target.value)}
            value={attributionSource}
-            isRequired
            className="h-12"
          />
        </div>
@@ -301,6 +300,7 @@ export default function UserInfoStep({
        <div className="flex flex-col items-center justify-center lg:w-[19%] w-1/4 min-w-[20rem] mt-2 max-w-xs md:max-w-md mx-auto text-sm text-center md:text-left">
          <div className="text-l py-1 text-lg w-full">
            <Button
+              type="submit"
              onClick={signupErrorCheck}
              size="sm"
              isFullWidth
--- a/frontend/src/components/utilities/checks/OnboardingCheck.ts
+++ b/frontend/src/components/utilities/checks/OnboardingCheck.ts
@@ -5,7 +5,6 @@ interface OnboardingCheckProps {
  setTotalOnboardingActionsDone?: (value: number) => void;
  setHasUserClickedSlack?: (value: boolean) => void;
  setHasUserClickedIntro?: (value: boolean) => void;
-  setHasUserStarred?: (value: boolean) => void;
  setHasUserPushedSecrets?: (value: boolean) => void;
  setUsersInOrg?: (value: boolean) => void;
 }
@@ -17,7 +16,6 @@ const onboardingCheck = async ({
  setTotalOnboardingActionsDone,
  setHasUserClickedSlack,
  setHasUserClickedIntro,
-  setHasUserStarred,
  setHasUserPushedSecrets,
  setUsersInOrg
 }: OnboardingCheckProps) => {
@@ -46,14 +44,6 @@ const onboardingCheck = async ({
  }
  if (setHasUserClickedIntro) setHasUserClickedIntro(!!userActionIntro);

-  const userActionStar = await checkUserAction({
-    action: "star_cta_clicked"
-  });
-  if (userActionStar) {
-    countActions += 1;
-  }
-  if (setHasUserStarred) setHasUserStarred(!!userActionStar);
-
  const orgId = localStorage.getItem("orgData.id");
  const orgUsers = await getOrganizationUsers({
    orgId: orgId || ""
--- a/frontend/src/components/utilities/intercom/intercom.ts
+++ b/frontend/src/components/utilities/intercom/intercom.ts
@@ -54,7 +54,6 @@ export const load = () => {

 // Initializes Intercom
 export const boot = (options = {}) => {
-  console.log("boot", { app_id: APP_ID, ...options })
  window &&
    window.Intercom &&
    window.Intercom("boot", { app_id: APP_ID, ...options });
--- a/frontend/src/components/v2/Button/Button.tsx
+++ b/frontend/src/components/v2/Button/Button.tsx
@@ -61,7 +61,8 @@ const buttonVariants = cva(
      {
        colorSchema: "primary",
        variant: "star",
-        className: "bg-mineshaft-700 border border-mineshaft-600 hover:bg-primary hover:text-black hover:border-primary-400 duration-100"
+        className:
+          "bg-mineshaft-700 border border-mineshaft-600 hover:bg-primary hover:text-black hover:border-primary-400 duration-100"
      },
      {
        colorSchema: "primary",
@@ -76,12 +77,14 @@ const buttonVariants = cva(
      {
        colorSchema: "primary",
        variant: "outline_bg",
-        className: "bg-mineshaft-600 border border-mineshaft-500 hover:bg-primary/[0.1] hover:border-primary/40 text-bunker-200"
+        className:
+          "bg-mineshaft-600 border border-mineshaft-500 hover:bg-primary/[0.1] hover:border-primary/40 text-bunker-200"
      },
      {
        colorSchema: "secondary",
        variant: "star",
-        className: "bg-mineshaft-700 border border-mineshaft-600 hover:bg-mineshaft hover:text-white"
+        className:
+          "bg-mineshaft-700 border border-mineshaft-600 hover:bg-mineshaft hover:text-white"
      },
      {
        colorSchema: "danger",
@@ -163,13 +166,13 @@ export const Button = forwardRef<HTMLButtonElement, ButtonProps>(
        type="button"
        className={twMerge(
          buttonVariants({
-            className,
            colorSchema,
            size,
            variant,
            isRounded,
            isDisabled,
-            isFullWidth
+            isFullWidth,
+            className
          })
        )}
        disabled={isDisabled}
@@ -193,7 +196,15 @@ export const Button = forwardRef<HTMLButtonElement, ButtonProps>(
        >
          {leftIcon}
        </div>
-        <span className={twMerge("transition-all", isFullWidth ? "w-full" : "w-min", loadingToggleClass)}>{children}</span>
+        <span
+          className={twMerge(
+            "transition-all",
+            isFullWidth ? "w-full" : "w-min",
+            loadingToggleClass
+          )}
+        >
+          {children}
+        </span>
        <div
          className={twMerge(
            "inline-flex shrink-0 cursor-pointer items-center justify-center transition-all",
--- a/frontend/src/components/v2/Dropdown/Dropdown.tsx
+++ b/frontend/src/components/v2/Dropdown/Dropdown.tsx
@@ -21,7 +21,7 @@ export const DropdownMenuContent = forwardRef<HTMLDivElement, DropdownMenuConten
          {...props}
          ref={forwardedRef}
          className={twMerge(
-            "min-w-[220px] bg-bunker will-change-auto text-bunker-300 rounded-md shadow data-[side=top]:animate-slideDownAndFade data-[side=left]:animate-slideRightAndFade data-[side=right]:animate-slideLeftAndFade data-[side=bottom]:animate-slideUpAndFade",
+            "min-w-[220px] z-30 bg-mineshaft-900 border border-mineshaft-600 will-change-auto text-bunker-300 rounded-md shadow data-[side=top]:animate-slideDownAndFade data-[side=left]:animate-slideRightAndFade data-[side=right]:animate-slideLeftAndFade data-[side=bottom]:animate-slideUpAndFade",
            className
          )}
        >
@@ -62,11 +62,11 @@ export const DropdownMenuItem = <T extends ElementType = "button">({
  <DropdownMenuPrimitive.Item
    {...props}
    className={twMerge(
-      "text-sm block font-inter px-4 py-2 data-[highlighted]:bg-gray-700 outline-none cursor-pointer",
+      "text-xs text-mineshaft-200 block font-inter px-4 py-2 data-[highlighted]:bg-mineshaft-700 rounded-sm outline-none cursor-pointer",
      className
    )}
  >
-    <Item type="button" role="menuitem" class="flex w-full items-center" ref={inputRef}>
+    <Item type="button" role="menuitem" className="flex w-full items-center" ref={inputRef}>
      {icon && <span className="flex items-center mr-2">{icon}</span>}
      <span className="flex-grow text-left">{children}</span>
    </Item>
--- a/frontend/src/components/v2/EmptyState/EmptyState.tsx
+++ b/frontend/src/components/v2/EmptyState/EmptyState.tsx
@@ -25,7 +25,7 @@ export const EmptyState = ({
      className
    )}
  >
-    <FontAwesomeIcon icon={icon} size={iconSize} className="mr-4" />
+    <FontAwesomeIcon icon={icon} size={iconSize} />
    <div className="flex flex-row items-center py-4">
      <div className="text-sm text-bunker-300">{title}</div>
      <div>{children}</div>
--- a/frontend/src/components/v2/Input/Input.tsx
+++ b/frontend/src/components/v2/Input/Input.tsx
@@ -13,7 +13,7 @@ type Props = {
 };

 const inputVariants = cva(
-  "input w-full py-[0.375rem] text-gray-400 placeholder:text-sm placeholder-gray-500 placeholder-opacity-50 outline-none focus:ring-2 hover:ring-[0.05rem] hover:ring-bunker-400/60 duration-100",
+  "input w-full py-[0.375rem] text-gray-400 placeholder:text-sm placeholder-gray-500 placeholder-opacity-50 outline-none focus:ring-2 hover:ring-bunker-400/60 duration-100",
  {
    variants: {
      size: {
--- a/frontend/src/components/v2/Menu/Menu.tsx
+++ b/frontend/src/components/v2/Menu/Menu.tsx
@@ -48,7 +48,7 @@ export const MenuItem = <T extends ElementType = "button">({
    >
      <li
        className={twMerge(
-          "group px-1 py-2.5 mt-0.5 font-inter flex flex-col text-sm text-bunker-100 transition-all rounded cursor-pointer hover:bg-mineshaft-700 duration-50",
+          "group px-1 py-2 mt-0.5 font-inter flex flex-col text-sm text-bunker-100 transition-all rounded cursor-pointer hover:bg-mineshaft-700 duration-50",
          isSelected && "bg-mineshaft-600 hover:bg-mineshaft-600",
          isDisabled && "hover:bg-transparent cursor-not-allowed",
          className
@@ -56,16 +56,16 @@ export const MenuItem = <T extends ElementType = "button">({
      >
        <motion.span className="w-full flex flex-row items-center justify-start rounded-sm">
          <Item type="button" role="menuitem" className="flex items-center relative" ref={inputRef} {...props}>
-            <div className={`${isSelected ? "visisble" : "invisible"} absolute w-[0.25rem] rounded-md h-8 bg-primary`}/>
+            <div className={`${isSelected ? "visisble" : "invisible"} -left-[0.28rem] absolute w-[0.07rem] rounded-md h-5 bg-primary`}/>
            {/* {icon && <span className="mr-3 ml-4 w-5 block group-hover:hidden">{icon}</span>} */}
            <Lottie
              lottieRef={iconRef}
-              style={{ width: 24, height: 24 }}
+              style={{ width: 22, height: 22 }}
              // eslint-disable-next-line import/no-dynamic-require
              animationData={require(`../../../../public/lotties/${icon}.json`)}
              loop={false}
              autoplay={false}
-              className="my-auto ml-3 mr-3"
+              className="my-auto ml-[0.1rem] mr-3"
            />
            <span className="flex-grow text-left">{children}</span>
          </Item>
@@ -76,6 +76,53 @@ export const MenuItem = <T extends ElementType = "button">({
  )
 };

+export const SubMenuItem = <T extends ElementType = "button">({
+  children,
+  icon,
+  className,
+  isDisabled,
+  isSelected,
+  as: Item = "button",
+  description,
+  // wrapping in forward ref with generic component causes the loss of ts definitions on props
+  inputRef,
+  ...props
+}: MenuItemProps<T> & ComponentPropsWithRef<T>): JSX.Element => {
+  const iconRef = useRef()
+
+  return( 
+    <a 
+      onMouseEnter={() => iconRef.current?.play()}
+      onMouseLeave={() => iconRef.current?.stop()} 
+    >
+      <li
+        className={twMerge(
+          "group px-1 py-1 mt-0.5 font-inter flex flex-col text-sm text-mineshaft-300 hover:text-mineshaft-100 transition-all rounded cursor-pointer hover:bg-mineshaft-700 duration-50",
+          isDisabled && "hover:bg-transparent cursor-not-allowed",
+          className
+        )}
+      >
+        <motion.span className="w-full flex flex-row items-center justify-start rounded-sm pl-6">
+          <Item type="button" role="menuitem" className="flex items-center relative" ref={inputRef} {...props}>
+            <Lottie
+              lottieRef={iconRef}
+              style={{ width: 16, height: 16 }}
+              // eslint-disable-next-line import/no-dynamic-require
+              animationData={require(`../../../../public/lotties/${icon}.json`)}
+              loop={false}
+              autoplay={false}
+              className="my-auto ml-[0.1rem] mr-3"
+            />
+            <span className="flex-grow text-left text-sm">{children}</span>
+          </Item>
+          {description && <span className="mt-2 text-xs">{description}</span>}
+        </motion.span>
+      </li>
+    </a>
+  )
+};
+
+
 MenuItem.displayName = "MenuItem";

 export type MenuGroupProps = {
--- a/frontend/src/components/v2/Tabs/Tabs.tsx
+++ b/frontend/src/components/v2/Tabs/Tabs.tsx
@@ -72,12 +72,12 @@ export const TabsObject = () => {
      >
        Windows
      </Tabs.Trigger>
-      <Tabs.Trigger
+      {/* <Tabs.Trigger
        className="bg-bunker-700 px-5 h-10 flex-1 flex items-center justify-center text-sm leading-none text-bunker-300 select-none first:rounded-tl-md last:rounded-tr-md data-[state=active]:text-primary data-[state=active]:font-medium data-[state=active]:focus:relative data-[state=active]:border-b data-[state=active]:border-primary outline-none cursor-default"
        value="tab3"
      >
        Arch Linux
-      </Tabs.Trigger>
+      </Tabs.Trigger> */}
      <a
          target='_blank'
          rel="noopener noreferrer"
@@ -88,7 +88,7 @@ export const TabsObject = () => {
      </a>
    </Tabs.List>
    <Tabs.Content
-      className="grow p-5 bg-bunker-700 rounded-b-md outline-none cursor-default"
+      className="grow p-5 pt-0 bg-bunker-700 rounded-b-md outline-none cursor-default"
      value="tab1"
    >
      <CodeItem isCopied={downloadCodeCopied} setIsCopied={setDownloadCodeCopied} textExplanation="1. Download CLI" code="brew install infisical/get-cli/infisical" id="downloadCode" />
@@ -105,10 +105,10 @@ export const TabsObject = () => {
      </a>. </p>
    </Tabs.Content>
    <Tabs.Content
-      className="grow p-5 bg-bunker-700 rounded-b-md outline-none"
+      className="grow p-5 pt-0 bg-bunker-700 rounded-b-md outline-none"
      value="tab2"
    >
-      <CodeItem isCopied={downloadCodeCopied} setIsCopied={setDownloadCodeCopied} textExplanation="1. Download CLI" code="brew install infisical/get-cli/infisical" id="downloadCodeW" />
+      <CodeItem isCopied={downloadCodeCopied} setIsCopied={setDownloadCodeCopied} textExplanation="1. Download CLI" code="scoop bucket add org https://github.com/Infisical/scoop-infisical.git" id="downloadCodeW" />
      <div className='font-mono text-sm px-3 py-2 mt-2 bg-bunker rounded-md border border-mineshaft-600 flex flex-row items-center justify-between'>
        <input disabled value="scoop install infisical" id="downloadCodeW2" className='w-full bg-transparent text-bunker-200'/>
        <button
@@ -138,22 +138,5 @@ export const TabsObject = () => {
        here
      </a>. </p>
    </Tabs.Content>
-    <Tabs.Content
-      className="grow p-5 bg-bunker-700 rounded-b-md outline-none cursor-default"
-      value="tab3"
-    >
-      <CodeItem isCopied={downloadCodeCopied} setIsCopied={setDownloadCodeCopied} textExplanation="1. Download CLI" code="brew install infisical/get-cli/infisical" id="downloadCodeL" />
-      <CodeItem isCopied={loginCodeCopied} setIsCopied={setLoginCodeCopied} textExplanation="2. Login" code="infisical login" id="loginCodeL" />
-      <CodeItem isCopied={initCodeCopied} setIsCopied={setInitCodeCopied} textExplanation="3. Choose Project" code="infisical init" id="initCodeL" />
-      <CodeItem isCopied={runCodeCopied} setIsCopied={setRunCodeCopied} textExplanation="4. Done! Now, you can prepend your usual start script with:" code="infisical run -- [YOUR USUAL CODE START SCRIPT GOES HERE]" id="runCodeL" />
-      <p className='text-bunker-300 text-sm mt-2'>You can find example of start commands for different frameworks <a
-        className='text-primary underline underline-offset-2'
-        target="_blank"
-        rel="noopener noreferrer"
-        href='https://infisical.com/docs/integrations/overview'
-      >
-        here
-      </a>. </p>
-    </Tabs.Content>
  </Tabs.Root>
 };
--- a/frontend/src/components/v2/Tooltip/Tooltip.tsx
+++ b/frontend/src/components/v2/Tooltip/Tooltip.tsx
@@ -2,7 +2,7 @@ import { ReactNode } from "react";
 import * as TooltipPrimitive from "@radix-ui/react-tooltip";
 import { twMerge } from "tailwind-merge";

-export type TooltipProps = {
+export type TooltipProps = Omit<TooltipPrimitive.TooltipContentProps, "open" | "content"> & {
  children: ReactNode;
  content?: ReactNode;
  isOpen?: boolean;
@@ -10,7 +10,7 @@ export type TooltipProps = {
  asChild?: boolean;
  onOpenChange?: (isOpen: boolean) => void;
  defaultOpen?: boolean;
-} & Omit<TooltipPrimitive.TooltipContentProps, "open">;
+};

 export const Tooltip = ({
  children,
--- a/frontend/src/components/v2/UpgradePlanModal/UpgradePlanModal.tsx
+++ b/frontend/src/components/v2/UpgradePlanModal/UpgradePlanModal.tsx
@@ -1,9 +1,10 @@
-import Link from "next/link";
-
-import { useSubscription } from "@app/context";
+import { useOrganization, useSubscription } from "@app/context";
+import {
+    useGetOrgTrialUrl
+} from "@app/hooks/api";

 import { Button } from "../Button";
-import { Modal, ModalClose, ModalContent } from "../Modal";
+import { Modal, ModalContent } from "../Modal";

 type Props = {
  isOpen?: boolean;
@@ -13,32 +14,61 @@ type Props = {

 export const UpgradePlanModal = ({ text, isOpen, onOpenChange }: Props): JSX.Element => {
  const { subscription } = useSubscription();
+  const { currentOrg } = useOrganization();
+  const { mutateAsync, isLoading } = useGetOrgTrialUrl();
  const link = (subscription && subscription.slug !== null) 
-    ? `/settings/billing/${localStorage.getItem("projectData.id") as string}` 
+    ? `/org/${currentOrg?._id}/billing` 
    : "https://infisical.com/scheduledemo";
  
+  const handleUpgradeBtnClick = async () => {
+    try {
+      if (!subscription || !currentOrg) return;
+      
+      if (!subscription.has_used_trial) {
+        // direct user to start pro trial
+        
+        const url = await mutateAsync({
+          orgId: currentOrg._id,
+          success_url: window.location.href
+        });
+        
+        window.location.href = url;
+      } else {
+        // direct user to upgrade their plan
+        window.location.href = link;
+      }
+
+    } catch (err) {
+      console.error(err);
+    }
+  }
+  
  return (
    <Modal isOpen={isOpen} onOpenChange={onOpenChange}>
      <ModalContent
        title="Unleash Infisical's Full Power"
-        footerContent={[
-          <Link
-            href={link}
-            key="upgrade-plan"
-          >
-            <Button className="mr-4 ml-2 mb-2">Upgrade Plan</Button>
-          </Link>,
-          <ModalClose asChild key="upgrade-plan-cancel">
-            <Button colorSchema="secondary" variant="plain">
-              Cancel
-            </Button>
-          </ModalClose>
-        ]}
      >
        <p className="mb-2 text-bunker-300">{text}</p>
        <p className="text-bunker-300">
          Upgrade and get access to this, as well as to other powerful enhancements.
        </p>
+        <div className="mt-8 flex items-center">
+          <Button
+            isLoading={isLoading}
+            colorSchema="primary"
+            onClick={handleUpgradeBtnClick}
+            className="mr-4"
+          >
+            {(subscription && !subscription.has_used_trial) ? "Start Pro Free Trial" : "Upgrade Plan"}
+          </Button>
+          <Button 
+            colorSchema="secondary" 
+            variant="plain"
+            onClick={() => onOpenChange && onOpenChange(false)}
+          >
+            Cancel
+          </Button>
+        </div>
      </ModalContent>
    </Modal>
  )
--- a/frontend/src/context/OrganizationContext/OrganizationContext.tsx
+++ b/frontend/src/context/OrganizationContext/OrganizationContext.tsx
@@ -3,7 +3,6 @@ import { createContext, ReactNode, useContext, useMemo } from "react";
 import { useGetOrganization } from "@app/hooks/api";
 import { Organization } from "@app/hooks/api/types";

-import { useWorkspace } from "../WorkspaceContext";

 type TOrgContext = {
  orgs?: Organization[];
@@ -18,10 +17,10 @@ type Props = {
 };

 export const OrgProvider = ({ children }: Props): JSX.Element => {
-  const { currentWorkspace } = useWorkspace();
  const { data: userOrgs, isLoading } = useGetOrganization();

-  const currentWsOrgID = currentWorkspace?.organization;
+  // const currentWsOrgID = currentWorkspace?.organization;
+  const currentWsOrgID = localStorage.getItem("orgData.id");

  // memorize the workspace details for the context
  const value = useMemo<TOrgContext>(
--- a/frontend/src/context/SubscriptionContext/SubscriptionContext.tsx
+++ b/frontend/src/context/SubscriptionContext/SubscriptionContext.tsx
@@ -3,8 +3,7 @@ import { createContext, ReactNode, useContext, useMemo } from "react";
 import { useGetOrgSubscription } from "@app/hooks/api";
 import { SubscriptionPlan } from "@app/hooks/api/types";

-import { useWorkspace } from "../WorkspaceContext";
-// import { Subscription } from '@app/hooks/api/workspace/types';
+import { useOrganization } from "../OrganizationContext";

 type TSubscriptionContext = {
  subscription?: SubscriptionPlan;
@@ -18,9 +17,10 @@ type Props = {
 };

 export const SubscriptionProvider = ({ children }: Props): JSX.Element => {
-  const { currentWorkspace } = useWorkspace();
+  const { currentOrg } = useOrganization();
+
  const { data, isLoading } = useGetOrgSubscription({
-    orgID: currentWorkspace?.organization || ""
+    orgID: currentOrg?._id || ""
  });

  // memorize the workspace details for the context
--- a/frontend/src/ee/components/ActivitySideBar.tsx
+++ b/frontend/src/ee/components/ActivitySideBar.tsx
@@ -129,7 +129,7 @@ const ActivitySideBar = ({ toggleSidebar, currentAction }: SideBarProps) => {
    <div
      className={`absolute border-l border-mineshaft-500 ${
        isLoading ? "bg-bunker-800" : "bg-bunker"
-      } fixed top-14 right-0 z-40 flex h-[calc(100vh-56px)] w-96 flex-col justify-between shadow-xl`}
+      } fixed right-0 z-40 flex h-[calc(100vh)] w-96 flex-col justify-between shadow-xl`}
    >
      {isLoading ? (
        <div className="mb-8 flex h-full items-center justify-center">
--- a/frontend/src/hooks/api/index.tsx
+++ b/frontend/src/hooks/api/index.tsx
@@ -13,4 +13,5 @@ export * from "./serviceTokens";
 export * from "./subscriptions";
 export * from "./tags";
 export * from "./users";
+export * from "./webhooks";
 export * from "./workspace";
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Maidul Islam	deac5fe101	Merge branch 'main' into git-scanning-app	2023-07-17 17:20:04 -04:00
Maidul Islam	216f3a0d1b	reload page after org link	2023-07-17 17:18:55 -04:00
Maidul Islam	43f4110c94	update risk status names	2023-07-17 16:46:15 -04:00
Maidul Islam	56d430afd6	update risk status and update email notifications	2023-07-17 16:41:33 -04:00
Maidul Islam	38b6a48bee	Merge pull request #754 from JunedKhan101/docs-typo-fix fixed typo	2023-07-17 10:49:46 -04:00
Maidul Islam	53abce5780	remove secret engine folder	2023-07-16 16:51:01 -04:00
Maidul Islam	8c844fb188	move secret scanning to main container	2023-07-16 16:48:36 -04:00
Juned Khan	a9135cdbcd	fixed typo	2023-07-16 14:47:35 +05:30
Akhil Mohan	9b96daa185	Merge pull request #752 from afrieirham/feat/sort-integrations-alphabetically feat: sort cloud and framework integrations alphabetically	2023-07-16 14:34:26 +05:30
Afrie Irham	9919d3ee6a	feat: sort cloud and framework integrations alphabetically	2023-07-16 11:05:37 +08:00
Vladyslav Matsiiako	dfcd6b1efd	changed docs structure	2023-07-14 19:14:36 -07:00
Vladyslav Matsiiako	07bc4c4a3a	change docs structure	2023-07-14 19:11:39 -07:00
Vladyslav Matsiiako	d69465517f	Added styling	2023-07-14 16:26:18 -07:00
Maidul Islam	6d807c0c74	Merge pull request #749 from RezaRahemtola/fix/cli-vault-cmd-last-line-break fix(cli): Missing trailing linebreak in vault commands	2023-07-14 18:38:23 -04:00
Reza Rahemtola	868cc80210	fix(cli): Missing trailing linebreak in vault commands	2023-07-14 23:09:25 +02:00
Maidul Islam	3d4a616147	remove secret scanning from prod docker compose	2023-07-14 15:21:04 -04:00
vmatsiiako	bd3f9130e4	Merge pull request #747 from unkletayo/adetayoreadme-youtubelink-fix docs(readme):update broken YouTube page link	2023-07-14 09:19:51 -07:00
Adetayo Akinsanya	f607841acf	Update README.md with the correct youtube link	2023-07-14 17:15:09 +01:00
Adetayo Akinsanya	55d813043d	Update README.md This PR fixes broken link to the YouTube page in the Readme file	2023-07-14 08:15:51 +01:00
Vladyslav Matsiiako	b2a3a3a0e6	added click-to-copy and changed the slack link	2023-07-13 19:09:00 -07:00
Maidul Islam	67d5f52aca	extract correct params after git app install	2023-07-13 19:56:49 -04:00
Vladyslav Matsiiako	a34047521c	styled cli redirect	2023-07-13 16:37:05 -07:00
Vladyslav Matsiiako	7ff806e8a6	fixed the signup orgId issue	2023-07-13 16:16:00 -07:00
Vladyslav Matsiiako	9763353d59	Fixed routing issues	2023-07-13 16:09:33 -07:00
Maidul Islam	4382935cb5	Merge pull request #733 from akhilmhdh/feat/webhooks Feat/webhooks	2023-07-13 18:47:47 -04:00
Maidul Islam	7e3646ddcd	add docs on how to pin k8 operator to avoid breaking changes	2023-07-13 17:53:59 -04:00
akhilmhdh	f7766fc182	fix: resolved just space in a secret value and not changing save state	2023-07-13 23:53:24 +05:30
akhilmhdh	3176370ef6	feat(webhook): removed console.log	2023-07-13 23:22:20 +05:30
akhilmhdh	9bed1682fc	feat(webhooks): updated docs	2023-07-13 23:22:20 +05:30
akhilmhdh	daf2e2036e	feat(webhook): implemented ui for webhooks	2023-07-13 23:22:20 +05:30
akhilmhdh	0f81c78639	feat(webhook): implemented api for webhooks	2023-07-13 23:21:18 +05:30
Vladyslav Matsiiako	8a19cfe0c6	removed secret scanning from the menu	2023-07-13 10:31:54 -07:00
Maidul Islam	a00fec9bca	trigger standalone docker img too	2023-07-13 11:23:41 -04:00
BlackMagiq	209f224517	Merge pull request #745 from Infisical/docs-sdk Remove individual SDK pages from docs	2023-07-13 17:10:26 +07:00
Tuan Dang	0b7f2b7d4b	Remove individual SDK pages from docs in favor of each SDKs README on GitHub	2023-07-13 17:08:32 +07:00
BlackMagiq	eff15fc3d0	Merge pull request #744 from Infisical/usage-billing Fix subscription context get organization from useOrganization	2023-07-13 17:07:42 +07:00
Tuan Dang	2614459772	Fix subscription context get organization from useOrganization	2023-07-13 17:01:53 +07:00
Vladyslav Matsiiako	4e926746cf	fixing the pro trial bug	2023-07-12 15:46:42 -07:00
Maidul Islam	f022f6d3ee	update secret engine port	2023-07-12 16:39:45 -04:00
Maidul Islam	1133ae4ae9	bring back secret engine for dev	2023-07-12 16:10:09 -04:00
Maidul Islam	edd5afa13b	remove secret engine from main	2023-07-12 15:50:36 -04:00
vmatsiiako	442f572acc	Merge branch 'infisical-radar-app' into main	2023-07-12 12:12:24 -07:00
Vladyslav Matsiiako	be58f3c429	removed the learning item from sidebar	2023-07-12 11:50:36 -07:00
vmatsiiako	3eea5d9322	Merge pull request #735 from Infisical/new-sidebars fixing the bugs with sidebars	2023-07-12 11:23:26 -07:00
Vladyslav Matsiiako	e4e87163e8	removed org member section	2023-07-12 11:19:56 -07:00
Vladyslav Matsiiako	d3aeb729e0	fixing ui/ux bugs	2023-07-12 11:18:42 -07:00
Maidul Islam	2e7c7cf1da	fix typo in folder docs	2023-07-12 01:41:14 -04:00
Maidul Islam	5d39416532	replace cli quick start	2023-07-12 01:38:59 -04:00
Maidul Islam	af95adb589	Update usage.mdx	2023-07-12 01:31:09 -04:00
Maidul Islam	0fc4f96773	Merge pull request #736 from Infisical/revamp-docs Revamp core docs	2023-07-12 01:29:10 -04:00
Maidul Islam	0a9adf33c8	revamp core docs	2023-07-12 01:23:28 -04:00
Vladyslav Matsiiako	f9110cedfa	fixing the bug with switching orgs	2023-07-11 22:13:54 -07:00
vmatsiiako	88ec55fc49	Merge pull request #700 from Infisical/new-sidebars new sidebars	2023-07-11 17:29:48 -07:00
Vladyslav Matsiiako	98b2a2a5c1	adding trial to the sidebar	2023-07-11 17:26:36 -07:00
vmatsiiako	27eeafbf36	Merge pull request #730 from Infisical/main Catching up the branch	2023-07-11 16:19:39 -07:00
Vladyslav Matsiiako	0cf63028df	fixing style and solving merge conflicts	2023-07-11 16:19:07 -07:00
vmatsiiako	0b52b3cf58	Update mint.json	2023-07-11 14:14:23 -07:00
vmatsiiako	e1764880a2	Update overview.mdx	2023-07-11 14:09:57 -07:00
vmatsiiako	d3a47ffcdd	Update mint.json	2023-07-11 13:56:24 -07:00
vmatsiiako	9c1f88bb9c	Update mint.json	2023-07-11 13:49:55 -07:00
Maidul Islam	ae2f3184e2	Merge pull request #711 from afrieirham/form-ux-enhancement fix: enable users to press `Enter` in forms	2023-07-11 16:34:21 -04:00
BlackMagiq	3f1db47c30	Merge pull request #731 from Infisical/office-365-smtp Add support for Office365 SMTP	2023-07-11 15:04:26 +07:00
Tuan Dang	3e3bbe298d	Add support for Office365 SMTP	2023-07-11 14:50:41 +07:00
Vladyslav Matsiiako	46dc357651	final changes to sidebars	2023-07-11 00:04:14 -07:00
Maidul Islam	07d25cb673	extract version from tag	2023-07-10 23:26:14 -04:00
Maidul Islam	264f75ce8e	correct gha for k8 operator	2023-07-10 23:20:45 -04:00
Maidul Islam	9713a19405	add semvar to k8 images	2023-07-10 23:14:10 -04:00
Maidul Islam	ccfb8771f1	Merge pull request #728 from JunedKhan101/feature-723-remove-trailing-slash Implemented feature to remove the trailing slash from the domain url	2023-07-10 10:26:53 -04:00
BlackMagiq	b36801652f	Merge pull request #729 from Infisical/trial-revamp Infisical Cloud Pro Free Trial Update	2023-07-10 15:13:28 +07:00
Tuan Dang	9e5b9cbdb5	Fix lint errors	2023-07-10 15:06:00 +07:00
Vladyslav Matsiiako	bdf4ebd1bc	second iteration of the new sidebar	2023-07-09 23:58:27 -07:00
Tuan Dang	e91e7f96c2	Update free plan logic	2023-07-10 13:48:46 +07:00
Juned Khan	34fef4aaad	Implemented feature to remove the trailing slash from the domain url	2023-07-10 12:16:51 +05:30
Maidul Islam	09330458e5	Merge pull request #721 from agoodman1999/main add --path flag to docs for infisical secrets set	2023-07-10 00:09:09 -04:00
Maidul Islam	ed95b99ed1	Merge branch 'main' into main	2023-07-10 00:08:25 -04:00
Maidul Islam	dc1e1e8dcb	Merge pull request #726 from RezaRahemtola/fix/docs fix(docs): Wrong integration name and missing link	2023-07-10 00:05:47 -04:00
vmatsiiako	ec26404b94	Merge pull request #727 from Infisical/main Catching up with main	2023-07-09 11:13:40 -07:00
Reza Rahemtola	5ef2508736	docs: Add missing pull request contribution link	2023-07-09 15:44:25 +02:00
Reza Rahemtola	93264fd2d0	docs: Fix wrong integration name	2023-07-09 15:40:59 +02:00
Afrie Irham	7020c7aeab	fix: completing allow user to press Enter in forgot password flow	2023-07-09 15:08:25 +08:00
agoodman1999	f9fca42c5b	fix incorrect leading slash in example	2023-07-06 13:36:15 -04:00
agoodman1999	11a19eef07	add --path flag to docs for infisical secrets set	2023-07-06 13:20:48 -04:00
Maidul Islam	da113612eb	diable secret scan by default	2023-07-05 18:09:46 -04:00
Maidul Islam	e9e2eade89	update helm chart version	2023-07-05 17:56:30 -04:00
Maidul Islam	3cbc9c1b5c	update helm chart to include git app	2023-07-05 17:54:29 -04:00
Maidul Islam	0772510e47	update gha for git app gamma deploy	2023-07-05 15:52:43 -04:00
Maidul Islam	f389aa07eb	update docker file for prod build	2023-07-05 15:39:44 -04:00
Maidul Islam	27a110a93a	build secret scanning	2023-07-05 15:22:29 -04:00
Afrie Irham	93e0232c21	fix: allow user to press Enter in forgot password page	2023-07-05 19:02:48 +08:00
Afrie Irham	37707c422a	fix: allow user to press Enter in login page	2023-07-05 18:40:48 +08:00
Afrie Irham	2f1bd9ca61	fix: enable user to press Enter in signup flow	2023-07-05 18:32:03 +08:00
Maidul Islam	a63d179a0d	add email notifications for risks	2023-07-04 22:06:29 -04:00
Maidul Islam	9f6aa6b13e	add v1 secret scanning	2023-07-04 10:54:44 -04:00
vmatsiiako	9a1e2260a0	Merge pull request #701 from Infisical/main Update branch	2023-06-30 16:54:26 -07:00
Vladyslav Matsiiako	dfc88d99f6	first draft new sidebar	2023-06-28 14:28:52 -07:00
Maidul Islam	079d68c042	remove dummy file content	2023-06-22 22:28:39 -04:00
Maidul Islam	4b800202fb	git app with probot	2023-06-22 22:26:23 -04:00