misc: added mint json changes

doc: add kubernetes encryption
misc: add copy to clipboard
2025-04-13 01:49:57 +00:00 · 2024-11-01 00:47:06 +08:00 · 2024-11-01 00:42:23 +08:00 · 2024-11-01 00:22:21 +08:00 · 2024-10-31 19:05:53 +08:00 · 2024-10-30 23:08:12 -04:00
46 changed files with 1259 additions and 189 deletions
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@ -56,6 +56,7 @@
        "google-auth-library": "^9.9.0",
        "googleapis": "^137.1.0",
        "handlebars": "^4.7.8",
+        "hdb": "^0.19.10",
        "ioredis": "^5.3.2",
        "jmespath": "^0.16.0",
        "jsonwebtoken": "^9.0.2",
@ -12214,6 +12215,28 @@
        "node": ">= 0.4"
      }
    },
+    "node_modules/hdb": {
+      "version": "0.19.10",
+      "resolved": "https://registry.npmjs.org/hdb/-/hdb-0.19.10.tgz",
+      "integrity": "sha512-er0oyute1aMjf6v41JU7z1a6Zo8lqj3muC7C4Uoi81Xf4WNdjPb424wUnXIhaf4HS8H9ARDyWrMGJTvPU2jjPw==",
+      "dependencies": {
+        "iconv-lite": "^0.4.18"
+      },
+      "engines": {
+        "node": ">= 0.12"
+      }
+    },
+    "node_modules/hdb/node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
    "node_modules/helmet": {
      "version": "7.1.0",
      "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.1.0.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@ -161,6 +161,7 @@
    "google-auth-library": "^9.9.0",
    "googleapis": "^137.1.0",
    "handlebars": "^4.7.8",
+    "hdb": "^0.19.10",
    "ioredis": "^5.3.2",
    "jmespath": "^0.16.0",
    "jsonwebtoken": "^9.0.2",
--- a/backend/src/@types/hdb.d.ts
+++ b/backend/src/@types/hdb.d.ts
@ -0,0 +1,4 @@
+declare module "hdb" {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any -- Untyped, the function returns `any`.
+  function createClient(options): any;
+}
--- a/backend/src/db/migrations/20231222172455_integration.ts
+++ b/backend/src/db/migrations/20231222172455_integration.ts
@ -9,7 +9,7 @@ export async function up(knex: Knex): Promise<void> {
      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
      t.string("integration").notNullable();
      t.string("teamId"); // vercel-specific
-      t.string("url"); // for self hosted
+      t.string("url"); // for self-hosted
      t.string("namespace"); // hashicorp specific
      t.string("accountId"); // netlify
      t.text("refreshCiphertext");
@ -36,7 +36,7 @@ export async function up(knex: Knex): Promise<void> {
    await knex.schema.createTable(TableName.Integration, (t) => {
      t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
      t.boolean("isActive").notNullable();
-      t.string("url"); // self hosted
+      t.string("url"); // self-hosted
      t.string("app"); // name of app in provider
      t.string("appId");
      t.string("targetEnvironment");
--- a/backend/src/ee/services/dynamic-secret/dynamic-secret-fns.ts
+++ b/backend/src/ee/services/dynamic-secret/dynamic-secret-fns.ts
@ -0,0 +1,20 @@
+import { getConfig } from "@app/lib/config/env";
+import { BadRequestError } from "@app/lib/errors";
+import { getDbConnectionHost } from "@app/lib/knex";
+
+export const verifyHostInputValidity = (host: string) => {
+  const appCfg = getConfig();
+  const dbHost = appCfg.DB_HOST || getDbConnectionHost(appCfg.DB_CONNECTION_URI);
+
+  if (
+    appCfg.isCloud &&
+    // localhost
+    // internal ips
+    (host === "host.docker.internal" || host.match(/^10\.\d+\.\d+\.\d+/) || host.match(/^192\.168\.\d+\.\d+/))
+  )
+    throw new BadRequestError({ message: "Invalid db host" });
+
+  if (host === "localhost" || host === "127.0.0.1" || dbHost === host) {
+    throw new BadRequestError({ message: "Invalid db host" });
+  }
+};
--- a/backend/src/ee/services/dynamic-secret/providers/elastic-search.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/elastic-search.ts
@ -2,10 +2,9 @@ import { Client as ElasticSearchClient } from "@elastic/elasticsearch";
 import { customAlphabet } from "nanoid";
 import { z } from "zod";

-import { getConfig } from "@app/lib/config/env";
-import { BadRequestError } from "@app/lib/errors";
 import { alphaNumericNanoId } from "@app/lib/nanoid";

+import { verifyHostInputValidity } from "../dynamic-secret-fns";
 import { DynamicSecretElasticSearchSchema, ElasticSearchAuthTypes, TDynamicProviderFns } from "./models";

 const generatePassword = () => {
@ -19,23 +18,8 @@ const generateUsername = () => {

 export const ElasticSearchProvider = (): TDynamicProviderFns => {
  const validateProviderInputs = async (inputs: unknown) => {
-    const appCfg = getConfig();
-    const isCloud = Boolean(appCfg.LICENSE_SERVER_KEY); // quick and dirty way to check if its cloud or not
-
    const providerInputs = await DynamicSecretElasticSearchSchema.parseAsync(inputs);
-    if (
-      isCloud &&
-      // localhost
-      // internal ips
-      (providerInputs.host === "host.docker.internal" ||
-        providerInputs.host.match(/^10\.\d+\.\d+\.\d+/) ||
-        providerInputs.host.match(/^192\.168\.\d+\.\d+/))
-    ) {
-      throw new BadRequestError({ message: "Invalid db host" });
-    }
-    if (providerInputs.host === "localhost" || providerInputs.host === "127.0.0.1") {
-      throw new BadRequestError({ message: "Invalid db host" });
-    }
+    verifyHostInputValidity(providerInputs.host);

    return providerInputs;
  };
--- a/backend/src/ee/services/dynamic-secret/providers/index.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/index.ts
@ -9,6 +9,7 @@ import { MongoAtlasProvider } from "./mongo-atlas";
 import { MongoDBProvider } from "./mongo-db";
 import { RabbitMqProvider } from "./rabbit-mq";
 import { RedisDatabaseProvider } from "./redis";
+import { SapHanaProvider } from "./sap-hana";
 import { SqlDatabaseProvider } from "./sql-database";

 export const buildDynamicSecretProviders = () => ({
@ -22,5 +23,6 @@ export const buildDynamicSecretProviders = () => ({
  [DynamicSecretProviders.ElasticSearch]: ElasticSearchProvider(),
  [DynamicSecretProviders.RabbitMq]: RabbitMqProvider(),
  [DynamicSecretProviders.AzureEntraID]: AzureEntraIDProvider(),
-  [DynamicSecretProviders.Ldap]: LdapProvider()
+  [DynamicSecretProviders.Ldap]: LdapProvider(),
+  [DynamicSecretProviders.SapHana]: SapHanaProvider()
 });
--- a/backend/src/ee/services/dynamic-secret/providers/models.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/models.ts
@ -166,6 +166,17 @@ export const DynamicSecretMongoDBSchema = z.object({
    )
 });

+export const DynamicSecretSapHanaSchema = z.object({
+  host: z.string().trim().toLowerCase(),
+  port: z.number(),
+  username: z.string().trim(),
+  password: z.string().trim(),
+  creationStatement: z.string().trim(),
+  revocationStatement: z.string().trim(),
+  renewStatement: z.string().trim().optional(),
+  ca: z.string().optional()
+});
+
 export const AzureEntraIDSchema = z.object({
  tenantId: z.string().trim().min(1),
  userId: z.string().trim().min(1),
@ -196,7 +207,8 @@ export enum DynamicSecretProviders {
  MongoDB = "mongo-db",
  RabbitMq = "rabbit-mq",
  AzureEntraID = "azure-entra-id",
-  Ldap = "ldap"
+  Ldap = "ldap",
+  SapHana = "sap-hana"
 }

 export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
@ -204,6 +216,7 @@ export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
  z.object({ type: z.literal(DynamicSecretProviders.Cassandra), inputs: DynamicSecretCassandraSchema }),
  z.object({ type: z.literal(DynamicSecretProviders.AwsIam), inputs: DynamicSecretAwsIamSchema }),
  z.object({ type: z.literal(DynamicSecretProviders.Redis), inputs: DynamicSecretRedisDBSchema }),
+  z.object({ type: z.literal(DynamicSecretProviders.SapHana), inputs: DynamicSecretSapHanaSchema }),
  z.object({ type: z.literal(DynamicSecretProviders.AwsElastiCache), inputs: DynamicSecretAwsElastiCacheSchema }),
  z.object({ type: z.literal(DynamicSecretProviders.MongoAtlas), inputs: DynamicSecretMongoAtlasSchema }),
  z.object({ type: z.literal(DynamicSecretProviders.ElasticSearch), inputs: DynamicSecretElasticSearchSchema }),
--- a/backend/src/ee/services/dynamic-secret/providers/mongo-db.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/mongo-db.ts
@ -2,10 +2,9 @@ import { MongoClient } from "mongodb";
 import { customAlphabet } from "nanoid";
 import { z } from "zod";

-import { getConfig } from "@app/lib/config/env";
-import { BadRequestError } from "@app/lib/errors";
 import { alphaNumericNanoId } from "@app/lib/nanoid";

+import { verifyHostInputValidity } from "../dynamic-secret-fns";
 import { DynamicSecretMongoDBSchema, TDynamicProviderFns } from "./models";

 const generatePassword = (size = 48) => {
@ -19,22 +18,8 @@ const generateUsername = () => {

 export const MongoDBProvider = (): TDynamicProviderFns => {
  const validateProviderInputs = async (inputs: unknown) => {
-    const appCfg = getConfig();
    const providerInputs = await DynamicSecretMongoDBSchema.parseAsync(inputs);
-    if (
-      appCfg.isCloud &&
-      // localhost
-      // internal ips
-      (providerInputs.host === "host.docker.internal" ||
-        providerInputs.host.match(/^10\.\d+\.\d+\.\d+/) ||
-        providerInputs.host.match(/^192\.168\.\d+\.\d+/))
-    )
-      throw new BadRequestError({ message: "Invalid db host" });
-
-    if (providerInputs.host === "localhost" || providerInputs.host === "127.0.0.1") {
-      throw new BadRequestError({ message: "Invalid db host" });
-    }
-
+    verifyHostInputValidity(providerInputs.host);
    return providerInputs;
  };

--- a/backend/src/ee/services/dynamic-secret/providers/rabbit-mq.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/rabbit-mq.ts
@ -3,12 +3,11 @@ import https from "https";
 import { customAlphabet } from "nanoid";
 import { z } from "zod";

-import { getConfig } from "@app/lib/config/env";
-import { BadRequestError } from "@app/lib/errors";
 import { removeTrailingSlash } from "@app/lib/fn";
 import { logger } from "@app/lib/logger";
 import { alphaNumericNanoId } from "@app/lib/nanoid";

+import { verifyHostInputValidity } from "../dynamic-secret-fns";
 import { DynamicSecretRabbitMqSchema, TDynamicProviderFns } from "./models";

 const generatePassword = () => {
@ -79,23 +78,8 @@ async function deleteRabbitMqUser({ axiosInstance, usernameToDelete }: TDeleteRa

 export const RabbitMqProvider = (): TDynamicProviderFns => {
  const validateProviderInputs = async (inputs: unknown) => {
-    const appCfg = getConfig();
-    const isCloud = Boolean(appCfg.LICENSE_SERVER_KEY); // quick and dirty way to check if its cloud or not
-
    const providerInputs = await DynamicSecretRabbitMqSchema.parseAsync(inputs);
-    if (
-      isCloud &&
-      // localhost
-      // internal ips
-      (providerInputs.host === "host.docker.internal" ||
-        providerInputs.host.match(/^10\.\d+\.\d+\.\d+/) ||
-        providerInputs.host.match(/^192\.168\.\d+\.\d+/))
-    ) {
-      throw new BadRequestError({ message: "Invalid db host" });
-    }
-    if (providerInputs.host === "localhost" || providerInputs.host === "127.0.0.1") {
-      throw new BadRequestError({ message: "Invalid db host" });
-    }
+    verifyHostInputValidity(providerInputs.host);

    return providerInputs;
  };
--- a/backend/src/ee/services/dynamic-secret/providers/redis.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/redis.ts
@ -3,11 +3,10 @@ import { Redis } from "ioredis";
 import { customAlphabet } from "nanoid";
 import { z } from "zod";

-import { getConfig } from "@app/lib/config/env";
 import { BadRequestError } from "@app/lib/errors";
-import { getDbConnectionHost } from "@app/lib/knex";
 import { alphaNumericNanoId } from "@app/lib/nanoid";

+import { verifyHostInputValidity } from "../dynamic-secret-fns";
 import { DynamicSecretRedisDBSchema, TDynamicProviderFns } from "./models";

 const generatePassword = () => {
@ -51,22 +50,8 @@ const executeTransactions = async (connection: Redis, commands: string[]): Promi

 export const RedisDatabaseProvider = (): TDynamicProviderFns => {
  const validateProviderInputs = async (inputs: unknown) => {
-    const appCfg = getConfig();
-    const isCloud = Boolean(appCfg.LICENSE_SERVER_KEY); // quick and dirty way to check if its cloud or not
-    const dbHost = appCfg.DB_HOST || getDbConnectionHost(appCfg.DB_CONNECTION_URI);
-
    const providerInputs = await DynamicSecretRedisDBSchema.parseAsync(inputs);
-    if (
-      isCloud &&
-      // localhost
-      // internal ips
-      (providerInputs.host === "host.docker.internal" ||
-        providerInputs.host.match(/^10\.\d+\.\d+\.\d+/) ||
-        providerInputs.host.match(/^192\.168\.\d+\.\d+/))
-    )
-      throw new BadRequestError({ message: "Invalid db host" });
-    if (providerInputs.host === "localhost" || providerInputs.host === "127.0.0.1" || dbHost === providerInputs.host)
-      throw new BadRequestError({ message: "Invalid db host" });
+    verifyHostInputValidity(providerInputs.host);
    return providerInputs;
  };

--- a/backend/src/ee/services/dynamic-secret/providers/sap-hana.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/sap-hana.ts
@ -0,0 +1,174 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+/* eslint-disable @typescript-eslint/no-unsafe-member-access */
+/* eslint-disable @typescript-eslint/no-unsafe-call */
+/* eslint-disable @typescript-eslint/no-unsafe-return */
+/* eslint-disable @typescript-eslint/no-unsafe-assignment */
+
+import handlebars from "handlebars";
+import hdb from "hdb";
+import { customAlphabet } from "nanoid";
+import { z } from "zod";
+
+import { BadRequestError } from "@app/lib/errors";
+import { alphaNumericNanoId } from "@app/lib/nanoid";
+
+import { verifyHostInputValidity } from "../dynamic-secret-fns";
+import { DynamicSecretSapHanaSchema, TDynamicProviderFns } from "./models";
+
+const generatePassword = (size = 48) => {
+  const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+  return customAlphabet(charset, 48)(size);
+};
+
+const generateUsername = () => {
+  return alphaNumericNanoId(32);
+};
+
+export const SapHanaProvider = (): TDynamicProviderFns => {
+  const validateProviderInputs = async (inputs: unknown) => {
+    const providerInputs = await DynamicSecretSapHanaSchema.parseAsync(inputs);
+
+    verifyHostInputValidity(providerInputs.host);
+    return providerInputs;
+  };
+
+  const getClient = async (providerInputs: z.infer<typeof DynamicSecretSapHanaSchema>) => {
+    const client = hdb.createClient({
+      host: providerInputs.host,
+      port: providerInputs.port,
+      user: providerInputs.username,
+      password: providerInputs.password,
+      ...(providerInputs.ca
+        ? {
+            ca: providerInputs.ca
+          }
+        : {})
+    });
+
+    await new Promise((resolve, reject) => {
+      client.connect((err: any) => {
+        if (err) {
+          return reject(err);
+        }
+
+        if (client.readyState) {
+          return resolve(true);
+        }
+
+        reject(new Error("SAP HANA client not ready"));
+      });
+    });
+
+    return client;
+  };
+
+  const validateConnection = async (inputs: unknown) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const client = await getClient(providerInputs);
+
+    const testResult: boolean = await new Promise((resolve, reject) => {
+      client.exec("SELECT 1 FROM DUMMY;", (err: any) => {
+        if (err) {
+          reject();
+        }
+
+        resolve(true);
+      });
+    });
+
+    return testResult;
+  };
+
+  const create = async (inputs: unknown, expireAt: number) => {
+    const providerInputs = await validateProviderInputs(inputs);
+
+    const username = generateUsername();
+    const password = generatePassword();
+    const expiration = new Date(expireAt).toISOString();
+
+    const client = await getClient(providerInputs);
+    const creationStatement = handlebars.compile(providerInputs.creationStatement, { noEscape: true })({
+      username,
+      password,
+      expiration
+    });
+
+    const queries = creationStatement.toString().split(";").filter(Boolean);
+    for await (const query of queries) {
+      await new Promise((resolve, reject) => {
+        client.exec(query, (err: any) => {
+          if (err) {
+            reject(
+              new BadRequestError({
+                message: err.message
+              })
+            );
+          }
+          resolve(true);
+        });
+      });
+    }
+
+    return { entityId: username, data: { DB_USERNAME: username, DB_PASSWORD: password } };
+  };
+
+  const revoke = async (inputs: unknown, username: string) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const client = await getClient(providerInputs);
+    const revokeStatement = handlebars.compile(providerInputs.revocationStatement)({ username });
+    const queries = revokeStatement.toString().split(";").filter(Boolean);
+    for await (const query of queries) {
+      await new Promise((resolve, reject) => {
+        client.exec(query, (err: any) => {
+          if (err) {
+            reject(
+              new BadRequestError({
+                message: err.message
+              })
+            );
+          }
+          resolve(true);
+        });
+      });
+    }
+
+    return { entityId: username };
+  };
+
+  const renew = async (inputs: unknown, username: string, expireAt: number) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const client = await getClient(providerInputs);
+    try {
+      const expiration = new Date(expireAt).toISOString();
+
+      const renewStatement = handlebars.compile(providerInputs.renewStatement)({ username, expiration });
+      const queries = renewStatement.toString().split(";").filter(Boolean);
+      for await (const query of queries) {
+        await new Promise((resolve, reject) => {
+          client.exec(query, (err: any) => {
+            if (err) {
+              reject(
+                new BadRequestError({
+                  message: err.message
+                })
+              );
+            }
+            resolve(true);
+          });
+        });
+      }
+    } finally {
+      client.disconnect();
+    }
+
+    return { entityId: username };
+  };
+
+  return {
+    validateProviderInputs,
+    validateConnection,
+    create,
+    revoke,
+    renew
+  };
+};
--- a/backend/src/ee/services/dynamic-secret/providers/sql-database.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/sql-database.ts
@ -3,11 +3,9 @@ import knex from "knex";
 import { customAlphabet } from "nanoid";
 import { z } from "zod";

-import { getConfig } from "@app/lib/config/env";
-import { BadRequestError } from "@app/lib/errors";
-import { getDbConnectionHost } from "@app/lib/knex";
 import { alphaNumericNanoId } from "@app/lib/nanoid";

+import { verifyHostInputValidity } from "../dynamic-secret-fns";
 import { DynamicSecretSqlDBSchema, SqlProviders, TDynamicProviderFns } from "./models";

 const EXTERNAL_REQUEST_TIMEOUT = 10 * 1000;
@ -29,27 +27,8 @@ const generateUsername = (provider: SqlProviders) => {

 export const SqlDatabaseProvider = (): TDynamicProviderFns => {
  const validateProviderInputs = async (inputs: unknown) => {
-    const appCfg = getConfig();
-    const isCloud = Boolean(appCfg.LICENSE_SERVER_KEY); // quick and dirty way to check if its cloud or not
-    const dbHost = appCfg.DB_HOST || getDbConnectionHost(appCfg.DB_CONNECTION_URI);
-
    const providerInputs = await DynamicSecretSqlDBSchema.parseAsync(inputs);
-    if (
-      isCloud &&
-      // localhost
-      // internal ips
-      (providerInputs.host === "host.docker.internal" ||
-        providerInputs.host.match(/^10\.\d+\.\d+\.\d+/) ||
-        providerInputs.host.match(/^192\.168\.\d+\.\d+/))
-    )
-      throw new BadRequestError({ message: "Invalid db host" });
-    if (
-      providerInputs.host === "localhost" ||
-      providerInputs.host === "127.0.0.1" ||
-      // database infisical uses
-      dbHost === providerInputs.host
-    )
-      throw new BadRequestError({ message: "Invalid db host" });
+    verifyHostInputValidity(providerInputs.host);
    return providerInputs;
  };

--- a/backend/src/ee/services/license/license-service.ts
+++ b/backend/src/ee/services/license/license-service.ts
@ -129,7 +129,7 @@ export const licenseServiceFactory = ({
        }
      }

-      // this means this is self hosted oss version
+      // this means this is the self-hosted oss version
      // else it would reach catch statement
      isValidLicense = true;
    } catch (error) {
--- a/backend/src/ee/services/permission/project-permission.ts
+++ b/backend/src/ee/services/permission/project-permission.ts
@ -694,31 +694,35 @@ export const buildServiceTokenProjectPermission = (
  const canRead = permission.includes("read");
  const { can, build } = new AbilityBuilder<MongoAbility<ProjectPermissionSet>>(createMongoAbility);
  scopes.forEach(({ secretPath, environment }) => {
-    if (canWrite) {
-      // TODO: @Akhi
-      // @ts-expect-error type
-      can(ProjectPermissionActions.Edit, ProjectPermissionSub.Secrets, {
-        secretPath: { $glob: secretPath },
-        environment
-      });
-      // @ts-expect-error type
-      can(ProjectPermissionActions.Create, ProjectPermissionSub.Secrets, {
-        secretPath: { $glob: secretPath },
-        environment
-      });
-      // @ts-expect-error type
-      can(ProjectPermissionActions.Delete, ProjectPermissionSub.Secrets, {
-        secretPath: { $glob: secretPath },
-        environment
-      });
-    }
-    if (canRead) {
-      // @ts-expect-error type
-      can(ProjectPermissionActions.Read, ProjectPermissionSub.Secrets, {
-        secretPath: { $glob: secretPath },
-        environment
-      });
-    }
+    [ProjectPermissionSub.Secrets, ProjectPermissionSub.SecretImports, ProjectPermissionSub.SecretFolders].forEach(
+      (subject) => {
+        if (canWrite) {
+          // TODO: @Akhi
+          // @ts-expect-error type
+          can(ProjectPermissionActions.Edit, subject, {
+            secretPath: { $glob: secretPath },
+            environment
+          });
+          // @ts-expect-error type
+          can(ProjectPermissionActions.Create, subject, {
+            secretPath: { $glob: secretPath },
+            environment
+          });
+          // @ts-expect-error type
+          can(ProjectPermissionActions.Delete, subject, {
+            secretPath: { $glob: secretPath },
+            environment
+          });
+        }
+        if (canRead) {
+          // @ts-expect-error type
+          can(ProjectPermissionActions.Read, subject, {
+            secretPath: { $glob: secretPath },
+            environment
+          });
+        }
+      }
+    );
  });

  return build({ conditionsMatcher });
--- a/backend/src/services/telemetry/telemetry-queue.ts
+++ b/backend/src/services/telemetry/telemetry-queue.ts
@ -48,7 +48,7 @@ export const telemetryQueueServiceFactory = ({
    await keyStore.deleteItem(TELEMETRY_SECRET_OPERATIONS_KEY);
  });

-  // every day at midnight a telemetry job executes on self hosted
+  // every day at midnight a telemetry job executes on self-hosted instances
  // this sends some telemetry information like instance id secrets operated etc
  const startTelemetryCheck = async () => {
    // this is a fast way to check its cloud or not
--- a/backend/src/services/telemetry/telemetry-service.ts
+++ b/backend/src/services/telemetry/telemetry-service.ts
@ -62,7 +62,7 @@ To opt into telemetry, you can set "TELEMETRY_ENABLED=true" within the environme
  const sendPostHogEvents = async (event: TPostHogEvent) => {
    if (postHog) {
      const instanceType = licenseService.getInstanceType();
-      // capture posthog only when its cloud or signup event happens in self hosted
+      // capture posthog only when its cloud or signup event happens in self-hosted
      if (instanceType === InstanceType.Cloud || event.event === PostHogEventTypes.UserSignedUp) {
        postHog.capture({
          event: event.event,
--- a/cli/packages/api/api.go
+++ b/cli/packages/api/api.go
@ -429,7 +429,7 @@ func CallGetRawSecretsV3(httpClient *resty.Client, request GetRawSecretsV3Reques
 		(strings.Contains(response.String(), "bot_not_found_error") ||
 			strings.Contains(strings.ToLower(response.String()), "failed to find bot key") ||
 			strings.Contains(strings.ToLower(response.String()), "bot is not active")) {
-		return GetRawSecretsV3Response{}, fmt.Errorf(`Project with id %s is incompatible with your current CLI version. Upgrade your project by visiting the project settings page. If you're self hosting and project upgrade option isn't yet available, contact your administrator to upgrade your Infisical instance to the latest release.
+		return GetRawSecretsV3Response{}, fmt.Errorf(`Project with id %s is incompatible with your current CLI version. Upgrade your project by visiting the project settings page. If you're self-hosting and project upgrade option isn't yet available, contact your administrator to upgrade your Infisical instance to the latest release.
 		`, request.WorkspaceId)
 	}

--- a/cli/packages/cmd/login.go
+++ b/cli/packages/cmd/login.go
@ -236,7 +236,7 @@ var loginCmd = &cobra.Command{

 			}

-			//prompt user to select domain between Infisical cloud and self hosting
+			//prompt user to select domain between Infisical cloud and self-hosting
 			if domainQuery {
 				err = askForDomain()
 				if err != nil {
@ -528,11 +528,11 @@ func DomainOverridePrompt() (bool, error) {

 func askForDomain() error {

-	// query user to choose between Infisical cloud or self hosting
+	// query user to choose between Infisical cloud or self-hosting
 	const (
 		INFISICAL_CLOUD_US = "Infisical Cloud (US Region)"
 		INFISICAL_CLOUD_EU = "Infisical Cloud (EU Region)"
-		SELF_HOSTING       = "Self Hosting"
+		SELF_HOSTING       = "Self-Hosting"
 		ADD_NEW_DOMAIN     = "Add a new domain"
 	)

@ -609,7 +609,7 @@ func askForDomain() error {
 		return err
 	}

-	// Trimmed the '/' from the end of the self hosting url, and set the api & login url
+	// Trimmed the '/' from the end of the self-hosting url, and set the api & login url
 	domain = strings.TrimRight(domain, "/")
 	config.INFISICAL_URL = fmt.Sprintf("%s/api", domain)
 	config.INFISICAL_LOGIN_URL = fmt.Sprintf("%s/login", domain)
--- a/docs/cli/usage.mdx
+++ b/docs/cli/usage.mdx
@ -167,7 +167,7 @@ For security and privacy concerns, we recommend you to configure your terminal t

    #### Method 2: Export environment variable

-    You can point the CLI to the self hosted Infisical instance by exporting the environment variable `INFISICAL_API_URL` in your terminal.
+    You can point the CLI to the self-hosted Infisical instance by exporting the environment variable `INFISICAL_API_URL` in your terminal.

    <Tabs>
    <Tab title="Linux/MacOs">
@ -197,7 +197,7 @@ For security and privacy concerns, we recommend you to configure your terminal t

 #### Method 3: Set manually on every command

-Another option to point the CLI to your self hosted Infisical instance is to set it via a flag on every command you run.
+Another option to point the CLI to your self-hosted Infisical instance is to set it via a flag on every command you run.

 ```bash
 # Example
--- a/docs/documentation/platform/access-controls/attribute-based-access-controls.mdx
+++ b/docs/documentation/platform/access-controls/attribute-based-access-controls.mdx
@ -19,13 +19,13 @@ Attribute-based access controls are currently available for polices defined on p
  <Tab title="Manually Configure Metadata">
    <Steps>
        <Step title="Navigate to the Access Control page on the organization sidebar and select an identity (user or machine).">
-            <img src="images/platform/access-controls/add-metadata-step1.png" />
+            <img src="/images/platform/access-controls/add-metadata-step1.png" />
        </Step>
        <Step title="On the Identity Page, click the pencil icon to edit the selected identity.">
-            <img src="images/platform/access-controls/add-metadata-step2.png" />
+            <img src="/images/platform/access-controls/add-metadata-step2.png" />
        </Step>
        <Step title="Add metadata via key-value pairs and update the identity.">
-            <img src="images/platform/access-controls/add-metadata-step3.png" />
+            <img src="/images/platform/access-controls/add-metadata-step3.png" />
        </Step>
    </Steps>
  </Tab>
@ -38,7 +38,7 @@ Attribute-based access controls are currently available for polices defined on p

 ## Defining ABAC Policies

-<img src="images/platform/access-controls/example-abac-1.png" />
+<img src="/images/platform/access-controls/example-abac-1.png" />

 ABAC policies make use of identity metadata to define dynamic permissions. Each attribute must start and end with double curly-brackets `{{ <attribute-name> }}`.
 The following attributes are available within project permissions:
--- a/docs/documentation/platform/audit-log-streams/audit-log-streams.mdx
+++ b/docs/documentation/platform/audit-log-streams/audit-log-streams.mdx
@ -20,10 +20,10 @@ The logs are formatted in JSON, requiring your logging provider to support JSON-
 <Steps>
    <Step title="Navigate to Organization Settings in your sidebar." />
    <Step title="Select Audit Log Streams Tab.">
-				![stream create](../../images/platform/audit-log-streams/stream-create.png)
+				![stream create](/images/platform/audit-log-streams/stream-create.png)
 		</Step>
 		<Step title="Click on Create">
-		 ![stream create](../../images/platform/audit-log-streams/stream-inputs.png)
+		 ![stream create](/images/platform/audit-log-streams/stream-inputs.png)

 		 Provide the following values
 		 <ParamField path="Endpoint URL" type="string" required>
@ -35,7 +35,7 @@ The logs are formatted in JSON, requiring your logging provider to support JSON-
 		</Step>
 </Steps>

-![stream listt](../../images/platform/audit-log-streams/stream-list.png)
+![stream listt](/images/platform/audit-log-streams/stream-list.png)
 Your Audit Logs are now ready to be streamed.

 ## Example Providers
@ -44,11 +44,11 @@ Your Audit Logs are now ready to be streamed.

 <Steps>
    <Step title="Select Connect Source">
-				![better stack connect source](../../images/platform/audit-log-streams/betterstack-create-source.png)
+				![better stack connect source](/images/platform/audit-log-streams/betterstack-create-source.png)
 		</Step>
    <Step title="Provide a name and select platform"/>
   <Step title="Provide Audit Log Stream inputs">
-				![better stack connect](../../images/platform/audit-log-streams/betterstack-source-details.png)
+				![better stack connect](/images/platform/audit-log-streams/betterstack-source-details.png)

 				1. Copy the **endpoint** from Better Stack to the **Endpoint URL** field.
 				3. Create a new header with key **Authorization** and set the value as **Bearer \<source token from betterstack\>**.
@ -59,21 +59,21 @@ Your Audit Logs are now ready to be streamed.

 <Steps>
    <Step title="Navigate to API Keys section">
-				![api key create](../../images/platform/audit-log-streams/datadog-api-sidebar.png)
+				![api key create](/images/platform/audit-log-streams/datadog-api-sidebar.png)
 		</Step>
    <Step title="Select New Key and provide a key name">
-				![api key form](../../images/platform/audit-log-streams/data-create-api-key.png)
-				![api key form](../../images/platform/audit-log-streams/data-dog-api-key.png)
+				![api key form](/images/platform/audit-log-streams/data-create-api-key.png)
+				![api key form](/images/platform/audit-log-streams/data-dog-api-key.png)
 		</Step>
   <Step title="Find your Datadog region specific logging endpoint.">
-				![datadog url](../../images/platform/audit-log-streams/datadog-logging-endpoint.png)
+				![datadog url](/images/platform/audit-log-streams/datadog-logging-endpoint.png)

 				1. Navigate to the [Datadog Send Logs API documentation](https://docs.datadoghq.com/api/latest/logs/?code-lang=curl&site=us5#send-logs).
 				2. Pick your Datadog account region.
 				3. Obtain your Datadog logging endpoint URL.
 	 </Step>
   <Step title="Provide audit log stream inputs">
-				![datadog api key details](../../images/platform/audit-log-streams/datadog-source-details.png)
+				![datadog api key details](/images/platform/audit-log-streams/datadog-source-details.png)

 				1. Copy the **logging endpoint** from Datadog to the **Endpoint URL** field.
 				2. Copy the **API Key** from previous step
--- a/docs/documentation/platform/dynamic-secrets/sap-hana.mdx
+++ b/docs/documentation/platform/dynamic-secrets/sap-hana.mdx
@ -0,0 +1,121 @@
+---
+title: "SAP HANA"
+description: "Learn how to dynamically generate SAP HANA database account credentials."
+---
+
+The Infisical SAP HANA dynamic secret allows you to generate SAP HANA database credentials on demand.
+
+## Prerequisite
+
+- Infisical requires a SAP HANA database user in your instance with the necessary permissions. This user will facilitate the creation of new accounts as needed.
+  Ensure the user possesses privileges for creating, dropping, and granting permissions to roles for it to be able to create dynamic secrets.
+
+- The SAP HANA instance should be reachable by Infisical.
+
+## Set up Dynamic Secrets with SAP HANA
+
+<Steps>
+  <Step title="Open Secret Overview Dashboard">
+	Open the Secret Overview dashboard and select the environment in which you would like to add a dynamic secret.
+  </Step>
+  <Step title="Click on the 'Add Dynamic Secret' button">
+	![Add Dynamic Secret Button](../../../images/platform/dynamic-secrets/add-dynamic-secret-button.png)
+  </Step>
+  <Step title="Select SAP HANA">
+	![Dynamic Secret Modal](../../../images/platform/dynamic-secrets/dynamic-secret-modal-sap-hana.png)
+  </Step>
+  <Step title="Provide the inputs for dynamic secret parameters">
+	<ParamField path="Secret Name" type="string" required>
+		Name by which you want the secret to be referenced
+	</ParamField>
+
+    <ParamField path="Default TTL" type="string" required>
+    	Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+    </ParamField>
+
+    <ParamField path="Max TTL" type="string" required>
+    	Maximum time-to-live for a generated secret
+    </ParamField>
+
+    <ParamField path="Host" type="string" required>
+    	SAP HANA Host
+
+  </ParamField>
+
+    <ParamField path="Port" type="number" required>
+    	SAP HANA Port
+    </ParamField>
+
+    <ParamField path="User" type="string" required>
+    	Username that will be used to create dynamic secrets
+    </ParamField>
+
+    <ParamField path="Password" type="string" required>
+    	Password that will be used to create dynamic secrets
+    </ParamField>
+
+    <ParamField path="CA(SSL)" type="string">
+    	A CA may be required for SSL if you are self-hosting SAP HANA
+
+  </ParamField>
+
+    ![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-setup-modal-sap-hana.png)
+
+  </Step>
+  <Step title="(Optional) Modify SQL Statements">
+  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the SQL statement to your needs.
+    ![Modify SQL Statements Modal](../../../images/platform/dynamic-secrets/modify-sap-hana-sql-statements.png)
+
+    <Warning>
+      Due to SAP HANA limitations, the attached SQL statements are not executed as a transaction.
+    </Warning>
+
+  </Step>
+  <Step title="Click 'Submit'">
+  	After submitting the form, you will see a dynamic secret created in the dashboard.
+
+    <Note>
+    	If this step fails, you may have to add the CA certficate.
+    </Note>
+
+  </Step>
+  <Step title="Generate dynamic secrets">
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.
+
+    ![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
+    ![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-lease-empty.png)
+
+    When generating these secrets, it's important to specify a Time-to-Live (TTL) duration. This will dictate how long the credentials are valid for.
+
+    ![Provision Lease](/images/platform/dynamic-secrets/provision-lease.png)
+
+    <Tip>
+    	Ensure that the TTL for the lease fall within the maximum TTL defined when configuring the dynamic secret in step 4.
+    </Tip>
+
+
+    Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you.
+
+    ![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
+
+  </Step>
+</Steps>
+
+## Audit or Revoke Leases
+
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard.
+This will allow you see the lease details and delete the lease ahead of its expiration time.
+
+![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
+
+## Renew Leases
+
+To extend the life of the generated dynamic secret lease past its initial time to live, simply click on the **Renew** as illustrated below.
+![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
+
+<Warning>
+  Lease renewals cannot exceed the maximum TTL set when configuring the dynamic
+  secret.
+</Warning>
--- a/docs/documentation/platform/identities/machine-identities.mdx
+++ b/docs/documentation/platform/identities/machine-identities.mdx
@ -20,7 +20,7 @@ Key Features:

 A typical workflow for using identities consists of four steps:

-1. Creating the identity with a name and [role](/documentation/platform/role-based-access-controls) in Organization Access Control > Machine Identities.
+1. Creating the identity with a name and [role](/documentation/platform/access-controls/role-based-access-controls) in Organization Access Control > Machine Identities.
   This step also involves configuring an authentication method for it.
 2. Adding the identity to the project(s) you want it to have access to.
 3. Authenticating the identity with the Infisical API based on the configured authentication method on it and receiving a short-lived access token back.
--- a/docs/documentation/platform/kms/kubernetes-encryption.mdx
+++ b/docs/documentation/platform/kms/kubernetes-encryption.mdx
@ -0,0 +1,5 @@
+---
+title: "Kubernetes Encryption with KMS"
+sidebarTitle: "Kubernetes Encryption"
+url: "https://github.com/Infisical/k8-kms-plugin"
+---
--- a/docs/documentation/platform/kms/overview.mdx
+++ b/docs/documentation/platform/kms/overview.mdx
@ -1,6 +1,6 @@
 ---
 title: "Key Management Service (KMS)"
-sidebarTitle: "Key Management (KMS)"
+sidebarTitle: "Overview"
 description: "Learn how to manage and use cryptographic keys with Infisical."
 ---

--- a/docs/images/platform/dynamic-secrets/dynamic-secret-modal-sap-hana.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-modal-sap-hana.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-setup-modal-sap-hana.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-setup-modal-sap-hana.png
--- a/docs/images/platform/dynamic-secrets/modify-sap-hana-sql-statements.png
+++ b/docs/images/platform/dynamic-secrets/modify-sap-hana-sql-statements.png
--- a/docs/integrations/frameworks/terraform.mdx
+++ b/docs/integrations/frameworks/terraform.mdx
@ -33,7 +33,7 @@ Set up the Infisical provider by specifying the `host` and `service_token`. Repl

 ```hcl main.tf
 provider "infisical" {
-  host          = "https://app.infisical.com" # Only required if using self hosted instance of Infisical, default is https://app.infisical.com
+  host          = "https://app.infisical.com" # Only required if using a self-hosted instance of Infisical, default is https://app.infisical.com
  client_id     = "<>"
  client_secret = "<>"
  service_token = "<>" # DEPRECATED, USE MACHINE IDENTITY AUTH INSTEAD
--- a/docs/integrations/platforms/kubernetes.mdx
+++ b/docs/integrations/platforms/kubernetes.mdx
@ -168,7 +168,7 @@ spec:
 ### InfisicalSecret CRD properties

 <Accordion title="hostAPI">
-  If you are fetching secrets from a self hosted instance of Infisical set the value of `hostAPI` to 
+  If you are fetching secrets from a self-hosted instance of Infisical set the value of `hostAPI` to 
  ` https://your-self-hosted-instace.com/api`

 When `hostAPI` is not defined the operator fetches secrets from Infisical Cloud.
--- a/docs/mint.json
+++ b/docs/mint.json
@ -113,7 +113,13 @@
            "documentation/platform/pki/alerting"
          ]
        },
-        "documentation/platform/kms",
+        {
+          "group": "Key Management (KMS)",
+          "pages": [
+            "documentation/platform/kms/overview",
+            "documentation/platform/kms/kubernetes-encryption"
+          ]
+        },
        {
          "group": "KMS Configuration",
          "pages": [
@ -178,7 +184,8 @@
            "documentation/platform/dynamic-secrets/mongo-atlas",
            "documentation/platform/dynamic-secrets/mongo-db",
            "documentation/platform/dynamic-secrets/azure-entra-id",
-            "documentation/platform/dynamic-secrets/ldap"
+            "documentation/platform/dynamic-secrets/ldap",
+            "documentation/platform/dynamic-secrets/sap-hana"
          ]
        },
        {
--- a/docs/self-hosting/deployment-options/docker-compose.mdx
+++ b/docs/self-hosting/deployment-options/docker-compose.mdx
@ -2,7 +2,7 @@
 title: "Docker Compose"
 description: "Read how to run Infisical with Docker Compose template."
 ---
-This self hosting guide will walk you though the steps to self host Infisical using Docker compose.
+This self-hosting guide will walk you through the steps to self-host Infisical using Docker Compose.

 ## Prerequisites
 - [Docker](https://docs.docker.com/engine/install/)
@ -79,4 +79,4 @@ docker-compose -f docker-compose.prod.yml up

 Your Infisical instance should now be running on port `80`. To access your instance, visit `http://localhost:80`.

-![self host sign up](/images/self-hosting/applicable-to-all/selfhost-signup.png)
+![self-hosted sign up](/images/self-hosting/applicable-to-all/selfhost-signup.png)
--- a/docs/self-hosting/deployment-options/docker-swarm.mdx
+++ b/docs/self-hosting/deployment-options/docker-swarm.mdx
@ -5,7 +5,7 @@ description: "How to self-host Infisical with Docker Swarm (HA)."

 # Self-Hosting Infisical with Docker Swarm

-This guide will provide step-by-step instructions on how to self-host Infisical using Docker Swarm. This is particularly helpful for those wanting to self host Infisical on premise while still maintaining high availability (HA) for the core Infisical components. 
+This guide will provide step-by-step instructions on how to self-host Infisical using Docker Swarm. This is particularly helpful for those wanting to self-host Infisical on premise while still maintaining high availability (HA) for the core Infisical components. 
 The guide will demonstrate a setup with three nodes, ensuring that the cluster can tolerate the failure of one node while remaining fully operational.

 ## Docker Swarm
@ -198,7 +198,7 @@ The [Docker stack file](https://github.com/Infisical/infisical/tree/main/docker-
  </Step>

  <Step title="Initialize Infisical">
-    ![self host sign up](/images/self-hosting/applicable-to-all/selfhost-signup.png)
+    ![self-hosting sign up](/images/self-hosting/applicable-to-all/selfhost-signup.png)
    Once all expected services are up and running, visit `<NODE-IP>:8080` of any node in the swarm. This will take you to the Infisical configuration page.
  </Step>

--- a/docs/self-hosting/deployment-options/standalone-infisical.mdx
+++ b/docs/self-hosting/deployment-options/standalone-infisical.mdx
@ -53,7 +53,7 @@ The following guide provides a detailed step-by-step walkthrough on how you can
    
      Once the container is running, verify the installation by opening your web browser and navigating to `http://localhost:80`.

-      ![self host sign up](/images/self-hosting/applicable-to-all/selfhost-signup.png)
+      ![self-hosted sign up](/images/self-hosting/applicable-to-all/selfhost-signup.png)
  </Step>
 </Steps>

--- a/docs/self-hosting/ee.mdx
+++ b/docs/self-hosting/ee.mdx
@ -5,7 +5,7 @@ description: "Find out how to activate Infisical Enterprise edition (EE) feature

 While most features in Infisical are free to use, others are paid and require purchasing an enterprise license to use them.

-This guide walks through how you can use these paid features on a self hosted instance of Infisical.
+This guide walks through how you can use these paid features on a self-hosted instance of Infisical.

 <Steps>
    <Step title="Purchase a license">
--- a/docs/self-hosting/faq.mdx
+++ b/docs/self-hosting/faq.mdx
@ -3,11 +3,11 @@ title: "FAQ"
 description: "Frequently Asked Questions about self-hosting Infisical."
 ---

-Frequently asked questions about self hosted instance of Infisical can be found on this page. 
+Frequently asked questions about self-hosted instance of Infisical can be found on this page. 
 If you can't find the answer you are looking for, please create an issue on our [GitHub repository](https://github.com/Infisical/infisical) or join our [Slack community](https://infisical.com/slack) for additional support.

 <Accordion title="When I refresh any page, it logs me out" defaultOpen="true">
-This issue is typically seen when you haven't set up SSL for your self hosted instance of Infisical. When SSL is not enabled, you can't receive secure cookies, preventing the session data to not be saved.
+This issue is typically seen when you haven't set up SSL for your self-hosted instance of Infisical. When SSL is not enabled, you can't receive secure cookies, preventing the session data to not be saved.

 To fix this, we highly recommend that you set up SSL for your instance. 
 However, in the event you choose to use Infisical without SSL, you can do so by setting the `HTTPS_ENABLED` environment variable to `"false"` for the backend application.
--- a/frontend/src/hooks/api/dynamicSecret/types.ts
+++ b/frontend/src/hooks/api/dynamicSecret/types.ts
@ -26,7 +26,8 @@ export enum DynamicSecretProviders {
  MongoDB = "mongo-db",
  RabbitMq = "rabbit-mq",
  AzureEntraId = "azure-entra-id",
-  Ldap = "ldap"
+  Ldap = "ldap",
+  SapHana = "sap-hana"
 }

 export enum SqlProviders {
@ -189,7 +190,7 @@ export type TDynamicSecretProvider =
        applicationId: string;
        clientSecret: string;
      };
-  }
+    }
  | {
      type: DynamicSecretProviders.Ldap;
      inputs: {
@ -201,9 +202,20 @@ export type TDynamicSecretProvider =
        revocationLdif: string;
        rollbackLdif?: string;
      };
+    }
+  | {
+      type: DynamicSecretProviders.SapHana;
+      inputs: {
+        host: string;
+        port: number;
+        username: string;
+        password: string;
+        creationStatement: string;
+        revocationStatement: string;
+        renewStatement?: string;
+        ca?: string | undefined;
+      };
    };
-  ;
-
 export type TCreateDynamicSecretDTO = {
  projectSlug: string;
  provider: TDynamicSecretProvider;
--- a/frontend/src/hooks/usePagination.tsx
+++ b/frontend/src/hooks/usePagination.tsx
@ -5,7 +5,7 @@ import { useDebounce } from "@app/hooks/useDebounce";

 export const usePagination = <T extends string>(initialOrderBy: T) => {
  const [page, setPage] = useState(1);
-  const [perPage, setPerPage] = useState(20);
+  const [perPage, setPerPage] = useState(100);
  const [orderDirection, setOrderDirection] = useState(OrderByDirection.ASC);
  const [orderBy, setOrderBy] = useState<T>(initialOrderBy);
  const [search, setSearch] = useState("");
--- a/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgInviteLink.tsx
+++ b/frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/OrgInviteLink.tsx
@ -1,5 +1,6 @@
 import { faCheck, faCopy } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { twMerge } from "tailwind-merge";

 import { createNotification } from "@app/components/notifications";
 import { IconButton, Tooltip } from "@app/components/v2";
@ -30,7 +31,12 @@ export const OrgInviteLink = ({ invite }: Props) => {
        Invite for <span className="font-medium">{invite.email}</span>
      </p>
      <div className="flex flex-col gap-1 rounded-md bg-white/[0.04] p-2 text-base text-gray-400">
-        <p className="line-clamp-1 mr-4 overflow-hidden text-ellipsis whitespace-nowrap	">
+        <p
+          className={twMerge(
+            "line-clamp-1 mr-4",
+            window.isSecureContext ? "overflow-hidden text-ellipsis whitespace-nowrap" : "break-all"
+          )}
+        >
          {invite.link}
        </p>
        <Tooltip content={`Copy invitation link for ${invite.email}`}>
--- a/frontend/src/views/Project/KmsPage/components/CmekTable.tsx
+++ b/frontend/src/views/Project/KmsPage/components/CmekTable.tsx
@ -4,7 +4,9 @@ import {
  faArrowUp,
  faArrowUpRightFromSquare,
  faCancel,
+  faCheck,
  faCheckCircle,
+  faCopy,
  faEdit,
  faEllipsis,
  faInfoCircle,
@ -50,7 +52,7 @@ import {
  useProjectPermission,
  useWorkspace
 } from "@app/context";
-import { usePagination, usePopUp, useResetPageHelper } from "@app/hooks";
+import { usePagination, usePopUp, useResetPageHelper, useTimedReset } from "@app/hooks";
 import { useGetCmeksByProjectId, useUpdateCmek } from "@app/hooks/api/cmeks";
 import { CmekOrderBy, TCmek } from "@app/hooks/api/cmeks/types";
 import { OrderByDirection } from "@app/hooks/api/generic/types";
@ -113,6 +115,11 @@ export const CmekTable = () => {
    setPage
  });

+  const [, isCopyingCiphertext, setCopyCipherText] = useTimedReset<string>({
+    initialState: "",
+    delay: 1000
+  });
+
  const { popUp, handlePopUpOpen, handlePopUpToggle } = usePopUp([
    "upsertKey",
    "deleteKey",
@ -220,7 +227,7 @@ export const CmekTable = () => {
          <Table>
            <THead>
              <Tr className="h-14">
-                <Th className="w-1/3">
+                <Th>
                  <div className="flex items-center">
                    Name
                    <IconButton
@ -235,6 +242,7 @@ export const CmekTable = () => {
                    </IconButton>
                  </div>
                </Th>
+                <Th>Key ID</Th>
                <Th>Algorithm</Th>
                <Th>Status</Th>
                <Th>Version</Th>
@ -242,7 +250,7 @@ export const CmekTable = () => {
              </Tr>
            </THead>
            <TBody>
-              {isLoading && <TableSkeleton columns={4} innerKey="project-keys" />}
+              {isLoading && <TableSkeleton columns={5} innerKey="project-keys" />}
              {!isLoading &&
                keys.length > 0 &&
                keys.map((cmek) => {
@ -250,9 +258,15 @@ export const CmekTable = () => {
                  const { variant, label } = getStatusBadgeProps(isDisabled);

                  return (
-                    <Tr className="group h-10 hover:bg-mineshaft-700" key={`st-v3-${id}`}>
+                    <Tr
+                      className="group h-10 hover:bg-mineshaft-700"
+                      key={`st-v3-${id}`}
+                      onMouseLeave={() => {
+                        setCopyCipherText("");
+                      }}
+                    >
                      <Td>
-                        <div className="flex items-center gap-2">
+                        <div className="flex items-center gap-2 ">
                          {name}
                          {description && (
                            <Tooltip content={description}>
@ -264,6 +278,22 @@ export const CmekTable = () => {
                          )}
                        </div>
                      </Td>
+                      <Td>
+                        <div>
+                          <span> {id}</span>
+                          <IconButton
+                            ariaLabel="copy icon"
+                            colorSchema="secondary"
+                            className="group/copy duration:0 invisible relative ml-3 group-hover:visible"
+                            onClick={() => {
+                              navigator.clipboard.writeText(id);
+                              setCopyCipherText("Copied");
+                            }}
+                          >
+                            <FontAwesomeIcon icon={isCopyingCiphertext ? faCheck : faCopy} />
+                          </IconButton>
+                        </div>
+                      </Td>
                      <Td className="uppercase">{encryptionAlgorithm}</Td>
                      <Td>
                        <Badge variant={variant}>{label}</Badge>
--- a/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/CreateDynamicSecretForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/CreateDynamicSecretForm.tsx
@ -1,6 +1,14 @@
 import { useState } from "react";
 import { DiRedis } from "react-icons/di";
-import { SiApachecassandra, SiElasticsearch, SiFiles, SiMicrosoftazure, SiMongodb, SiRabbitmq } from "react-icons/si";
+import {
+  SiApachecassandra,
+  SiElasticsearch,
+  SiFiles,
+  SiMicrosoftazure,
+  SiMongodb,
+  SiRabbitmq,
+  SiSap
+} from "react-icons/si";
 import { faAws } from "@fortawesome/free-brands-svg-icons";
 import { faDatabase } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
@ -19,6 +27,7 @@ import { MongoAtlasInputForm } from "./MongoAtlasInputForm";
 import { MongoDBDatabaseInputForm } from "./MongoDBInputForm";
 import { RabbitMqInputForm } from "./RabbitMqInputForm";
 import { RedisInputForm } from "./RedisInputForm";
+import { SapHanaInputForm } from "./SapHanaInputForm";
 import { SqlDatabaseInputForm } from "./SqlDatabaseInputForm";

 type Props = {
@ -83,12 +92,17 @@ const DYNAMIC_SECRET_LIST = [
  {
    icon: <SiMicrosoftazure size="1.5rem" />,
    provider: DynamicSecretProviders.AzureEntraId,
-    title: "Azure Entra ID",
+    title: "Azure Entra ID"
  },
  {
    icon: <SiFiles size="1.5rem" />,
    provider: DynamicSecretProviders.Ldap,
-    title: "LDAP",
+    title: "LDAP"
+  },
+  {
+    icon: <SiSap size="1.5rem" />,
+    provider: DynamicSecretProviders.SapHana,
+    title: "SAP HANA"
  }
 ];

@ -329,8 +343,7 @@ export const CreateDynamicSecretForm = ({
                  environment={environment}
                />
              </motion.div>
-            )
-          }
+            )}
          {wizardStep === WizardSteps.ProviderInputs &&
            selectedProvider === DynamicSecretProviders.Ldap && (
              <motion.div
@ -348,9 +361,25 @@ export const CreateDynamicSecretForm = ({
                  environment={environment}
                />
              </motion.div>
-            )
-          }
-
+            )}
+          {wizardStep === WizardSteps.ProviderInputs &&
+            selectedProvider === DynamicSecretProviders.SapHana && (
+              <motion.div
+                key="dynamic-sap-hana-step"
+                transition={{ duration: 0.1 }}
+                initial={{ opacity: 0, translateX: 30 }}
+                animate={{ opacity: 1, translateX: 0 }}
+                exit={{ opacity: 0, translateX: -30 }}
+              >
+                <SapHanaInputForm
+                  onCompleted={handleFormReset}
+                  onCancel={handleFormReset}
+                  projectSlug={projectSlug}
+                  secretPath={secretPath}
+                  environment={environment}
+                />
+              </motion.div>
+            )}
        </AnimatePresence>
      </ModalContent>
    </Modal>
--- a/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/SapHanaInputForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/SapHanaInputForm.tsx
@ -0,0 +1,329 @@
+import { Controller, useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import ms from "ms";
+import { z } from "zod";
+
+import { TtlFormLabel } from "@app/components/features";
+import { createNotification } from "@app/components/notifications";
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+  Button,
+  FormControl,
+  Input,
+  SecretInput,
+  TextArea
+} from "@app/components/v2";
+import { useCreateDynamicSecret } from "@app/hooks/api";
+import { DynamicSecretProviders } from "@app/hooks/api/dynamicSecret/types";
+
+const formSchema = z.object({
+  provider: z.object({
+    host: z.string().toLowerCase().min(1),
+    port: z.coerce.number(),
+    username: z.string().min(1),
+    password: z.string().min(1),
+    creationStatement: z.string().min(1),
+    revocationStatement: z.string().min(1),
+    renewStatement: z.string().optional(),
+    ca: z.string().optional()
+  }),
+  defaultTTL: z.string().superRefine((val, ctx) => {
+    const valMs = ms(val);
+    if (valMs < 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+    // a day
+    if (valMs > 24 * 60 * 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+  }),
+  maxTTL: z
+    .string()
+    .optional()
+    .superRefine((val, ctx) => {
+      if (!val) return;
+      const valMs = ms(val);
+      if (valMs < 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+      // a day
+      if (valMs > 24 * 60 * 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+    }),
+  name: z.string().refine((val) => val.toLowerCase() === val, "Must be lowercase")
+});
+type TForm = z.infer<typeof formSchema>;
+
+type Props = {
+  onCompleted: () => void;
+  onCancel: () => void;
+  secretPath: string;
+  projectSlug: string;
+  environment: string;
+};
+
+export const SapHanaInputForm = ({
+  onCompleted,
+  onCancel,
+  environment,
+  secretPath,
+  projectSlug
+}: Props) => {
+  const {
+    control,
+    formState: { isSubmitting },
+    handleSubmit
+  } = useForm<TForm>({
+    resolver: zodResolver(formSchema),
+    defaultValues: {
+      provider: {
+        creationStatement: `CREATE USER {{username}} PASSWORD {{password}} NO FORCE_FIRST_PASSWORD_CHANGE VALID UNTIL '{{expiration}}';
+GRANT "MONITORING" TO {{username}};`,
+        revocationStatement: `REVOKE "MONITORING" FROM {{username}};
+DROP USER {{username}};`,
+        renewStatement: "ALTER USER {{username}} VALID UNTIL '{{expiration}}';"
+      }
+    }
+  });
+
+  const createDynamicSecret = useCreateDynamicSecret();
+
+  const handleCreateDynamicSecret = async ({ name, maxTTL, provider, defaultTTL }: TForm) => {
+    // wait till previous request is finished
+    if (createDynamicSecret.isLoading) return;
+    try {
+      await createDynamicSecret.mutateAsync({
+        provider: { type: DynamicSecretProviders.SapHana, inputs: provider },
+        maxTTL,
+        name,
+        path: secretPath,
+        defaultTTL,
+        projectSlug,
+        environmentSlug: environment
+      });
+      onCompleted();
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to create dynamic secret"
+      });
+    }
+  };
+
+  return (
+    <div>
+      <form onSubmit={handleSubmit(handleCreateDynamicSecret)} autoComplete="off">
+        <div>
+          <div className="flex items-center space-x-2">
+            <div className="flex-grow">
+              <Controller
+                control={control}
+                defaultValue=""
+                name="name"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Secret Name"
+                    isError={Boolean(error)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} placeholder="dynamic-secret" />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="defaultTTL"
+                defaultValue="1h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Default TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="maxTTL"
+                defaultValue="24h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Max TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+          </div>
+          <div>
+            <div className="mb-4 mt-4 border-b border-mineshaft-500 pb-2 pl-1 font-medium text-mineshaft-200">
+              Configuration
+            </div>
+            <div className="flex flex-col">
+              <div className="flex items-center space-x-2">
+                <Controller
+                  control={control}
+                  name="provider.host"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Host"
+                      className="flex-grow"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="provider.port"
+                  defaultValue={443}
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Port"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} type="number" />
+                    </FormControl>
+                  )}
+                />
+              </div>
+              <div className="flex items-center space-x-2">
+                <Controller
+                  control={control}
+                  name="provider.username"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="User"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} autoComplete="off" />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="provider.password"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Password"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} type="password" autoComplete="new-password" />
+                    </FormControl>
+                  )}
+                />
+              </div>
+              <div>
+                <Controller
+                  control={control}
+                  name="provider.ca"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      isOptional
+                      label="CA(SSL)"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <SecretInput
+                        {...field}
+                        containerClassName="text-bunker-300 hover:border-primary-400/50 border border-mineshaft-600 bg-mineshaft-900 px-2 py-1.5"
+                      />
+                    </FormControl>
+                  )}
+                />
+                <Accordion type="single" collapsible className="mb-2 w-full bg-mineshaft-700">
+                  <AccordionItem value="advance-statements">
+                    <AccordionTrigger>Modify SQL Statements</AccordionTrigger>
+                    <AccordionContent>
+                      <Controller
+                        control={control}
+                        name="provider.creationStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Creation Statement"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            helperText="username, password and expiration are dynamically provisioned"
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                      <Controller
+                        control={control}
+                        name="provider.revocationStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Revocation Statement"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            helperText="username is dynamically provisioned"
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                      <Controller
+                        control={control}
+                        name="provider.renewStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Renew Statement"
+                            helperText="username and expiration are dynamically provisioned"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                    </AccordionContent>
+                  </AccordionItem>
+                </Accordion>
+              </div>
+            </div>
+          </div>
+        </div>
+        <div className="mt-4 flex items-center space-x-4">
+          <Button type="submit" isLoading={isSubmitting}>
+            Submit
+          </Button>
+          <Button variant="outline_bg" onClick={onCancel}>
+            Cancel
+          </Button>
+        </div>
+      </form>
+    </div>
+  );
+};
--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/CreateDynamicSecretLease.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/CreateDynamicSecretLease.tsx
@ -221,6 +221,24 @@ const renderOutputForm = (provider: DynamicSecretProviders, data: unknown) => {
    );
  }

+  if (provider === DynamicSecretProviders.SapHana) {
+    const { DB_USERNAME, DB_PASSWORD } = data as {
+      DB_USERNAME: string;
+      DB_PASSWORD: string;
+    };
+
+    return (
+      <div>
+        <OutputDisplay label="Username" value={DB_USERNAME} />
+        <OutputDisplay
+          label="Password"
+          value={DB_PASSWORD}
+          helperText="Important: Copy these credentials now. You will not be able to see them again after you close the modal."
+        />
+      </div>
+    );
+  }
+
  return null;
 };

--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretForm.tsx
@ -14,6 +14,7 @@ import { EditDynamicSecretMongoAtlasForm } from "./EditDynamicSecretMongoAtlasFo
 import { EditDynamicSecretMongoDBForm } from "./EditDynamicSecretMongoDBForm";
 import { EditDynamicSecretRabbitMqForm } from "./EditDynamicSecretRabbitMqForm";
 import { EditDynamicSecretRedisProviderForm } from "./EditDynamicSecretRedisProviderForm";
+import { EditDynamicSecretSapHanaForm } from "./EditDynamicSecretSapHanaForm";
 import { EditDynamicSecretSqlProviderForm } from "./EditDynamicSecretSqlProviderForm";

 type Props = {
@ -230,16 +231,33 @@ export const EditDynamicSecretForm = ({
          initial={{ opacity: 0, translateX: 30 }}
          animate={{ opacity: 1, translateX: 0 }}
          exit={{ opacity: 0, translateX: -30 }}
-          >
-            <EditDynamicSecretLdapForm
-              onClose={onClose}
-              projectSlug={projectSlug}
-              secretPath={secretPath}
-              dynamicSecret={dynamicSecretDetails}
-              environment={environment}
-            />
-          </motion.div>
-        )}
+        >
+          <EditDynamicSecretLdapForm
+            onClose={onClose}
+            projectSlug={projectSlug}
+            secretPath={secretPath}
+            dynamicSecret={dynamicSecretDetails}
+            environment={environment}
+          />
+        </motion.div>
+      )}
+      {dynamicSecretDetails?.type === DynamicSecretProviders.SapHana && (
+        <motion.div
+          key="sap-hana-edit"
+          transition={{ duration: 0.1 }}
+          initial={{ opacity: 0, translateX: 30 }}
+          animate={{ opacity: 1, translateX: 0 }}
+          exit={{ opacity: 0, translateX: -30 }}
+        >
+          <EditDynamicSecretSapHanaForm
+            onClose={onClose}
+            projectSlug={projectSlug}
+            secretPath={secretPath}
+            dynamicSecret={dynamicSecretDetails}
+            environment={environment}
+          />
+        </motion.div>
+      )}
    </AnimatePresence>
  );
 };
--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretSapHanaForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretSapHanaForm.tsx
@ -0,0 +1,337 @@
+import { Controller, useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import ms from "ms";
+import { z } from "zod";
+
+import { TtlFormLabel } from "@app/components/features";
+import { createNotification } from "@app/components/notifications";
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+  Button,
+  FormControl,
+  Input,
+  SecretInput,
+  TextArea
+} from "@app/components/v2";
+import { useUpdateDynamicSecret } from "@app/hooks/api";
+import { TDynamicSecret } from "@app/hooks/api/dynamicSecret/types";
+
+const formSchema = z.object({
+  inputs: z
+    .object({
+      host: z.string().toLowerCase().min(1),
+      port: z.coerce.number(),
+      username: z.string().min(1),
+      password: z.string().min(1),
+      creationStatement: z.string().min(1),
+      revocationStatement: z.string().min(1),
+      renewStatement: z.string().optional(),
+      ca: z.string().optional()
+    })
+    .partial(),
+  defaultTTL: z.string().superRefine((val, ctx) => {
+    const valMs = ms(val);
+    if (valMs < 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+    // a day
+    if (valMs > 24 * 60 * 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+  }),
+  maxTTL: z
+    .string()
+    .optional()
+    .superRefine((val, ctx) => {
+      if (!val) return;
+      const valMs = ms(val);
+      if (valMs < 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+      // a day
+      if (valMs > 24 * 60 * 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+    }),
+  newName: z.string().refine((val) => val.toLowerCase() === val, "Must be lowercase")
+});
+type TForm = z.infer<typeof formSchema>;
+
+type Props = {
+  onClose: () => void;
+  dynamicSecret: TDynamicSecret & { inputs: unknown };
+  secretPath: string;
+  projectSlug: string;
+  environment: string;
+};
+
+export const EditDynamicSecretSapHanaForm = ({
+  onClose,
+  dynamicSecret,
+  environment,
+  secretPath,
+  projectSlug
+}: Props) => {
+  const {
+    control,
+    formState: { isSubmitting },
+    handleSubmit
+  } = useForm<TForm>({
+    resolver: zodResolver(formSchema),
+    values: {
+      defaultTTL: dynamicSecret.defaultTTL,
+      maxTTL: dynamicSecret.maxTTL,
+      newName: dynamicSecret.name,
+      inputs: {
+        ...(dynamicSecret.inputs as TForm["inputs"])
+      }
+    }
+  });
+
+  const updateDynamicSecret = useUpdateDynamicSecret();
+
+  const handleUpdateDynamicSecret = async ({ inputs, maxTTL, defaultTTL, newName }: TForm) => {
+    // wait till previous request is finished
+    if (updateDynamicSecret.isLoading) return;
+    try {
+      await updateDynamicSecret.mutateAsync({
+        name: dynamicSecret.name,
+        path: secretPath,
+        projectSlug,
+        environmentSlug: environment,
+        data: {
+          maxTTL: maxTTL || undefined,
+          defaultTTL,
+          inputs,
+          newName: newName === dynamicSecret.name ? undefined : newName
+        }
+      });
+      onClose();
+      createNotification({
+        type: "success",
+        text: "Successfully updated dynamic secret"
+      });
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to update dynamic secret"
+      });
+    }
+  };
+
+  return (
+    <div>
+      <form onSubmit={handleSubmit(handleUpdateDynamicSecret)} autoComplete="off">
+        <div>
+          <div className="flex items-center space-x-2">
+            <div className="flex-grow">
+              <Controller
+                control={control}
+                defaultValue=""
+                name="newName"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Secret Name"
+                    isError={Boolean(error)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} placeholder="dynamic-secret" />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="defaultTTL"
+                defaultValue="1h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Default TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="maxTTL"
+                defaultValue="24h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Max TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+          </div>
+          <div>
+            <div className="mb-4 mt-4 border-b border-mineshaft-500 pb-2 pl-1 font-medium text-mineshaft-200">
+              Configuration
+            </div>
+            <div className="flex flex-col">
+              <div className="flex items-center space-x-2">
+                <Controller
+                  control={control}
+                  name="inputs.host"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Host"
+                      className="flex-grow"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="inputs.port"
+                  defaultValue={443}
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Port"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} type="number" />
+                    </FormControl>
+                  )}
+                />
+              </div>
+              <div className="flex items-center space-x-2">
+                <Controller
+                  control={control}
+                  name="inputs.username"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="User"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} autoComplete="off" />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="inputs.password"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Password"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} type="password" autoComplete="new-password" />
+                    </FormControl>
+                  )}
+                />
+              </div>
+              <div>
+                <Controller
+                  control={control}
+                  name="inputs.ca"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      isOptional
+                      label="CA(SSL)"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <SecretInput
+                        {...field}
+                        containerClassName="text-bunker-300 hover:border-primary-400/50 border border-mineshaft-600 bg-mineshaft-900 px-2 py-1.5"
+                      />
+                    </FormControl>
+                  )}
+                />
+                <Accordion type="single" collapsible className="mb-2 w-full bg-mineshaft-700">
+                  <AccordionItem value="advance-statements">
+                    <AccordionTrigger>Modify SQL Statements</AccordionTrigger>
+                    <AccordionContent>
+                      <Controller
+                        control={control}
+                        name="inputs.creationStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Creation Statement"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            helperText="username, password and expiration are dynamically provisioned"
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                      <Controller
+                        control={control}
+                        name="inputs.revocationStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Revocation Statement"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            helperText="username is dynamically provisioned"
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                      <Controller
+                        control={control}
+                        name="inputs.renewStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Renew Statement"
+                            helperText="username and expiration are dynamically provisioned"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                    </AccordionContent>
+                  </AccordionItem>
+                </Accordion>
+              </div>
+            </div>
+          </div>
+        </div>
+        <div className="mt-4 flex items-center space-x-4">
+          <Button type="submit" isLoading={isSubmitting}>
+            Submit
+          </Button>
+          <Button variant="outline_bg" onClick={onClose}>
+            Cancel
+          </Button>
+        </div>
+      </form>
+    </div>
+  );
+};
Author	SHA1	Message	Date
Sheen Capadngan	a27a428329	misc: added mint json changes	2024-11-01 00:47:06 +08:00
Sheen Capadngan	b196251c19	doc: add kubernetes encryption	2024-11-01 00:42:23 +08:00
Sheen Capadngan	b18d8d542f	misc: add copy to clipboard	2024-11-01 00:22:21 +08:00
Sheen Capadngan	759d11ff21	feat: added key id column	2024-10-31 19:05:53 +08:00
Maidul Islam	2bd817765c	Merge pull request #2668 from Infisical/vmatsiiako-link-patch-1 Update audit-log-streams.mdx	2024-10-30 23:08:12 -04:00
Vlad Matsiiako	7aa9c5dd00	Update audit-log-streams.mdx	2024-10-30 19:55:32 -07:00
Maidul Islam	332ca61f5d	Merge pull request #2665 from akhilmhdh/fix/resolve-service-token feat: fixed missing secret folder and import permission in service token	2024-10-30 15:50:59 -04:00
=	64f43e59d0	feat: fixed missing secret folder and import permission in service token	2024-10-31 01:17:41 +05:30
Maidul Islam	ccaf4c00af	Merge pull request #2663 from Infisical/vmatsiiako-docs-link-patch-1 fix link in docs	2024-10-30 15:47:24 -04:00
Scott Wilson	ce0bc191d8	Merge pull request #2655 from Daemoen/daemoen/minor-grammar-correction Daemoen/minor grammar correction	2024-10-30 09:07:51 -07:00
Vlad Matsiiako	489ccb8e15	fix link in docs	2024-10-29 21:57:50 -07:00
Maidul Islam	ae8f695b6f	Update attribute-based-access-controls.mdx	2024-10-29 23:10:53 -04:00
Maidul Islam	19357d4bd7	Merge pull request #2662 from Infisical/vmatsiiako-docs-audit-patch-1 Update audit-log-streams.mdx	2024-10-29 23:07:16 -04:00
Vlad Matsiiako	776d0a0fe1	Update audit-log-streams.mdx	2024-10-29 20:06:27 -07:00
Maidul Islam	85dec28667	Merge pull request #2661 from Infisical/maidul-ABAC abac docs	2024-10-29 18:40:25 -04:00
Scott Wilson	1309f30af9	Merge pull request #2660 from scott-ray-wilson/invite-link-expanded Improvement: Display Full Invite Link in Insecure Context and Increase Default Pagination Size to 100	2024-10-29 13:32:09 -07:00
Marc Mercer	af0ec2400d	Reverting as not to affect logging consistency	2024-10-29 12:08:09 -07:00
Scott Wilson	770e73e40b	improvement: adjust default pagination size and do not truncate invite links in insecure context	2024-10-29 11:10:51 -07:00
Sheen	39fdeabdea	Merge pull request #2646 from Infisical/feat/sap-hana-dynamic-secrets feat: SAP HANA dynamic secrets	2024-10-29 22:45:46 +08:00
Marc Mercer	8401048daf	Final fix	2024-10-28 13:28:47 -07:00
Marc Mercer	335a87d856	Think I got them all	2024-10-28 13:20:36 -07:00
Marc Mercer	1add9dd965	Minor adjustments to grammar and consistency	2024-10-28 13:00:29 -07:00
Sheen Capadngan	3841394eb7	misc: migrated existing to new helper	2024-10-26 03:18:57 +08:00
Sheen Capadngan	3552119c7d	misc: moved host validity check to helper	2024-10-25 22:49:57 +08:00
Sheen Capadngan	7a46725523	doc: added note for transaction	2024-10-25 22:45:06 +08:00
Sheen Capadngan	3bc39c6cec	feat: add usage of ca	2024-10-25 21:29:47 +08:00
Sheen Capadngan	b5b1e57fe7	doc: sap hana	2024-10-25 21:19:22 +08:00
Sheen Capadngan	1a5f66fe46	feat: added support for sap hana dynamic secrets	2024-10-25 20:33:23 +08:00