Update frontend/src/pages/secret-manager/SettingsPage/components/SecretSharingSection/SecretSharingSection.tsx

Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
feat(project): Enable / Disable Secret Sharing
2025-08-03 20:23:35 +00:00 · 2025-05-16 00:21:30 -04:00 · 2025-05-16 00:08:55 -04:00
14 changed files with 124 additions and 13 deletions
--- a/backend/src/db/migrations/20250516021501_toggle-secret-sharing-on-project.ts
+++ b/backend/src/db/migrations/20250516021501_toggle-secret-sharing-on-project.ts
@@ -0,0 +1,21 @@
+import { Knex } from "knex";
+
+import { TableName } from "../schemas";
+
+export async function up(knex: Knex): Promise<void> {
+  const hasSecretSharingColumn = await knex.schema.hasColumn(TableName.Project, "secretSharing");
+  if (!hasSecretSharingColumn) {
+    await knex.schema.table(TableName.Project, (table) => {
+      table.boolean("secretSharing").notNullable().defaultTo(true);
+    });
+  }
+}
+
+export async function down(knex: Knex): Promise<void> {
+  const hasSecretSharingColumn = await knex.schema.hasColumn(TableName.Project, "secretSharing");
+  if (hasSecretSharingColumn) {
+    await knex.schema.table(TableName.Project, (table) => {
+      table.dropColumn("secretSharing");
+    });
+  }
+}
--- a/backend/src/db/schemas/projects.ts
+++ b/backend/src/db/schemas/projects.ts
@@ -27,7 +27,8 @@ export const ProjectsSchema = z.object({
  description: z.string().nullable().optional(),
  type: z.string(),
  enforceCapitalization: z.boolean().default(false),
-  hasDeleteProtection: z.boolean().default(false).nullable().optional()
+  hasDeleteProtection: z.boolean().default(false).nullable().optional(),
+  secretSharing: z.boolean().default(true)
 });

 export type TProjects = z.infer<typeof ProjectsSchema>;
--- a/backend/src/lib/api-docs/constants.ts
+++ b/backend/src/lib/api-docs/constants.ts
@@ -606,7 +606,8 @@ export const PROJECTS = {
    projectDescription: "An optional description label for the project.",
    autoCapitalization: "Disable or enable auto-capitalization for the project.",
    slug: "An optional slug for the project. (must be unique within the organization)",
-    hasDeleteProtection: "Enable or disable delete protection for the project."
+    hasDeleteProtection: "Enable or disable delete protection for the project.",
+    secretSharing: "Enable or disable secret sharing for the project."
  },
  GET_KEY: {
    workspaceId: "The ID of the project to get the key from."
--- a/backend/src/server/routes/sanitizedSchemas.ts
+++ b/backend/src/server/routes/sanitizedSchemas.ts
@@ -261,7 +261,8 @@ export const SanitizedProjectSchema = ProjectsSchema.pick({
  pitVersionLimit: true,
  kmsCertificateKeyId: true,
  auditLogsRetentionDays: true,
-  hasDeleteProtection: true
+  hasDeleteProtection: true,
+  secretSharing: true
 });

 export const SanitizedTagSchema = SecretTagsSchema.pick({
--- a/backend/src/server/routes/v1/project-router.ts
+++ b/backend/src/server/routes/v1/project-router.ts
@@ -346,7 +346,8 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
              "Project slug can only contain lowercase letters and numbers, with optional single hyphens (-) or underscores (_) between words. Cannot start or end with a hyphen or underscore."
          })
          .optional()
-          .describe(PROJECTS.UPDATE.slug)
+          .describe(PROJECTS.UPDATE.slug),
+        secretSharing: z.boolean().optional().describe(PROJECTS.UPDATE.secretSharing)
      }),
      response: {
        200: z.object({
@@ -366,7 +367,8 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
          description: req.body.description,
          autoCapitalization: req.body.autoCapitalization,
          hasDeleteProtection: req.body.hasDeleteProtection,
-          slug: req.body.slug
+          slug: req.body.slug,
+          secretSharing: req.body.secretSharing
        },
        actorAuthMethod: req.permission.authMethod,
        actorId: req.permission.id,
--- a/backend/src/services/project/project-service.ts
+++ b/backend/src/services/project/project-service.ts
@@ -658,7 +658,8 @@ export const projectServiceFactory = ({
      autoCapitalization: update.autoCapitalization,
      enforceCapitalization: update.autoCapitalization,
      hasDeleteProtection: update.hasDeleteProtection,
-      slug: update.slug
+      slug: update.slug,
+      secretSharing: update.secretSharing
    });

    return updatedProject;
--- a/backend/src/services/project/project-types.ts
+++ b/backend/src/services/project/project-types.ts
@@ -93,6 +93,7 @@ export type TUpdateProjectDTO = {
    autoCapitalization?: boolean;
    hasDeleteProtection?: boolean;
    slug?: string;
+    secretSharing?: boolean;
  };
 } & Omit<TProjectPermission, "projectId">;

--- a/frontend/src/hooks/api/workspace/queries.tsx
+++ b/frontend/src/hooks/api/workspace/queries.tsx
@@ -277,13 +277,20 @@ export const useUpdateProject = () => {
  const queryClient = useQueryClient();

  return useMutation<Workspace, object, UpdateProjectDTO>({
-    mutationFn: async ({ projectID, newProjectName, newProjectDescription, newSlug }) => {
+    mutationFn: async ({
+      projectID,
+      newProjectName,
+      newProjectDescription,
+      newSlug,
+      secretSharing
+    }) => {
      const { data } = await apiRequest.patch<{ workspace: Workspace }>(
        `/api/v1/workspace/${projectID}`,
        {
          name: newProjectName,
          description: newProjectDescription,
-          slug: newSlug
+          slug: newSlug,
+          secretSharing
        }
      );
      return data.workspace;
--- a/frontend/src/hooks/api/workspace/types.ts
+++ b/frontend/src/hooks/api/workspace/types.ts
@@ -37,6 +37,7 @@ export type Workspace = {
  createdAt: string;
  roles?: TProjectRole[];
  hasDeleteProtection: boolean;
+  secretSharing: boolean;
 };

 export type WorkspaceEnv = {
@@ -73,9 +74,10 @@ export type CreateWorkspaceDTO = {

 export type UpdateProjectDTO = {
  projectID: string;
-  newProjectName: string;
+  newProjectName?: string;
  newProjectDescription?: string;
  newSlug?: string;
+  secretSharing?: boolean;
 };

 export type UpdatePitVersionLimitDTO = { projectSlug: string; pitVersionLimit: number };
--- a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
+++ b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
@@ -398,11 +398,19 @@ export const SecretDetailSidebar = ({
                                  autoFocus={false}
                                />
                                <Tooltip
-                                  content="You don't have permission to view the secret value."
-                                  isDisabled={!secret?.secretValueHidden}
+                                  content={
+                                    !currentWorkspace.secretSharing
+                                      ? "This project does not allow secret sharing."
+                                      : "You don't have permission to view the secret value."
+                                  }
+                                  isDisabled={
+                                    !secret?.secretValueHidden && currentWorkspace.secretSharing
+                                  }
                                >
                                  <Button
-                                    isDisabled={secret?.secretValueHidden}
+                                    isDisabled={
+                                      secret?.secretValueHidden || !currentWorkspace.secretSharing
+                                    }
                                    className="px-2 py-[0.43rem] font-normal"
                                    variant="outline_bg"
                                    leftIcon={<FontAwesomeIcon icon={faShare} />}
--- a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretItem.tsx
+++ b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretItem.tsx
@@ -589,7 +589,7 @@ export const SecretItem = memo(
                    )}
                  </ProjectPermissionCan>
                  <IconButton
-                    isDisabled={secret.secretValueHidden}
+                    isDisabled={secret.secretValueHidden || !currentWorkspace.secretSharing}
                    className="w-0 overflow-hidden p-0 group-hover:w-5"
                    variant="plain"
                    size="md"
--- a/frontend/src/pages/secret-manager/SettingsPage/components/ProjectGeneralTab/ProjectGeneralTab.tsx
+++ b/frontend/src/pages/secret-manager/SettingsPage/components/ProjectGeneralTab/ProjectGeneralTab.tsx
@@ -4,6 +4,7 @@ import { ProjectType, ProjectVersion } from "@app/hooks/api/workspace/types";

 import { AuditLogsRetentionSection } from "../AuditLogsRetentionSection";
 import { AutoCapitalizationSection } from "../AutoCapitalizationSection";
+import { SecretSharingSection } from "../SecretSharingSection";
 import { BackfillSecretReferenceSecretion } from "../BackfillSecretReferenceSection";
 import { DeleteProjectProtection } from "../DeleteProjectProtection";
 import { DeleteProjectSection } from "../DeleteProjectSection";
@@ -22,6 +23,7 @@ export const ProjectGeneralTab = () => {
      {isSecretManager && <EnvironmentSection />}
      {isSecretManager && <SecretTagsSection />}
      {isSecretManager && <AutoCapitalizationSection />}
+      {isSecretManager && <SecretSharingSection />}
      {isSecretManager && <PointInTimeVersionLimitSection />}
      <AuditLogsRetentionSection />
      {isSecretManager && <BackfillSecretReferenceSecretion />}
--- a/frontend/src/pages/secret-manager/SettingsPage/components/SecretSharingSection/SecretSharingSection.tsx
+++ b/frontend/src/pages/secret-manager/SettingsPage/components/SecretSharingSection/SecretSharingSection.tsx
@@ -0,0 +1,63 @@
+import { createNotification } from "@app/components/notifications";
+import { ProjectPermissionCan } from "@app/components/permissions";
+import { Checkbox } from "@app/components/v2";
+import { ProjectPermissionActions, ProjectPermissionSub, useWorkspace } from "@app/context";
+import { useUpdateProject } from "@app/hooks/api/workspace/queries";
+import { useState } from "react";
+
+export const SecretSharingSection = () => {
+  const { currentWorkspace } = useWorkspace();
+  const { mutateAsync: updateProject } = useUpdateProject();
+
+  const [isLoading, setIsLoading] = useState(false);
+
+  const handleToggle = async (state: boolean) => {
+    setIsLoading(true);
+
+    try {
+      if (!currentWorkspace?.id) {
+        setIsLoading(false);
+        return;
+      }
+
+      await updateProject({
+        projectID: currentWorkspace.id,
+        secretSharing: state
+      });
+
+      createNotification({
+        text: `Successfully ${state ? "enabled" : "disabled"} secret sharing for this project`,
+        type: "success"
+      });
+    } catch (err) {
+      console.error(err);
+      createNotification({
+        text: "Failed to update secret sharing for this project",
+        type: "error"
+      });
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
+  return (
+    <div className="mb-6 rounded-lg border border-mineshaft-600 bg-mineshaft-900 p-4">
+      <p className="mb-3 text-xl font-semibold">Allow Secret Sharing</p>
+      <ProjectPermissionCan I={ProjectPermissionActions.Edit} a={ProjectPermissionSub.Settings}>
+        {(isAllowed) => (
+          <div className="w-max">
+            <Checkbox
+              className="data-[state=checked]:bg-primary"
+              id="secretSharing"
+              isDisabled={!isAllowed || isLoading}
+              isChecked={currentWorkspace?.secretSharing ?? true}
+              onCheckedChange={(state) => handleToggle(state as boolean)}
+            >
+              This feature enables your project members to securely share secrets.
+            </Checkbox>
+          </div>
+        )}
+      </ProjectPermissionCan>
+    </div>
+  );
+};
--- a/frontend/src/pages/secret-manager/SettingsPage/components/SecretSharingSection/index.tsx
+++ b/frontend/src/pages/secret-manager/SettingsPage/components/SecretSharingSection/index.tsx
@@ -0,0 +1 @@
+export { SecretSharingSection } from "./SecretSharingSection";
Author	SHA1	Message	Date
x032205	ad50cff184	Update frontend/src/pages/secret-manager/SettingsPage/components/SecretSharingSection/SecretSharingSection.tsx Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>	2025-05-16 00:21:30 -04:00
x032205	8e43d2a994	feat(project): Enable / Disable Secret Sharing	2025-05-16 00:08:55 -04:00
				`@@ -0,0 +1 @@`
				`export { SecretSharingSection } from "./SecretSharingSection";`