Merge pull request #1814 from Infisical/aws-integration-patch

Allow updating tags in AWS Secret Manager integration
Add UntagResource IAM policy requirement for AWS SM integration docs
2025-08-14 08:08:30 +00:00 · 2024-05-12 15:03:19 -07:00 · 2024-05-12 08:57:41 -07:00 · 2024-05-11 13:43:04 -04:00 · 2024-05-11 23:04:43 +05:30 · 2024-05-11 11:26:21 -04:00
176 changed files with 599 additions and 13105 deletions
--- a/backend/src/db/migrations/20240405000045_org-memberships-unique-constraint.ts
+++ b/backend/src/db/migrations/20240405000045_org-memberships-unique-constraint.ts
--- a/backend/src/lib/api-docs/constants.ts
+++ b/backend/src/lib/api-docs/constants.ts
@@ -252,6 +252,7 @@ export const FOLDERS = {
    name: "The new name of the folder.",
    path: "The path of the folder to update.",
    directory: "The new directory of the folder to update. (Deprecated in favor of path)",
+    projectSlug: "The slug of the project where the folder is located.",
    workspaceId: "The ID of the project where the folder is located."
  },
  DELETE: {
--- a/backend/src/server/plugins/maintenanceMode.ts
+++ b/backend/src/server/plugins/maintenanceMode.ts
@@ -5,8 +5,13 @@ import { getConfig } from "@app/lib/config/env";
 export const maintenanceMode = fp(async (fastify) => {
  fastify.addHook("onRequest", async (req) => {
    const serverEnvs = getConfig();
-    if (req.url !== "/api/v1/auth/checkAuth" && req.method !== "GET" && serverEnvs.MAINTENANCE_MODE) {
-      throw new Error("Infisical is in maintenance mode. Please try again later.");
+    if (serverEnvs.MAINTENANCE_MODE) {
+      // skip if its universal auth login or renew
+      if (req.url === "/api/v1/auth/universal-auth/login" && req.method === "POST") return;
+      if (req.url === "/api/v1/auth/token/renew" && req.method === "POST") return;
+      if (req.url !== "/api/v1/auth/checkAuth" && req.method !== "GET") {
+        throw new Error("Infisical is in maintenance mode. Please try again later.");
+      }
    }
  });
 });
--- a/backend/src/server/routes/index.ts
+++ b/backend/src/server/routes/index.ts
@@ -538,8 +538,10 @@ export const registerRoutes = async (
    folderDAL,
    folderVersionDAL,
    projectEnvDAL,
-    snapshotService
+    snapshotService,
+    projectDAL
  });
+
  const integrationAuthService = integrationAuthServiceFactory({
    integrationAuthDAL,
    integrationDAL,
--- a/backend/src/server/routes/v1/integration-router.ts
+++ b/backend/src/server/routes/v1/integration-router.ts
@@ -143,8 +143,8 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
        integrationId: z.string().trim().describe(INTEGRATION.UPDATE.integrationId)
      }),
      body: z.object({
-        app: z.string().trim().describe(INTEGRATION.UPDATE.app),
-        appId: z.string().trim().describe(INTEGRATION.UPDATE.appId),
+        app: z.string().trim().optional().describe(INTEGRATION.UPDATE.app),
+        appId: z.string().trim().optional().describe(INTEGRATION.UPDATE.appId),
        isActive: z.boolean().describe(INTEGRATION.UPDATE.isActive),
        secretPath: z
          .string()
@@ -154,7 +154,33 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
          .describe(INTEGRATION.UPDATE.secretPath),
        targetEnvironment: z.string().trim().describe(INTEGRATION.UPDATE.targetEnvironment),
        owner: z.string().trim().describe(INTEGRATION.UPDATE.owner),
-        environment: z.string().trim().describe(INTEGRATION.UPDATE.environment)
+        environment: z.string().trim().describe(INTEGRATION.UPDATE.environment),
+        metadata: z
+          .object({
+            secretPrefix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretPrefix),
+            secretSuffix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretSuffix),
+            initialSyncBehavior: z.string().optional().describe(INTEGRATION.CREATE.metadata.initialSyncBehavoir),
+            shouldAutoRedeploy: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldAutoRedeploy),
+            secretGCPLabel: z
+              .object({
+                labelName: z.string(),
+                labelValue: z.string()
+              })
+              .optional()
+              .describe(INTEGRATION.CREATE.metadata.secretGCPLabel),
+            secretAWSTag: z
+              .array(
+                z.object({
+                  key: z.string(),
+                  value: z.string()
+                })
+              )
+              .optional()
+              .describe(INTEGRATION.CREATE.metadata.secretAWSTag),
+            kmsKeyId: z.string().optional().describe(INTEGRATION.CREATE.metadata.kmsKeyId),
+            shouldDisableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldDisableDelete)
+          })
+          .optional()
      }),
      response: {
        200: z.object({
--- a/backend/src/server/routes/v1/secret-folder-router.ts
+++ b/backend/src/server/routes/v1/secret-folder-router.ts
@@ -127,6 +127,70 @@ export const registerSecretFolderRouter = async (server: FastifyZodProvider) =>
    }
  });

+  server.route({
+    url: "/batch",
+    method: "PATCH",
+    config: {
+      rateLimit: secretsLimit
+    },
+    schema: {
+      description: "Update folders by batch",
+      security: [
+        {
+          bearerAuth: []
+        }
+      ],
+      body: z.object({
+        projectSlug: z.string().trim().describe(FOLDERS.UPDATE.projectSlug),
+        folders: z
+          .object({
+            id: z.string().describe(FOLDERS.UPDATE.folderId),
+            environment: z.string().trim().describe(FOLDERS.UPDATE.environment),
+            name: z.string().trim().describe(FOLDERS.UPDATE.name),
+            path: z.string().trim().default("/").transform(removeTrailingSlash).describe(FOLDERS.UPDATE.path)
+          })
+          .array()
+          .min(1)
+      }),
+      response: {
+        200: z.object({
+          folders: SecretFoldersSchema.array()
+        })
+      }
+    },
+    onRequest: verifyAuth([AuthMode.JWT, AuthMode.API_KEY, AuthMode.SERVICE_TOKEN, AuthMode.IDENTITY_ACCESS_TOKEN]),
+    handler: async (req) => {
+      const { newFolders, oldFolders, projectId } = await server.services.folder.updateManyFolders({
+        ...req.body,
+        actorId: req.permission.id,
+        actor: req.permission.type,
+        actorAuthMethod: req.permission.authMethod,
+        actorOrgId: req.permission.orgId
+      });
+
+      await Promise.all(
+        req.body.folders.map(async (folder, index) => {
+          await server.services.auditLog.createAuditLog({
+            ...req.auditLogInfo,
+            projectId,
+            event: {
+              type: EventType.UPDATE_FOLDER,
+              metadata: {
+                environment: oldFolders[index].envId,
+                folderId: oldFolders[index].id,
+                folderPath: folder.path,
+                newFolderName: newFolders[index].name,
+                oldFolderName: oldFolders[index].name
+              }
+            }
+          });
+        })
+      );
+
+      return { folders: newFolders };
+    }
+  });
+
  // TODO(daniel): Expose this route in api reference and write docs for it.
  server.route({
    method: "DELETE",
--- a/backend/src/services/integration-auth/integration-sync-secret.ts
+++ b/backend/src/services/integration-auth/integration-sync-secret.ts
@@ -9,9 +9,12 @@

 import {
  CreateSecretCommand,
+  DescribeSecretCommand,
  GetSecretValueCommand,
  ResourceNotFoundException,
  SecretsManagerClient,
+  TagResourceCommand,
+  UntagResourceCommand,
  UpdateSecretCommand
 } from "@aws-sdk/client-secrets-manager";
 import { Octokit } from "@octokit/rest";
@@ -574,6 +577,7 @@ const syncSecretsAWSSecretManager = async ({
    if (awsSecretManagerSecret?.SecretString) {
      awsSecretManagerSecretObj = JSON.parse(awsSecretManagerSecret.SecretString);
    }
+
    if (!isEqual(awsSecretManagerSecretObj, secKeyVal)) {
      await secretsManager.send(
        new UpdateSecretCommand({
@@ -582,7 +586,88 @@ const syncSecretsAWSSecretManager = async ({
        })
      );
    }
+
+    const secretAWSTag = metadata.secretAWSTag as { key: string; value: string }[] | undefined;
+
+    if (secretAWSTag && secretAWSTag.length) {
+      const describedSecret = await secretsManager.send(
+        // requires secretsmanager:DescribeSecret policy
+        new DescribeSecretCommand({
+          SecretId: integration.app as string
+        })
+      );
+
+      if (!describedSecret.Tags) return;
+
+      const integrationTagObj = secretAWSTag.reduce(
+        (acc, item) => {
+          acc[item.key] = item.value;
+          return acc;
+        },
+        {} as Record<string, string>
+      );
+
+      const awsTagObj = (describedSecret.Tags || []).reduce(
+        (acc, item) => {
+          if (item.Key && item.Value) {
+            acc[item.Key] = item.Value;
+          }
+          return acc;
+        },
+        {} as Record<string, string>
+      );
+
+      const tagsToUpdate: { Key: string; Value: string }[] = [];
+      const tagsToDelete: { Key: string; Value: string }[] = [];
+
+      describedSecret.Tags?.forEach((tag) => {
+        if (tag.Key && tag.Value) {
+          if (!(tag.Key in integrationTagObj)) {
+            // delete tag from AWS secret manager
+            tagsToDelete.push({
+              Key: tag.Key,
+              Value: tag.Value
+            });
+          } else if (tag.Value !== integrationTagObj[tag.Key]) {
+            // update tag in AWS secret manager
+            tagsToUpdate.push({
+              Key: tag.Key,
+              Value: integrationTagObj[tag.Key]
+            });
+          }
+        }
+      });
+
+      secretAWSTag?.forEach((tag) => {
+        if (!(tag.key in awsTagObj)) {
+          // create tag in AWS secret manager
+          tagsToUpdate.push({
+            Key: tag.key,
+            Value: tag.value
+          });
+        }
+      });
+
+      if (tagsToUpdate.length) {
+        await secretsManager.send(
+          new TagResourceCommand({
+            SecretId: integration.app as string,
+            Tags: tagsToUpdate
+          })
+        );
+      }
+
+      if (tagsToDelete.length) {
+        await secretsManager.send(
+          new UntagResourceCommand({
+            SecretId: integration.app as string,
+            TagKeys: tagsToDelete.map((tag) => tag.Key)
+          })
+        );
+      }
+    }
  } catch (err) {
+    // case when AWS manager can't find the specified secret
    if (err instanceof ResourceNotFoundException && secretsManager) {
      await secretsManager.send(
        new CreateSecretCommand({
--- a/backend/src/services/integration/integration-service.ts
+++ b/backend/src/services/integration/integration-service.ts
@@ -103,7 +103,8 @@ export const integrationServiceFactory = ({
    owner,
    isActive,
    environment,
-    secretPath
+    secretPath,
+    metadata
  }: TUpdateIntegrationDTO) => {
    const integration = await integrationDAL.findById(id);
    if (!integration) throw new BadRequestError({ message: "Integration auth not found" });
@@ -127,7 +128,17 @@ export const integrationServiceFactory = ({
      appId,
      targetEnvironment,
      owner,
-      secretPath
+      secretPath,
+      metadata: {
+        ...(integration.metadata as object),
+        ...metadata
+      }
+    });
+
+    await secretQueueService.syncIntegrations({
+      environment: folder.environment.slug,
+      secretPath,
+      projectId: folder.projectId
    });

    return updatedIntegration;
--- a/backend/src/services/integration/integration-types.ts
+++ b/backend/src/services/integration/integration-types.ts
@@ -33,13 +33,27 @@ export type TCreateIntegrationDTO = {

 export type TUpdateIntegrationDTO = {
  id: string;
-  app: string;
-  appId: string;
+  app?: string;
+  appId?: string;
  isActive?: boolean;
  secretPath: string;
  targetEnvironment: string;
  owner: string;
  environment: string;
+  metadata?: {
+    secretPrefix?: string;
+    secretSuffix?: string;
+    secretGCPLabel?: {
+      labelName: string;
+      labelValue: string;
+    };
+    secretAWSTag?: {
+      key: string;
+      value: string;
+    }[];
+    kmsKeyId?: string;
+    shouldDisableDelete?: boolean;
+  };
 } & Omit<TProjectPermission, "projectId">;

 export type TDeleteIntegrationDTO = {
--- a/backend/src/services/secret-folder/secret-folder-service.ts
+++ b/backend/src/services/secret-folder/secret-folder-service.ts
@@ -8,9 +8,16 @@ import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services
 import { TSecretSnapshotServiceFactory } from "@app/ee/services/secret-snapshot/secret-snapshot-service";
 import { BadRequestError } from "@app/lib/errors";

+import { TProjectDALFactory } from "../project/project-dal";
 import { TProjectEnvDALFactory } from "../project-env/project-env-dal";
 import { TSecretFolderDALFactory } from "./secret-folder-dal";
-import { TCreateFolderDTO, TDeleteFolderDTO, TGetFolderDTO, TUpdateFolderDTO } from "./secret-folder-types";
+import {
+  TCreateFolderDTO,
+  TDeleteFolderDTO,
+  TGetFolderDTO,
+  TUpdateFolderDTO,
+  TUpdateManyFoldersDTO
+} from "./secret-folder-types";
 import { TSecretFolderVersionDALFactory } from "./secret-folder-version-dal";

 type TSecretFolderServiceFactoryDep = {
@@ -19,6 +26,7 @@ type TSecretFolderServiceFactoryDep = {
  folderDAL: TSecretFolderDALFactory;
  projectEnvDAL: Pick<TProjectEnvDALFactory, "findOne">;
  folderVersionDAL: TSecretFolderVersionDALFactory;
+  projectDAL: Pick<TProjectDALFactory, "findProjectBySlug">;
 };

 export type TSecretFolderServiceFactory = ReturnType<typeof secretFolderServiceFactory>;
@@ -28,7 +36,8 @@ export const secretFolderServiceFactory = ({
  snapshotService,
  permissionService,
  projectEnvDAL,
-  folderVersionDAL
+  folderVersionDAL,
+  projectDAL
 }: TSecretFolderServiceFactoryDep) => {
  const createFolder = async ({
    projectId,
@@ -116,6 +125,105 @@ export const secretFolderServiceFactory = ({
    return folder;
  };

+  const updateManyFolders = async ({
+    actor,
+    actorId,
+    projectSlug,
+    actorAuthMethod,
+    actorOrgId,
+    folders
+  }: TUpdateManyFoldersDTO) => {
+    const project = await projectDAL.findProjectBySlug(projectSlug, actorOrgId);
+    if (!project) {
+      throw new BadRequestError({ message: "Project not found" });
+    }
+
+    const { permission } = await permissionService.getProjectPermission(
+      actor,
+      actorId,
+      project.id,
+      actorAuthMethod,
+      actorOrgId
+    );
+
+    folders.forEach(({ environment, path: secretPath }) => {
+      ForbiddenError.from(permission).throwUnlessCan(
+        ProjectPermissionActions.Edit,
+        subject(ProjectPermissionSub.Secrets, { environment, secretPath })
+      );
+    });
+
+    const result = await folderDAL.transaction(async (tx) =>
+      Promise.all(
+        folders.map(async (newFolder) => {
+          const { environment, path: secretPath, id, name } = newFolder;
+
+          const parentFolder = await folderDAL.findBySecretPath(project.id, environment, secretPath);
+          if (!parentFolder) {
+            throw new BadRequestError({ message: "Secret path not found", name: "Batch update folder" });
+          }
+
+          const env = await projectEnvDAL.findOne({ projectId: project.id, slug: environment });
+          if (!env) {
+            throw new BadRequestError({ message: "Environment not found", name: "Batch update folder" });
+          }
+          const folder = await folderDAL
+            .findOne({ envId: env.id, id, parentId: parentFolder.id })
+            // now folder api accepts id based change
+            // this is for cli backward compatiability and when cli removes this, we will remove this logic
+            .catch(() => folderDAL.findOne({ envId: env.id, name: id, parentId: parentFolder.id }));
+
+          if (!folder) {
+            throw new BadRequestError({ message: "Folder not found" });
+          }
+          if (name !== folder.name) {
+            // ensure that new folder name is unique
+            const folderToCheck = await folderDAL.findOne({
+              name,
+              envId: env.id,
+              parentId: parentFolder.id
+            });
+
+            if (folderToCheck) {
+              throw new BadRequestError({
+                message: "Folder with specified name already exists",
+                name: "Batch update folder"
+              });
+            }
+          }
+
+          const [doc] = await folderDAL.update(
+            { envId: env.id, id: folder.id, parentId: parentFolder.id },
+            { name },
+            tx
+          );
+          await folderVersionDAL.create(
+            {
+              name: doc.name,
+              envId: doc.envId,
+              version: doc.version,
+              folderId: doc.id
+            },
+            tx
+          );
+          if (!doc) {
+            throw new BadRequestError({ message: "Folder not found", name: "Batch update folder" });
+          }
+
+          return { oldFolder: folder, newFolder: doc };
+        })
+      )
+    );
+
+    await Promise.all(result.map(async (res) => snapshotService.performSnapshot(res.newFolder.parentId as string)));
+
+    return {
+      projectId: project.id,
+      newFolders: result.map((res) => res.newFolder),
+      oldFolders: result.map((res) => res.oldFolder)
+    };
+  };
+
  const updateFolder = async ({
    projectId,
    actor,
@@ -151,6 +259,21 @@ export const secretFolderServiceFactory = ({
      .catch(() => folderDAL.findOne({ envId: env.id, name: id, parentId: parentFolder.id }));

    if (!folder) throw new BadRequestError({ message: "Folder not found" });
+    if (name !== folder.name) {
+      // ensure that new folder name is unique
+      const folderToCheck = await folderDAL.findOne({
+        name,
+        envId: env.id,
+        parentId: parentFolder.id
+      });
+
+      if (folderToCheck) {
+        throw new BadRequestError({
+          message: "Folder with specified name already exists",
+          name: "Update folder"
+        });
+      }
+    }

    const newFolder = await folderDAL.transaction(async (tx) => {
      const [doc] = await folderDAL.update({ envId: env.id, id: folder.id, parentId: parentFolder.id }, { name }, tx);
@@ -239,6 +362,7 @@ export const secretFolderServiceFactory = ({
  return {
    createFolder,
    updateFolder,
+    updateManyFolders,
    deleteFolder,
    getFolders
  };
--- a/backend/src/services/secret-folder/secret-folder-types.ts
+++ b/backend/src/services/secret-folder/secret-folder-types.ts
@@ -13,6 +13,16 @@ export type TUpdateFolderDTO = {
  name: string;
 } & TProjectPermission;

+export type TUpdateManyFoldersDTO = {
+  projectSlug: string;
+  folders: {
+    environment: string;
+    path: string;
+    id: string;
+    name: string;
+  }[];
+} & Omit<TProjectPermission, "projectId">;
+
 export type TDeleteFolderDTO = {
  environment: string;
  path: string;
--- a/docs/integrations/cicd/githubactions.mdx
+++ b/docs/integrations/cicd/githubactions.mdx
@@ -3,9 +3,15 @@ title: "GitHub Actions"
 description: "How to sync secrets from Infisical to GitHub Actions"
 ---

+<Note>
+  Alternatively, you can use Infisical's official Github Action
+  [here](https://github.com/Infisical/secrets-action).
+</Note>
+
 Infisical lets you sync secrets to GitHub at the organization-level, repository-level, and repository environment-level.

 Prerequisites:
+
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 - Ensure that you have admin privileges to the repository you want to sync secrets to.

--- a/docs/integrations/cloud/aws-secret-manager.mdx
+++ b/docs/integrations/cloud/aws-secret-manager.mdx
@@ -29,7 +29,9 @@ Prerequisites:
            "secretsmanager:GetSecretValue",
            "secretsmanager:CreateSecret",
            "secretsmanager:UpdateSecret",
+            "secretsmanager:DescribeSecret", // if you need to add tags to secrets
            "secretsmanager:TagResource", // if you need to add tags to secrets
+            "secretsmanager:UntagResource", // if you need to add tags to secrets
            "kms:ListKeys", // if you need to specify the KMS key
            "kms:ListAliases", // if you need to specify the KMS key
            "kms:Encrypt", // if you need to specify the KMS key
--- a/frontend/src/hooks/api/secretFolders/queries.tsx
+++ b/frontend/src/hooks/api/secretFolders/queries.tsx
@@ -16,6 +16,7 @@ import {
  TGetFoldersByEnvDTO,
  TGetProjectFoldersDTO,
  TSecretFolder,
+  TUpdateFolderBatchDTO,
  TUpdateFolderDTO
 } from "./types";

@@ -190,3 +191,43 @@ export const useDeleteFolder = () => {
    }
  });
 };
+
+export const useUpdateFolderBatch = () => {
+  const queryClient = useQueryClient();
+
+  return useMutation<{}, {}, TUpdateFolderBatchDTO>({
+    mutationFn: async ({ projectSlug, folders }) => {
+      const { data } = await apiRequest.patch("/api/v1/folders/batch", {
+        projectSlug,
+        folders
+      });
+
+      return data;
+    },
+    onSuccess: (_, { projectId, folders }) => {
+      folders.forEach((folder) => {
+        queryClient.invalidateQueries(
+          folderQueryKeys.getSecretFolders({
+            projectId,
+            environment: folder.environment,
+            path: folder.path
+          })
+        );
+        queryClient.invalidateQueries(
+          secretSnapshotKeys.list({
+            workspaceId: projectId,
+            environment: folder.environment,
+            directory: folder.path
+          })
+        );
+        queryClient.invalidateQueries(
+          secretSnapshotKeys.count({
+            workspaceId: projectId,
+            environment: folder.environment,
+            directory: folder.path
+          })
+        );
+      });
+    }
+  });
+};
--- a/frontend/src/hooks/api/secretFolders/types.ts
+++ b/frontend/src/hooks/api/secretFolders/types.ts
@@ -36,3 +36,14 @@ export type TDeleteFolderDTO = {
  folderId: string;
  path?: string;
 };
+
+export type TUpdateFolderBatchDTO = {
+  projectId: string;
+  projectSlug: string;
+  folders: {
+    name: string;
+    environment: string;
+    id: string;
+    path?: string;
+  }[];
+};
--- a/frontend/src/pages/org/[id]/overview/index.tsx
+++ b/frontend/src/pages/org/[id]/overview/index.tsx
@@ -21,9 +21,7 @@ import {
  faNetworkWired,
  faPlug,
  faPlus,
-  faUserPlus,
-  faWarning,
-  faXmark
+  faUserPlus
 } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { yupResolver } from "@hookform/resolvers/yup";
@@ -56,7 +54,6 @@ import {
  fetchOrgUsers,
  useAddUserToWsNonE2EE,
  useCreateWorkspace,
-  useGetUserAction,
  useRegisterUserAction
 } from "@app/hooks/api";
 // import { fetchUserWsKey } from "@app/hooks/api/keys/queries";
@@ -312,9 +309,8 @@ const LearningItem = ({
        href={link}
      >
        <div
-          className={`${
-            complete ? "bg-gradient-to-r from-primary-500/70 p-[0.07rem]" : ""
-          } mb-3 rounded-md`}
+          className={`${complete ? "bg-gradient-to-r from-primary-500/70 p-[0.07rem]" : ""
+            } mb-3 rounded-md`}
        >
          <div
            onKeyDown={() => null}
@@ -325,11 +321,10 @@ const LearningItem = ({
                await registerUserAction.mutateAsync(userAction);
              }
            }}
-            className={`group relative flex h-[5.5rem] w-full items-center justify-between overflow-hidden rounded-md border ${
-              complete
+            className={`group relative flex h-[5.5rem] w-full items-center justify-between overflow-hidden rounded-md border ${complete
                ? "cursor-default border-mineshaft-900 bg-gradient-to-r from-[#0e1f01] to-mineshaft-700"
                : "cursor-pointer border-mineshaft-600 bg-mineshaft-800 shadow-xl hover:bg-mineshaft-700"
-            } text-mineshaft-100 duration-200`}
+              } text-mineshaft-100 duration-200`}
          >
            <div className="mr-4 flex flex-row items-center">
              <FontAwesomeIcon icon={icon} className="mx-2 w-16 text-4xl" />
@@ -407,9 +402,8 @@ const LearningItemSquare = ({
      href={link}
    >
      <div
-        className={`${
-          complete ? "bg-gradient-to-r from-primary-500/70 p-[0.07rem]" : ""
-        } w-full rounded-md`}
+        className={`${complete ? "bg-gradient-to-r from-primary-500/70 p-[0.07rem]" : ""
+          } w-full rounded-md`}
      >
        <div
          onKeyDown={() => null}
@@ -420,11 +414,10 @@ const LearningItemSquare = ({
              await registerUserAction.mutateAsync(userAction);
            }
          }}
-          className={`group relative flex w-full items-center justify-between overflow-hidden rounded-md border ${
-            complete
+          className={`group relative flex w-full items-center justify-between overflow-hidden rounded-md border ${complete
              ? "cursor-default border-mineshaft-900 bg-gradient-to-r from-[#0e1f01] to-mineshaft-700"
              : "cursor-pointer border-mineshaft-600 bg-mineshaft-800 shadow-xl hover:bg-mineshaft-700"
-          } text-mineshaft-100 duration-200`}
+            } text-mineshaft-100 duration-200`}
        >
          <div className="flex w-full flex-col items-center px-6 py-4">
            <div className="flex w-full flex-row items-start justify-between">
@@ -438,9 +431,8 @@ const LearningItemSquare = ({
                </div>
              )}
              <div
-                className={`text-right text-sm font-normal text-mineshaft-300 ${
-                  complete ? "font-semibold text-primary" : ""
-                }`}
+                className={`text-right text-sm font-normal text-mineshaft-300 ${complete ? "font-semibold text-primary" : ""
+                  }`}
              >
                {complete ? "Complete!" : `About ${time}`}
              </div>
@@ -480,14 +472,8 @@ const OrganizationPage = withPermission(
    const { currentOrg } = useOrganization();
    const routerOrgId = String(router.query.id);
    const orgWorkspaces = workspaces?.filter((workspace) => workspace.orgId === routerOrgId) || [];
-    
-    const addUsersToProject = useAddUserToWsNonE2EE();

-    const { data: updateClosed } = useGetUserAction("april_13_2024_db_update_closed");
-    const registerUserAction = useRegisterUserAction();
-    const closeUpdate = async () => {
-      await registerUserAction.mutateAsync("april_13_2024_db_update_closed");
-    };
+    const addUsersToProject = useAddUserToWsNonE2EE();

    const { popUp, handlePopUpOpen, handlePopUpClose, handlePopUpToggle } = usePopUp([
      "addNewWs",
@@ -594,31 +580,6 @@ const OrganizationPage = withPermission(
          </div>
        )}
        <div className="mb-4 flex flex-col items-start justify-start px-6 py-6 pb-0 text-3xl">
-        {(window.location.origin.includes("https://app.infisical.com") || window.location.origin.includes("http://localhost:8080")) && (
-        <div
-            className={`${
-              !updateClosed ? "block" : "hidden"
-            } mb-4 flex w-full flex-row items-center rounded-md border border-primary-600 bg-primary/10 p-2 text-base text-white`}
-          >
-            <FontAwesomeIcon icon={faWarning} className="p-6 text-4xl text-primary" />
-            <div className="text-sm">
-              <span className="text-lg font-semibold">Scheduled maintenance on May 11th 2024 </span>{" "}
-              <br />
-              Infisical will undergo scheduled maintenance for approximately 2 hour on Saturday, May 11th, 11am EST. During these hours, read
-              operations to Infisical will continue to function normally but no resources will be editable. 
-              No action is required on your end — your applications will continue to fetch secrets.
-              <br />
-            </div>
-            <button
-              type="button"
-              onClick={() => closeUpdate()}
-              aria-label="close"
-              className="flex h-full items-start text-mineshaft-100 duration-200 hover:text-red-400"
-            >
-              <FontAwesomeIcon icon={faXmark} />
-            </button>
-          </div>)}
-          
          <p className="mr-4 font-semibold text-white">Projects</p>
          <div className="mt-6 flex w-full flex-row">
            <Input
@@ -748,95 +709,94 @@ const OrganizationPage = withPermission(
          new Date().getTime() - new Date(user?.createdAt).getTime() <
          30 * 24 * 60 * 60 * 1000
        ) && (
-          <div className="mb-4 flex flex-col items-start justify-start px-6 pb-0 text-3xl">
-            <p className="mr-4 mb-4 font-semibold text-white">Onboarding Guide</p>
-            <div className="mb-3 grid w-full grid-cols-1 gap-3 lg:grid-cols-2 xl:grid-cols-3 2xl:grid-cols-4">
-              <LearningItemSquare
-                text="Watch Infisical demo"
-                subText="Set up Infisical in 3 min."
-                complete={hasUserClickedIntro}
-                icon={faHandPeace}
-                time="3 min"
-                userAction="intro_cta_clicked"
-                link="https://www.youtube.com/watch?v=PK23097-25I"
-              />
-              {orgWorkspaces.length !== 0 && (
-                <>
-                  <LearningItemSquare
-                    text="Add your secrets"
-                    subText="Drop a .env file or type your secrets."
-                    complete={hasUserPushedSecrets}
-                    icon={faPlus}
-                    time="1 min"
-                    userAction="first_time_secrets_pushed"
-                    link={`/project/${orgWorkspaces[0]?.id}/secrets/overview`}
-                  />
-                  <LearningItemSquare
-                    text="Invite your teammates"
-                    subText="Infisical is better used as a team."
-                    complete={usersInOrg}
-                    icon={faUserPlus}
-                    time="2 min"
-                    link={`/org/${router.query.id}/members?action=invite`}
-                  />
-                </>
-              )}
-              <div className="block xl:hidden 2xl:block">
+            <div className="mb-4 flex flex-col items-start justify-start px-6 pb-0 text-3xl">
+              <p className="mr-4 mb-4 font-semibold text-white">Onboarding Guide</p>
+              <div className="mb-3 grid w-full grid-cols-1 gap-3 lg:grid-cols-2 xl:grid-cols-3 2xl:grid-cols-4">
                <LearningItemSquare
-                  text="Join Infisical Slack"
-                  subText="Have any questions? Ask us!"
-                  complete={hasUserClickedSlack}
-                  icon={faSlack}
-                  time="1 min"
-                  userAction="slack_cta_clicked"
-                  link="https://infisical.com/slack"
+                  text="Watch Infisical demo"
+                  subText="Set up Infisical in 3 min."
+                  complete={hasUserClickedIntro}
+                  icon={faHandPeace}
+                  time="3 min"
+                  userAction="intro_cta_clicked"
+                  link="https://www.youtube.com/watch?v=PK23097-25I"
                />
+                {orgWorkspaces.length !== 0 && (
+                  <>
+                    <LearningItemSquare
+                      text="Add your secrets"
+                      subText="Drop a .env file or type your secrets."
+                      complete={hasUserPushedSecrets}
+                      icon={faPlus}
+                      time="1 min"
+                      userAction="first_time_secrets_pushed"
+                      link={`/project/${orgWorkspaces[0]?.id}/secrets/overview`}
+                    />
+                    <LearningItemSquare
+                      text="Invite your teammates"
+                      subText="Infisical is better used as a team."
+                      complete={usersInOrg}
+                      icon={faUserPlus}
+                      time="2 min"
+                      link={`/org/${router.query.id}/members?action=invite`}
+                    />
+                  </>
+                )}
+                <div className="block xl:hidden 2xl:block">
+                  <LearningItemSquare
+                    text="Join Infisical Slack"
+                    subText="Have any questions? Ask us!"
+                    complete={hasUserClickedSlack}
+                    icon={faSlack}
+                    time="1 min"
+                    userAction="slack_cta_clicked"
+                    link="https://infisical.com/slack"
+                  />
+                </div>
              </div>
-            </div>
-            {orgWorkspaces.length !== 0 && (
-              <div className="group relative mb-3 flex h-full w-full cursor-default flex-col items-center justify-between overflow-hidden rounded-md border border-mineshaft-600 bg-mineshaft-800 pl-2 pr-2 pt-4 pb-2 text-mineshaft-100 shadow-xl duration-200">
-                <div className="mb-4 flex w-full flex-row items-center pr-4">
-                  <div className="mr-4 flex w-full flex-row items-center">
-                    <FontAwesomeIcon icon={faNetworkWired} className="mx-2 w-16 text-4xl" />
-                    {false && (
-                      <div className="absolute left-12 top-10 flex h-7 w-7 items-center justify-center rounded-full bg-bunker-500 p-2 group-hover:bg-mineshaft-700">
-                        <FontAwesomeIcon
-                          icon={faCheckCircle}
-                          className="h-5 w-5 text-4xl text-green"
-                        />
-                      </div>
-                    )}
-                    <div className="flex flex-col items-start pl-0.5">
-                      <div className="mt-0.5 text-xl font-semibold">Inject secrets locally</div>
-                      <div className="text-sm font-normal">
-                        Replace .env files with a more secure and efficient alternative.
+              {orgWorkspaces.length !== 0 && (
+                <div className="group relative mb-3 flex h-full w-full cursor-default flex-col items-center justify-between overflow-hidden rounded-md border border-mineshaft-600 bg-mineshaft-800 pl-2 pr-2 pt-4 pb-2 text-mineshaft-100 shadow-xl duration-200">
+                  <div className="mb-4 flex w-full flex-row items-center pr-4">
+                    <div className="mr-4 flex w-full flex-row items-center">
+                      <FontAwesomeIcon icon={faNetworkWired} className="mx-2 w-16 text-4xl" />
+                      {false && (
+                        <div className="absolute left-12 top-10 flex h-7 w-7 items-center justify-center rounded-full bg-bunker-500 p-2 group-hover:bg-mineshaft-700">
+                          <FontAwesomeIcon
+                            icon={faCheckCircle}
+                            className="h-5 w-5 text-4xl text-green"
+                          />
+                        </div>
+                      )}
+                      <div className="flex flex-col items-start pl-0.5">
+                        <div className="mt-0.5 text-xl font-semibold">Inject secrets locally</div>
+                        <div className="text-sm font-normal">
+                          Replace .env files with a more secure and efficient alternative.
+                        </div>
                      </div>
                    </div>
+                    <div
+                      className={`w-28 pr-4 text-right text-sm font-semibold ${false && "text-green"
+                        }`}
+                    >
+                      About 2 min
+                    </div>
                  </div>
-                  <div
-                    className={`w-28 pr-4 text-right text-sm font-semibold ${
-                      false && "text-green"
-                    }`}
-                  >
-                    About 2 min
-                  </div>
+                  <TabsObject />
+                  {false && <div className="absolute bottom-0 left-0 h-1 w-full bg-green" />}
                </div>
-                <TabsObject />
-                {false && <div className="absolute bottom-0 left-0 h-1 w-full bg-green" />}
-              </div>
-            )}
-            {orgWorkspaces.length !== 0 && (
-              <LearningItem
-                text="Integrate Infisical with your infrastructure"
-                subText="Connect Infisical to various 3rd party services and platforms."
-                complete={false}
-                icon={faPlug}
-                time="15 min"
-                link="https://infisical.com/docs/integrations/overview"
-              />
-            )}
-          </div>
-        )}
+              )}
+              {orgWorkspaces.length !== 0 && (
+                <LearningItem
+                  text="Integrate Infisical with your infrastructure"
+                  subText="Connect Infisical to various 3rd party services and platforms."
+                  complete={false}
+                  icon={faPlug}
+                  time="15 min"
+                  link="https://infisical.com/docs/integrations/overview"
+                />
+              )}
+            </div>
+          )}
        <Modal
          isOpen={popUp.addNewWs.isOpen}
          onOpenChange={(isModalOpen) => {
--- a/frontend/src/views/SecretOverviewPage/SecretOverviewPage.tsx
+++ b/frontend/src/views/SecretOverviewPage/SecretOverviewPage.tsx
@@ -47,6 +47,7 @@ import {
  ProjectPermissionActions,
  ProjectPermissionSub,
  useOrganization,
+  useProjectPermission,
  useWorkspace
 } from "@app/context";
 import { usePopUp } from "@app/hooks";
@@ -61,6 +62,9 @@ import {
  useGetUserWsKey,
  useUpdateSecretV3
 } from "@app/hooks/api";
+import { useUpdateFolderBatch } from "@app/hooks/api/secretFolders/queries";
+import { TUpdateFolderBatchDTO } from "@app/hooks/api/secretFolders/types";
+import { TSecretFolder } from "@app/hooks/api/types";
 import { ProjectVersion } from "@app/hooks/api/workspace/types";

 import { FolderForm } from "../SecretMainPage/components/ActionBar/FolderForm";
@@ -87,6 +91,7 @@ export const SecretOverviewPage = () => {
  const parentTableRef = useRef<HTMLTableElement>(null);
  const [expandableTableWidth, setExpandableTableWidth] = useState(0);
  const [sortDir, setSortDir] = useState<"asc" | "desc">("asc");
+  const { permission } = useProjectPermission();

  useEffect(() => {
    if (parentTableRef.current) {
@@ -201,11 +206,13 @@ export const SecretOverviewPage = () => {
  const { mutateAsync: updateSecretV3 } = useUpdateSecretV3();
  const { mutateAsync: deleteSecretV3 } = useDeleteSecretV3();
  const { mutateAsync: createFolder } = useCreateFolder();
+  const { mutateAsync: updateFolderBatch } = useUpdateFolderBatch();

  const { handlePopUpOpen, handlePopUpToggle, handlePopUpClose, popUp } = usePopUp([
    "addSecretsInAllEnvs",
    "addFolder",
-    "misc"
+    "misc",
+    "updateFolder"
  ] as const);

  const handleFolderCreate = async (folderName: string) => {
@@ -236,6 +243,59 @@ export const SecretOverviewPage = () => {
    }
  };

+  const handleFolderUpdate = async (newFolderName: string) => {
+    const { name: oldFolderName } = popUp.updateFolder.data as TSecretFolder;
+
+    const updatedFolders: TUpdateFolderBatchDTO["folders"] = [];
+    userAvailableEnvs.forEach((env) => {
+      if (
+        permission.can(
+          ProjectPermissionActions.Edit,
+          subject(ProjectPermissionSub.Secrets, { environment: env.slug, secretPath })
+        )
+      ) {
+        const folder = getFolderByNameAndEnv(oldFolderName, env.slug);
+        if (folder) {
+          updatedFolders.push({
+            environment: env.slug,
+            name: newFolderName,
+            id: folder.id,
+            path: secretPath
+          });
+        }
+      }
+    });
+
+    if (updatedFolders.length === 0) {
+      createNotification({
+        type: "info",
+        text: "You don't have access to rename selected folder"
+      });
+
+      handlePopUpClose("updateFolder");
+      return;
+    }
+
+    try {
+      await updateFolderBatch({
+        projectSlug,
+        folders: updatedFolders,
+        projectId: workspaceId
+      });
+      createNotification({
+        type: "success",
+        text: "Successfully renamed folder across environments"
+      });
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to rename folder across environments"
+      });
+    } finally {
+      handlePopUpClose("updateFolder");
+    }
+  };
+
  const handleSecretCreate = async (env: string, key: string, value: string) => {
    try {
      // create folder if not existing
@@ -726,6 +786,9 @@ export const SecretOverviewPage = () => {
                      environments={visibleEnvs}
                      key={`overview-${folderName}-${index + 1}`}
                      onClick={handleFolderClick}
+                      onToggleFolderEdit={(name: string) =>
+                        handlePopUpOpen("updateFolder", { name })
+                      }
                    />
                  ))}
                {!isTableLoading &&
@@ -800,6 +863,18 @@ export const SecretOverviewPage = () => {
          <FolderForm onCreateFolder={handleFolderCreate} />
        </ModalContent>
      </Modal>
+      <Modal
+        isOpen={popUp.updateFolder.isOpen}
+        onOpenChange={(isOpen) => handlePopUpToggle("updateFolder", isOpen)}
+      >
+        <ModalContent title="Edit Folder Name">
+          <FolderForm
+            isEdit
+            defaultFolderName={(popUp.updateFolder?.data as Pick<TSecretFolder, "name">)?.name}
+            onUpdateFolder={handleFolderUpdate}
+          />
+        </ModalContent>
+      </Modal>
    </>
  );
 };
--- a/frontend/src/views/SecretOverviewPage/components/SecretOverviewFolderRow/SecretOverviewFolderRow.tsx
+++ b/frontend/src/views/SecretOverviewPage/components/SecretOverviewFolderRow/SecretOverviewFolderRow.tsx
@@ -1,8 +1,8 @@
-import { faCheck, faFolder, faXmark } from "@fortawesome/free-solid-svg-icons";
+import { faCheck, faFolder, faPencil, faXmark } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { twMerge } from "tailwind-merge";

-import { Checkbox, Td, Tr } from "@app/components/v2";
+import { Checkbox, IconButton, Td, Tr } from "@app/components/v2";

 type Props = {
  folderName: string;
@@ -11,6 +11,7 @@ type Props = {
  onClick: (path: string) => void;
  isSelected: boolean;
  onToggleFolderSelect: (folderName: string) => void;
+  onToggleFolderEdit: (name: string) => void;
 };

 export const SecretOverviewFolderRow = ({
@@ -19,6 +20,7 @@ export const SecretOverviewFolderRow = ({
  isFolderPresentInEnv,
  isSelected,
  onToggleFolderSelect,
+  onToggleFolderEdit,
  onClick
 }: Props) => {
  return (
@@ -43,6 +45,18 @@ export const SecretOverviewFolderRow = ({
            />
          </div>
          <div>{folderName}</div>
+          <IconButton
+            ariaLabel="edit-folder"
+            variant="plain"
+            size="sm"
+            className="p-0 opacity-0 group-hover:opacity-100"
+            onClick={(e) => {
+              onToggleFolderEdit(folderName);
+              e.stopPropagation();
+            }}
+          >
+            <FontAwesomeIcon icon={faPencil} size="sm" />
+          </IconButton>
        </div>
      </Td>
      {environments.map(({ slug }, i) => {
--- a/pg-migrator/.gitignore
+++ b/pg-migrator/.gitignore
@@ -1 +0,0 @@
-db
--- a/pg-migrator/package-lock.json
+++ b/pg-migrator/package-lock.json
--- a/pg-migrator/package.json
+++ b/pg-migrator/package.json
@@ -1,33 +0,0 @@
-{
-  "name": "pg-migrator",
-  "version": "1.0.0",
-  "description": "",
-  "main": "index.js",
-  "scripts": {
-    "migration": "tsx src/index.ts",
-    "rollback": "tsx src/rollback.ts",
-    "migrate:audit-log": "tsx src/audit-log-migrator.ts"
-  },
-  "author": "",
-  "license": "ISC",
-  "devDependencies": {
-    "@types/node": "^20.11.0",
-    "@types/prompt-sync": "^4.2.3",
-    "@types/uuid": "^9.0.7",
-    "tsx": "^4.7.0",
-    "typescript": "^5.3.3"
-  },
-  "dependencies": {
-    "@casl/ability": "^6.5.0",
-    "@sindresorhus/slugify": "^2.2.1",
-    "dotenv": "^16.3.1",
-    "knex": "^3.1.0",
-    "level": "^8.0.0",
-    "mongoose": "^8.0.4",
-    "nanoid": "^5.0.4",
-    "pg": "^8.11.3",
-    "prompt-sync": "^4.2.0",
-    "uuid": "^9.0.1",
-    "zod": "^3.22.4"
-  }
-}
--- a/pg-migrator/src/@types/knex.d.ts
+++ b/pg-migrator/src/@types/knex.d.ts
@@ -1,451 +0,0 @@
-import { Knex } from "knex";
-
-import {
-  TableName,
-  TApiKeys,
-  TApiKeysInsert,
-  TApiKeysUpdate,
-  TAuditLogs,
-  TAuditLogsInsert,
-  TAuditLogsUpdate,
-  TAuthTokens,
-  TAuthTokenSessions,
-  TAuthTokenSessionsInsert,
-  TAuthTokenSessionsUpdate,
-  TAuthTokensInsert,
-  TAuthTokensUpdate,
-  TBackupPrivateKey,
-  TBackupPrivateKeyInsert,
-  TBackupPrivateKeyUpdate,
-  TGitAppInstallSessions,
-  TGitAppInstallSessionsInsert,
-  TGitAppInstallSessionsUpdate,
-  TGitAppOrg,
-  TGitAppOrgInsert,
-  TGitAppOrgUpdate,
-  TIdentities,
-  TIdentitiesInsert,
-  TIdentitiesUpdate,
-  TIdentityAccessTokens,
-  TIdentityAccessTokensInsert,
-  TIdentityAccessTokensUpdate,
-  TIdentityOrgMemberships,
-  TIdentityOrgMembershipsInsert,
-  TIdentityOrgMembershipsUpdate,
-  TIdentityProjectMemberships,
-  TIdentityProjectMembershipsInsert,
-  TIdentityProjectMembershipsUpdate,
-  TIdentityUaClientSecrets,
-  TIdentityUaClientSecretsInsert,
-  TIdentityUaClientSecretsUpdate,
-  TIdentityUniversalAuths,
-  TIdentityUniversalAuthsInsert,
-  TIdentityUniversalAuthsUpdate,
-  TIncidentContacts,
-  TIncidentContactsInsert,
-  TIncidentContactsUpdate,
-  TIntegrationAuths,
-  TIntegrationAuthsInsert,
-  TIntegrationAuthsUpdate,
-  TIntegrations,
-  TIntegrationsInsert,
-  TIntegrationsUpdate,
-  TOrganizations,
-  TOrganizationsInsert,
-  TOrganizationsUpdate,
-  TOrgBots,
-  TOrgBotsInsert,
-  TOrgBotsUpdate,
-  TOrgMemberships,
-  TOrgMembershipsInsert,
-  TOrgMembershipsUpdate,
-  TOrgRoles,
-  TOrgRolesInsert,
-  TOrgRolesUpdate,
-  TProjectBots,
-  TProjectBotsInsert,
-  TProjectBotsUpdate,
-  TProjectEnvironments,
-  TProjectEnvironmentsInsert,
-  TProjectEnvironmentsUpdate,
-  TProjectKeys,
-  TProjectKeysInsert,
-  TProjectKeysUpdate,
-  TProjectMemberships,
-  TProjectMembershipsInsert,
-  TProjectMembershipsUpdate,
-  TProjectRoles,
-  TProjectRolesInsert,
-  TProjectRolesUpdate,
-  TProjects,
-  TProjectsInsert,
-  TProjectsUpdate,
-  TSamlConfigs,
-  TSamlConfigsInsert,
-  TSamlConfigsUpdate,
-  TSecretApprovalPolicies,
-  TSecretApprovalPoliciesApprovers,
-  TSecretApprovalPoliciesApproversInsert,
-  TSecretApprovalPoliciesApproversUpdate,
-  TSecretApprovalPoliciesInsert,
-  TSecretApprovalPoliciesUpdate,
-  TSecretApprovalRequests,
-  TSecretApprovalRequestSecretTags,
-  TSecretApprovalRequestSecretTagsInsert,
-  TSecretApprovalRequestSecretTagsUpdate,
-  TSecretApprovalRequestsInsert,
-  TSecretApprovalRequestsReviewers,
-  TSecretApprovalRequestsReviewersInsert,
-  TSecretApprovalRequestsReviewersUpdate,
-  TSecretApprovalRequestsSecrets,
-  TSecretApprovalRequestsSecretsInsert,
-  TSecretApprovalRequestsSecretsUpdate,
-  TSecretApprovalRequestsUpdate,
-  TSecretBlindIndexes,
-  TSecretBlindIndexesInsert,
-  TSecretBlindIndexesUpdate,
-  TSecretFolders,
-  TSecretFoldersInsert,
-  TSecretFoldersUpdate,
-  TSecretFolderVersions,
-  TSecretFolderVersionsInsert,
-  TSecretFolderVersionsUpdate,
-  TSecretImports,
-  TSecretImportsInsert,
-  TSecretImportsUpdate,
-  TSecretRotationOutputs,
-  TSecretRotationOutputsInsert,
-  TSecretRotationOutputsUpdate,
-  TSecretRotations,
-  TSecretRotationsInsert,
-  TSecretRotationsUpdate,
-  TSecrets,
-  TSecretScanningGitRisks,
-  TSecretScanningGitRisksInsert,
-  TSecretScanningGitRisksUpdate,
-  TSecretsInsert,
-  TSecretSnapshotFolders,
-  TSecretSnapshotFoldersInsert,
-  TSecretSnapshotFoldersUpdate,
-  TSecretSnapshots,
-  TSecretSnapshotSecrets,
-  TSecretSnapshotSecretsInsert,
-  TSecretSnapshotSecretsUpdate,
-  TSecretSnapshotsInsert,
-  TSecretSnapshotsUpdate,
-  TSecretsUpdate,
-  TSecretTagJunction,
-  TSecretTagJunctionInsert,
-  TSecretTagJunctionUpdate,
-  TSecretTags,
-  TSecretTagsInsert,
-  TSecretTagsUpdate,
-  TSecretVersions,
-  TSecretVersionsInsert,
-  TSecretVersionsUpdate,
-  TSecretVersionTagJunction,
-  TSecretVersionTagJunctionInsert,
-  TSecretVersionTagJunctionUpdate,
-  TServiceTokens,
-  TServiceTokensInsert,
-  TServiceTokensUpdate,
-  TSuperAdmin,
-  TSuperAdminInsert,
-  TSuperAdminUpdate,
-  TTrustedIps,
-  TTrustedIpsInsert,
-  TTrustedIpsUpdate,
-  TUserActions,
-  TUserActionsInsert,
-  TUserActionsUpdate,
-  TUserEncryptionKeys,
-  TUserEncryptionKeysInsert,
-  TUserEncryptionKeysUpdate,
-  TUsers,
-  TUsersInsert,
-  TUsersUpdate,
-  TWebhooks,
-  TWebhooksInsert,
-  TWebhooksUpdate,
-} from "../schemas";
-
-declare module "knex/types/tables" {
-  interface Tables {
-    [TableName.Users]: Knex.CompositeTableType<
-      TUsers,
-      TUsersInsert,
-      TUsersUpdate
-    >;
-    [TableName.UserEncryptionKey]: Knex.CompositeTableType<
-      TUserEncryptionKeys,
-      TUserEncryptionKeysInsert,
-      TUserEncryptionKeysUpdate
-    >;
-    [TableName.AuthTokens]: Knex.CompositeTableType<
-      TAuthTokens,
-      TAuthTokensInsert,
-      TAuthTokensUpdate
-    >;
-    [TableName.AuthTokenSession]: Knex.CompositeTableType<
-      TAuthTokenSessions,
-      TAuthTokenSessionsInsert,
-      TAuthTokenSessionsUpdate
-    >;
-    [TableName.BackupPrivateKey]: Knex.CompositeTableType<
-      TBackupPrivateKey,
-      TBackupPrivateKeyInsert,
-      TBackupPrivateKeyUpdate
-    >;
-    [TableName.Organization]: Knex.CompositeTableType<
-      TOrganizations,
-      TOrganizationsInsert,
-      TOrganizationsUpdate
-    >;
-    [TableName.OrgMembership]: Knex.CompositeTableType<
-      TOrgMemberships,
-      TOrgMembershipsInsert,
-      TOrgMembershipsUpdate
-    >;
-    [TableName.OrgRoles]: Knex.CompositeTableType<
-      TOrgRoles,
-      TOrgRolesInsert,
-      TOrgRolesUpdate
-    >;
-    [TableName.IncidentContact]: Knex.CompositeTableType<
-      TIncidentContacts,
-      TIncidentContactsInsert,
-      TIncidentContactsUpdate
-    >;
-    [TableName.UserAction]: Knex.CompositeTableType<
-      TUserActions,
-      TUserActionsInsert,
-      TUserActionsUpdate
-    >;
-    [TableName.SuperAdmin]: Knex.CompositeTableType<
-      TSuperAdmin,
-      TSuperAdminInsert,
-      TSuperAdminUpdate
-    >;
-    [TableName.ApiKey]: Knex.CompositeTableType<
-      TApiKeys,
-      TApiKeysInsert,
-      TApiKeysUpdate
-    >;
-    [TableName.Project]: Knex.CompositeTableType<
-      TProjects,
-      TProjectsInsert,
-      TProjectsUpdate
-    >;
-    [TableName.ProjectMembership]: Knex.CompositeTableType<
-      TProjectMemberships,
-      TProjectMembershipsInsert,
-      TProjectMembershipsUpdate
-    >;
-    [TableName.Environment]: Knex.CompositeTableType<
-      TProjectEnvironments,
-      TProjectEnvironmentsInsert,
-      TProjectEnvironmentsUpdate
-    >;
-    [TableName.ProjectBot]: Knex.CompositeTableType<
-      TProjectBots,
-      TProjectBotsInsert,
-      TProjectBotsUpdate
-    >;
-    [TableName.ProjectRoles]: Knex.CompositeTableType<
-      TProjectRoles,
-      TProjectRolesInsert,
-      TProjectRolesUpdate
-    >;
-    [TableName.ProjectKeys]: Knex.CompositeTableType<
-      TProjectKeys,
-      TProjectKeysInsert,
-      TProjectKeysUpdate
-    >;
-    [TableName.Secret]: Knex.CompositeTableType<
-      TSecrets,
-      TSecretsInsert,
-      TSecretsUpdate
-    >;
-    [TableName.SecretBlindIndex]: Knex.CompositeTableType<
-      TSecretBlindIndexes,
-      TSecretBlindIndexesInsert,
-      TSecretBlindIndexesUpdate
-    >;
-    [TableName.SecretVersion]: Knex.CompositeTableType<
-      TSecretVersions,
-      TSecretVersionsInsert,
-      TSecretVersionsUpdate
-    >;
-    [TableName.SecretFolder]: Knex.CompositeTableType<
-      TSecretFolders,
-      TSecretFoldersInsert,
-      TSecretFoldersUpdate
-    >;
-    [TableName.SecretFolderVersion]: Knex.CompositeTableType<
-      TSecretFolderVersions,
-      TSecretFolderVersionsInsert,
-      TSecretFolderVersionsUpdate
-    >;
-    [TableName.SecretTag]: Knex.CompositeTableType<
-      TSecretTags,
-      TSecretTagsInsert,
-      TSecretTagsUpdate
-    >;
-    [TableName.SecretImport]: Knex.CompositeTableType<
-      TSecretImports,
-      TSecretImportsInsert,
-      TSecretImportsUpdate
-    >;
-    [TableName.Integration]: Knex.CompositeTableType<
-      TIntegrations,
-      TIntegrationsInsert,
-      TIntegrationsUpdate
-    >;
-    [TableName.Webhook]: Knex.CompositeTableType<
-      TWebhooks,
-      TWebhooksInsert,
-      TWebhooksUpdate
-    >;
-    [TableName.ServiceToken]: Knex.CompositeTableType<
-      TServiceTokens,
-      TServiceTokensInsert,
-      TServiceTokensUpdate
-    >;
-    [TableName.IntegrationAuth]: Knex.CompositeTableType<
-      TIntegrationAuths,
-      TIntegrationAuthsInsert,
-      TIntegrationAuthsUpdate
-    >;
-    [TableName.Identity]: Knex.CompositeTableType<
-      TIdentities,
-      TIdentitiesInsert,
-      TIdentitiesUpdate
-    >;
-    [TableName.IdentityUniversalAuth]: Knex.CompositeTableType<
-      TIdentityUniversalAuths,
-      TIdentityUniversalAuthsInsert,
-      TIdentityUniversalAuthsUpdate
-    >;
-    [TableName.IdentityUaClientSecret]: Knex.CompositeTableType<
-      TIdentityUaClientSecrets,
-      TIdentityUaClientSecretsInsert,
-      TIdentityUaClientSecretsUpdate
-    >;
-    [TableName.IdentityAccessToken]: Knex.CompositeTableType<
-      TIdentityAccessTokens,
-      TIdentityAccessTokensInsert,
-      TIdentityAccessTokensUpdate
-    >;
-    [TableName.IdentityOrgMembership]: Knex.CompositeTableType<
-      TIdentityOrgMemberships,
-      TIdentityOrgMembershipsInsert,
-      TIdentityOrgMembershipsUpdate
-    >;
-    [TableName.IdentityProjectMembership]: Knex.CompositeTableType<
-      TIdentityProjectMemberships,
-      TIdentityProjectMembershipsInsert,
-      TIdentityProjectMembershipsUpdate
-    >;
-    [TableName.SecretApprovalPolicy]: Knex.CompositeTableType<
-      TSecretApprovalPolicies,
-      TSecretApprovalPoliciesInsert,
-      TSecretApprovalPoliciesUpdate
-    >;
-    [TableName.SecretApprovalPolicyApprover]: Knex.CompositeTableType<
-      TSecretApprovalPoliciesApprovers,
-      TSecretApprovalPoliciesApproversInsert,
-      TSecretApprovalPoliciesApproversUpdate
-    >;
-    [TableName.SecretApprovalRequest]: Knex.CompositeTableType<
-      TSecretApprovalRequests,
-      TSecretApprovalRequestsInsert,
-      TSecretApprovalRequestsUpdate
-    >;
-    [TableName.SecretApprovalRequestReviewer]: Knex.CompositeTableType<
-      TSecretApprovalRequestsReviewers,
-      TSecretApprovalRequestsReviewersInsert,
-      TSecretApprovalRequestsReviewersUpdate
-    >;
-    [TableName.SecretApprovalRequestSecret]: Knex.CompositeTableType<
-      TSecretApprovalRequestsSecrets,
-      TSecretApprovalRequestsSecretsInsert,
-      TSecretApprovalRequestsSecretsUpdate
-    >;
-    [TableName.SecretApprovalRequestSecretTag]: Knex.CompositeTableType<
-      TSecretApprovalRequestSecretTags,
-      TSecretApprovalRequestSecretTagsInsert,
-      TSecretApprovalRequestSecretTagsUpdate
-    >;
-    [TableName.SecretRotation]: Knex.CompositeTableType<
-      TSecretRotations,
-      TSecretRotationsInsert,
-      TSecretRotationsUpdate
-    >;
-    [TableName.SecretRotationOutput]: Knex.CompositeTableType<
-      TSecretRotationOutputs,
-      TSecretRotationOutputsInsert,
-      TSecretRotationOutputsUpdate
-    >;
-    [TableName.Snapshot]: Knex.CompositeTableType<
-      TSecretSnapshots,
-      TSecretSnapshotsInsert,
-      TSecretSnapshotsUpdate
-    >;
-    [TableName.SnapshotSecret]: Knex.CompositeTableType<
-      TSecretSnapshotSecrets,
-      TSecretSnapshotSecretsInsert,
-      TSecretSnapshotSecretsUpdate
-    >;
-    [TableName.SnapshotFolder]: Knex.CompositeTableType<
-      TSecretSnapshotFolders,
-      TSecretSnapshotFoldersInsert,
-      TSecretSnapshotFoldersUpdate
-    >;
-    [TableName.SamlConfig]: Knex.CompositeTableType<
-      TSamlConfigs,
-      TSamlConfigsInsert,
-      TSamlConfigsUpdate
-    >;
-    [TableName.OrgBot]: Knex.CompositeTableType<
-      TOrgBots,
-      TOrgBotsInsert,
-      TOrgBotsUpdate
-    >;
-    [TableName.AuditLog]: Knex.CompositeTableType<
-      TAuditLogs,
-      TAuditLogsInsert,
-      TAuditLogsUpdate
-    >;
-    [TableName.GitAppInstallSession]: Knex.CompositeTableType<
-      TGitAppInstallSessions,
-      TGitAppInstallSessionsInsert,
-      TGitAppInstallSessionsUpdate
-    >;
-    [TableName.GitAppOrg]: Knex.CompositeTableType<
-      TGitAppOrg,
-      TGitAppOrgInsert,
-      TGitAppOrgUpdate
-    >;
-    [TableName.SecretScanningGitRisk]: Knex.CompositeTableType<
-      TSecretScanningGitRisks,
-      TSecretScanningGitRisksInsert,
-      TSecretScanningGitRisksUpdate
-    >;
-    [TableName.TrustedIps]: Knex.CompositeTableType<
-      TTrustedIps,
-      TTrustedIpsInsert,
-      TTrustedIpsUpdate
-    >;
-    // Junction tables
-    [TableName.JnSecretTag]: Knex.CompositeTableType<
-      TSecretTagJunction,
-      TSecretTagJunctionInsert,
-      TSecretTagJunctionUpdate
-    >;
-    [TableName.SecretVersionTag]: Knex.CompositeTableType<
-      TSecretVersionTagJunction,
-      TSecretVersionTagJunctionInsert,
-      TSecretVersionTagJunctionUpdate
-    >;
-  }
-}
--- a/pg-migrator/src/audit-log-migrator.ts
+++ b/pg-migrator/src/audit-log-migrator.ts
--- a/pg-migrator/src/folder.ts
+++ b/pg-migrator/src/folder.ts
@@ -1,36 +0,0 @@
-import { TFolderSchema } from "./models";
-
-export const folderBfsTraversal = async (
-  root: TFolderSchema,
-  callback: (
-    data: TFolderSchema & { parentId: string | null },
-  ) => void | Promise<void>,
-) => {
-  const queue = [root];
-  while (queue.length) {
-    const folder = queue.pop() as TFolderSchema & { parentId: null };
-    callback(folder);
-    queue.push(
-      ...folder.children.map((el) => ({
-        ...el,
-        parentId: folder.id,
-      })),
-    );
-  }
-};
-
-export const flattenFolders = (folders: TFolderSchema) => {
-  const flattened: {
-    id: string;
-    parentId: string | null;
-    name: string;
-    version: number;
-  }[] = [];
-  
-  if(!folders) return []
-
-  folderBfsTraversal(folders, ({ name, version, parentId, id }) => {
-    flattened.push({ name, version, parentId, id });
-  });
-  return flattened;
-};
--- a/pg-migrator/src/index.ts
+++ b/pg-migrator/src/index.ts
--- a/pg-migrator/src/migrations/20231128072457_user.ts
+++ b/pg-migrator/src/migrations/20231128072457_user.ts
@@ -1,37 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import {
-  createOnUpdateTrigger,
-  createUpdateAtTriggerFunction,
-  dropOnUpdateTrigger,
-  dropUpdatedAtTriggerFunction
-} from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  const isTablePresent = await knex.schema.hasTable(TableName.Users);
-  if (!isTablePresent) {
-    await knex.schema.createTable(TableName.Users, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("email").notNullable();
-      t.specificType("authMethods", "text[]");
-      t.boolean("superAdmin").defaultTo(false);
-      t.string("firstName");
-      t.string("lastName");
-      t.boolean("isAccepted").defaultTo(false);
-      t.boolean("isMfaEnabled").defaultTo(false);
-      t.specificType("mfaMethods", "text[]");
-      t.jsonb("devices");
-      t.timestamps(true, true, true);
-    });
-  }
-  // this is a one time function
-  await createUpdateAtTriggerFunction(knex);
-  await createOnUpdateTrigger(knex, TableName.Users);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.Users);
-  await dropOnUpdateTrigger(knex, TableName.Users);
-  await dropUpdatedAtTriggerFunction(knex);
-}
--- a/pg-migrator/src/migrations/20231128092347_user-encryption-key.ts
+++ b/pg-migrator/src/migrations/20231128092347_user-encryption-key.ts
@@ -1,31 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const isTablePresent = await knex.schema.hasTable(TableName.UserEncryptionKey);
-  if (!isTablePresent) {
-    await knex.schema.createTable(TableName.UserEncryptionKey, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.text("clientPublicKey");
-      t.text("serverPrivateKey");
-      t.integer("encryptionVersion").defaultTo(2);
-      t.text("protectedKey");
-      t.text("protectedKeyIV");
-      t.text("protectedKeyTag");
-      t.text("publicKey").notNullable();
-      t.text("encryptedPrivateKey").notNullable();
-      t.text("iv").notNullable();
-      t.text("tag").notNullable();
-      t.text("salt").notNullable();
-      t.text("verifier").notNullable();
-      // one to one relationship
-      t.uuid("userId").notNullable().unique();
-      t.foreign("userId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.UserEncryptionKey);
-}
--- a/pg-migrator/src/migrations/20231129072939_auth-token.ts
+++ b/pg-migrator/src/migrations/20231129072939_auth-token.ts
@@ -1,25 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const isTablePresent = await knex.schema.hasTable(TableName.AuthTokens);
-  if (!isTablePresent) {
-    await knex.schema.createTable(TableName.AuthTokens, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("type").notNullable();
-      t.string("phoneNumber");
-      t.string("tokenHash").notNullable();
-      t.integer("triesLeft");
-      t.datetime("expiresAt").notNullable();
-      // does not need update trigger we will do it manually
-      t.timestamps(true, true, true);
-      t.uuid("userId");
-      t.foreign("userId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.AuthTokens);
-}
--- a/pg-migrator/src/migrations/20231130072734_auth-token-session.ts
+++ b/pg-migrator/src/migrations/20231130072734_auth-token-session.ts
@@ -1,29 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  const isTablePresent = await knex.schema.hasTable(TableName.AuthTokenSession);
-  if (!isTablePresent) {
-    await knex.schema.createTable(TableName.AuthTokenSession, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("ip").notNullable();
-      t.string("userAgent");
-      t.integer("refreshVersion").notNullable().defaultTo(1);
-      t.integer("accessVersion").notNullable().defaultTo(1);
-      t.datetime("lastUsed").notNullable();
-      // does not need update trigger we will do it manually
-      t.timestamps(true, true, true);
-      t.uuid("userId").notNullable();
-      t.foreign("userId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-    });
-  }
-  // this is a one time function
-  await createOnUpdateTrigger(knex, TableName.AuthTokenSession);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.AuthTokenSession);
-  await dropOnUpdateTrigger(knex, TableName.AuthTokenSession);
-}
--- a/pg-migrator/src/migrations/20231201151432_backup-key.ts
+++ b/pg-migrator/src/migrations/20231201151432_backup-key.ts
@@ -1,26 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const doesTableExist = await knex.schema.hasTable(TableName.BackupPrivateKey);
-  if (!doesTableExist) {
-    await knex.schema.createTable(TableName.BackupPrivateKey, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.text("encryptedPrivateKey").notNullable();
-      t.text("iv").notNullable();
-      t.text("tag").notNullable();
-      t.string("algorithm").notNullable();
-      t.string("keyEncoding").notNullable();
-      t.text("salt").notNullable();
-      t.text("verifier").notNullable();
-      t.timestamps(true, true, true);
-      t.uuid("userId").notNullable().unique();
-      t.foreign("userId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.BackupPrivateKey);
-}
--- a/pg-migrator/src/migrations/20231204092737_organization.ts
+++ b/pg-migrator/src/migrations/20231204092737_organization.ts
@@ -1,35 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  const isTablePresent = await knex.schema.hasTable(TableName.Organization);
-  if (!isTablePresent) {
-    await knex.schema.createTable(TableName.Organization, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.string("customerId");
-      t.string("slug").notNullable();
-      // does not need update trigger we will do it manually
-      t.unique("slug");
-      t.timestamps(true, true, true);
-    });
-    await knex.schema.alterTable(TableName.AuthTokens, (t) => {
-      t.uuid("orgId");
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-    });
-  }
-  // this is a one time function
-  await createOnUpdateTrigger(knex, TableName.Organization);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.AuthTokens, "orgId")) {
-    await knex.schema.alterTable(TableName.AuthTokens, (t) => {
-      t.dropColumn("orgId");
-    });
-  }
-  await knex.schema.dropTableIfExists(TableName.Organization);
-  await dropOnUpdateTrigger(knex, TableName.Organization);
-}
--- a/pg-migrator/src/migrations/20231204092747_org-membership.ts
+++ b/pg-migrator/src/migrations/20231204092747_org-membership.ts
@@ -1,48 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { OrgMembershipStatus } from "../schemas/models";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  const isOrgRolePresent = await knex.schema.hasTable(TableName.OrgRoles);
-  if (!isOrgRolePresent) {
-    await knex.schema.createTable(TableName.OrgRoles, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.string("description");
-      t.string("slug").notNullable();
-      t.jsonb("permissions").notNullable();
-      // does not need update trigger we will do it manually
-      t.timestamps(true, true, true);
-      t.uuid("orgId").notNullable();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-    });
-  }
-
-  const isOrgTablePresent = await knex.schema.hasTable(TableName.OrgMembership);
-  if (!isOrgTablePresent) {
-    await knex.schema.createTable(TableName.OrgMembership, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("role").notNullable();
-      t.string("status").notNullable().defaultTo(OrgMembershipStatus.Invited);
-      t.string("inviteEmail");
-      // does not need update trigger we will do it manually
-      t.timestamps(true, true, true);
-      t.uuid("userId");
-      t.foreign("userId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-      t.uuid("orgId").notNullable();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.uuid("roleId");
-      t.foreign("roleId").references("id").inTable(TableName.OrgRoles);
-    });
-  }
-  // this is a one time function
-  await createOnUpdateTrigger(knex, TableName.OrgMembership);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.OrgMembership);
-  await knex.schema.dropTableIfExists(TableName.OrgRoles);
-  await dropOnUpdateTrigger(knex, TableName.OrgMembership);
-}
--- a/pg-migrator/src/migrations/20231205151331_incident-contact.ts
+++ b/pg-migrator/src/migrations/20231205151331_incident-contact.ts
@@ -1,25 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  const isTablePresent = await knex.schema.hasTable(TableName.IncidentContact);
-  if (!isTablePresent) {
-    await knex.schema.createTable(TableName.IncidentContact, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("email").notNullable();
-      // does not need update trigger we will do it manually
-      t.timestamps(true, true, true);
-      t.uuid("orgId").notNullable();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-    });
-  }
-  // this is a one time function
-  await createOnUpdateTrigger(knex, TableName.IncidentContact);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.IncidentContact);
-  await dropOnUpdateTrigger(knex, TableName.IncidentContact);
-}
--- a/pg-migrator/src/migrations/20231207055643_user-action.ts
+++ b/pg-migrator/src/migrations/20231207055643_user-action.ts
@@ -1,20 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const isTablePresent = await knex.schema.hasTable(TableName.UserAction);
-  if (!isTablePresent) {
-    await knex.schema.createTable(TableName.UserAction, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("action").notNullable();
-      t.timestamps(true, true, true);
-      t.uuid("userId").notNullable();
-      t.foreign("userId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.UserAction);
-}
--- a/pg-migrator/src/migrations/20231207055701_super-admin.ts
+++ b/pg-migrator/src/migrations/20231207055701_super-admin.ts
@@ -1,23 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  const isTablePresent = await knex.schema.hasTable(TableName.SuperAdmin);
-  if (!isTablePresent) {
-    await knex.schema.createTable(TableName.SuperAdmin, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.boolean("initialized").defaultTo(false);
-      t.boolean("allowSignUp").defaultTo(true);
-      t.timestamps(true, true, true);
-    });
-  }
-  // this is a one time function
-  await createOnUpdateTrigger(knex, TableName.SuperAdmin);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SuperAdmin);
-  await dropOnUpdateTrigger(knex, TableName.SuperAdmin);
-}
--- a/pg-migrator/src/migrations/20231207105059_api-key.ts
+++ b/pg-migrator/src/migrations/20231207105059_api-key.ts
@@ -1,26 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  const isTablePresent = await knex.schema.hasTable(TableName.ApiKey);
-  if (!isTablePresent) {
-    await knex.schema.createTable(TableName.ApiKey, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.datetime("lastUsed");
-      t.datetime("expiresAt");
-      t.string("secretHash").notNullable();
-      t.timestamps(true, true, true);
-      t.uuid("userId").notNullable();
-      t.foreign("userId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.ApiKey);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.ApiKey);
-  await dropOnUpdateTrigger(knex, TableName.ApiKey);
-}
--- a/pg-migrator/src/migrations/20231212110939_project.ts
+++ b/pg-migrator/src/migrations/20231212110939_project.ts
@@ -1,62 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.Project))) {
-    await knex.schema.createTable(TableName.Project, (t) => {
-      t.string("id", 36).primary().defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.string("slug").notNullable();
-      t.boolean("autoCapitalization").defaultTo(true);
-      t.uuid("orgId").notNullable();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-      t.unique(["orgId", "slug"]);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.Project);
-  // environments
-  if (!(await knex.schema.hasTable(TableName.Environment))) {
-    await knex.schema.createTable(TableName.Environment, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.string("slug").notNullable();
-      t.integer("position").notNullable();
-      t.string("projectId").notNullable();
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-      // this will ensure ever env has its position
-      t.unique(["projectId", "position"], {
-        indexName: "env_pos_composite_uniqe",
-        deferrable: "deferred"
-      });
-      t.timestamps(true, true, true);
-    });
-  }
-  // project key
-  if (!(await knex.schema.hasTable(TableName.ProjectKeys))) {
-    await knex.schema.createTable(TableName.ProjectKeys, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.text("encryptedKey").notNullable();
-      t.text("nonce").notNullable();
-      t.uuid("receiverId").notNullable();
-      t.foreign("receiverId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-      t.uuid("senderId");
-      // if sender is deleted just don't do anything to this record
-      t.foreign("senderId").references("id").inTable(TableName.Users).onDelete("SET NULL");
-      t.string("projectId").notNullable();
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.ProjectKeys);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.Environment);
-  await knex.schema.dropTableIfExists(TableName.ProjectKeys);
-  await knex.schema.dropTableIfExists(TableName.Project);
-  await dropOnUpdateTrigger(knex, TableName.ProjectKeys);
-  await dropOnUpdateTrigger(knex, TableName.Project);
-}
--- a/pg-migrator/src/migrations/20231212110946_project-membership.ts
+++ b/pg-migrator/src/migrations/20231212110946_project-membership.ts
@@ -1,43 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.ProjectRoles))) {
-    await knex.schema.createTable(TableName.ProjectRoles, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.string("description");
-      t.string("slug").notNullable();
-      t.jsonb("permissions").notNullable();
-      // does not need update trigger we will do it manually
-      t.timestamps(true, true, true);
-      t.string("projectId").notNullable();
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-    });
-  }
-
-  if (!(await knex.schema.hasTable(TableName.ProjectMembership))) {
-    await knex.schema.createTable(TableName.ProjectMembership, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("role").notNullable();
-      // does not need update trigger we will do it manually
-      t.timestamps(true, true, true);
-      t.uuid("userId").notNullable();
-      t.foreign("userId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-      t.string("projectId").notNullable();
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-      // until role is changed/removed the role should not deleted
-      t.uuid("roleId");
-      t.foreign("roleId").references("id").inTable(TableName.ProjectRoles);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.ProjectMembership);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.ProjectMembership);
-  await knex.schema.dropTableIfExists(TableName.ProjectRoles);
-  await dropOnUpdateTrigger(knex, TableName.ProjectMembership);
-}
--- a/pg-migrator/src/migrations/20231218092441_secret-folder.ts
+++ b/pg-migrator/src/migrations/20231218092441_secret-folder.ts
@@ -1,42 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.SecretFolder))) {
-    await knex.schema.createTable(TableName.SecretFolder, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.integer("version").defaultTo(1);
-      t.timestamps(true, true, true);
-      t.uuid("envId").notNullable();
-      t.foreign("envId").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-      t.uuid("parentId");
-      t.foreign("parentId").references("id").inTable(TableName.SecretFolder).onDelete("CASCADE");
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.SecretFolder);
-
-  if (!(await knex.schema.hasTable(TableName.SecretFolderVersion))) {
-    await knex.schema.createTable(TableName.SecretFolderVersion, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.integer("version").defaultTo(1);
-      t.timestamps(true, true, true);
-      t.uuid("envId").notNullable();
-      t.foreign("envId").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-      t.uuid("folderId").notNullable();
-      // t.foreign("folderId").references("id").inTable(TableName.SecretFolder).onDelete("SET NULL");
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.SecretFolderVersion);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SecretFolderVersion);
-  await knex.schema.dropTableIfExists(TableName.SecretFolder);
-  await dropOnUpdateTrigger(knex, TableName.SecretFolder);
-  await dropOnUpdateTrigger(knex, TableName.SecretFolderVersion);
-}
--- a/pg-migrator/src/migrations/20231218092508_secret-import.ts
+++ b/pg-migrator/src/migrations/20231218092508_secret-import.ts
@@ -1,30 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.SecretImport))) {
-    await knex.schema.createTable(TableName.SecretImport, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.integer("version").defaultTo(1);
-      t.string("importPath").notNullable();
-      t.uuid("importEnv").notNullable();
-      t.foreign("importEnv").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-      t.integer("position").notNullable();
-      t.timestamps(true, true, true);
-      t.uuid("folderId").notNullable();
-      t.foreign("folderId").references("id").inTable(TableName.SecretFolder).onDelete("CASCADE");
-      t.unique(["folderId", "position"], {
-        indexName: "import_pos_composite_uniqe",
-        deferrable: "deferred"
-      });
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.SecretImport);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SecretImport);
-  await dropOnUpdateTrigger(knex, TableName.SecretImport);
-}
--- a/pg-migrator/src/migrations/20231218092517_secret-tag.ts
+++ b/pg-migrator/src/migrations/20231218092517_secret-tag.ts
@@ -1,26 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.SecretTag))) {
-    await knex.schema.createTable(TableName.SecretTag, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.string("slug").notNullable();
-      t.string("color");
-      t.timestamps(true, true, true);
-      t.uuid("createdBy");
-      t.foreign("createdBy").references("id").inTable(TableName.Users).onDelete("SET NULL");
-      t.string("projectId").notNullable();
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.SecretTag);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SecretTag);
-  await dropOnUpdateTrigger(knex, TableName.SecretTag);
-}
--- a/pg-migrator/src/migrations/20231218103423_secret.ts
+++ b/pg-migrator/src/migrations/20231218103423_secret.ts
@@ -1,93 +0,0 @@
-import { Knex } from "knex";
-
-import {
-  SecretEncryptionAlgo,
-  SecretKeyEncoding,
-  SecretType,
-  TableName,
-} from "../schemas";
-import {
-  createJunctionTable,
-  createOnUpdateTrigger,
-  dropOnUpdateTrigger,
-} from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.SecretBlindIndex))) {
-    await knex.schema.createTable(TableName.SecretBlindIndex, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.text("encryptedSaltCipherText").notNullable();
-      t.text("saltIV").notNullable();
-      t.text("saltTag").notNullable();
-      t.string("algorithm")
-        .notNullable()
-        .defaultTo(SecretEncryptionAlgo.AES_256_GCM);
-      t.string("keyEncoding").notNullable().defaultTo(SecretKeyEncoding.UTF8);
-      t.string("projectId").notNullable().unique();
-      t.foreign("projectId")
-        .references("id")
-        .inTable(TableName.Project)
-        .onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.SecretBlindIndex);
-
-  if (!(await knex.schema.hasTable(TableName.Secret))) {
-    await knex.schema.createTable(TableName.Secret, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.integer("version").defaultTo(1).notNullable();
-      t.string("type").notNullable().defaultTo(SecretType.Shared);
-      // t.text("secretKeyHash").notNullable();
-      // t.text("secretValueHash");
-      // t.text("secretCommentHash");
-      // this is required but for backward compatiability we are making it nullable
-      t.text("secretBlindIndex");
-      t.text("secretKeyCiphertext").notNullable();
-      t.text("secretKeyIV").notNullable();
-      t.text("secretKeyTag").notNullable();
-      t.text("secretValueCiphertext").notNullable();
-      t.text("secretValueIV").notNullable(); // symmetric encryption
-      t.text("secretValueTag").notNullable();
-      t.text("secretCommentCiphertext");
-      t.text("secretCommentIV");
-      t.text("secretCommentTag");
-      t.string("secretReminderNote");
-      t.integer("secretReminderRepeatDays");
-      t.boolean("skipMultilineEncoding").defaultTo(false);
-      t.string("algorithm")
-        .notNullable()
-        .defaultTo(SecretEncryptionAlgo.AES_256_GCM);
-      t.string("keyEncoding").notNullable().defaultTo(SecretKeyEncoding.UTF8);
-      t.jsonb("metadata");
-      t.uuid("userId");
-      t.foreign("userId")
-        .references("id")
-        .inTable(TableName.Users)
-        .onDelete("CASCADE");
-      t.uuid("folderId").notNullable();
-      t.foreign("folderId")
-        .references("id")
-        .inTable(TableName.SecretFolder)
-        .onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.Secret);
-  // many to many relation between tags
-  await createJunctionTable(
-    knex,
-    TableName.JnSecretTag,
-    TableName.Secret,
-    TableName.SecretTag,
-  );
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SecretBlindIndex);
-  await dropOnUpdateTrigger(knex, TableName.SecretBlindIndex);
-
-  await knex.schema.dropTableIfExists(TableName.JnSecretTag);
-  await knex.schema.dropTableIfExists(TableName.Secret);
-  await dropOnUpdateTrigger(knex, TableName.Secret);
-}
--- a/pg-migrator/src/migrations/20231220052508_secret-version.ts
+++ b/pg-migrator/src/migrations/20231220052508_secret-version.ts
@@ -1,53 +0,0 @@
-import { Knex } from "knex";
-
-import { SecretEncryptionAlgo, SecretKeyEncoding, SecretType, TableName } from "../schemas";
-import { createJunctionTable, createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.SecretVersion))) {
-    await knex.schema.createTable(TableName.SecretVersion, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.integer("version").defaultTo(1).notNullable();
-      t.string("type").notNullable().defaultTo(SecretType.Shared);
-      t.text("secretBlindIndex");
-      t.text("secretKeyCiphertext").notNullable();
-      t.text("secretKeyIV").notNullable();
-      t.text("secretKeyTag").notNullable();
-      t.text("secretValueCiphertext").notNullable();
-      t.text("secretValueIV").notNullable(); // symmetric encryption
-      t.text("secretValueTag").notNullable();
-      t.text("secretCommentCiphertext");
-      t.text("secretCommentIV");
-      t.text("secretCommentTag");
-      t.string("secretReminderNote");
-      t.integer("secretReminderRepeatDays");
-      t.boolean("skipMultilineEncoding").defaultTo(false);
-      t.string("algorithm").notNullable().defaultTo(SecretEncryptionAlgo.AES_256_GCM);
-      t.string("keyEncoding").notNullable().defaultTo(SecretKeyEncoding.UTF8);
-      t.jsonb("metadata");
-      // to avoid orphan rows
-      t.uuid("envId");
-      t.foreign("envId").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-      t.uuid("secretId").notNullable();
-      t.uuid("folderId").notNullable();
-      // t.foreign("secretId").references("id").inTable(TableName.Secret).onDelete("SET NULL");
-      t.uuid("userId");
-      t.foreign("userId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.SecretVersion);
-  // many to many relation between tags
-  await createJunctionTable(
-    knex,
-    TableName.SecretVersionTag,
-    TableName.SecretVersion,
-    TableName.SecretTag
-  );
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SecretVersionTag);
-  await knex.schema.dropTableIfExists(TableName.SecretVersion);
-  await dropOnUpdateTrigger(knex, TableName.SecretVersion);
-}
--- a/pg-migrator/src/migrations/20231222092113_project-bot.ts
+++ b/pg-migrator/src/migrations/20231222092113_project-bot.ts
@@ -1,35 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.ProjectBot))) {
-    await knex.schema.createTable(TableName.ProjectBot, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.boolean("isActive").defaultTo(false).notNullable();
-      t.text("encryptedPrivateKey").notNullable();
-      t.text("publicKey").notNullable();
-      t.text("iv").notNullable();
-      t.text("tag").notNullable();
-      t.string("algorithm").notNullable();
-      t.string("keyEncoding").notNullable();
-      t.text("encryptedProjectKey");
-      t.text("encryptedProjectKeyNonce");
-      // one to one relationship
-      t.string("projectId").notNullable().unique();
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-      t.uuid("senderId");
-      t.foreign("senderId").references("id").inTable(TableName.Users).onDelete("SET NULL");
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.ProjectBot);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.ProjectBot);
-  await dropOnUpdateTrigger(knex, TableName.ProjectBot);
-}
--- a/pg-migrator/src/migrations/20231222172455_integration.ts
+++ b/pg-migrator/src/migrations/20231222172455_integration.ts
@@ -1,71 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.IntegrationAuth))) {
-    await knex.schema.createTable(TableName.IntegrationAuth, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("integration").notNullable();
-      t.string("teamId"); // vercel-specific
-      t.string("url"); // for self hosted
-      t.string("namespace"); // hashicorp specific
-      t.string("accountId"); // netlify
-      t.text("refreshCiphertext");
-      t.string("refreshIV");
-      t.string("refreshTag");
-      t.string("accessIdCiphertext");
-      t.string("accessIdIV");
-      t.string("accessIdTag");
-      t.text("accessCiphertext");
-      t.string("accessIV");
-      t.string("accessTag");
-      t.datetime("accessExpiresAt");
-      t.jsonb("metadata");
-      t.string("algorithm").notNullable();
-      t.string("keyEncoding").notNullable();
-      t.string("projectId").notNullable();
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.IntegrationAuth);
-
-  if (!(await knex.schema.hasTable(TableName.Integration))) {
-    await knex.schema.createTable(TableName.Integration, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.boolean("isActive").notNullable();
-      t.string("url"); // self hosted
-      t.string("app"); // name of app in provider
-      t.string("appId");
-      t.string("targetEnvironment");
-      t.string("targetEnvironmentId");
-      t.string("targetService"); // railway - qovery specific
-      t.string("targetServiceId");
-      t.string("owner"); // github specific
-      t.string("path"); // aws parameter store / vercel preview branch
-      t.string("region"); // aws
-      t.string("scope"); // qovery specific scope
-      t.string("integration").notNullable();
-      t.jsonb("metadata");
-      t.uuid("integrationAuthId").notNullable();
-      t.foreign("integrationAuthId")
-        .references("id")
-        .inTable(TableName.IntegrationAuth)
-        .onDelete("CASCADE");
-      t.uuid("envId").notNullable();
-      t.string("secretPath").defaultTo("/").notNullable();
-      t.foreign("envId").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.Integration);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.Integration);
-  await knex.schema.dropTableIfExists(TableName.IntegrationAuth);
-  await dropOnUpdateTrigger(knex, TableName.IntegrationAuth);
-  await dropOnUpdateTrigger(knex, TableName.Integration);
-}
--- a/pg-migrator/src/migrations/20231225072545_service-token.ts
+++ b/pg-migrator/src/migrations/20231225072545_service-token.ts
@@ -1,32 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.ServiceToken))) {
-    await knex.schema.createTable(TableName.ServiceToken, (t) => {
-      t.string("id", 36).primary().defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.jsonb("scopes").notNullable();
-      t.specificType("permissions", "text[]").notNullable();
-      t.datetime("lastUsed");
-      t.datetime("expiresAt");
-      t.text("secretHash").notNullable();
-      t.text("encryptedKey");
-      t.text("iv");
-      t.text("tag");
-      t.timestamps(true, true, true);
-      // user is old one
-      t.string("createdBy").notNullable();
-      t.string("projectId").notNullable();
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.ServiceToken);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.ServiceToken);
-  await dropOnUpdateTrigger(knex, TableName.ServiceToken);
-}
--- a/pg-migrator/src/migrations/20231225072552_webhook.ts
+++ b/pg-migrator/src/migrations/20231225072552_webhook.ts
@@ -1,32 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.Webhook))) {
-    await knex.schema.createTable(TableName.Webhook, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("secretPath").notNullable().defaultTo("/");
-      t.string("url").notNullable();
-      t.string("lastStatus");
-      t.text("lastRunErrorMessage");
-      t.boolean("isDisabled").defaultTo(false).notNullable();
-      // webhook signature
-      t.text("encryptedSecretKey");
-      t.text("iv");
-      t.text("tag");
-      t.string("algorithm");
-      t.string("keyEncoding");
-      t.timestamps(true, true, true);
-      t.uuid("envId").notNullable();
-      t.foreign("envId").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.Webhook);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.Webhook);
-  await dropOnUpdateTrigger(knex, TableName.Webhook);
-}
--- a/pg-migrator/src/migrations/20231228074856_identity.ts
+++ b/pg-migrator/src/migrations/20231228074856_identity.ts
@@ -1,21 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.Identity))) {
-    await knex.schema.createTable(TableName.Identity, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.string("authMethod");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.Identity);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.Identity);
-  await dropOnUpdateTrigger(knex, TableName.Identity);
-}
--- a/pg-migrator/src/migrations/20231228074908_identity-universal-auth.ts
+++ b/pg-migrator/src/migrations/20231228074908_identity-universal-auth.ts
@@ -1,49 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.IdentityUniversalAuth))) {
-    await knex.schema.createTable(TableName.IdentityUniversalAuth, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("clientId").notNullable();
-      t.bigint("accessTokenTTL").defaultTo(7200).notNullable();
-      t.bigint("accessTokenMaxTTL").defaultTo(7200).notNullable();
-      t.bigint("accessTokenNumUsesLimit").defaultTo(0).notNullable();
-      t.jsonb("clientSecretTrustedIps").notNullable();
-      t.jsonb("accessTokenTrustedIps").notNullable();
-      t.timestamps(true, true, true);
-      t.uuid("identityId").notNullable().unique();
-      t.foreign("identityId").references("id").inTable(TableName.Identity).onDelete("CASCADE");
-    });
-  }
-  if (!(await knex.schema.hasTable(TableName.IdentityUaClientSecret))) {
-    await knex.schema.createTable(TableName.IdentityUaClientSecret, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("description").notNullable();
-      t.string("clientSecretPrefix").notNullable();
-      t.string("clientSecretHash").notNullable();
-      t.datetime("clientSecretLastUsedAt");
-      t.bigint("clientSecretNumUses").defaultTo(0).notNullable();
-      t.bigint("clientSecretNumUsesLimit").defaultTo(0).notNullable();
-      t.bigint("clientSecretTTL").defaultTo(0).notNullable();
-      t.boolean("isClientSecretRevoked").defaultTo(false).notNullable();
-      t.timestamps(true, true, true);
-      t.uuid("identityUAId").notNullable();
-      t.foreign("identityUAId")
-        .references("id")
-        .inTable(TableName.IdentityUniversalAuth)
-        .onDelete("CASCADE");
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.IdentityUniversalAuth);
-  await createOnUpdateTrigger(knex, TableName.IdentityUaClientSecret);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.IdentityUaClientSecret);
-  await knex.schema.dropTableIfExists(TableName.IdentityUniversalAuth);
-  await dropOnUpdateTrigger(knex, TableName.IdentityUaClientSecret);
-  await dropOnUpdateTrigger(knex, TableName.IdentityUniversalAuth);
-}
--- a/pg-migrator/src/migrations/20231228075011_identity-access-token.ts
+++ b/pg-migrator/src/migrations/20231228075011_identity-access-token.ts
@@ -1,37 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.IdentityAccessToken))) {
-    await knex.schema.createTable(TableName.IdentityAccessToken, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.integer("accessTokenTTL").defaultTo(2592000).notNullable(); // 30 days second
-      t.integer("accessTokenMaxTTL").defaultTo(2592000).notNullable();
-      t.integer("accessTokenNumUses").defaultTo(0).notNullable();
-      t.integer("accessTokenNumUsesLimit").defaultTo(0).notNullable();
-      t.datetime("accessTokenLastUsedAt");
-      t.datetime("accessTokenLastRenewedAt");
-      t.boolean("isAccessTokenRevoked").defaultTo(false).notNullable();
-      t.uuid("identityUAClientSecretId");
-      t.foreign("identityUAClientSecretId")
-        .references("id")
-        .inTable(TableName.IdentityUaClientSecret)
-        .onDelete("CASCADE");
-      t.uuid("identityId").notNullable();
-      t.foreign("identityId")
-        .references("id")
-        .inTable(TableName.Identity)
-        .onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.IdentityAccessToken);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.IdentityAccessToken);
-  await dropOnUpdateTrigger(knex, TableName.IdentityAccessToken);
-}
--- a/pg-migrator/src/migrations/20231228075023_identity-membership.ts
+++ b/pg-migrator/src/migrations/20231228075023_identity-membership.ts
@@ -1,44 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.IdentityOrgMembership))) {
-    await knex.schema.createTable(TableName.IdentityOrgMembership, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("role").notNullable();
-      t.uuid("roleId");
-      t.foreign("roleId").references("id").inTable(TableName.OrgRoles);
-      t.uuid("orgId").notNullable();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-      t.uuid("identityId").notNullable();
-      t.foreign("identityId").references("id").inTable(TableName.Identity).onDelete("CASCADE");
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.IdentityOrgMembership);
-
-  if (!(await knex.schema.hasTable(TableName.IdentityProjectMembership))) {
-    await knex.schema.createTable(TableName.IdentityProjectMembership, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("role").notNullable();
-      t.uuid("roleId");
-      t.foreign("roleId").references("id").inTable(TableName.ProjectRoles);
-      t.string("projectId").notNullable();
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-      t.uuid("identityId").notNullable();
-      t.foreign("identityId").references("id").inTable(TableName.Identity).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.IdentityProjectMembership);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.IdentityOrgMembership);
-  await knex.schema.dropTableIfExists(TableName.IdentityProjectMembership);
-
-  await dropOnUpdateTrigger(knex, TableName.IdentityProjectMembership);
-  await dropOnUpdateTrigger(knex, TableName.IdentityOrgMembership);
-}
--- a/pg-migrator/src/migrations/20240101054849_secret-approval-policy.ts
+++ b/pg-migrator/src/migrations/20240101054849_secret-approval-policy.ts
@@ -1,45 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.SecretApprovalPolicy))) {
-    await knex.schema.createTable(TableName.SecretApprovalPolicy, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.string("secretPath");
-      t.integer("approvals").defaultTo(1).notNullable();
-      t.uuid("envId").notNullable();
-      t.foreign("envId").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.SecretApprovalPolicy);
-
-  if (!(await knex.schema.hasTable(TableName.SecretApprovalPolicyApprover))) {
-    await knex.schema.createTable(TableName.SecretApprovalPolicyApprover, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("approverId").notNullable();
-      t.foreign("approverId")
-        .references("id")
-        .inTable(TableName.ProjectMembership)
-        .onDelete("CASCADE");
-      t.uuid("policyId").notNullable();
-      t.foreign("policyId")
-        .references("id")
-        .inTable(TableName.SecretApprovalPolicy)
-        .onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.SecretApprovalPolicyApprover);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SecretApprovalPolicyApprover);
-  await knex.schema.dropTableIfExists(TableName.SecretApprovalPolicy);
-  await dropOnUpdateTrigger(knex, TableName.SecretApprovalPolicyApprover);
-  await dropOnUpdateTrigger(knex, TableName.SecretApprovalPolicy);
-}
--- a/pg-migrator/src/migrations/20240101104907_secret-approval-request.ts
+++ b/pg-migrator/src/migrations/20240101104907_secret-approval-request.ts
@@ -1,118 +0,0 @@
-import { Knex } from "knex";
-
-import { SecretEncryptionAlgo, SecretKeyEncoding, TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.SecretApprovalRequest))) {
-    await knex.schema.createTable(TableName.SecretApprovalRequest, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("policyId").notNullable();
-      t.boolean("hasMerged").defaultTo(false).notNullable();
-      t.string("status").defaultTo("open").notNullable();
-      t.jsonb("conflicts");
-      t.foreign("policyId")
-        .references("id")
-        .inTable(TableName.SecretApprovalPolicy)
-        .onDelete("CASCADE");
-      t.string("slug").notNullable();
-      t.uuid("folderId").notNullable();
-      t.foreign("folderId").references("id").inTable(TableName.SecretFolder).onDelete("CASCADE");
-      t.uuid("statusChangeBy");
-      t.foreign("statusChangeBy")
-        .references("id")
-        .inTable(TableName.ProjectMembership)
-        .onDelete("SET NULL");
-      t.uuid("committerId").notNullable();
-      t.foreign("committerId")
-        .references("id")
-        .inTable(TableName.ProjectMembership)
-        .onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.SecretApprovalRequest);
-
-  if (!(await knex.schema.hasTable(TableName.SecretApprovalRequestReviewer))) {
-    await knex.schema.createTable(TableName.SecretApprovalRequestReviewer, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("member").notNullable();
-      t.foreign("member").references("id").inTable(TableName.ProjectMembership).onDelete("CASCADE");
-      t.string("status").notNullable();
-      t.uuid("requestId").notNullable();
-      t.foreign("requestId")
-        .references("id")
-        .inTable(TableName.SecretApprovalRequest)
-        .onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.SecretApprovalRequestReviewer);
-
-  if (!(await knex.schema.hasTable(TableName.SecretApprovalRequestSecret))) {
-    await knex.schema.createTable(TableName.SecretApprovalRequestSecret, (t) => {
-      // everything related  to secret
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.integer("version").defaultTo(1);
-      t.text("secretBlindIndex");
-      t.text("secretKeyCiphertext").notNullable();
-      t.text("secretKeyIV").notNullable();
-      t.text("secretKeyTag").notNullable();
-      t.text("secretValueCiphertext").notNullable();
-      t.text("secretValueIV").notNullable(); // symmetric encryption
-      t.text("secretValueTag").notNullable();
-      t.text("secretCommentCiphertext");
-      t.text("secretCommentIV");
-      t.text("secretCommentTag");
-      t.string("secretReminderNote");
-      t.integer("secretReminderRepeatDays");
-      t.boolean("skipMultilineEncoding").defaultTo(false);
-      t.string("algorithm").notNullable().defaultTo(SecretEncryptionAlgo.AES_256_GCM);
-      t.string("keyEncoding").notNullable().defaultTo(SecretKeyEncoding.UTF8);
-      t.jsonb("metadata");
-      t.timestamps(true, true, true);
-      // commit details
-      t.uuid("requestId").notNullable();
-      t.foreign("requestId")
-        .references("id")
-        .inTable(TableName.SecretApprovalRequest)
-        .onDelete("CASCADE");
-      t.string("op").notNullable();
-      t.uuid("secretId");
-      t.foreign("secretId").references("id").inTable(TableName.Secret).onDelete("SET NULL");
-      t.uuid("secretVersion");
-      t.foreign("secretVersion")
-        .references("id")
-        .inTable(TableName.SecretVersion)
-        .onDelete("SET NULL");
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.SecretApprovalRequestSecret);
-
-  if (!(await knex.schema.hasTable(TableName.SecretApprovalRequestSecretTag))) {
-    await knex.schema.createTable(TableName.SecretApprovalRequestSecretTag, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("secretId").notNullable();
-      t.foreign("secretId")
-        .references("id")
-        .inTable(TableName.SecretApprovalRequestSecret)
-        .onDelete("CASCADE");
-      t.uuid("tagId").notNullable();
-      t.foreign("tagId").references("id").inTable(TableName.SecretTag).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.SecretApprovalRequestSecretTag);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SecretApprovalRequestSecretTag);
-  await knex.schema.dropTableIfExists(TableName.SecretApprovalRequestSecret);
-  await knex.schema.dropTableIfExists(TableName.SecretApprovalRequestReviewer);
-  await knex.schema.dropTableIfExists(TableName.SecretApprovalRequest);
-
-  await dropOnUpdateTrigger(knex, TableName.SecretApprovalRequestSecretTag);
-  await dropOnUpdateTrigger(knex, TableName.SecretApprovalRequestSecret);
-  await dropOnUpdateTrigger(knex, TableName.SecretApprovalRequestReviewer);
-  await dropOnUpdateTrigger(knex, TableName.SecretApprovalRequest);
-}
--- a/pg-migrator/src/migrations/20240102152111_secret-rotation.ts
+++ b/pg-migrator/src/migrations/20240102152111_secret-rotation.ts
@@ -1,47 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.SecretRotation))) {
-    await knex.schema.createTable(TableName.SecretRotation, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("provider").notNullable();
-      t.string("secretPath").notNullable();
-      t.integer("interval").notNullable();
-      t.datetime("lastRotatedAt");
-      t.string("status");
-      t.text("statusMessage");
-      t.text("encryptedData");
-      t.text("encryptedDataIV");
-      t.text("encryptedDataTag");
-      t.string("algorithm");
-      t.string("keyEncoding");
-      t.uuid("envId").notNullable();
-      t.foreign("envId").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.SecretRotation);
-
-  if (!(await knex.schema.hasTable(TableName.SecretRotationOutput))) {
-    await knex.schema.createTable(TableName.SecretRotationOutput, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("key").notNullable();
-      t.uuid("secretId").notNullable();
-      t.foreign("secretId").references("id").inTable(TableName.Secret).onDelete("CASCADE");
-      t.uuid("rotationId").notNullable();
-      t.foreign("rotationId")
-        .references("id")
-        .inTable(TableName.SecretRotation)
-        .onDelete("CASCADE");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SecretRotationOutput);
-  await knex.schema.dropTableIfExists(TableName.SecretRotation);
-  await dropOnUpdateTrigger(knex, TableName.SecretRotation);
-}
--- a/pg-migrator/src/migrations/20240104140641_secret-snapshot.ts
+++ b/pg-migrator/src/migrations/20240104140641_secret-snapshot.ts
@@ -1,61 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.Snapshot))) {
-    await knex.schema.createTable(TableName.Snapshot, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("envId").notNullable();
-      t.foreign("envId").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-      // this is not a relation kept like that
-      // this ensure snapshot are not lost when folder gets deleted and rolled back
-      t.uuid("folderId").notNullable();
-      t.uuid("parentFolderId");
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.Snapshot);
-
-  if (!(await knex.schema.hasTable(TableName.SnapshotSecret))) {
-    await knex.schema.createTable(TableName.SnapshotSecret, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("envId").notNullable();
-      t.foreign("envId").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-      // not a relation kept like that to keep it when rolled back
-      t.uuid("secretVersionId").notNullable();
-      t.foreign("secretVersionId")
-        .references("id")
-        .inTable(TableName.SecretVersion)
-        .onDelete("CASCADE");
-      t.uuid("snapshotId").notNullable();
-      t.foreign("snapshotId").references("id").inTable(TableName.Snapshot).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-
-  if (!(await knex.schema.hasTable(TableName.SnapshotFolder))) {
-    await knex.schema.createTable(TableName.SnapshotFolder, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.uuid("envId").notNullable();
-      t.foreign("envId").references("id").inTable(TableName.Environment).onDelete("CASCADE");
-      // not a relation kept like that to keep it when rolled back
-      t.uuid("folderVersionId").notNullable();
-      t.foreign("folderVersionId")
-        .references("id")
-        .inTable(TableName.SecretFolderVersion)
-        .onDelete("CASCADE");
-      t.uuid("snapshotId").notNullable();
-      t.foreign("snapshotId").references("id").inTable(TableName.Snapshot).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SnapshotSecret);
-  await knex.schema.dropTableIfExists(TableName.SnapshotFolder);
-  await knex.schema.dropTableIfExists(TableName.Snapshot);
-  await dropOnUpdateTrigger(knex, TableName.Snapshot);
-}
--- a/pg-migrator/src/migrations/20240107153439_saml-config.ts
+++ b/pg-migrator/src/migrations/20240107153439_saml-config.ts
@@ -1,33 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.SamlConfig))) {
-    await knex.schema.createTable(TableName.SamlConfig, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("authProvider").notNullable();
-      t.boolean("isActive").notNullable();
-      t.string("encryptedEntryPoint");
-      t.string("entryPointIV");
-      t.string("entryPointTag");
-      t.string("encryptedIssuer");
-      t.string("issuerTag");
-      t.string("issuerIV");
-      t.text("encryptedCert");
-      t.string("certIV");
-      t.string("certTag");
-      t.timestamps(true, true, true);
-      t.uuid("orgId").notNullable().unique();
-      t.foreign("orgId").references("id").inTable(TableName.Organization);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.SamlConfig);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SamlConfig);
-  await dropOnUpdateTrigger(knex, TableName.SamlConfig);
-}
--- a/pg-migrator/src/migrations/20240107163155_org-bot.ts
+++ b/pg-migrator/src/migrations/20240107163155_org-bot.ts
@@ -1,35 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.OrgBot))) {
-    await knex.schema.createTable(TableName.OrgBot, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("name").notNullable();
-      t.text("publicKey").notNullable();
-      t.text("encryptedSymmetricKey").notNullable();
-      t.text("symmetricKeyIV").notNullable();
-      t.text("symmetricKeyTag").notNullable();
-      t.string("symmetricKeyAlgorithm").notNullable();
-      t.string("symmetricKeyKeyEncoding").notNullable();
-      t.text("encryptedPrivateKey").notNullable();
-      t.text("privateKeyIV").notNullable();
-      t.text("privateKeyTag").notNullable();
-      t.string("privateKeyAlgorithm").notNullable();
-      t.string("privateKeyKeyEncoding").notNullable();
-      // one to one relationship
-      t.uuid("orgId").notNullable().unique();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-
-  await createOnUpdateTrigger(knex, TableName.OrgBot);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.OrgBot);
-  await dropOnUpdateTrigger(knex, TableName.OrgBot);
-}
--- a/pg-migrator/src/migrations/20240108134148_audit-log.ts
+++ b/pg-migrator/src/migrations/20240108134148_audit-log.ts
@@ -1,29 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.AuditLog))) {
-    await knex.schema.createTable(TableName.AuditLog, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("actor").notNullable();
-      t.jsonb("actorMetadata").notNullable();
-      t.string("ipAddress");
-      t.string("eventType").notNullable();
-      t.jsonb("eventMetadata");
-      t.string("userAgent");
-      t.string("userAgentType");
-      t.datetime("expiresAt");
-      t.timestamps(true, true, true);
-      // no trigger needed as this collection is append only
-      t.uuid("orgId");
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.string("projectId");
-      t.foreign("projectId").references("id").inTable(TableName.Project).onDelete("CASCADE");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.AuditLog);
-}
--- a/pg-migrator/src/migrations/20240111051011_secret-scanning.ts
+++ b/pg-migrator/src/migrations/20240111051011_secret-scanning.ts
@@ -1,79 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.GitAppInstallSession))) {
-    await knex.schema.createTable(TableName.GitAppInstallSession, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("sessionId").notNullable().unique();
-      t.uuid("userId");
-      // one to one relationship
-      t.uuid("orgId").notNullable().unique();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  createOnUpdateTrigger(knex, TableName.GitAppInstallSession);
-
-  if (!(await knex.schema.hasTable(TableName.GitAppOrg))) {
-    await knex.schema.createTable(TableName.GitAppOrg, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("installationId").notNullable().unique();
-      t.uuid("userId").notNullable();
-      // one to one relationship
-      t.uuid("orgId").notNullable().unique();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  createOnUpdateTrigger(knex, TableName.GitAppOrg);
-
-  if (!(await knex.schema.hasTable(TableName.SecretScanningGitRisk))) {
-    await knex.schema.createTable(TableName.SecretScanningGitRisk, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("description");
-      t.string("startLine");
-      t.string("endLine");
-      t.string("startColumn");
-      t.string("endColumn");
-      t.string("file");
-      t.string("symlinkFile");
-      t.string("commit");
-      t.string("entropy");
-      t.string("author");
-      t.string("email");
-      t.string("date");
-      t.text("message");
-      t.specificType("tags", "text[]");
-      t.string("ruleID");
-      t.string("fingerprint").unique();
-      t.string("fingerPrintWithoutCommitId");
-      t.boolean("isFalsePositive").defaultTo(false);
-      t.boolean("isResolved").defaultTo(false);
-      t.string("riskOwner");
-      t.string("installationId").notNullable();
-      t.string("repositoryId");
-      t.string("repositoryLink");
-      t.string("repositoryFullName");
-      t.string("pusherName");
-      t.string("pusherEmail");
-      t.string("status");
-      // one to one relationship
-      t.uuid("orgId").notNullable();
-      t.foreign("orgId").references("id").inTable(TableName.Organization).onDelete("CASCADE");
-      t.timestamps(true, true, true);
-    });
-  }
-  createOnUpdateTrigger(knex, TableName.SecretScanningGitRisk);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.SecretScanningGitRisk);
-  await knex.schema.dropTableIfExists(TableName.GitAppOrg);
-  await knex.schema.dropTableIfExists(TableName.GitAppInstallSession);
-  await dropOnUpdateTrigger(knex, TableName.SecretScanningGitRisk);
-  await dropOnUpdateTrigger(knex, TableName.GitAppOrg);
-  await dropOnUpdateTrigger(knex, TableName.GitAppInstallSession);
-}
--- a/pg-migrator/src/migrations/20240113103743_trusted-ip.ts
+++ b/pg-migrator/src/migrations/20240113103743_trusted-ip.ts
@@ -1,26 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
-
-export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasTable(TableName.TrustedIps))) {
-    await knex.schema.createTable(TableName.TrustedIps, (t) => {
-      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
-      t.string("ipAddress").notNullable();
-      t.string("type").notNullable();
-      t.integer("prefix");
-      t.boolean("isActive").defaultTo(true);
-      t.string("comment");
-      t.string("projectId").notNullable();
-      t.foreign("projectId").references("id").inTable(TableName.Project);
-      t.timestamps(true, true, true);
-    });
-  }
-  await createOnUpdateTrigger(knex, TableName.TrustedIps);
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.dropTableIfExists(TableName.TrustedIps);
-  await dropOnUpdateTrigger(knex, TableName.TrustedIps);
-}
--- a/pg-migrator/src/models/apiKeyData.ts
+++ b/pg-migrator/src/models/apiKeyData.ts
@@ -1,39 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IAPIKeyData {
-  _id: Types.ObjectId;
-  name: string;
-  user: Types.ObjectId;
-  lastUsed: Date;
-  expiresAt: Date;
-  secretHash: string;
-}
-
-const apiKeyDataSchema = new Schema<IAPIKeyData>(
-  {
-    name: {
-      type: String,
-      required: true,
-    },
-    user: {
-      type: Schema.Types.ObjectId,
-      ref: "User",
-      required: true,
-    },
-    lastUsed: {
-      type: Date,
-    },
-    expiresAt: {
-      type: Date,
-    },
-    secretHash: {
-      type: String,
-      required: true,
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const APIKeyData = model<IAPIKeyData>("APIKeyData", apiKeyDataSchema);
--- a/pg-migrator/src/models/apiKeyDataV2.ts
+++ b/pg-migrator/src/models/apiKeyDataV2.ts
@@ -1,38 +0,0 @@
-import { Document, Schema, Types, model } from "mongoose";
-
-export interface IAPIKeyDataV2 extends Document {
-    _id: Types.ObjectId;
-    name: string;
-    user: Types.ObjectId;
-    lastUsed?: Date
-    usageCount: number;
-    expiresAt?: Date;
-}
-
-const apiKeyDataV2Schema  = new Schema(
-    {
-        name: {
-            type: String,
-            required: true
-        },
-        user: {
-            type: Schema.Types.ObjectId,
-            ref: "User",
-            required: true
-        },
-        lastUsed: {
-            type: Date,
-            required: false
-        },
-        usageCount: {
-            type: Number,
-            default: 0,
-            required: true
-        }
-    },
-    {
-        timestamps: true
-    }
-);
-
-export const APIKeyDataV2 = model<IAPIKeyDataV2>("APIKeyDataV2", apiKeyDataV2Schema);
--- a/pg-migrator/src/models/auditLog/auditLog.ts
+++ b/pg-migrator/src/models/auditLog/auditLog.ts
@@ -1,70 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-import { ActorType, EventType, UserAgentType } from "./enums";
-import { Actor, Event } from "./types";
-
-export interface IAuditLog {
-  actor: Actor;
-  organization: Types.ObjectId;
-  workspace: Types.ObjectId;
-  ipAddress: string;
-  event: Event;
-  userAgent: string;
-  userAgentType: UserAgentType;
-  expiresAt?: Date;
-}
-
-const auditLogSchema = new Schema<IAuditLog>(
-  {
-    actor: {
-      type: {
-        type: String,
-        enum: ActorType,
-        required: true,
-      },
-      metadata: {
-        type: Schema.Types.Mixed,
-      },
-    },
-    organization: {
-      type: Schema.Types.ObjectId,
-      required: false,
-    },
-    workspace: {
-      type: Schema.Types.ObjectId,
-      required: false,
-      index: true,
-    },
-    ipAddress: {
-      type: String,
-      required: true,
-    },
-    event: {
-      type: {
-        type: String,
-        enum: EventType,
-        required: true,
-      },
-      metadata: {
-        type: Schema.Types.Mixed,
-      },
-    },
-    userAgent: {
-      type: String,
-      required: true,
-    },
-    userAgentType: {
-      type: String,
-      enum: UserAgentType,
-      required: true,
-    },
-    expiresAt: {
-      type: Date,
-      expires: 0,
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const AuditLog = model<IAuditLog>("AuditLog", auditLogSchema);
--- a/pg-migrator/src/models/auditLog/enums.ts
+++ b/pg-migrator/src/models/auditLog/enums.ts
@@ -1,69 +0,0 @@
-export enum ActorType { // would extend to AWS, Azure, ...
-    USER = "user", // userIdentity
-    SERVICE = "service",
-    IDENTITY = "identity"
-}
-
-export enum UserAgentType {
-  WEB = "web",
-  CLI = "cli",
-  K8_OPERATOR = "k8-operator",
-  TERRAFORM = "terraform",
-  OTHER = "other",
-  PYTHON_SDK = "InfisicalPythonSDK",
-  NODE_SDK = "InfisicalNodeSDK"
-}
-
-export enum EventType {
-  GET_SECRETS = "get-secrets",
-  GET_SECRET = "get-secret",
-  REVEAL_SECRET = "reveal-secret",
-  CREATE_SECRET = "create-secret",
-  CREATE_SECRETS = "create-secrets",
-  UPDATE_SECRET = "update-secret",
-  UPDATE_SECRETS = "update-secrets",
-  DELETE_SECRET = "delete-secret",
-  DELETE_SECRETS = "delete-secrets",
-  GET_WORKSPACE_KEY = "get-workspace-key",
-  AUTHORIZE_INTEGRATION = "authorize-integration",
-  UNAUTHORIZE_INTEGRATION = "unauthorize-integration",
-  CREATE_INTEGRATION = "create-integration",
-  DELETE_INTEGRATION = "delete-integration",
-  ADD_TRUSTED_IP = "add-trusted-ip",
-  UPDATE_TRUSTED_IP = "update-trusted-ip",
-  DELETE_TRUSTED_IP = "delete-trusted-ip",
-  CREATE_SERVICE_TOKEN = "create-service-token", // v2
-  DELETE_SERVICE_TOKEN = "delete-service-token", // v2
-  CREATE_IDENTITY = "create-identity",
-  UPDATE_IDENTITY = "update-identity",
-  DELETE_IDENTITY = "delete-identity",
-  LOGIN_IDENTITY_UNIVERSAL_AUTH = "login-identity-universal-auth",
-  ADD_IDENTITY_UNIVERSAL_AUTH = "add-identity-universal-auth",
-  UPDATE_IDENTITY_UNIVERSAL_AUTH = "update-identity-universal-auth",
-  GET_IDENTITY_UNIVERSAL_AUTH = "get-identity-universal-auth",
-  CREATE_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRET = "create-identity-universal-auth-client-secret",
-  REVOKE_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRET =  "revoke-identity-universal-auth-client-secret",
-  GET_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRETS = "get-identity-universal-auth-client-secret",
-  CREATE_ENVIRONMENT = "create-environment",
-  UPDATE_ENVIRONMENT = "update-environment",
-  DELETE_ENVIRONMENT = "delete-environment",
-  ADD_WORKSPACE_MEMBER = "add-workspace-member",
-  ADD_BATCH_WORKSPACE_MEMBER = "add-workspace-members",
-  REMOVE_WORKSPACE_MEMBER = "remove-workspace-member",
-  CREATE_FOLDER = "create-folder",
-  UPDATE_FOLDER = "update-folder",
-  DELETE_FOLDER = "delete-folder",
-  CREATE_WEBHOOK = "create-webhook",
-  UPDATE_WEBHOOK_STATUS = "update-webhook-status",
-  DELETE_WEBHOOK = "delete-webhook",
-  GET_SECRET_IMPORTS = "get-secret-imports",
-  CREATE_SECRET_IMPORT = "create-secret-import",
-  UPDATE_SECRET_IMPORT = "update-secret-import",
-  DELETE_SECRET_IMPORT = "delete-secret-import",
-  UPDATE_USER_WORKSPACE_ROLE = "update-user-workspace-role",
-  UPDATE_USER_WORKSPACE_DENIED_PERMISSIONS = "update-user-workspace-denied-permissions",
-  SECRET_APPROVAL_MERGED = "secret-approval-merged",
-  SECRET_APPROVAL_REQUEST = "secret-approval-request",
-  SECRET_APPROVAL_CLOSED = "secret-approval-closed",
-  SECRET_APPROVAL_REOPENED = "secret-approval-reopened"
-}
--- a/pg-migrator/src/models/auditLog/index.ts
+++ b/pg-migrator/src/models/auditLog/index.ts
@@ -1,3 +0,0 @@
-export * from "./auditLog";
-export * from "./enums";
-export * from "./types";
--- a/pg-migrator/src/models/auditLog/types.ts
+++ b/pg-migrator/src/models/auditLog/types.ts
@@ -1,585 +0,0 @@
-import { ActorType, EventType } from "./enums";
-import { IIdentityTrustedIp } from "../../../models";
-
-interface UserActorMetadata {
-  userId: string;
-  email: string;
-}
-
-interface ServiceActorMetadata {
-  serviceId: string;
-  name: string;
-}
-
-interface IdentityActorMetadata {
-  identityId: string;
-  name: string;
-}
-
-export interface UserActor {
-  type: ActorType.USER;
-  metadata: UserActorMetadata;
-}
-
-export interface ServiceActor {
-  type: ActorType.SERVICE;
-  metadata: ServiceActorMetadata;
-}
-
-export interface IdentityActor {
-  type: ActorType.IDENTITY;
-  metadata: IdentityActorMetadata;
-}
-
-export type Actor = UserActor | ServiceActor | IdentityActor;
-
-interface GetSecretsEvent {
-  type: EventType.GET_SECRETS;
-  metadata: {
-    environment: string;
-    secretPath: string;
-    numberOfSecrets: number;
-  };
-}
-
-interface GetSecretEvent {
-  type: EventType.GET_SECRET;
-  metadata: {
-    environment: string;
-    secretPath: string;
-    secretId: string;
-    secretKey: string;
-    secretVersion: number;
-  };
-}
-
-interface CreateSecretEvent {
-  type: EventType.CREATE_SECRET;
-  metadata: {
-    environment: string;
-    secretPath: string;
-    secretId: string;
-    secretKey: string;
-    secretVersion: number;
-  };
-}
-
-interface CreateSecretBatchEvent {
-  type: EventType.CREATE_SECRETS;
-  metadata: {
-    environment: string;
-    secretPath: string;
-    secrets: Array<{ secretId: string; secretKey: string; secretVersion: number }>;
-  };
-}
-
-interface UpdateSecretEvent {
-  type: EventType.UPDATE_SECRET;
-  metadata: {
-    environment: string;
-    secretPath: string;
-    secretId: string;
-    secretKey: string;
-    secretVersion: number;
-  };
-}
-
-interface UpdateSecretBatchEvent {
-  type: EventType.UPDATE_SECRETS;
-  metadata: {
-    environment: string;
-    secretPath: string;
-    secrets: Array<{ secretId: string; secretKey: string; secretVersion: number }>;
-  };
-}
-
-interface DeleteSecretEvent {
-  type: EventType.DELETE_SECRET;
-  metadata: {
-    environment: string;
-    secretPath: string;
-    secretId: string;
-    secretKey: string;
-    secretVersion: number;
-  };
-}
-
-interface DeleteSecretBatchEvent {
-  type: EventType.DELETE_SECRETS;
-  metadata: {
-    environment: string;
-    secretPath: string;
-    secrets: Array<{ secretId: string; secretKey: string; secretVersion: number }>;
-  };
-}
-
-interface GetWorkspaceKeyEvent {
-  type: EventType.GET_WORKSPACE_KEY;
-  metadata: {
-    keyId: string;
-  };
-}
-
-interface AuthorizeIntegrationEvent {
-  type: EventType.AUTHORIZE_INTEGRATION;
-  metadata: {
-    integration: string;
-  };
-}
-
-interface UnauthorizeIntegrationEvent {
-  type: EventType.UNAUTHORIZE_INTEGRATION;
-  metadata: {
-    integration: string;
-  };
-}
-
-interface CreateIntegrationEvent {
-  type: EventType.CREATE_INTEGRATION;
-  metadata: {
-    integrationId: string;
-    integration: string; // TODO: fix type
-    environment: string;
-    secretPath: string;
-    url?: string;
-    app?: string;
-    appId?: string;
-    targetEnvironment?: string;
-    targetEnvironmentId?: string;
-    targetService?: string;
-    targetServiceId?: string;
-    path?: string;
-    region?: string;
-  };
-}
-
-interface DeleteIntegrationEvent {
-  type: EventType.DELETE_INTEGRATION;
-  metadata: {
-    integrationId: string;
-    integration: string; // TODO: fix type
-    environment: string;
-    secretPath: string;
-    url?: string;
-    app?: string;
-    appId?: string;
-    targetEnvironment?: string;
-    targetEnvironmentId?: string;
-    targetService?: string;
-    targetServiceId?: string;
-    path?: string;
-    region?: string;
-  };
-}
-
-interface AddTrustedIPEvent {
-  type: EventType.ADD_TRUSTED_IP;
-  metadata: {
-    trustedIpId: string;
-    ipAddress: string;
-    prefix?: number;
-  };
-}
-
-interface UpdateTrustedIPEvent {
-  type: EventType.UPDATE_TRUSTED_IP;
-  metadata: {
-    trustedIpId: string;
-    ipAddress: string;
-    prefix?: number;
-  };
-}
-
-interface DeleteTrustedIPEvent {
-  type: EventType.DELETE_TRUSTED_IP;
-  metadata: {
-    trustedIpId: string;
-    ipAddress: string;
-    prefix?: number;
-  };
-}
-
-interface CreateServiceTokenEvent {
-  type: EventType.CREATE_SERVICE_TOKEN;
-  metadata: {
-    name: string;
-    scopes: Array<{
-      environment: string;
-      secretPath: string;
-    }>;
-  };
-}
-
-interface DeleteServiceTokenEvent {
-  type: EventType.DELETE_SERVICE_TOKEN;
-  metadata: {
-    name: string;
-    scopes: Array<{
-      environment: string;
-      secretPath: string;
-    }>;
-  };
-}
-
-interface CreateIdentityEvent { // note: currently not logging org-role
-  type: EventType.CREATE_IDENTITY;
-  metadata: {
-    identityId: string;
-    name: string;
-  };
-}
-
-interface UpdateIdentityEvent {
-  type: EventType.UPDATE_IDENTITY;
-  metadata: {
-    identityId: string;
-    name?: string;
-  };
-}
-
-interface DeleteIdentityEvent {
-  type: EventType.DELETE_IDENTITY;
-  metadata: {
-    identityId: string;
-  };
-}
-
-interface LoginIdentityUniversalAuthEvent {
-  type: EventType.LOGIN_IDENTITY_UNIVERSAL_AUTH ;
-  metadata: {
-    identityId: string;
-    identityUniversalAuthId: string;
-    clientSecretId: string;
-    identityAccessTokenId: string;
-  };
-}
-
-interface AddIdentityUniversalAuthEvent {
-  type: EventType.ADD_IDENTITY_UNIVERSAL_AUTH;
-  metadata: {
-    identityId: string;
-    clientSecretTrustedIps: Array<IIdentityTrustedIp>;
-    accessTokenTTL: number;
-    accessTokenMaxTTL: number;
-    accessTokenNumUsesLimit: number;
-    accessTokenTrustedIps: Array<IIdentityTrustedIp>;
-  };
-}
-
-interface UpdateIdentityUniversalAuthEvent {
-  type: EventType.UPDATE_IDENTITY_UNIVERSAL_AUTH;
-  metadata: {
-    identityId: string;
-    clientSecretTrustedIps?: Array<IIdentityTrustedIp>;
-    accessTokenTTL?: number;
-    accessTokenMaxTTL?: number;
-    accessTokenNumUsesLimit?: number;
-    accessTokenTrustedIps?: Array<IIdentityTrustedIp>;
-  };
-}
-
-interface GetIdentityUniversalAuthEvent {
-  type: EventType.GET_IDENTITY_UNIVERSAL_AUTH;
-  metadata: {
-    identityId: string;
-  };
-}
-
-interface CreateIdentityUniversalAuthClientSecretEvent {
-  type: EventType.CREATE_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRET ;
-  metadata: {
-    identityId: string;
-    clientSecretId: string;
-  };
-}
-
-interface GetIdentityUniversalAuthClientSecretsEvent {
-  type: EventType.GET_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRETS;
-  metadata: {
-    identityId: string;
-  };
-}
-
-
-interface RevokeIdentityUniversalAuthClientSecretEvent {
-  type: EventType.REVOKE_IDENTITY_UNIVERSAL_AUTH_CLIENT_SECRET ;
-  metadata: {
-    identityId: string;
-    clientSecretId: string;
-  };
-}
-
-interface CreateEnvironmentEvent {
-  type: EventType.CREATE_ENVIRONMENT;
-  metadata: {
-    name: string;
-    slug: string;
-  };
-}
-
-interface UpdateEnvironmentEvent {
-  type: EventType.UPDATE_ENVIRONMENT;
-  metadata: {
-    oldName: string;
-    newName: string;
-    oldSlug: string;
-    newSlug: string;
-  };
-}
-
-interface DeleteEnvironmentEvent {
-  type: EventType.DELETE_ENVIRONMENT;
-  metadata: {
-    name: string;
-    slug: string;
-  };
-}
-
-interface AddWorkspaceMemberEvent {
-  type: EventType.ADD_WORKSPACE_MEMBER;
-  metadata: {
-    userId: string;
-    email: string;
-  };
-}
-
-interface AddBatchWorkspaceMemberEvent {
-  type: EventType.ADD_BATCH_WORKSPACE_MEMBER;
-  metadata: Array<{
-    userId: string;
-    email: string;
-  }>;
-}
-
-interface RemoveWorkspaceMemberEvent {
-  type: EventType.REMOVE_WORKSPACE_MEMBER;
-  metadata: {
-    userId: string;
-    email: string;
-  };
-}
-
-interface CreateFolderEvent {
-  type: EventType.CREATE_FOLDER;
-  metadata: {
-    environment: string;
-    folderId: string;
-    folderName: string;
-    folderPath: string;
-  };
-}
-
-interface UpdateFolderEvent {
-  type: EventType.UPDATE_FOLDER;
-  metadata: {
-    environment: string;
-    folderId: string;
-    oldFolderName: string;
-    newFolderName: string;
-    folderPath: string;
-  };
-}
-
-interface DeleteFolderEvent {
-  type: EventType.DELETE_FOLDER;
-  metadata: {
-    environment: string;
-    folderId: string;
-    folderName: string;
-    folderPath: string;
-  };
-}
-
-interface CreateWebhookEvent {
-  type: EventType.CREATE_WEBHOOK;
-  metadata: {
-    webhookId: string;
-    environment: string;
-    secretPath: string;
-    webhookUrl: string;
-    isDisabled: boolean;
-  };
-}
-
-interface UpdateWebhookStatusEvent {
-  type: EventType.UPDATE_WEBHOOK_STATUS;
-  metadata: {
-    webhookId: string;
-    environment: string;
-    secretPath: string;
-    webhookUrl: string;
-    isDisabled: boolean;
-  };
-}
-
-interface DeleteWebhookEvent {
-  type: EventType.DELETE_WEBHOOK;
-  metadata: {
-    webhookId: string;
-    environment: string;
-    secretPath: string;
-    webhookUrl: string;
-    isDisabled: boolean;
-  };
-}
-
-interface GetSecretImportsEvent {
-  type: EventType.GET_SECRET_IMPORTS;
-  metadata: {
-    environment: string;
-    secretImportId: string;
-    folderId: string;
-    numberOfImports: number;
-  };
-}
-
-interface CreateSecretImportEvent {
-  type: EventType.CREATE_SECRET_IMPORT;
-  metadata: {
-    secretImportId: string;
-    folderId: string;
-    importFromEnvironment: string;
-    importFromSecretPath: string;
-    importToEnvironment: string;
-    importToSecretPath: string;
-  };
-}
-
-interface UpdateSecretImportEvent {
-  type: EventType.UPDATE_SECRET_IMPORT;
-  metadata: {
-    secretImportId: string;
-    folderId: string;
-    importToEnvironment: string;
-    importToSecretPath: string;
-    orderBefore: {
-      environment: string;
-      secretPath: string;
-    }[];
-    orderAfter: {
-      environment: string;
-      secretPath: string;
-    }[];
-  };
-}
-
-interface DeleteSecretImportEvent {
-  type: EventType.DELETE_SECRET_IMPORT;
-  metadata: {
-    secretImportId: string;
-    folderId: string;
-    importFromEnvironment: string;
-    importFromSecretPath: string;
-    importToEnvironment: string;
-    importToSecretPath: string;
-  };
-}
-
-interface UpdateUserRole {
-  type: EventType.UPDATE_USER_WORKSPACE_ROLE;
-  metadata: {
-    userId: string;
-    email: string;
-    oldRole: string;
-    newRole: string;
-  };
-}
-
-interface UpdateUserDeniedPermissions {
-  type: EventType.UPDATE_USER_WORKSPACE_DENIED_PERMISSIONS;
-  metadata: {
-    userId: string;
-    email: string;
-    deniedPermissions: {
-      environmentSlug: string;
-      ability: string;
-    }[];
-  };
-}
-interface SecretApprovalMerge {
-  type: EventType.SECRET_APPROVAL_MERGED;
-  metadata: {
-    mergedBy: string;
-    secretApprovalRequestSlug: string;
-    secretApprovalRequestId: string;
-  };
-}
-
-interface SecretApprovalClosed {
-  type: EventType.SECRET_APPROVAL_CLOSED;
-  metadata: {
-    closedBy: string;
-    secretApprovalRequestSlug: string;
-    secretApprovalRequestId: string;
-  };
-}
-
-interface SecretApprovalReopened {
-  type: EventType.SECRET_APPROVAL_REOPENED;
-  metadata: {
-    reopenedBy: string;
-    secretApprovalRequestSlug: string;
-    secretApprovalRequestId: string;
-  };
-}
-
-interface SecretApprovalRequest {
-  type: EventType.SECRET_APPROVAL_REQUEST;
-  metadata: {
-    committedBy: string;
-    secretApprovalRequestSlug: string;
-    secretApprovalRequestId: string;
-  };
-}
-
-export type Event =
-  | GetSecretsEvent
-  | GetSecretEvent
-  | CreateSecretEvent
-  | CreateSecretBatchEvent
-  | UpdateSecretEvent
-  | UpdateSecretBatchEvent
-  | DeleteSecretEvent
-  | DeleteSecretBatchEvent
-  | GetWorkspaceKeyEvent
-  | AuthorizeIntegrationEvent
-  | UnauthorizeIntegrationEvent
-  | CreateIntegrationEvent
-  | DeleteIntegrationEvent
-  | AddTrustedIPEvent
-  | UpdateTrustedIPEvent
-  | DeleteTrustedIPEvent
-  | CreateServiceTokenEvent
-  | DeleteServiceTokenEvent
-  | CreateIdentityEvent
-  | UpdateIdentityEvent
-  | DeleteIdentityEvent
-  | LoginIdentityUniversalAuthEvent
-  | AddIdentityUniversalAuthEvent
-  | UpdateIdentityUniversalAuthEvent
-  | GetIdentityUniversalAuthEvent
-  | CreateIdentityUniversalAuthClientSecretEvent
-  | GetIdentityUniversalAuthClientSecretsEvent
-  | RevokeIdentityUniversalAuthClientSecretEvent
-  | CreateEnvironmentEvent
-  | UpdateEnvironmentEvent
-  | DeleteEnvironmentEvent
-  | AddWorkspaceMemberEvent
-  | AddBatchWorkspaceMemberEvent
-  | RemoveWorkspaceMemberEvent
-  | CreateFolderEvent
-  | UpdateFolderEvent
-  | DeleteFolderEvent
-  | CreateWebhookEvent
-  | UpdateWebhookStatusEvent
-  | DeleteWebhookEvent
-  | GetSecretImportsEvent
-  | CreateSecretImportEvent
-  | UpdateSecretImportEvent
-  | DeleteSecretImportEvent
-  | UpdateUserRole
-  | UpdateUserDeniedPermissions
-  | SecretApprovalMerge
-  | SecretApprovalClosed
-  | SecretApprovalRequest
-  | SecretApprovalReopened;
--- a/pg-migrator/src/models/backupPrivateKey.ts
+++ b/pg-migrator/src/models/backupPrivateKey.ts
@@ -1,67 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IBackupPrivateKey {
-  _id: Types.ObjectId;
-  user: Types.ObjectId;
-  encryptedPrivateKey: string;
-  iv: string;
-  tag: string;
-  salt: string;
-  algorithm: string;
-  keyEncoding: "base64" | "utf8";
-  verifier: string;
-  createdAt: string;
-  updatedAt: string;
-}
-
-const backupPrivateKeySchema = new Schema<IBackupPrivateKey>(
-  {
-    user: {
-      type: Schema.Types.ObjectId,
-      ref: "User",
-      required: true,
-    },
-    encryptedPrivateKey: {
-      type: String,
-      
-      required: true,
-    },
-    iv: {
-      type: String,
-      
-      required: true,
-    },
-    tag: {
-      type: String,
-      
-      required: true,
-    },
-    algorithm: {
-      // the encryption algorithm used
-      type: String,
-      required: true,
-    },
-    keyEncoding: {
-      type: String,
-      required: true,
-    },
-    salt: {
-      type: String,
-      
-      required: true,
-    },
-    verifier: {
-      type: String,
-      
-      required: true,
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const BackupPrivateKey = model<IBackupPrivateKey>(
-  "BackupPrivateKey",
-  backupPrivateKeySchema,
-);
--- a/pg-migrator/src/models/bot.ts
+++ b/pg-migrator/src/models/bot.ts
@@ -1,68 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IBot {
-  _id: Types.ObjectId;
-  name: string;
-  workspace: Types.ObjectId;
-  isActive: boolean;
-  publicKey: string;
-  encryptedPrivateKey: string;
-  iv: string;
-  tag: string;
-  algorithm: "aes-256-gcm";
-  keyEncoding: "base64" | "utf8";
-}
-
-const botSchema = new Schema<IBot>(
-  {
-    name: {
-      type: String,
-      required: true,
-    },
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
-    },
-    isActive: {
-      type: Boolean,
-      required: true,
-      default: false,
-    },
-    publicKey: {
-      type: String,
-      required: true,
-    },
-    encryptedPrivateKey: {
-      type: String,
-      required: true,
-      
-    },
-    iv: {
-      type: String,
-      required: true,
-      
-    },
-    tag: {
-      type: String,
-      required: true,
-      
-    },
-    algorithm: {
-      // the encryption algorithm used
-      type: String,
-      required: true,
-      
-    },
-    keyEncoding: {
-      type: String,
-      required: true,
-      
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const Bot = model<IBot>("Bot", botSchema);
--- a/pg-migrator/src/models/botKey.ts
+++ b/pg-migrator/src/models/botKey.ts
@@ -1,43 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IBotKey {
-	_id: Types.ObjectId;
-	encryptedKey: string;
-	nonce: string;
-	sender: Types.ObjectId;
-	bot: Types.ObjectId;
-	workspace: Types.ObjectId;
-}
-
-const botKeySchema = new Schema<IBotKey>(
-	{
-		encryptedKey: {
-			type: String,
-			required: true,
-		},
-		nonce: {
-			type: String,
-			required: true,
-		},
-		sender: {
-			type: Schema.Types.ObjectId,
-			ref: "User",
-			required: true,
-		},
-		bot: {
-			type: Schema.Types.ObjectId,
-			ref: "Bot",
-			required: true,
-		},
-		workspace: {
-			type: Schema.Types.ObjectId,
-			ref: "Workspace",
-			required: true,
-		},
-	},
-	{
-		timestamps: true,
-	}
-);
-
-export const BotKey = model<IBotKey>("BotKey", botKeySchema);
--- a/pg-migrator/src/models/botOrg.ts
+++ b/pg-migrator/src/models/botOrg.ts
@@ -1,81 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IBotOrg {
-  _id: Types.ObjectId;
-  name: string;
-  organization: Types.ObjectId;
-  publicKey: string;
-  encryptedSymmetricKey: string;
-  symmetricKeyIV: string;
-  symmetricKeyTag: string;
-  symmetricKeyAlgorithm: "aes-256-gcm";
-  symmetricKeyKeyEncoding: "base64" | "utf8";
-  encryptedPrivateKey: string;
-  privateKeyIV: string;
-  privateKeyTag: string;
-  privateKeyAlgorithm: "aes-256-gcm";
-  privateKeyKeyEncoding: "base64" | "utf8";
-}
-
-const botOrgSchema = new Schema<IBotOrg>(
-  {
-    name: {
-      type: String,
-      required: true,
-    },
-    organization: {
-      type: Schema.Types.ObjectId,
-      ref: "Organization",
-      required: true,
-    },
-    publicKey: {
-      type: String,
-      required: true,
-    },
-    encryptedSymmetricKey: {
-      type: String,
-      required: true,
-    },
-    symmetricKeyIV: {
-      type: String,
-      required: true,
-    },
-    symmetricKeyTag: {
-      type: String,
-      required: true,
-    },
-    symmetricKeyAlgorithm: {
-      type: String,
-      required: true,
-    },
-    symmetricKeyKeyEncoding: {
-      type: String,
-      required: true,
-    },
-    encryptedPrivateKey: {
-      type: String,
-      required: true,
-    },
-    privateKeyIV: {
-      type: String,
-      required: true,
-    },
-    privateKeyTag: {
-      type: String,
-      required: true,
-    },
-    privateKeyAlgorithm: {
-      type: String,
-      required: true,
-    },
-    privateKeyKeyEncoding: {
-      type: String,
-      required: true,
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const BotOrg = model<IBotOrg>("BotOrg", botOrgSchema);
--- a/pg-migrator/src/models/folder.ts
+++ b/pg-migrator/src/models/folder.ts
@@ -1,54 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export type TFolderRootSchema = {
-  _id: Types.ObjectId;
-  workspace: Types.ObjectId;
-  environment: string;
-  nodes: TFolderSchema;
-};
-
-export type TFolderSchema = {
-  id: string;
-  name: string;
-  version: number;
-  children: TFolderSchema[];
-};
-
-const folderSchema = new Schema<TFolderSchema>({
-  id: {
-    required: true,
-    type: String,
-  },
-  version: {
-    required: true,
-    type: Number,
-    default: 1,
-  },
-  name: {
-    required: true,
-    type: String,
-    default: "root",
-  },
-});
-
-folderSchema.add({ children: [folderSchema] });
-
-const folderRootSchema = new Schema<TFolderRootSchema>(
-  {
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
-    },
-    environment: {
-      type: String,
-      required: true,
-    },
-    nodes: folderSchema,
-  },
-  {
-    timestamps: true,
-  }
-);
-
-export const Folder = model<TFolderRootSchema>("Folder", folderRootSchema);
--- a/pg-migrator/src/models/folderVersion.ts
+++ b/pg-migrator/src/models/folderVersion.ts
@@ -1,58 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export type TFolderRootVersionSchema = {
-  _id: Types.ObjectId;
-  workspace: Types.ObjectId;
-  environment: string;
-  nodes: TFolderVersionSchema;
-};
-
-export type TFolderVersionSchema = {
-  id: string;
-  name: string;
-  version: number;
-  children: TFolderVersionSchema[];
-};
-
-const folderVersionSchema = new Schema<TFolderVersionSchema>({
-  id: {
-    required: true,
-    type: String,
-    default: "root",
-  },
-  name: {
-    required: true,
-    type: String,
-    default: "root",
-  },
-  version: {
-    required: true,
-    type: Number,
-    default: 1,
-  },
-});
-
-folderVersionSchema.add({ children: [folderVersionSchema] });
-
-const folderRootVersionSchema = new Schema<TFolderRootVersionSchema>(
-  {
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
-    },
-    environment: {
-      type: String,
-      required: true,
-    },
-    nodes: folderVersionSchema,
-  },
-  {
-    timestamps: true,
-  }
-);
-
-export const FolderVersion = model<TFolderRootVersionSchema>(
-  "FolderVersion",
-  folderRootVersionSchema
-);
--- a/pg-migrator/src/models/gitAppInstallationSession.ts
+++ b/pg-migrator/src/models/gitAppInstallationSession.ts
@@ -1,32 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-type GitAppInstallationSession = {
-  id: string;
-  sessionId: string;
-  organization: Types.ObjectId;
-  user: Types.ObjectId;
-}
-
-const gitAppInstallationSession = new Schema<GitAppInstallationSession>({
-  id: {
-    required: true,
-    type: String,
-  },
-  sessionId: {
-    type: String,
-    required: true,
-    unique: true
-  },
-  organization: {
-    type: Schema.Types.ObjectId,
-    required: true,
-    unique: true
-  },
-  user: {
-    type: Schema.Types.ObjectId,
-    ref: "User"
-  }
-});
-
-
-export const GitAppInstallationSession = model<GitAppInstallationSession>("git_app_installation_session", gitAppInstallationSession);
--- a/pg-migrator/src/models/gitAppOrganizationInstallation.ts
+++ b/pg-migrator/src/models/gitAppOrganizationInstallation.ts
@@ -1,29 +0,0 @@
-import { Schema, model } from "mongoose";
-
-type Installation = {
-  installationId: string
-  organizationId: string
-  user: Schema.Types.ObjectId
-};
-
-
-const gitAppOrganizationInstallation = new Schema<Installation>({
-  installationId: {
-    type: String,
-    required: true,
-    unique: true
-  },
-  organizationId: {
-    type: String,
-    required: true,
-    unique: true
-  },
-  user: {
-    type: Schema.Types.ObjectId,
-    ref: "User",
-    required: true,
-  }
-});
-
-
-export const GitAppOrganizationInstallation = model<Installation>("git_app_organization_installation", gitAppOrganizationInstallation);
--- a/pg-migrator/src/models/gitRisks.ts
+++ b/pg-migrator/src/models/gitRisks.ts
@@ -1,150 +0,0 @@
-import { Schema, model } from "mongoose";
-
-export const STATUS_RESOLVED_FALSE_POSITIVE = "RESOLVED_FALSE_POSITIVE";
-export const STATUS_RESOLVED_REVOKED = "RESOLVED_REVOKED";
-export const STATUS_RESOLVED_NOT_REVOKED = "RESOLVED_NOT_REVOKED";
-export const STATUS_UNRESOLVED = "UNRESOLVED";
-
-export type IGitRisks = {
-  id: string;
-  description: string;
-  startLine: string;
-  endLine: string;
-  startColumn: string;
-  endColumn: string;
-  match: string;
-  secret: string;
-  file: string;
-  symlinkFile: string;
-  commit: string;
-  entropy: string;
-  author: string;
-  email: string;
-  date: string;
-  message: string;
-  tags: string[];
-  ruleID: string;
-  fingerprint: string;
-  fingerPrintWithoutCommitId: string
-
-  isFalsePositive: boolean; // New field for marking risks as false positives
-  isResolved: boolean; // New field for marking risks as resolved
-  riskOwner: string | null; // New field for setting a risk owner (nullable string)
-  installationId: string,
-  repositoryId: string,
-  repositoryLink: string
-  repositoryFullName: string
-  status: string
-  pusher: {
-    name: string,
-    email: string
-  },
-  organization: Schema.Types.ObjectId,
-}
-
-const gitRisks = new Schema<IGitRisks>({
-  id: {
-    type: String,
-  },
-  description: {
-    type: String,
-  },
-  startLine: {
-    type: String,
-  },
-  endLine: {
-    type: String,
-  },
-  startColumn: {
-    type: String,
-  },
-  endColumn: {
-    type: String,
-  },
-  file: {
-    type: String,
-  },
-  symlinkFile: {
-    type: String,
-  },
-  commit: {
-    type: String,
-  },
-  entropy: {
-    type: String,
-  },
-  author: {
-    type: String,
-  },
-  email: {
-    type: String,
-  },
-  date: {
-    type: String,
-  },
-  message: {
-    type: String,
-  },
-  tags: {
-    type: [String],
-  },
-  ruleID: {
-    type: String,
-  },
-  fingerprint: {
-    type: String,
-    unique: true
-  },
-  fingerPrintWithoutCommitId: {
-    type: String,
-  },
-  isFalsePositive: {
-    type: Boolean,
-    default: false
-  },
-  isResolved: {
-    type: Boolean,
-    default: false
-  },
-  riskOwner: {
-    type: String,
-    default: null
-  },
-  installationId: {
-    type: String,
-    require: true
-  },
-  repositoryId: {
-    type: String
-  },
-  repositoryLink: {
-    type: String
-  },
-  repositoryFullName: {
-    type: String
-  },
-  pusher: {
-    name: {
-      type: String
-    },
-    email: {
-      type: String
-    },
-  },
-  organization: {
-    type: Schema.Types.ObjectId,
-    ref: "Organization",
-  },
-  status: {
-    type: String,
-    enum: [
-      STATUS_RESOLVED_FALSE_POSITIVE,
-      STATUS_RESOLVED_REVOKED,
-      STATUS_RESOLVED_NOT_REVOKED,
-      STATUS_UNRESOLVED
-    ],
-    default: STATUS_UNRESOLVED
-  }
-}, { timestamps: true });
-
-export const GitRisks = model<IGitRisks>("GitRisks", gitRisks);
--- a/pg-migrator/src/models/identity.ts
+++ b/pg-migrator/src/models/identity.ts
@@ -1,38 +0,0 @@
-import { Document, Schema, Types, model } from "mongoose";
-import { IPType } from "../ee/models";
-
-export interface IIdentityTrustedIp {
-    ipAddress: string;
-    type: IPType;
-    prefix: number;
-}
-
-export enum IdentityAuthMethod {
-    UNIVERSAL_AUTH = "universal-auth"
-}
-
-export interface IIdentity extends Document {
-    _id: Types.ObjectId;
-    name: string;
-    authMethod?: IdentityAuthMethod;
-}
-
-const identitySchema = new Schema(
-    {
-        name: {
-            type: String,
-            required: true
-        },
-        authMethod: {
-            type: String,
-            enum: IdentityAuthMethod,
-            required: false,
-        },
-        
-    },
-    {
-        timestamps: true
-    }
-);
-
-export const Identity = model<IIdentity>("Identity", identitySchema);
--- a/pg-migrator/src/models/identityAccessToken.ts
+++ b/pg-migrator/src/models/identityAccessToken.ts
@@ -1,100 +0,0 @@
-import { Document, Schema, Types, model } from "mongoose";
-import { IIdentityTrustedIp } from "./identity";
-
-export interface IIdentityAccessToken extends Document {
-  _id: Types.ObjectId;
-  identity: Types.ObjectId;
-  identityUniversalAuthClientSecret?: Types.ObjectId;
-  accessTokenLastUsedAt?: Date;
-  accessTokenLastRenewedAt?: Date;
-  accessTokenNumUses: number;
-  accessTokenNumUsesLimit: number;
-  accessTokenTTL: number;
-  accessTokenMaxTTL: number;
-  accessTokenTrustedIps: Array<IIdentityTrustedIp>;
-  isAccessTokenRevoked: boolean;
-  updatedAt: Date;
-  createdAt: Date;
-}
-
-const identityAccessTokenSchema = new Schema(
-  {
-    identity: {
-      type: Schema.Types.ObjectId,
-      ref: "Identity",
-      required: false,
-    },
-    identityUniversalAuthClientSecret: {
-      type: Schema.Types.ObjectId,
-      ref: "IdentityUniversalAuthClientSecret",
-      required: false,
-    },
-    accessTokenLastUsedAt: {
-      type: Date,
-      required: false,
-    },
-    accessTokenLastRenewedAt: {
-      type: Date,
-      required: false,
-    },
-    accessTokenNumUses: {
-      // number of times access token has been used
-      type: Number,
-      default: 0,
-      required: true,
-    },
-    accessTokenNumUsesLimit: {
-      // number of times access token can be used for
-      type: Number,
-      default: 0, // default: used as many times as needed
-      required: true,
-    },
-    accessTokenTTL: {
-      // seconds
-      // incremental lifetime
-      type: Number,
-      default: 2592000, // 30 days
-      required: true,
-    },
-    accessTokenMaxTTL: {
-      // seconds
-      // max lifetime
-      type: Number,
-      default: 2592000, // 30 days
-      required: true,
-    },
-    accessTokenTrustedIps: {
-      type: [
-        {
-          ipAddress: {
-            type: String,
-            required: true,
-          },
-          type: {
-            type: String,
-            required: true,
-          },
-          prefix: {
-            type: Number,
-            required: false,
-          },
-        },
-      ],
-      default: [],
-      required: true,
-    },
-    isAccessTokenRevoked: {
-      type: Boolean,
-      default: false,
-      required: true,
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const IdentityAccessToken = model<IIdentityAccessToken>(
-  "IdentityAccessToken",
-  identityAccessTokenSchema,
-);
--- a/pg-migrator/src/models/identityMembership.ts
+++ b/pg-migrator/src/models/identityMembership.ts
@@ -1,40 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IIdentityMembership {
-  _id: Types.ObjectId;
-  identity: Types.ObjectId;
-  workspace: Types.ObjectId;
-  role: "admin" | "member" | "viewer" | "no-access" | "custom";
-  customRole: Types.ObjectId;
-}
-
-const identityMembershipSchema = new Schema<IIdentityMembership>(
-  {
-    identity: {
-      type: Schema.Types.ObjectId,
-      ref: "Identity",
-    },
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
-      index: true,
-    },
-    role: {
-      type: String,
-      required: true,
-    },
-    customRole: {
-      type: Schema.Types.ObjectId,
-      ref: "Role",
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const IdentityMembership = model<IIdentityMembership>(
-  "IdentityMembership",
-  identityMembershipSchema,
-);
--- a/pg-migrator/src/models/identityMembershipOrg.ts
+++ b/pg-migrator/src/models/identityMembershipOrg.ts
@@ -1,38 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IIdentityMembershipOrg {
-  _id: Types.ObjectId;
-  identity: Types.ObjectId;
-  organization: Types.ObjectId;
-  role: "admin" | "member" | "no-access" | "custom";
-  customRole: Types.ObjectId;
-}
-
-const identityMembershipOrgSchema = new Schema<IIdentityMembershipOrg>(
-  {
-    identity: {
-      type: Schema.Types.ObjectId,
-      ref: "Identity",
-    },
-    organization: {
-      type: Schema.Types.ObjectId,
-      ref: "Organization",
-    },
-    role: {
-      type: String,
-      required: true,
-    },
-    customRole: {
-      type: Schema.Types.ObjectId,
-      ref: "Role",
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const IdentityMembershipOrg = model<IIdentityMembershipOrg>(
-  "IdentityMembershipOrg",
-  identityMembershipOrgSchema,
-);
--- a/pg-migrator/src/models/identityUniversalAuth.ts
+++ b/pg-migrator/src/models/identityUniversalAuth.ts
@@ -1,99 +0,0 @@
-import { Document, Schema, Types, model } from "mongoose";
-
-export interface IIdentityUniversalAuth extends Document {
-  _id: Types.ObjectId;
-  identity: Types.ObjectId;
-  clientId: string;
-  clientSecretTrustedIps: Array<{}>;
-  accessTokenTTL: number;
-  accessTokenMaxTTL: number;
-  accessTokenNumUsesLimit: number;
-  accessTokenTrustedIps: Array<{}>;
-}
-
-const identityUniversalAuthSchema = new Schema(
-  {
-    identity: {
-      type: Schema.Types.ObjectId,
-      ref: "Identity",
-      required: true,
-    },
-    clientId: {
-      type: String,
-      required: true,
-    },
-    clientSecretTrustedIps: {
-      type: [
-        {
-          ipAddress: {
-            type: String,
-            required: true,
-          },
-          type: {
-            type: String,
-            required: true,
-          },
-          prefix: {
-            type: Number,
-            required: false,
-          },
-        },
-      ],
-      default: [
-        {
-          ipAddress: "0.0.0.0",
-          prefix: 0,
-        },
-      ],
-      required: true,
-    },
-    accessTokenTTL: {
-      // seconds
-      // incremental lifetime
-      type: Number,
-      default: 7200,
-      required: true,
-    },
-    accessTokenMaxTTL: {
-      // seconds
-      // max lifetime
-      type: Number,
-      default: 7200,
-      required: true,
-    },
-    accessTokenNumUsesLimit: {
-      // number of times access token can be used for
-      type: Number,
-      default: 0, // default: used as many times as needed
-      required: true,
-    },
-    accessTokenTrustedIps: {
-      type: [
-        {
-          ipAddress: {
-            type: String,
-            required: true,
-          },
-          type: {
-            type: String,
-            required: true,
-          },
-          prefix: {
-            type: Number,
-            required: false,
-          },
-        },
-      ],
-      default: [],
-      required: true,
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const IdentityUniversalAuth = model<IIdentityUniversalAuth>(
-  "IdentityUniversalAuth",
-  identityUniversalAuthSchema,
-);
--- a/pg-migrator/src/models/identityUniversalAuthClientSecret.ts
+++ b/pg-migrator/src/models/identityUniversalAuthClientSecret.ts
@@ -1,81 +0,0 @@
-import { Document, Schema, Types, model } from "mongoose";
-
-export interface IIdentityUniversalAuthClientSecret extends Document {
-    _id: Types.ObjectId;
-    identity: Types.ObjectId;
-    identityUniversalAuth : Types.ObjectId;
-    description: string;
-    clientSecretPrefix: string;
-    clientSecretHash: string;
-    clientSecretLastUsedAt?: Date;
-    clientSecretNumUses: number;
-    clientSecretNumUsesLimit: number;
-    clientSecretTTL: number;
-    updatedAt: Date;
-    createdAt: Date;
-    isClientSecretRevoked: boolean;
-}
-
-const identityUniversalAuthClientSecretSchema = new Schema(
-    {
-        identity: {
-            type: Schema.Types.ObjectId,
-            ref: "Identity",
-            required: true
-        },
-        identityUniversalAuth: {
-            type: Schema.Types.ObjectId,
-            ref: "IdentityUniversalAuth",
-            required: true
-        },
-        description: {
-            type: String,
-            required: true
-        },
-        clientSecretPrefix: {
-            type: String,
-            required: true
-        },
-        clientSecretHash: {
-            type: String,
-            required: true
-        },
-        clientSecretLastUsedAt: {
-            type: Date,
-            required: false
-        },
-        clientSecretNumUses: {
-            // number of times client secret has been used
-            // in login operation
-            type: Number,
-            default: 0,
-            required: true
-        },
-        clientSecretNumUsesLimit: {
-            // number of times client secret can be used for
-            // a login operation
-            type: Number,
-            default: 0, // default: used as many times as needed
-            required: true
-        },
-        clientSecretTTL: {
-            type: Number,
-            default: 0, // default: does not expire
-            required: true
-        },
-        isClientSecretRevoked: {
-            type: Boolean,
-            default: false,
-            required: true
-        }
-    },
-    {
-        timestamps: true
-    }
-);
-
-identityUniversalAuthClientSecretSchema.index(
-    { identityUniversalAuth: 1, isClientSecretRevoked: 1 }
-);
-
-export const IdentityUniversalAuthClientSecret = model<IIdentityUniversalAuthClientSecret>("IdentityUniversalAuthClientSecret", identityUniversalAuthClientSecretSchema);
--- a/pg-migrator/src/models/incidentContactOrg.ts
+++ b/pg-migrator/src/models/incidentContactOrg.ts
@@ -1,29 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IIncidentContactOrg {
-	_id: Types.ObjectId;
-	email: string;
-	organization: Types.ObjectId;
-}
-
-const incidentContactOrgSchema = new Schema<IIncidentContactOrg>(
-	{
-		email: {
-			type: String,
-			required: true,
-		},
-		organization: {
-			type: Schema.Types.ObjectId,
-			ref: "Organization",
-			required: true,
-		},
-	},
-	{
-		timestamps: true,
-	}
-);
-
-export const IncidentContactOrg = model<IIncidentContactOrg>(
-	"IncidentContactOrg",
-	incidentContactOrgSchema
-);
--- a/pg-migrator/src/models/index.ts
+++ b/pg-migrator/src/models/index.ts
@@ -1,49 +0,0 @@
-export * from "./backupPrivateKey";
-export * from "./bot";
-export * from "./botOrg";
-export * from "./botKey";
-export * from "./incidentContactOrg";
-export * from "./integration/integration";
-export * from "./integrationAuth";
-export * from "./key";
-export * from "./membership";
-export * from "./membershipOrg";
-export * from "./organization";
-export * from "./secret";
-export * from "./tag";
-export * from "./folder";
-export * from "./secretImports";
-export * from "./secretBlindIndexData";
-export * from "./serviceToken"; // TODO: deprecate
-export * from "./tokenData";
-export * from "./user";
-export * from "./userAction";
-export * from "./workspace";
-export * from "./serviceTokenData"; // TODO: deprecate
-
-// new
-export * from "./identity";
-export * from "./identityMembership";
-export * from "./identityMembershipOrg";
-export * from "./identityUniversalAuth";
-export * from "./identityUniversalAuthClientSecret";
-export * from "./identityAccessToken";
-
-export * from "./apiKeyData"; // TODO: deprecate
-export * from "./apiKeyDataV2";
-export * from "./loginSRPDetail";
-export * from "./tokenVersion";
-export * from "./webhooks";
-
-export * from "./secretSnapshot";
-export * from "./secretVersion";
-export * from "./folderVersion";
-export * from "./role";
-export * from "./ssoConfig";
-export * from "./trustedIp";
-export * from "./auditLog";
-export * from "./gitRisks";
-export * from "./gitAppOrganizationInstallation";
-export * from "./gitAppInstallationSession";
-export * from "./secretApprovalPolicy";
-export * from "./secretApprovalRequest";
--- a/pg-migrator/src/models/integration/index.ts
+++ b/pg-migrator/src/models/integration/index.ts
@@ -1 +0,0 @@
-export * from "./integration";
--- a/pg-migrator/src/models/integration/integration.ts
+++ b/pg-migrator/src/models/integration/integration.ts
@@ -1,155 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-import { Metadata } from "./types";
-
-export interface IIntegration {
-  _id: Types.ObjectId;
-  workspace: Types.ObjectId;
-  environment: string;
-  isActive: boolean;
-  url: string;
-  app: string;
-  appId: string;
-  owner: string;
-  targetEnvironment: string;
-  targetEnvironmentId: string;
-  targetService: string;
-  targetServiceId: string;
-  path: string;
-  region: string;
-  scope: string;
-  secretPath: string;
-  integration:
-    | "azure-key-vault"
-    | "aws-parameter-store"
-    | "aws-secret-manager"
-    | "heroku"
-    | "vercel"
-    | "netlify"
-    | "github"
-    | "gitlab"
-    | "render"
-    | "railway"
-    | "flyio"
-    | "circleci"
-    | "laravel-forge"
-    | "travisci"
-    | "supabase"
-    | "checkly"
-    | "qovery"
-    | "terraform-cloud"
-    | "teamcity"
-    | "hashicorp-vault"
-    | "cloudflare-pages"
-    | "cloudflare-workers"
-    | "bitbucket"
-    | "codefresh"
-    | "digital-ocean-app-platform"
-    | "cloud-66"
-    | "northflank"
-    | "windmill"
-    | "gcp-secret-manager"
-    | "hasura-cloud";
-  integrationAuth: Types.ObjectId;
-  metadata: Metadata;
-}
-
-const integrationSchema = new Schema<IIntegration>(
-  {
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
-    },
-    environment: {
-      type: String,
-      required: true,
-    },
-    isActive: {
-      type: Boolean,
-      required: true,
-    },
-    url: {
-      // for custom self-hosted integrations (e.g. self-hosted GitHub enterprise)
-      type: String,
-      default: null,
-    },
-    app: {
-      // name of app in provider
-      type: String,
-      default: null,
-    },
-    appId: {
-      // id of app in provider
-      type: String,
-      default: null,
-    },
-    targetEnvironment: {
-      // target environment
-      type: String,
-      default: null,
-    },
-    targetEnvironmentId: {
-      type: String,
-      default: null,
-    },
-    targetService: {
-      // railway-specific service
-      // qovery-specific project
-      type: String,
-      default: null,
-    },
-    targetServiceId: {
-      // railway-specific service
-      // qovery specific project
-      type: String,
-      default: null,
-    },
-    owner: {
-      // github-specific repo owner-login
-      type: String,
-      default: null,
-    },
-    path: {
-      // aws-parameter-store-specific path
-      // (also) vercel preview-branch
-      type: String,
-      default: null,
-    },
-    region: {
-      // aws-parameter-store-specific path
-      type: String,
-      default: null,
-    },
-    scope: {
-      // qovery-specific scope
-      type: String,
-      default: null,
-    },
-    integration: {
-      type: String,
-      required: true,
-    },
-    integrationAuth: {
-      type: Schema.Types.ObjectId,
-      ref: "IntegrationAuth",
-      required: true,
-    },
-    secretPath: {
-      type: String,
-      required: true,
-      default: "/",
-    },
-    metadata: {
-      type: Schema.Types.Mixed,
-      default: {},
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const Integration = model<IIntegration>(
-  "Integration",
-  integrationSchema,
-);
--- a/pg-migrator/src/models/integration/types.ts
+++ b/pg-migrator/src/models/integration/types.ts
@@ -1,14 +0,0 @@
-export type Metadata = {
-    secretPrefix?: string;
-    secretSuffix?: string;
-    secretGCPLabel?: {
-        labelName: string;
-        labelValue: string;
-    }
-    secretAWSTag?: {
-        key: string;
-        value: string;
-    }[]
-    kmsKeyId?: string;
-    shouldDisableDelete?: boolean;
-}
--- a/pg-migrator/src/models/integrationAuth/index.ts
+++ b/pg-migrator/src/models/integrationAuth/index.ts
@@ -1 +0,0 @@
-export * from "./integrationAuth";
--- a/pg-migrator/src/models/integrationAuth/integrationAuth.ts
+++ b/pg-migrator/src/models/integrationAuth/integrationAuth.ts
@@ -1,144 +0,0 @@
-import { Document, Schema, Types, model } from "mongoose";
-import { IntegrationAuthMetadata } from "./types";
-
-export interface IIntegrationAuth extends Document {
-  _id: Types.ObjectId;
-  workspace: Types.ObjectId;
-  integration:
-    | "heroku"
-    | "vercel"
-    | "netlify"
-    | "github"
-    | "gitlab"
-    | "render"
-    | "railway"
-    | "flyio"
-    | "azure-key-vault"
-    | "laravel-forge"
-    | "circleci"
-    | "travisci"
-    | "supabase"
-    | "aws-parameter-store"
-    | "aws-secret-manager"
-    | "checkly"
-    | "qovery"
-    | "cloudflare-pages"
-    | "cloudflare-workers"
-    | "codefresh"
-    | "digital-ocean-app-platform"
-    | "bitbucket"
-    | "cloud-66"
-    | "terraform-cloud"
-    | "teamcity"
-    | "northflank"
-    | "windmill"
-    | "gcp-secret-manager"
-    | "hasura-cloud";
-  teamId: string;
-  accountId: string;
-  url: string;
-  namespace: string;
-  refreshCiphertext?: string;
-  refreshIV?: string;
-  refreshTag?: string;
-  accessIdCiphertext?: string;
-  accessIdIV?: string;
-  accessIdTag?: string;
-  accessCiphertext?: string;
-  accessIV?: string;
-  accessTag?: string;
-  algorithm?: "aes-256-gcm";
-  keyEncoding?: "utf8" | "base64";
-  accessExpiresAt?: Date;
-  metadata?: IntegrationAuthMetadata;
-}
-
-const integrationAuthSchema = new Schema<IIntegrationAuth>(
-  {
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
-    },
-    integration: {
-      type: String,
-      required: true,
-    },
-    teamId: {
-      // vercel-specific integration param
-      type: String,
-    },
-    url: {
-      // for any self-hosted integrations (e.g. self-hosted hashicorp-vault)
-      type: String,
-    },
-    namespace: {
-      // hashicorp-vault-specific integration param
-      type: String,
-    },
-    accountId: {
-      // netlify-specific integration param
-      type: String,
-    },
-    refreshCiphertext: {
-      type: String,
-      
-    },
-    refreshIV: {
-      type: String,
-      
-    },
-    refreshTag: {
-      type: String,
-      
-    },
-    accessIdCiphertext: {
-      type: String,
-      
-    },
-    accessIdIV: {
-      type: String,
-      
-    },
-    accessIdTag: {
-      type: String,
-      
-    },
-    accessCiphertext: {
-      type: String,
-      
-    },
-    accessIV: {
-      type: String,
-      
-    },
-    accessTag: {
-      type: String,
-      
-    },
-    accessExpiresAt: {
-      type: Date,
-      
-    },
-    algorithm: {
-      // the encryption algorithm used
-      type: String,
-      required: true,
-    },
-    keyEncoding: {
-      type: String,
-      required: true,
-    },
-    metadata: {
-      type: Schema.Types.Mixed,
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const IntegrationAuth = model<IIntegrationAuth>(
-  "IntegrationAuth",
-  integrationAuthSchema,
-);
--- a/pg-migrator/src/models/integrationAuth/types.ts
+++ b/pg-migrator/src/models/integrationAuth/types.ts
@@ -1,5 +0,0 @@
-interface GCPIntegrationAuthMetadata {
-    authMethod: "oauth2" | "serviceAccount"
-}
-
-export type IntegrationAuthMetadata = GCPIntegrationAuthMetadata;
--- a/pg-migrator/src/models/key.ts
+++ b/pg-migrator/src/models/key.ts
@@ -1,43 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IKey {
-  _id: Types.ObjectId;
-  encryptedKey: string;
-  nonce: string;
-  sender: Types.ObjectId;
-  receiver: Types.ObjectId;
-  workspace: Types.ObjectId;
-}
-
-const keySchema = new Schema<IKey>(
-  {
-    encryptedKey: {
-      type: String,
-      required: true,
-    },
-    nonce: {
-      type: String,
-      required: true,
-    },
-    sender: {
-      type: Schema.Types.ObjectId,
-      ref: "User",
-      required: true,
-    },
-    receiver: {
-      type: Schema.Types.ObjectId,
-      ref: "User",
-      required: true,
-    },
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const Key = model<IKey>("Key", keySchema);
--- a/pg-migrator/src/models/loginSRPDetail.ts
+++ b/pg-migrator/src/models/loginSRPDetail.ts
@@ -1,27 +0,0 @@
-import mongoose, { Schema, Types, model } from "mongoose";
-
-export interface ILoginSRPDetail {
-	_id: Types.ObjectId;
-	clientPublicKey: string;
-	email: string;
-	serverBInt: mongoose.Schema.Types.Buffer;
-	userId: string;
-	expireAt: Date;
-}
-
-const loginSRPDetailSchema = new Schema<ILoginSRPDetail>(
-	{
-		clientPublicKey: {
-			type: String,
-			required: true,
-		},
-		email: {
-			type: String,
-			unique: true,
-		},
-		serverBInt: { type: mongoose.Schema.Types.Buffer },
-		expireAt: { type: Date },
-	}
-);
-
-export const LoginSRPDetail = model("LoginSRPDetail", loginSRPDetailSchema);
--- a/pg-migrator/src/models/membership.ts
+++ b/pg-migrator/src/models/membership.ts
@@ -1,58 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IMembershipPermission {
-  environmentSlug: string;
-  ability: string;
-}
-
-export interface IMembership {
-  _id: Types.ObjectId;
-  user: Types.ObjectId;
-  inviteEmail?: string;
-  workspace: Types.ObjectId;
-  role: "admin" | "member" | "viewer" | "no-access" | "custom";
-  customRole: Types.ObjectId;
-  deniedPermissions: IMembershipPermission[];
-}
-
-const membershipSchema = new Schema<IMembership>(
-  {
-    user: {
-      type: Schema.Types.ObjectId,
-      ref: "User",
-    },
-    inviteEmail: {
-      type: String,
-    },
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
-    },
-    deniedPermissions: {
-      type: [
-        {
-          environmentSlug: String,
-          ability: {
-            type: String,
-            enum: ["read", "write"],
-          },
-        },
-      ],
-      default: [],
-    },
-    role: {
-      type: String,
-      required: true,
-    },
-    customRole: {
-      type: Schema.Types.ObjectId,
-      ref: "Role",
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const Membership = model<IMembership>("Membership", membershipSchema);
--- a/pg-migrator/src/models/membershipOrg.ts
+++ b/pg-migrator/src/models/membershipOrg.ts
@@ -1,49 +0,0 @@
-import { Document, Schema, Types, model } from "mongoose";
-
-export interface IMembershipOrg extends Document {
-  _id: Types.ObjectId;
-  user: Types.ObjectId;
-  inviteEmail: string;
-  organization: Types.ObjectId;
-  role: "admin" | "member" | "no-access" | "custom";
-  customRole: Types.ObjectId;
-  status: "invited" | "accepted";
-  createdAt: string;
-  updatedAt: string;
-}
-
-const membershipOrgSchema = new Schema(
-  {
-    user: {
-      type: Schema.Types.ObjectId,
-      ref: "User",
-    },
-    inviteEmail: {
-      type: String,
-    },
-    organization: {
-      type: Schema.Types.ObjectId,
-      ref: "Organization",
-    },
-    role: {
-      type: String,
-      required: true,
-    },
-    status: {
-      type: String,
-      required: true,
-    },
-    customRole: {
-      type: Schema.Types.ObjectId,
-      ref: "Role",
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const MembershipOrg = model<IMembershipOrg>(
-  "MembershipOrg",
-  membershipOrgSchema,
-);
--- a/pg-migrator/src/models/organization.ts
+++ b/pg-migrator/src/models/organization.ts
@@ -1,29 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IOrganization {
-  _id: Types.ObjectId;
-  name: string;
-  customerId?: string;
-  createdAt: string;
-  updatedAt: string;
-}
-
-const organizationSchema = new Schema<IOrganization>(
-  {
-    name: {
-      type: String,
-      required: true,
-    },
-    customerId: {
-      type: String,
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const Organization = model<IOrganization>(
-  "Organization",
-  organizationSchema,
-);
--- a/pg-migrator/src/models/role.ts
+++ b/pg-migrator/src/models/role.ts
@@ -1,55 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface IRole {
-  _id: Types.ObjectId;
-  name: string;
-  description: string;
-  slug: string;
-  permissions: Array<unknown>;
-  workspace: Types.ObjectId;
-  organization: Types.ObjectId;
-  isOrgRole: boolean;
-  createdAt: string;
-  updatedAt: string;
-}
-
-const roleSchema = new Schema<IRole>(
-  {
-    name: {
-      type: String,
-      required: true,
-    },
-    organization: {
-      type: Schema.Types.ObjectId,
-      ref: "Organization",
-      required: true,
-    },
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-    },
-    isOrgRole: {
-      type: Boolean,
-      required: true,
-      
-    },
-    description: {
-      type: String,
-    },
-    slug: {
-      type: String,
-      required: true,
-    },
-    permissions: {
-      type: Array,
-      required: true,
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-roleSchema.index({ organization: 1, workspace: 1 });
-
-export const Role = model<IRole>("Role", roleSchema);
--- a/pg-migrator/src/models/secret.ts
+++ b/pg-migrator/src/models/secret.ts
@@ -1,160 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface ISecret {
-  _id: Types.ObjectId;
-  version: number;
-  workspace: Types.ObjectId;
-  type: string;
-  user?: Types.ObjectId;
-  environment: string;
-  secretBlindIndex?: string;
-  secretKeyCiphertext: string;
-  secretKeyIV: string;
-  secretKeyTag: string;
-  secretKeyHash: string;
-  secretValueCiphertext: string;
-  secretValueIV: string;
-  secretValueTag: string;
-  secretValueHash: string;
-  secretCommentCiphertext?: string;
-  secretCommentIV?: string;
-  secretCommentTag?: string;
-  secretCommentHash?: string;
-
-  // ? NOTE: This works great for workspace-level reminders.
-  // ? If we want to do it on a user-basis, we should ideally have a seperate model for reminders.
-  secretReminderRepeatDays?: number | null;
-  secretReminderNote?: string | null;
-
-  skipMultilineEncoding?: boolean;
-  algorithm: "aes-256-gcm";
-  keyEncoding: "utf8" | "base64";
-  tags?: string[];
-  folder?: string;
-  metadata?: {
-    [key: string]: string;
-  };
-}
-
-const secretSchema = new Schema<ISecret>(
-  {
-    version: {
-      type: Number,
-      required: true,
-      default: 1,
-    },
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
-    },
-    type: {
-      type: String,
-      required: true,
-    },
-    user: {
-      // user associated with the personal secret
-      type: Schema.Types.ObjectId,
-      ref: "User",
-    },
-    tags: {
-      ref: "Tag",
-      type: [Schema.Types.ObjectId],
-      default: [],
-    },
-    environment: {
-      type: String,
-      required: true,
-    },
-    secretBlindIndex: {
-      type: String,
-      
-    },
-    secretKeyCiphertext: {
-      type: String,
-      required: true,
-    },
-    secretKeyIV: {
-      type: String, // symmetric
-      required: true,
-    },
-    secretKeyTag: {
-      type: String, // symmetric
-      required: true,
-    },
-    secretKeyHash: {
-      type: String,
-    },
-    secretValueCiphertext: {
-      type: String,
-      required: true,
-    },
-    secretValueIV: {
-      type: String, // symmetric
-      required: true,
-    },
-    secretValueTag: {
-      type: String, // symmetric
-      required: true,
-    },
-    secretValueHash: {
-      type: String,
-    },
-    secretCommentCiphertext: {
-      type: String,
-      required: false,
-    },
-    secretCommentIV: {
-      type: String, // symmetric
-      required: false,
-    },
-    secretCommentTag: {
-      type: String, // symmetric
-      required: false,
-    },
-    secretCommentHash: {
-      type: String,
-      required: false,
-    },
-
-    secretReminderRepeatDays: {
-      type: Number,
-      required: false,
-      default: null,
-    },
-    secretReminderNote: {
-      type: String,
-      required: false,
-      default: null,
-    },
-
-    skipMultilineEncoding: {
-      type: Boolean,
-      required: false,
-    },
-
-    algorithm: {
-      // the encryption algorithm used
-      type: String,
-      required: true,
-    },
-    keyEncoding: {
-      type: String,
-      required: true,
-    },
-    folder: {
-      type: String,
-      default: "root",
-    },
-    metadata: {
-      type: Schema.Types.Mixed,
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-secretSchema.index({ tags: 1 }, { background: true });
-
-export const Secret = model<ISecret>("Secret", secretSchema);
--- a/pg-migrator/src/models/secretApprovalPolicy.ts
+++ b/pg-migrator/src/models/secretApprovalPolicy.ts
@@ -1,51 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface ISecretApprovalPolicy {
-  _id: Types.ObjectId;
-  workspace: Types.ObjectId;
-  name: string;
-  environment: string;
-  secretPath?: string;
-  approvers: Types.ObjectId[];
-  approvals: number;
-}
-
-const secretApprovalPolicySchema = new Schema<ISecretApprovalPolicy>(
-  {
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true
-    },
-    approvers: [
-      {
-        // user associated with the personal secret
-        type: Schema.Types.ObjectId,
-        ref: "Membership"
-      }
-    ],
-    name: {
-      type: String
-    },
-    environment: {
-      type: String,
-      required: true
-    },
-    secretPath: {
-      type: String,
-      required: false
-    },
-    approvals: {
-      type: Number,
-      default: 1
-    }
-  },
-  {
-    timestamps: true
-  }
-);
-
-export const SecretApprovalPolicy = model<ISecretApprovalPolicy>(
-  "SecretApprovalPolicy",
-  secretApprovalPolicySchema
-);
--- a/pg-migrator/src/models/secretApprovalRequest.ts
+++ b/pg-migrator/src/models/secretApprovalRequest.ts
@@ -1,195 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export enum ApprovalStatus {
-  PENDING = "pending",
-  APPROVED = "approved",
-  REJECTED = "rejected",
-}
-
-export enum CommitType {
-  DELETE = "delete",
-  UPDATE = "update",
-  CREATE = "create",
-}
-
-export interface ISecretApprovalSecChange {
-  _id: Types.ObjectId;
-  version: number;
-  secretBlindIndex?: string;
-  secretKeyCiphertext: string;
-  secretKeyIV: string;
-  secretKeyTag: string;
-  secretValueCiphertext: string;
-  secretValueIV: string;
-  secretValueTag: string;
-  secretCommentIV?: string;
-  secretCommentTag?: string;
-  secretCommentCiphertext?: string;
-  skipMultilineEncoding?: boolean;
-  algorithm?: "aes-256-gcm";
-  keyEncoding?: "utf8" | "base64";
-  tags?: string[];
-}
-
-export type ISecretCommits<T = Types.ObjectId, J = Types.ObjectId> = Array<
-  | {
-      newVersion: ISecretApprovalSecChange;
-      op: CommitType.CREATE;
-    }
-  | {
-      // secret is recorded to get the latest version, we can keep ref to secret for pulling change as it will also get changed
-      //  on merge
-      secretVersion: J;
-      secret: T;
-      newVersion: Partial<Omit<ISecretApprovalSecChange, "_id">> & {
-        _id: Types.ObjectId;
-      };
-      op: CommitType.UPDATE;
-    }
-  | {
-      secret: T;
-      secretVersion: J;
-      op: CommitType.DELETE;
-    }
->;
-export interface ISecretApprovalRequest {
-  _id: Types.ObjectId;
-  committer: Types.ObjectId;
-  slug: string;
-  statusChangeBy: Types.ObjectId;
-  reviewers: {
-    member: Types.ObjectId;
-    status: ApprovalStatus;
-  }[];
-  workspace: Types.ObjectId;
-  environment: string;
-  folderId: string;
-  hasMerged: boolean;
-  status: "open" | "close";
-  policy: Types.ObjectId;
-  commits: ISecretCommits;
-  conflicts: Array<{ secretId: string; op: CommitType }>;
-}
-
-const secretApprovalSecretChangeSchema = new Schema<ISecretApprovalSecChange>({
-  version: {
-    type: Number,
-    default: 1,
-    required: true,
-  },
-  secretBlindIndex: {
-    type: String,
-    
-  },
-  secretKeyCiphertext: {
-    type: String,
-    required: true,
-  },
-  secretKeyIV: {
-    type: String, // symmetric
-    required: true,
-  },
-  secretKeyTag: {
-    type: String, // symmetric
-    required: true,
-  },
-  secretValueCiphertext: {
-    type: String,
-    required: true,
-  },
-  secretValueIV: {
-    type: String, // symmetric
-    required: true,
-  },
-  secretValueTag: {
-    type: String, // symmetric
-    required: true,
-  },
-  skipMultilineEncoding: {
-    type: Boolean,
-    required: false,
-  },
-  algorithm: {
-    // the encryption algorithm used
-    type: String,
-    required: true,
-  },
-  keyEncoding: {
-    type: String,
-    required: true,
-  },
-  tags: {
-    ref: "Tag",
-    type: [Schema.Types.ObjectId],
-    default: [],
-  },
-});
-
-const secretApprovalRequestSchema = new Schema<ISecretApprovalRequest>(
-  {
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true,
-    },
-    environment: {
-      type: String,
-      required: true,
-    },
-    folderId: {
-      type: String,
-      required: true,
-      default: "root",
-    },
-    slug: {
-      type: String,
-    },
-    reviewers: {
-      type: [
-        {
-          member: {
-            // user associated with the personal secret
-            type: Schema.Types.ObjectId,
-            ref: "Membership",
-          },
-          status: {
-            type: String,
-            enum: ApprovalStatus,
-            default: ApprovalStatus.PENDING,
-          },
-        },
-      ],
-      default: [],
-    },
-    policy: { type: Schema.Types.ObjectId, ref: "SecretApprovalPolicy" },
-    hasMerged: { type: Boolean, default: false },
-    status: { type: String, enum: ["close", "open"], default: "open" },
-    committer: { type: Schema.Types.ObjectId, ref: "Membership" },
-    statusChangeBy: { type: Schema.Types.ObjectId, ref: "Membership" },
-    commits: [
-      {
-        secret: { type: Types.ObjectId, ref: "Secret" },
-        newVersion: secretApprovalSecretChangeSchema,
-        secretVersion: { type: Types.ObjectId, ref: "SecretVersion" },
-        op: { type: String, enum: [CommitType], required: true },
-      },
-    ],
-    conflicts: {
-      type: [
-        {
-          secretId: { type: String, required: true },
-          op: { type: String, enum: [CommitType], required: true },
-        },
-      ],
-      default: [],
-    },
-  },
-  {
-    timestamps: true,
-  },
-);
-
-export const SecretApprovalRequest = model<ISecretApprovalRequest>(
-  "SecretApprovalRequest",
-  secretApprovalRequestSchema,
-);
--- a/pg-migrator/src/models/secretBlindIndexData.ts
+++ b/pg-migrator/src/models/secretBlindIndexData.ts
@@ -1,49 +0,0 @@
-import { Document, Schema, Types, model } from "mongoose";
-
-export interface ISecretBlindIndexData extends Document {
-  _id: Types.ObjectId;
-  workspace: Types.ObjectId;
-  encryptedSaltCiphertext: string;
-  saltIV: string;
-  saltTag: string;
-  algorithm: "aes-256-gcm";
-  keyEncoding: "base64" | "utf8";
-}
-
-const secretBlindIndexDataSchema = new Schema<ISecretBlindIndexData>({
-  workspace: {
-    type: Schema.Types.ObjectId,
-    ref: "Workspace",
-    required: true,
-  },
-  encryptedSaltCiphertext: {
-    // TODO: make these 
-    type: String,
-    required: true,
-  },
-  saltIV: {
-    type: String,
-    required: true,
-  },
-  saltTag: {
-    type: String,
-    required: true,
-  },
-  algorithm: {
-    type: String,
-    required: true,
-    
-  },
-  keyEncoding: {
-    type: String,
-    required: true,
-    
-  },
-});
-
-secretBlindIndexDataSchema.index({ workspace: 1 });
-
-export const SecretBlindIndexData = model<ISecretBlindIndexData>(
-  "SecretBlindIndexData",
-  secretBlindIndexDataSchema,
-);
--- a/pg-migrator/src/models/secretImports.ts
+++ b/pg-migrator/src/models/secretImports.ts
@@ -1,51 +0,0 @@
-import { Schema, Types, model } from "mongoose";
-
-export interface ISecretImports {
-  _id: Types.ObjectId;
-  workspace: Types.ObjectId;
-  environment: string;
-  folderId: string;
-  imports: Array<{
-    environment: string;
-    secretPath: string;
-  }>;
-}
-
-const secretImportSchema = new Schema<ISecretImports>(
-  {
-    workspace: {
-      type: Schema.Types.ObjectId,
-      ref: "Workspace",
-      required: true
-    },
-    environment: {
-      type: String,
-      required: true
-    },
-    folderId: {
-      type: String,
-      required: true,
-      default: "root"
-    },
-    imports: {
-      type: [
-        {
-          environment: {
-            type: String,
-            required: true
-          },
-          secretPath: {
-            type: String,
-            required: true
-          }
-        }
-      ],
-      default: []
-    }
-  },
-  {
-    timestamps: true
-  }
-);
-
-export const SecretImport = model<ISecretImports>("SecretImports", secretImportSchema);
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
vmatsiiako	18c0d2fd6f	Merge pull request #1814 from Infisical/aws-integration-patch Allow updating tags in AWS Secret Manager integration	2024-05-12 15:03:19 -07:00
Tuan Dang	c1fb8f47bf	Add UntagResource IAM policy requirement for AWS SM integration docs	2024-05-12 08:57:41 -07:00
Maidul Islam	990eddeb32	Merge pull request #1816 from akhilmhdh/fix/remove-migration-notice fix: removed migration notice	2024-05-11 13:43:04 -04:00
=	ce01f8d099	fix: removed migration notice	2024-05-11 23:04:43 +05:30
Maidul Islam	faf6708b00	Merge pull request #1815 from akhilmhdh/fix/migration-mode-patch-v1 feat: maintaince mode enable machine identity login and renew	2024-05-11 11:26:21 -04:00
=	a58d6ebdac	feat: maintaince mode enable machine identity login and renew	2024-05-11 20:54:00 +05:30
Tuan Dang	818b136836	Make app and appId optional in update integration endpoint	2024-05-10 19:17:40 -07:00
Tuan Dang	0cdade6a2d	Update AWS SM integration to allow updating tags	2024-05-10 19:07:44 -07:00
Sheen Capadngan	6561a9c7be	Merge pull request #1804 from Infisical/feat/add-support-for-secret-folder-rename-overview Feature: add support for secret folder rename in the overview page	2024-05-10 23:07:14 +08:00
Daniel Hougaard	86aaa486b4	Update secret-folder-service.ts	2024-05-10 17:00:30 +02:00
Sheen Capadngan	9880977098	misc: addressed naming suggestion	2024-05-10 22:52:08 +08:00
Sheen Capadngan	b93aaffe77	adjustment: updated to use project slug	2024-05-10 22:34:16 +08:00
Maidul Islam	1ea0d55dd1	Merge pull request #1813 from Infisical/misc/update-documentation-for-github-integration misc: updated documentation for github integration to include official action	2024-05-10 09:14:14 -04:00
Sheen Capadngan	0866a90c8e	misc: updated documentation for github integration	2024-05-10 16:29:12 +08:00
Sheen Capadngan	3fff272cb3	feat: added snapshot for batch	2024-05-10 15:46:31 +08:00
Sheen Capadngan	2559809eac	misc: addressed formatting issues	2024-05-10 14:41:35 +08:00
Sheen Capadngan	f32abbdc25	feat: integrate overview folder rename with new batch endpoint	2024-05-10 14:00:49 +08:00
Sheen Capadngan	a6f750fafb	feat: added batch update endpoint for folders	2024-05-10 13:57:00 +08:00
Maidul Islam	b4a2123fa3	Merge pull request #1812 from Infisical/delete-pg-migrator Delete PG migrator folder	2024-05-09 15:19:04 -04:00
Tuan Dang	79cacfa89c	Delete PG migrator folder	2024-05-09 12:16:13 -07:00
Maidul Islam	44531487d6	Merge pull request #1811 from Infisical/maidul-pacth233 revert schema name for memberships-unique-constraint	2024-05-09 13:46:32 -04:00
Maidul Islam	7c77a4f049	revert schema name	2024-05-09 13:42:23 -04:00
Sheen Capadngan	522dd0836e	feat: added validation for folder name duplicates	2024-05-08 23:25:33 +08:00
Sheen Capadngan	e461787c78	feat: added support for renaming folders in the overview page	2024-05-08 23:24:33 +08:00