Update integrations-github-scope-org.png

Revert "Docs: Redirect to new SDK"
This reverts commit 56dce67378b3601aec9f45eee0c52e50c1a7e36a.
2025-06-29 04:31:59 +00:00 · 2024-09-03 04:40:59 +04:00 · 2024-09-03 04:40:59 +04:00 · 2024-09-03 04:40:59 +04:00 · 2024-09-03 04:40:59 +04:00 · 2024-09-03 04:40:59 +04:00
86 changed files with 5633 additions and 1156 deletions
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@ -9,6 +9,7 @@
      "version": "1.0.0",
      "license": "ISC",
      "dependencies": {
+        "@aws-sdk/client-elasticache": "^3.637.0",
        "@aws-sdk/client-iam": "^3.525.0",
        "@aws-sdk/client-kms": "^3.609.0",
        "@aws-sdk/client-secrets-manager": "^3.504.0",
@ -78,6 +79,8 @@
        "posthog-node": "^3.6.2",
        "probot": "^13.0.0",
        "safe-regex": "^2.1.1",
+        "scim-patch": "^0.8.3",
+        "scim2-parse-filter": "^0.2.10",
        "smee-client": "^2.0.0",
        "tedious": "^18.2.1",
        "tweetnacl": "^1.0.3",
@ -352,6 +355,309 @@
        "node": ">=16.0.0"
      }
    },
+    "node_modules/@aws-sdk/client-elasticache": {
+      "version": "3.637.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-elasticache/-/client-elasticache-3.637.0.tgz",
+      "integrity": "sha512-e54OYm33DqmcsVHr1l+Eudt5d9PqcjDDJdQHLJrNGdrUkwmpuqnw3czkGjD5IP34XkcpQ5Gs1DSRAp07E8Zglw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/sha256-browser": "5.2.0",
+        "@aws-crypto/sha256-js": "5.2.0",
+        "@aws-sdk/client-sso-oidc": "3.637.0",
+        "@aws-sdk/client-sts": "3.637.0",
+        "@aws-sdk/core": "3.635.0",
+        "@aws-sdk/credential-provider-node": "3.637.0",
+        "@aws-sdk/middleware-host-header": "3.620.0",
+        "@aws-sdk/middleware-logger": "3.609.0",
+        "@aws-sdk/middleware-recursion-detection": "3.620.0",
+        "@aws-sdk/middleware-user-agent": "3.637.0",
+        "@aws-sdk/region-config-resolver": "3.614.0",
+        "@aws-sdk/types": "3.609.0",
+        "@aws-sdk/util-endpoints": "3.637.0",
+        "@aws-sdk/util-user-agent-browser": "3.609.0",
+        "@aws-sdk/util-user-agent-node": "3.614.0",
+        "@smithy/config-resolver": "^3.0.5",
+        "@smithy/core": "^2.4.0",
+        "@smithy/fetch-http-handler": "^3.2.4",
+        "@smithy/hash-node": "^3.0.3",
+        "@smithy/invalid-dependency": "^3.0.3",
+        "@smithy/middleware-content-length": "^3.0.5",
+        "@smithy/middleware-endpoint": "^3.1.0",
+        "@smithy/middleware-retry": "^3.0.15",
+        "@smithy/middleware-serde": "^3.0.3",
+        "@smithy/middleware-stack": "^3.0.3",
+        "@smithy/node-config-provider": "^3.1.4",
+        "@smithy/node-http-handler": "^3.1.4",
+        "@smithy/protocol-http": "^4.1.0",
+        "@smithy/smithy-client": "^3.2.0",
+        "@smithy/types": "^3.3.0",
+        "@smithy/url-parser": "^3.0.3",
+        "@smithy/util-base64": "^3.0.0",
+        "@smithy/util-body-length-browser": "^3.0.0",
+        "@smithy/util-body-length-node": "^3.0.0",
+        "@smithy/util-defaults-mode-browser": "^3.0.15",
+        "@smithy/util-defaults-mode-node": "^3.0.15",
+        "@smithy/util-endpoints": "^2.0.5",
+        "@smithy/util-middleware": "^3.0.3",
+        "@smithy/util-retry": "^3.0.3",
+        "@smithy/util-utf8": "^3.0.0",
+        "@smithy/util-waiter": "^3.1.2",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/client-elasticache/node_modules/@aws-sdk/client-sso": {
+      "version": "3.637.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.637.0.tgz",
+      "integrity": "sha512-+KjLvgX5yJYROWo3TQuwBJlHCY0zz9PsLuEolmXQn0BVK1L/m9GteZHtd+rEdAoDGBpE0Xqjy1oz5+SmtsaRUw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/sha256-browser": "5.2.0",
+        "@aws-crypto/sha256-js": "5.2.0",
+        "@aws-sdk/core": "3.635.0",
+        "@aws-sdk/middleware-host-header": "3.620.0",
+        "@aws-sdk/middleware-logger": "3.609.0",
+        "@aws-sdk/middleware-recursion-detection": "3.620.0",
+        "@aws-sdk/middleware-user-agent": "3.637.0",
+        "@aws-sdk/region-config-resolver": "3.614.0",
+        "@aws-sdk/types": "3.609.0",
+        "@aws-sdk/util-endpoints": "3.637.0",
+        "@aws-sdk/util-user-agent-browser": "3.609.0",
+        "@aws-sdk/util-user-agent-node": "3.614.0",
+        "@smithy/config-resolver": "^3.0.5",
+        "@smithy/core": "^2.4.0",
+        "@smithy/fetch-http-handler": "^3.2.4",
+        "@smithy/hash-node": "^3.0.3",
+        "@smithy/invalid-dependency": "^3.0.3",
+        "@smithy/middleware-content-length": "^3.0.5",
+        "@smithy/middleware-endpoint": "^3.1.0",
+        "@smithy/middleware-retry": "^3.0.15",
+        "@smithy/middleware-serde": "^3.0.3",
+        "@smithy/middleware-stack": "^3.0.3",
+        "@smithy/node-config-provider": "^3.1.4",
+        "@smithy/node-http-handler": "^3.1.4",
+        "@smithy/protocol-http": "^4.1.0",
+        "@smithy/smithy-client": "^3.2.0",
+        "@smithy/types": "^3.3.0",
+        "@smithy/url-parser": "^3.0.3",
+        "@smithy/util-base64": "^3.0.0",
+        "@smithy/util-body-length-browser": "^3.0.0",
+        "@smithy/util-body-length-node": "^3.0.0",
+        "@smithy/util-defaults-mode-browser": "^3.0.15",
+        "@smithy/util-defaults-mode-node": "^3.0.15",
+        "@smithy/util-endpoints": "^2.0.5",
+        "@smithy/util-middleware": "^3.0.3",
+        "@smithy/util-retry": "^3.0.3",
+        "@smithy/util-utf8": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/client-elasticache/node_modules/@aws-sdk/client-sso-oidc": {
+      "version": "3.637.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.637.0.tgz",
+      "integrity": "sha512-27bHALN6Qb6m6KZmPvRieJ/QRlj1lyac/GT2Rn5kJpre8Mpp+yxrtvp3h9PjNBty4lCeFEENfY4dGNSozBuBcw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/sha256-browser": "5.2.0",
+        "@aws-crypto/sha256-js": "5.2.0",
+        "@aws-sdk/core": "3.635.0",
+        "@aws-sdk/credential-provider-node": "3.637.0",
+        "@aws-sdk/middleware-host-header": "3.620.0",
+        "@aws-sdk/middleware-logger": "3.609.0",
+        "@aws-sdk/middleware-recursion-detection": "3.620.0",
+        "@aws-sdk/middleware-user-agent": "3.637.0",
+        "@aws-sdk/region-config-resolver": "3.614.0",
+        "@aws-sdk/types": "3.609.0",
+        "@aws-sdk/util-endpoints": "3.637.0",
+        "@aws-sdk/util-user-agent-browser": "3.609.0",
+        "@aws-sdk/util-user-agent-node": "3.614.0",
+        "@smithy/config-resolver": "^3.0.5",
+        "@smithy/core": "^2.4.0",
+        "@smithy/fetch-http-handler": "^3.2.4",
+        "@smithy/hash-node": "^3.0.3",
+        "@smithy/invalid-dependency": "^3.0.3",
+        "@smithy/middleware-content-length": "^3.0.5",
+        "@smithy/middleware-endpoint": "^3.1.0",
+        "@smithy/middleware-retry": "^3.0.15",
+        "@smithy/middleware-serde": "^3.0.3",
+        "@smithy/middleware-stack": "^3.0.3",
+        "@smithy/node-config-provider": "^3.1.4",
+        "@smithy/node-http-handler": "^3.1.4",
+        "@smithy/protocol-http": "^4.1.0",
+        "@smithy/smithy-client": "^3.2.0",
+        "@smithy/types": "^3.3.0",
+        "@smithy/url-parser": "^3.0.3",
+        "@smithy/util-base64": "^3.0.0",
+        "@smithy/util-body-length-browser": "^3.0.0",
+        "@smithy/util-body-length-node": "^3.0.0",
+        "@smithy/util-defaults-mode-browser": "^3.0.15",
+        "@smithy/util-defaults-mode-node": "^3.0.15",
+        "@smithy/util-endpoints": "^2.0.5",
+        "@smithy/util-middleware": "^3.0.3",
+        "@smithy/util-retry": "^3.0.3",
+        "@smithy/util-utf8": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      },
+      "peerDependencies": {
+        "@aws-sdk/client-sts": "^3.637.0"
+      }
+    },
+    "node_modules/@aws-sdk/client-elasticache/node_modules/@aws-sdk/client-sts": {
+      "version": "3.637.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.637.0.tgz",
+      "integrity": "sha512-xUi7x4qDubtA8QREtlblPuAcn91GS/09YVEY/RwU7xCY0aqGuFwgszAANlha4OUIqva8oVj2WO4gJuG+iaSnhw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-crypto/sha256-browser": "5.2.0",
+        "@aws-crypto/sha256-js": "5.2.0",
+        "@aws-sdk/client-sso-oidc": "3.637.0",
+        "@aws-sdk/core": "3.635.0",
+        "@aws-sdk/credential-provider-node": "3.637.0",
+        "@aws-sdk/middleware-host-header": "3.620.0",
+        "@aws-sdk/middleware-logger": "3.609.0",
+        "@aws-sdk/middleware-recursion-detection": "3.620.0",
+        "@aws-sdk/middleware-user-agent": "3.637.0",
+        "@aws-sdk/region-config-resolver": "3.614.0",
+        "@aws-sdk/types": "3.609.0",
+        "@aws-sdk/util-endpoints": "3.637.0",
+        "@aws-sdk/util-user-agent-browser": "3.609.0",
+        "@aws-sdk/util-user-agent-node": "3.614.0",
+        "@smithy/config-resolver": "^3.0.5",
+        "@smithy/core": "^2.4.0",
+        "@smithy/fetch-http-handler": "^3.2.4",
+        "@smithy/hash-node": "^3.0.3",
+        "@smithy/invalid-dependency": "^3.0.3",
+        "@smithy/middleware-content-length": "^3.0.5",
+        "@smithy/middleware-endpoint": "^3.1.0",
+        "@smithy/middleware-retry": "^3.0.15",
+        "@smithy/middleware-serde": "^3.0.3",
+        "@smithy/middleware-stack": "^3.0.3",
+        "@smithy/node-config-provider": "^3.1.4",
+        "@smithy/node-http-handler": "^3.1.4",
+        "@smithy/protocol-http": "^4.1.0",
+        "@smithy/smithy-client": "^3.2.0",
+        "@smithy/types": "^3.3.0",
+        "@smithy/url-parser": "^3.0.3",
+        "@smithy/util-base64": "^3.0.0",
+        "@smithy/util-body-length-browser": "^3.0.0",
+        "@smithy/util-body-length-node": "^3.0.0",
+        "@smithy/util-defaults-mode-browser": "^3.0.15",
+        "@smithy/util-defaults-mode-node": "^3.0.15",
+        "@smithy/util-endpoints": "^2.0.5",
+        "@smithy/util-middleware": "^3.0.3",
+        "@smithy/util-retry": "^3.0.3",
+        "@smithy/util-utf8": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/client-elasticache/node_modules/@aws-sdk/credential-provider-ini": {
+      "version": "3.637.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.637.0.tgz",
+      "integrity": "sha512-h+PFCWfZ0Q3Dx84SppET/TFpcQHmxFW8/oV9ArEvMilw4EBN+IlxgbL0CnHwjHW64szcmrM0mbebjEfHf4FXmw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/credential-provider-env": "3.620.1",
+        "@aws-sdk/credential-provider-http": "3.635.0",
+        "@aws-sdk/credential-provider-process": "3.620.1",
+        "@aws-sdk/credential-provider-sso": "3.637.0",
+        "@aws-sdk/credential-provider-web-identity": "3.621.0",
+        "@aws-sdk/types": "3.609.0",
+        "@smithy/credential-provider-imds": "^3.2.0",
+        "@smithy/property-provider": "^3.1.3",
+        "@smithy/shared-ini-file-loader": "^3.1.4",
+        "@smithy/types": "^3.3.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      },
+      "peerDependencies": {
+        "@aws-sdk/client-sts": "^3.637.0"
+      }
+    },
+    "node_modules/@aws-sdk/client-elasticache/node_modules/@aws-sdk/credential-provider-node": {
+      "version": "3.637.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.637.0.tgz",
+      "integrity": "sha512-yoEhoxJJfs7sPVQ6Is939BDQJZpZCoUgKr/ySse4YKOZ24t4VqgHA6+wV7rYh+7IW24Rd91UTvEzSuHYTlxlNA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/credential-provider-env": "3.620.1",
+        "@aws-sdk/credential-provider-http": "3.635.0",
+        "@aws-sdk/credential-provider-ini": "3.637.0",
+        "@aws-sdk/credential-provider-process": "3.620.1",
+        "@aws-sdk/credential-provider-sso": "3.637.0",
+        "@aws-sdk/credential-provider-web-identity": "3.621.0",
+        "@aws-sdk/types": "3.609.0",
+        "@smithy/credential-provider-imds": "^3.2.0",
+        "@smithy/property-provider": "^3.1.3",
+        "@smithy/shared-ini-file-loader": "^3.1.4",
+        "@smithy/types": "^3.3.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/client-elasticache/node_modules/@aws-sdk/credential-provider-sso": {
+      "version": "3.637.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.637.0.tgz",
+      "integrity": "sha512-Mvz+h+e62/tl+dVikLafhv+qkZJ9RUb8l2YN/LeKMWkxQylPT83CPk9aimVhCV89zth1zpREArl97+3xsfgQvA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/client-sso": "3.637.0",
+        "@aws-sdk/token-providers": "3.614.0",
+        "@aws-sdk/types": "3.609.0",
+        "@smithy/property-provider": "^3.1.3",
+        "@smithy/shared-ini-file-loader": "^3.1.4",
+        "@smithy/types": "^3.3.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/client-elasticache/node_modules/@aws-sdk/middleware-user-agent": {
+      "version": "3.637.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.637.0.tgz",
+      "integrity": "sha512-EYo0NE9/da/OY8STDsK2LvM4kNa79DBsf4YVtaG4P5pZ615IeFsD8xOHZeuJmUrSMlVQ8ywPRX7WMucUybsKug==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "3.609.0",
+        "@aws-sdk/util-endpoints": "3.637.0",
+        "@smithy/protocol-http": "^4.1.0",
+        "@smithy/types": "^3.3.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/client-elasticache/node_modules/@aws-sdk/util-endpoints": {
+      "version": "3.637.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.637.0.tgz",
+      "integrity": "sha512-pAqOKUHeVWHEXXDIp/qoMk/6jyxIb6GGjnK1/f8dKHtKIEs4tKsnnL563gceEvdad53OPXIt86uoevCcCzmBnw==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "3.609.0",
+        "@smithy/types": "^3.3.0",
+        "@smithy/util-endpoints": "^2.0.5",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
    "node_modules/@aws-sdk/client-iam": {
      "version": "3.635.0",
      "resolved": "https://registry.npmjs.org/@aws-sdk/client-iam/-/client-iam-3.635.0.tgz",
@ -12736,12 +13042,12 @@
      }
    },
    "node_modules/micromatch": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
-      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
+      "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
      "dev": true,
      "dependencies": {
-        "braces": "^3.0.2",
+        "braces": "^3.0.3",
        "picomatch": "^2.3.1"
      },
      "engines": {
@ -15191,6 +15497,34 @@
      "resolved": "https://registry.npmjs.org/sax/-/sax-1.3.0.tgz",
      "integrity": "sha512-0s+oAmw9zLl1V1cS9BtZN7JAd0cW5e0QH4W3LWEK6a4LaLEA2OTpGYWDY+6XasBLtz6wkm3u1xRw95mRuJ59WA=="
    },
+    "node_modules/scim-patch": {
+      "version": "0.8.3",
+      "resolved": "https://registry.npmjs.org/scim-patch/-/scim-patch-0.8.3.tgz",
+      "integrity": "sha512-3d0wD4THAt03Zgi08kCQwc+lvPJ2v4wwk41b0xViVa4gLYSgRUCmGkJNBsaE+yoKg0fufTOJCcSrufZaqYn/og==",
+      "dependencies": {
+        "@types/node": "^22.0.0",
+        "fast-deep-equal": "3.1.3",
+        "scim2-parse-filter": "0.2.10"
+      }
+    },
+    "node_modules/scim-patch/node_modules/@types/node": {
+      "version": "22.5.1",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.5.1.tgz",
+      "integrity": "sha512-KkHsxej0j9IW1KKOOAA/XBA0z08UFSrRQHErzEfA3Vgq57eXIMYboIlHJuYIfd+lwCQjtKqUu3UnmKbtUc9yRw==",
+      "dependencies": {
+        "undici-types": "~6.19.2"
+      }
+    },
+    "node_modules/scim-patch/node_modules/undici-types": {
+      "version": "6.19.8",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz",
+      "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw=="
+    },
+    "node_modules/scim2-parse-filter": {
+      "version": "0.2.10",
+      "resolved": "https://registry.npmjs.org/scim2-parse-filter/-/scim2-parse-filter-0.2.10.tgz",
+      "integrity": "sha512-k5TgGSuQEbR4jXRgw/GPAYVL9fMp1pWA2abLF5z3q9IGWSuZTqbrZBOSUezvc+rtViXr+czSZjg3eAN4QSTvxQ=="
+    },
    "node_modules/secure-json-parse": {
      "version": "2.7.0",
      "resolved": "https://registry.npmjs.org/secure-json-parse/-/secure-json-parse-2.7.0.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@ -50,6 +50,7 @@
    "migration:down": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:down",
    "migration:list": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:list",
    "migration:latest": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:latest",
+    "migration:status": "knex --knexfile ./src/db/knexfile.ts --client pg migrate:status",
    "migration:rollback": "knex --knexfile ./src/db/knexfile.ts migrate:rollback",
    "seed:new": "tsx ./scripts/create-seed-file.ts",
    "seed": "knex --knexfile ./src/db/knexfile.ts --client pg seed:run",
@ -106,6 +107,7 @@
    "vitest": "^1.2.2"
  },
  "dependencies": {
+    "@aws-sdk/client-elasticache": "^3.637.0",
    "@aws-sdk/client-iam": "^3.525.0",
    "@aws-sdk/client-kms": "^3.609.0",
    "@aws-sdk/client-secrets-manager": "^3.504.0",
@ -175,6 +177,8 @@
    "posthog-node": "^3.6.2",
    "probot": "^13.0.0",
    "safe-regex": "^2.1.1",
+    "scim-patch": "^0.8.3",
+    "scim2-parse-filter": "^0.2.10",
    "smee-client": "^2.0.0",
    "tedious": "^18.2.1",
    "tweetnacl": "^1.0.3",
--- a/backend/src/db/migrations/20240806083221_secret-sharing-password.ts
+++ b/backend/src/db/migrations/20240806083221_secret-sharing-password.ts
@ -0,0 +1,25 @@
+import { Knex } from "knex";
+
+import { TableName } from "../schemas";
+
+export async function up(knex: Knex): Promise<void> {
+  if (await knex.schema.hasTable(TableName.SecretSharing)) {
+    const doesPasswordExist = await knex.schema.hasColumn(TableName.SecretSharing, "password");
+    if (!doesPasswordExist) {
+      await knex.schema.alterTable(TableName.SecretSharing, (t) => {
+        t.string("password").nullable();
+      });
+    }
+  }
+}
+
+export async function down(knex: Knex): Promise<void> {
+  if (await knex.schema.hasTable(TableName.SecretSharing)) {
+    const doesPasswordExist = await knex.schema.hasColumn(TableName.SecretSharing, "password");
+    if (doesPasswordExist) {
+      await knex.schema.alterTable(TableName.SecretSharing, (t) => {
+        t.dropColumn("password");
+      });
+    }
+  }
+}
--- a/backend/src/db/schemas/secret-sharing.ts
+++ b/backend/src/db/schemas/secret-sharing.ts
@ -21,6 +21,7 @@ export const SecretSharingSchema = z.object({
  expiresAfterViews: z.number().nullable().optional(),
  accessType: z.string().default("anyone"),
  name: z.string().nullable().optional(),
+  password: z.string().nullable().optional(),
  lastViewedAt: z.date().nullable().optional()
 });

--- a/backend/src/ee/routes/v1/scim-router.ts
+++ b/backend/src/ee/routes/v1/scim-router.ts
@ -5,22 +5,47 @@ import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";

-export const registerScimRouter = async (server: FastifyZodProvider) => {
-  server.addContentTypeParser("application/scim+json", { parseAs: "string" }, (_, body, done) => {
-    try {
-      const strBody = body instanceof Buffer ? body.toString() : body;
-      if (!strBody) {
-        done(null, undefined);
-        return;
-      }
-      const json: unknown = JSON.parse(strBody);
-      done(null, json);
-    } catch (err) {
-      const error = err as Error;
-      done(error, undefined);
-    }
-  });
+const ScimUserSchema = z.object({
+  schemas: z.array(z.string()),
+  id: z.string().trim(),
+  userName: z.string().trim(),
+  name: z
+    .object({
+      familyName: z.string().trim().optional(),
+      givenName: z.string().trim().optional()
+    })
+    .optional(),
+  emails: z
+    .array(
+      z.object({
+        primary: z.boolean(),
+        value: z.string().email(),
+        type: z.string().trim()
+      })
+    )
+    .optional(),
+  displayName: z.string().trim(),
+  active: z.boolean()
+});

+const ScimGroupSchema = z.object({
+  schemas: z.array(z.string()),
+  id: z.string().trim(),
+  displayName: z.string().trim(),
+  members: z
+    .array(
+      z.object({
+        value: z.string(),
+        display: z.string().optional()
+      })
+    )
+    .optional(),
+  meta: z.object({
+    resourceType: z.string().trim()
+  })
+});
+
+export const registerScimRouter = async (server: FastifyZodProvider) => {
  server.route({
    url: "/scim-tokens",
    method: "POST",
@ -127,25 +152,7 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
      }),
      response: {
        200: z.object({
-          Resources: z.array(
-            z.object({
-              id: z.string().trim(),
-              userName: z.string().trim(),
-              name: z.object({
-                familyName: z.string().trim(),
-                givenName: z.string().trim()
-              }),
-              emails: z.array(
-                z.object({
-                  primary: z.boolean(),
-                  value: z.string(),
-                  type: z.string().trim()
-                })
-              ),
-              displayName: z.string().trim(),
-              active: z.boolean()
-            })
-          ),
+          Resources: z.array(ScimUserSchema),
          itemsPerPage: z.number(),
          schemas: z.array(z.string()),
          startIndex: z.number(),
@ -173,30 +180,7 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
        orgMembershipId: z.string().trim()
      }),
      response: {
-        201: z.object({
-          schemas: z.array(z.string()),
-          id: z.string().trim(),
-          userName: z.string().trim(),
-          name: z.object({
-            familyName: z.string().trim(),
-            givenName: z.string().trim()
-          }),
-          emails: z.array(
-            z.object({
-              primary: z.boolean(),
-              value: z.string(),
-              type: z.string().trim()
-            })
-          ),
-          displayName: z.string().trim(),
-          active: z.boolean(),
-          groups: z.array(
-            z.object({
-              value: z.string().trim(),
-              display: z.string().trim()
-            })
-          )
-        })
+        200: ScimUserSchema
      }
    },
    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
@ -216,10 +200,12 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
      body: z.object({
        schemas: z.array(z.string()),
        userName: z.string().trim(),
-        name: z.object({
-          familyName: z.string().trim(),
-          givenName: z.string().trim()
-        }),
+        name: z
+          .object({
+            familyName: z.string().trim().optional(),
+            givenName: z.string().trim().optional()
+          })
+          .optional(),
        emails: z
          .array(
            z.object({
@ -229,28 +215,10 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
            })
          )
          .optional(),
-        // displayName: z.string().trim(),
-        active: z.boolean()
+        active: z.boolean().default(true)
      }),
      response: {
-        200: z.object({
-          schemas: z.array(z.string()),
-          id: z.string().trim(),
-          userName: z.string().trim(),
-          name: z.object({
-            familyName: z.string().trim(),
-            givenName: z.string().trim()
-          }),
-          emails: z.array(
-            z.object({
-              primary: z.boolean(),
-              value: z.string().email(),
-              type: z.string().trim()
-            })
-          ),
-          displayName: z.string().trim(),
-          active: z.boolean()
-        })
+        200: ScimUserSchema
      }
    },
    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
@ -260,8 +228,8 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
      const user = await req.server.services.scim.createScimUser({
        externalId: req.body.userName,
        email: primaryEmail,
-        firstName: req.body.name.givenName,
-        lastName: req.body.name.familyName,
+        firstName: req.body?.name?.givenName,
+        lastName: req.body?.name?.familyName,
        orgId: req.permission.orgId
      });

@ -291,6 +259,116 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
    }
  });

+  server.route({
+    url: "/Users/:orgMembershipId",
+    method: "PUT",
+    schema: {
+      params: z.object({
+        orgMembershipId: z.string().trim()
+      }),
+      body: z.object({
+        schemas: z.array(z.string()),
+        id: z.string().trim(),
+        userName: z.string().trim(),
+        name: z
+          .object({
+            familyName: z.string().trim().optional(),
+            givenName: z.string().trim().optional()
+          })
+          .optional(),
+        displayName: z.string().trim(),
+        emails: z
+          .array(
+            z.object({
+              primary: z.boolean(),
+              value: z.string().email(),
+              type: z.string().trim()
+            })
+          )
+          .optional(),
+        active: z.boolean()
+      }),
+      response: {
+        200: z.object({
+          schemas: z.array(z.string()),
+          id: z.string().trim(),
+          userName: z.string().trim(),
+          name: z.object({
+            familyName: z.string().trim(),
+            givenName: z.string().trim()
+          }),
+          emails: z.array(
+            z.object({
+              primary: z.boolean(),
+              value: z.string().email(),
+              type: z.string().trim()
+            })
+          ),
+          displayName: z.string().trim(),
+          active: z.boolean()
+        })
+      }
+    },
+    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
+    handler: async (req) => {
+      const primaryEmail = req.body.emails?.find((email) => email.primary)?.value;
+      const user = await req.server.services.scim.replaceScimUser({
+        orgMembershipId: req.params.orgMembershipId,
+        orgId: req.permission.orgId,
+        firstName: req.body?.name?.givenName,
+        lastName: req.body?.name?.familyName,
+        active: req.body?.active,
+        email: primaryEmail,
+        externalId: req.body.userName
+      });
+      return user;
+    }
+  });
+
+  server.route({
+    url: "/Users/:orgMembershipId",
+    method: "PATCH",
+    schema: {
+      params: z.object({
+        orgMembershipId: z.string().trim()
+      }),
+      body: z.object({
+        schemas: z.array(z.string()),
+        Operations: z.array(
+          z.union([
+            z.object({
+              op: z.union([z.literal("remove"), z.literal("Remove")]),
+              path: z.string().trim(),
+              value: z
+                .object({
+                  value: z.string()
+                })
+                .array()
+                .optional()
+            }),
+            z.object({
+              op: z.union([z.literal("add"), z.literal("Add"), z.literal("replace"), z.literal("Replace")]),
+              path: z.string().trim().optional(),
+              value: z.any().optional()
+            })
+          ])
+        )
+      }),
+      response: {
+        200: ScimUserSchema
+      }
+    },
+    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
+    handler: async (req) => {
+      const user = await req.server.services.scim.updateScimUser({
+        orgMembershipId: req.params.orgMembershipId,
+        orgId: req.permission.orgId,
+        operations: req.body.Operations
+      });
+
+      return user;
+    }
+  });
  server.route({
    url: "/Groups",
    method: "POST",
@ -305,25 +383,10 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
              display: z.string()
            })
          )
-          .optional() // okta-specific
+          .optional()
      }),
      response: {
-        200: z.object({
-          schemas: z.array(z.string()),
-          id: z.string().trim(),
-          displayName: z.string().trim(),
-          members: z
-            .array(
-              z.object({
-                value: z.string(),
-                display: z.string()
-              })
-            )
-            .optional(),
-          meta: z.object({
-            resourceType: z.string().trim()
-          })
-        })
+        200: ScimGroupSchema
      }
    },
    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
@ -344,26 +407,12 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
      querystring: z.object({
        startIndex: z.coerce.number().default(1),
        count: z.coerce.number().default(20),
-        filter: z.string().trim().optional()
+        filter: z.string().trim().optional(),
+        excludedAttributes: z.string().trim().optional()
      }),
      response: {
        200: z.object({
-          Resources: z.array(
-            z.object({
-              schemas: z.array(z.string()),
-              id: z.string().trim(),
-              displayName: z.string().trim(),
-              members: z.array(
-                z.object({
-                  value: z.string(),
-                  display: z.string()
-                })
-              ),
-              meta: z.object({
-                resourceType: z.string().trim()
-              })
-            })
-          ),
+          Resources: z.array(ScimGroupSchema),
          itemsPerPage: z.number(),
          schemas: z.array(z.string()),
          startIndex: z.number(),
@ -377,7 +426,8 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
        orgId: req.permission.orgId,
        startIndex: req.query.startIndex,
        filter: req.query.filter,
-        limit: req.query.count
+        limit: req.query.count,
+        isMembersExcluded: req.query.excludedAttributes === "members"
      });

      return groups;
@ -392,20 +442,7 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
        groupId: z.string().trim()
      }),
      response: {
-        200: z.object({
-          schemas: z.array(z.string()),
-          id: z.string().trim(),
-          displayName: z.string().trim(),
-          members: z.array(
-            z.object({
-              value: z.string(),
-              display: z.string()
-            })
-          ),
-          meta: z.object({
-            resourceType: z.string().trim()
-          })
-        })
+        200: ScimGroupSchema
      }
    },
    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
@ -414,6 +451,7 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
        groupId: req.params.groupId,
        orgId: req.permission.orgId
      });
+
      return group;
    }
  });
@ -437,25 +475,12 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
        )
      }),
      response: {
-        200: z.object({
-          schemas: z.array(z.string()),
-          id: z.string().trim(),
-          displayName: z.string().trim(),
-          members: z.array(
-            z.object({
-              value: z.string(),
-              display: z.string()
-            })
-          ),
-          meta: z.object({
-            resourceType: z.string().trim()
-          })
-        })
+        200: ScimGroupSchema
      }
    },
    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
    handler: async (req) => {
-      const group = await req.server.services.scim.updateScimGroupNamePut({
+      const group = await req.server.services.scim.replaceScimGroup({
        groupId: req.params.groupId,
        orgId: req.permission.orgId,
        ...req.body
@ -476,55 +501,35 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
        schemas: z.array(z.string()),
        Operations: z.array(
          z.union([
-            z.object({
-              op: z.union([z.literal("replace"), z.literal("Replace")]),
-              value: z.object({
-                id: z.string().trim(),
-                displayName: z.string().trim()
-              })
-            }),
            z.object({
              op: z.union([z.literal("remove"), z.literal("Remove")]),
-              path: z.string().trim()
+              path: z.string().trim(),
+              value: z
+                .object({
+                  value: z.string()
+                })
+                .array()
+                .optional()
            }),
            z.object({
-              op: z.union([z.literal("add"), z.literal("Add")]),
-              path: z.string().trim(),
-              value: z.array(
-                z.object({
-                  value: z.string().trim(),
-                  display: z.string().trim().optional()
-                })
-              )
+              op: z.union([z.literal("add"), z.literal("Add"), z.literal("replace"), z.literal("Replace")]),
+              path: z.string().trim().optional(),
+              value: z.any()
            })
          ])
        )
      }),
      response: {
-        200: z.object({
-          schemas: z.array(z.string()),
-          id: z.string().trim(),
-          displayName: z.string().trim(),
-          members: z.array(
-            z.object({
-              value: z.string(),
-              display: z.string()
-            })
-          ),
-          meta: z.object({
-            resourceType: z.string().trim()
-          })
-        })
+        200: ScimGroupSchema
      }
    },
    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
    handler: async (req) => {
-      const group = await req.server.services.scim.updateScimGroupNamePatch({
+      const group = await req.server.services.scim.updateScimGroup({
        groupId: req.params.groupId,
        orgId: req.permission.orgId,
        operations: req.body.Operations
      });
-
      return group;
    }
  });
@ -550,60 +555,4 @@ export const registerScimRouter = async (server: FastifyZodProvider) => {
      return group;
    }
  });
-
-  server.route({
-    url: "/Users/:orgMembershipId",
-    method: "PUT",
-    schema: {
-      params: z.object({
-        orgMembershipId: z.string().trim()
-      }),
-      body: z.object({
-        schemas: z.array(z.string()),
-        id: z.string().trim(),
-        userName: z.string().trim(),
-        name: z.object({
-          familyName: z.string().trim(),
-          givenName: z.string().trim()
-        }),
-        displayName: z.string().trim(),
-        active: z.boolean()
-      }),
-      response: {
-        200: z.object({
-          schemas: z.array(z.string()),
-          id: z.string().trim(),
-          userName: z.string().trim(),
-          name: z.object({
-            familyName: z.string().trim(),
-            givenName: z.string().trim()
-          }),
-          emails: z.array(
-            z.object({
-              primary: z.boolean(),
-              value: z.string().email(),
-              type: z.string().trim()
-            })
-          ),
-          displayName: z.string().trim(),
-          active: z.boolean(),
-          groups: z.array(
-            z.object({
-              value: z.string().trim(),
-              display: z.string().trim()
-            })
-          )
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.SCIM_TOKEN]),
-    handler: async (req) => {
-      const user = await req.server.services.scim.replaceScimUser({
-        orgMembershipId: req.params.orgMembershipId,
-        orgId: req.permission.orgId,
-        active: req.body.active
-      });
-      return user;
-    }
-  });
 };
--- a/backend/src/ee/services/dynamic-secret/providers/aws-elasticache.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/aws-elasticache.ts
@ -0,0 +1,226 @@
+import {
+  CreateUserCommand,
+  CreateUserGroupCommand,
+  DeleteUserCommand,
+  DescribeReplicationGroupsCommand,
+  DescribeUserGroupsCommand,
+  ElastiCache,
+  ModifyReplicationGroupCommand,
+  ModifyUserGroupCommand
+} from "@aws-sdk/client-elasticache";
+import handlebars from "handlebars";
+import { customAlphabet } from "nanoid";
+import { z } from "zod";
+
+import { BadRequestError } from "@app/lib/errors";
+
+import { DynamicSecretAwsElastiCacheSchema, TDynamicProviderFns } from "./models";
+
+const CreateElastiCacheUserSchema = z.object({
+  UserId: z.string().trim().min(1),
+  UserName: z.string().trim().min(1),
+  Engine: z.string().default("redis"),
+  Passwords: z.array(z.string().trim().min(1)).min(1).max(1), // Minimum password length is 16 characters, required by AWS.
+  AccessString: z.string().trim().min(1) // Example: "on ~* +@all"
+});
+
+const DeleteElasticCacheUserSchema = z.object({
+  UserId: z.string().trim().min(1)
+});
+
+type TElastiCacheRedisUser = { userId: string; password: string };
+type TBasicAWSCredentials = { accessKeyId: string; secretAccessKey: string };
+
+type TCreateElastiCacheUserInput = z.infer<typeof CreateElastiCacheUserSchema>;
+type TDeleteElastiCacheUserInput = z.infer<typeof DeleteElasticCacheUserSchema>;
+
+const ElastiCacheUserManager = (credentials: TBasicAWSCredentials, region: string) => {
+  const elastiCache = new ElastiCache({
+    region,
+    credentials
+  });
+  const infisicalGroup = "infisical-managed-group-elasticache";
+
+  const ensureInfisicalGroupExists = async (clusterName: string) => {
+    const replicationGroups = await elastiCache.send(new DescribeUserGroupsCommand());
+
+    const existingGroup = replicationGroups.UserGroups?.find((group) => group.UserGroupId === infisicalGroup);
+
+    let newlyCreatedGroup = false;
+    if (!existingGroup) {
+      const createGroupCommand = new CreateUserGroupCommand({
+        UserGroupId: infisicalGroup,
+        UserIds: ["default"],
+        Engine: "redis"
+      });
+
+      await elastiCache.send(createGroupCommand);
+      newlyCreatedGroup = true;
+    }
+
+    if (existingGroup || newlyCreatedGroup) {
+      const replicationGroup = (
+        await elastiCache.send(
+          new DescribeReplicationGroupsCommand({
+            ReplicationGroupId: clusterName
+          })
+        )
+      ).ReplicationGroups?.[0];
+
+      if (!replicationGroup?.UserGroupIds?.includes(infisicalGroup)) {
+        // If the replication group doesn't have the infisical user group, we need to associate it
+        const modifyGroupCommand = new ModifyReplicationGroupCommand({
+          UserGroupIdsToAdd: [infisicalGroup],
+          UserGroupIdsToRemove: [],
+          ApplyImmediately: true,
+          ReplicationGroupId: clusterName
+        });
+        await elastiCache.send(modifyGroupCommand);
+      }
+    }
+  };
+
+  const addUserToInfisicalGroup = async (userId: string) => {
+    // figure out if the default user is already in the group, if it is, then we shouldn't add it again
+
+    const addUserToGroupCommand = new ModifyUserGroupCommand({
+      UserGroupId: infisicalGroup,
+      UserIdsToAdd: [userId],
+      UserIdsToRemove: []
+    });
+
+    await elastiCache.send(addUserToGroupCommand);
+  };
+
+  const createUser = async (creationInput: TCreateElastiCacheUserInput, clusterName: string) => {
+    await ensureInfisicalGroupExists(clusterName);
+
+    await elastiCache.send(new CreateUserCommand(creationInput)); // First create the user
+    await addUserToInfisicalGroup(creationInput.UserId); // Then add the user to the group. We know the group is already a part of the cluster because of ensureInfisicalGroupExists()
+
+    return {
+      userId: creationInput.UserId,
+      password: creationInput.Passwords[0]
+    };
+  };
+
+  const deleteUser = async (
+    deletionInput: TDeleteElastiCacheUserInput
+  ): Promise<Pick<TElastiCacheRedisUser, "userId">> => {
+    await elastiCache.send(new DeleteUserCommand(deletionInput));
+    return { userId: deletionInput.UserId };
+  };
+
+  const verifyCredentials = async (clusterName: string) => {
+    await elastiCache.send(
+      new DescribeReplicationGroupsCommand({
+        ReplicationGroupId: clusterName
+      })
+    );
+  };
+
+  return {
+    createUser,
+    deleteUser,
+    verifyCredentials
+  };
+};
+
+const generatePassword = () => {
+  const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~!*$#";
+  return customAlphabet(charset, 64)();
+};
+
+const generateUsername = () => {
+  const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-";
+  return `inf-${customAlphabet(charset, 32)()}`; // Username must start with an ascii letter, so we prepend the username with "inf-"
+};
+
+export const AwsElastiCacheDatabaseProvider = (): TDynamicProviderFns => {
+  const validateProviderInputs = async (inputs: unknown) => {
+    const providerInputs = DynamicSecretAwsElastiCacheSchema.parse(inputs);
+
+    // We need to ensure the that the creation & revocation statements are valid and can be used to create and revoke users.
+    // We can't return the parsed statements here because we need to use the handlebars template to generate the username and password, before we can use the parsed statements.
+    CreateElastiCacheUserSchema.parse(JSON.parse(providerInputs.creationStatement));
+    DeleteElasticCacheUserSchema.parse(JSON.parse(providerInputs.revocationStatement));
+
+    return providerInputs;
+  };
+  const validateConnection = async (inputs: unknown) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    await ElastiCacheUserManager(
+      {
+        accessKeyId: providerInputs.accessKeyId,
+        secretAccessKey: providerInputs.secretAccessKey
+      },
+      providerInputs.region
+    ).verifyCredentials(providerInputs.clusterName);
+    return true;
+  };
+
+  const create = async (inputs: unknown, expireAt: number) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    if (!(await validateConnection(providerInputs))) {
+      throw new BadRequestError({ message: "Failed to establish connection" });
+    }
+
+    const leaseUsername = generateUsername();
+    const leasePassword = generatePassword();
+    const leaseExpiration = new Date(expireAt).toISOString();
+
+    const creationStatement = handlebars.compile(providerInputs.creationStatement, { noEscape: true })({
+      username: leaseUsername,
+      password: leasePassword,
+      expiration: leaseExpiration
+    });
+
+    const parsedStatement = CreateElastiCacheUserSchema.parse(JSON.parse(creationStatement));
+
+    await ElastiCacheUserManager(
+      {
+        accessKeyId: providerInputs.accessKeyId,
+        secretAccessKey: providerInputs.secretAccessKey
+      },
+      providerInputs.region
+    ).createUser(parsedStatement, providerInputs.clusterName);
+
+    return {
+      entityId: leaseUsername,
+      data: {
+        DB_USERNAME: leaseUsername,
+        DB_PASSWORD: leasePassword
+      }
+    };
+  };
+
+  const revoke = async (inputs: unknown, entityId: string) => {
+    const providerInputs = await validateProviderInputs(inputs);
+
+    const revokeStatement = handlebars.compile(providerInputs.revocationStatement)({ username: entityId });
+    const parsedStatement = DeleteElasticCacheUserSchema.parse(JSON.parse(revokeStatement));
+
+    await ElastiCacheUserManager(
+      {
+        accessKeyId: providerInputs.accessKeyId,
+        secretAccessKey: providerInputs.secretAccessKey
+      },
+      providerInputs.region
+    ).deleteUser(parsedStatement);
+
+    return { entityId };
+  };
+
+  const renew = async (inputs: unknown, entityId: string) => {
+    // Do nothing
+    return { entityId };
+  };
+
+  return {
+    validateProviderInputs,
+    validateConnection,
+    create,
+    revoke,
+    renew
+  };
+};
--- a/backend/src/ee/services/dynamic-secret/providers/index.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/index.ts
@ -1,10 +1,16 @@
+import { AwsElastiCacheDatabaseProvider } from "./aws-elasticache";
 import { AwsIamProvider } from "./aws-iam";
 import { CassandraProvider } from "./cassandra";
 import { DynamicSecretProviders } from "./models";
+import { MongoAtlasProvider } from "./mongo-atlas";
+import { RedisDatabaseProvider } from "./redis";
 import { SqlDatabaseProvider } from "./sql-database";

 export const buildDynamicSecretProviders = () => ({
  [DynamicSecretProviders.SqlDatabase]: SqlDatabaseProvider(),
  [DynamicSecretProviders.Cassandra]: CassandraProvider(),
-  [DynamicSecretProviders.AwsIam]: AwsIamProvider()
+  [DynamicSecretProviders.AwsIam]: AwsIamProvider(),
+  [DynamicSecretProviders.Redis]: RedisDatabaseProvider(),
+  [DynamicSecretProviders.AwsElastiCache]: AwsElastiCacheDatabaseProvider(),
+  [DynamicSecretProviders.MongoAtlas]: MongoAtlasProvider()
 });
--- a/backend/src/ee/services/dynamic-secret/providers/models.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/models.ts
@ -7,6 +7,29 @@ export enum SqlProviders {
  MsSQL = "mssql"
 }

+export const DynamicSecretRedisDBSchema = z.object({
+  host: z.string().trim().toLowerCase(),
+  port: z.number(),
+  username: z.string().trim(), // this is often "default".
+  password: z.string().trim().optional(),
+
+  creationStatement: z.string().trim(),
+  revocationStatement: z.string().trim(),
+  renewStatement: z.string().trim().optional(),
+  ca: z.string().optional()
+});
+
+export const DynamicSecretAwsElastiCacheSchema = z.object({
+  clusterName: z.string().trim().min(1),
+  accessKeyId: z.string().trim().min(1),
+  secretAccessKey: z.string().trim().min(1),
+
+  region: z.string().trim(),
+  creationStatement: z.string().trim(),
+  revocationStatement: z.string().trim(),
+  ca: z.string().optional()
+});
+
 export const DynamicSecretSqlDBSchema = z.object({
  client: z.nativeEnum(SqlProviders),
  host: z.string().trim().toLowerCase(),
@ -44,16 +67,59 @@ export const DynamicSecretAwsIamSchema = z.object({
  policyArns: z.string().trim().optional()
 });

+export const DynamicSecretMongoAtlasSchema = z.object({
+  adminPublicKey: z.string().trim().min(1).describe("Admin user public api key"),
+  adminPrivateKey: z.string().trim().min(1).describe("Admin user private api key"),
+  groupId: z
+    .string()
+    .trim()
+    .min(1)
+    .describe("Unique 24-hexadecimal digit string that identifies your project. This is same as project id"),
+  roles: z
+    .object({
+      collectionName: z.string().optional().describe("Collection on which this role applies."),
+      databaseName: z.string().min(1).describe("Database to which the user is granted access privileges."),
+      roleName: z
+        .string()
+        .min(1)
+        .describe(
+          ' Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.'
+        )
+    })
+    .array()
+    .min(1),
+  scopes: z
+    .object({
+      name: z
+        .string()
+        .min(1)
+        .describe(
+          "Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access."
+        ),
+      type: z
+        .string()
+        .min(1)
+        .describe("Category of resource that this database user can access. Enum: CLUSTER, DATA_LAKE, STREAM")
+    })
+    .array()
+});
+
 export enum DynamicSecretProviders {
  SqlDatabase = "sql-database",
  Cassandra = "cassandra",
-  AwsIam = "aws-iam"
+  AwsIam = "aws-iam",
+  Redis = "redis",
+  AwsElastiCache = "aws-elasticache",
+  MongoAtlas = "mongo-db-atlas"
 }

 export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
  z.object({ type: z.literal(DynamicSecretProviders.SqlDatabase), inputs: DynamicSecretSqlDBSchema }),
  z.object({ type: z.literal(DynamicSecretProviders.Cassandra), inputs: DynamicSecretCassandraSchema }),
-  z.object({ type: z.literal(DynamicSecretProviders.AwsIam), inputs: DynamicSecretAwsIamSchema })
+  z.object({ type: z.literal(DynamicSecretProviders.AwsIam), inputs: DynamicSecretAwsIamSchema }),
+  z.object({ type: z.literal(DynamicSecretProviders.Redis), inputs: DynamicSecretRedisDBSchema }),
+  z.object({ type: z.literal(DynamicSecretProviders.AwsElastiCache), inputs: DynamicSecretAwsElastiCacheSchema }),
+  z.object({ type: z.literal(DynamicSecretProviders.MongoAtlas), inputs: DynamicSecretMongoAtlasSchema })
 ]);

 export type TDynamicProviderFns = {
--- a/backend/src/ee/services/dynamic-secret/providers/mongo-atlas.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/mongo-atlas.ts
@ -0,0 +1,146 @@
+import axios, { AxiosError } from "axios";
+import { customAlphabet } from "nanoid";
+import { z } from "zod";
+
+import { createDigestAuthRequestInterceptor } from "@app/lib/axios/digest-auth";
+import { alphaNumericNanoId } from "@app/lib/nanoid";
+
+import { DynamicSecretMongoAtlasSchema, TDynamicProviderFns } from "./models";
+
+const generatePassword = (size = 48) => {
+  const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~!*$#";
+  return customAlphabet(charset, 48)(size);
+};
+
+const generateUsername = () => {
+  return alphaNumericNanoId(32);
+};
+
+export const MongoAtlasProvider = (): TDynamicProviderFns => {
+  const validateProviderInputs = async (inputs: unknown) => {
+    const providerInputs = await DynamicSecretMongoAtlasSchema.parseAsync(inputs);
+    return providerInputs;
+  };
+
+  const getClient = async (providerInputs: z.infer<typeof DynamicSecretMongoAtlasSchema>) => {
+    const client = axios.create({
+      baseURL: "https://cloud.mongodb.com/api/atlas",
+      headers: {
+        Accept: "application/vnd.atlas.2023-02-01+json",
+        "Content-Type": "application/json"
+      }
+    });
+    const digestAuth = createDigestAuthRequestInterceptor(
+      client,
+      providerInputs.adminPublicKey,
+      providerInputs.adminPrivateKey
+    );
+    return digestAuth;
+  };
+
+  const validateConnection = async (inputs: unknown) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const client = await getClient(providerInputs);
+
+    const isConnected = await client({
+      method: "GET",
+      url: `v2/groups/${providerInputs.groupId}/databaseUsers`,
+      params: { itemsPerPage: 1 }
+    })
+      .then(() => true)
+      .catch((error) => {
+        if ((error as AxiosError).response) {
+          throw new Error(JSON.stringify((error as AxiosError).response?.data));
+        }
+        throw error;
+      });
+    return isConnected;
+  };
+
+  const create = async (inputs: unknown, expireAt: number) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const client = await getClient(providerInputs);
+
+    const username = generateUsername();
+    const password = generatePassword();
+    const expiration = new Date(expireAt).toISOString();
+    await client({
+      method: "POST",
+      url: `/v2/groups/${providerInputs.groupId}/databaseUsers`,
+      data: {
+        roles: providerInputs.roles,
+        scopes: providerInputs.scopes,
+        deleteAfterDate: expiration,
+        username,
+        password,
+        databaseName: "admin",
+        groupId: providerInputs.groupId
+      }
+    }).catch((error) => {
+      if ((error as AxiosError).response) {
+        throw new Error(JSON.stringify((error as AxiosError).response?.data));
+      }
+      throw error;
+    });
+    return { entityId: username, data: { DB_USERNAME: username, DB_PASSWORD: password } };
+  };
+
+  const revoke = async (inputs: unknown, entityId: string) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const client = await getClient(providerInputs);
+
+    const username = entityId;
+    const isExisting = await client({
+      method: "GET",
+      url: `/v2/groups/${providerInputs.groupId}/databaseUsers/admin/${username}`
+    }).catch((err) => {
+      if ((err as AxiosError).response?.status === 404) return false;
+      throw err;
+    });
+    if (isExisting) {
+      await client({
+        method: "DELETE",
+        url: `/v2/groups/${providerInputs.groupId}/databaseUsers/admin/${username}`
+      }).catch((error) => {
+        if ((error as AxiosError).response) {
+          throw new Error(JSON.stringify((error as AxiosError).response?.data));
+        }
+        throw error;
+      });
+    }
+
+    return { entityId: username };
+  };
+
+  const renew = async (inputs: unknown, entityId: string, expireAt: number) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const client = await getClient(providerInputs);
+
+    const username = entityId;
+    const expiration = new Date(expireAt).toISOString();
+
+    await client({
+      method: "PATCH",
+      url: `/v2/groups/${providerInputs.groupId}/databaseUsers/admin/${username}`,
+      data: {
+        deleteAfterDate: expiration,
+        databaseName: "admin",
+        groupId: providerInputs.groupId
+      }
+    }).catch((error) => {
+      if ((error as AxiosError).response) {
+        throw new Error(JSON.stringify((error as AxiosError).response?.data));
+      }
+      throw error;
+    });
+    return { entityId: username };
+  };
+
+  return {
+    validateProviderInputs,
+    validateConnection,
+    create,
+    revoke,
+    renew
+  };
+};
--- a/backend/src/ee/services/dynamic-secret/providers/redis.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/redis.ts
@ -0,0 +1,183 @@
+/* eslint-disable no-console */
+import handlebars from "handlebars";
+import { Redis } from "ioredis";
+import { customAlphabet } from "nanoid";
+import { z } from "zod";
+
+import { getConfig } from "@app/lib/config/env";
+import { BadRequestError } from "@app/lib/errors";
+import { getDbConnectionHost } from "@app/lib/knex";
+import { alphaNumericNanoId } from "@app/lib/nanoid";
+
+import { DynamicSecretRedisDBSchema, TDynamicProviderFns } from "./models";
+
+const generatePassword = () => {
+  const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~!*$#";
+  return customAlphabet(charset, 64)();
+};
+
+const generateUsername = () => {
+  return alphaNumericNanoId(32);
+};
+
+const executeTransactions = async (connection: Redis, commands: string[]): Promise<(string | null)[] | null> => {
+  // Initiate a transaction
+  const pipeline = connection.multi();
+
+  // Add all commands to the pipeline
+  for (const command of commands) {
+    const args = command
+      .split(" ")
+      .map((arg) => arg.trim())
+      .filter((arg) => arg.length > 0);
+    pipeline.call(args[0], ...args.slice(1));
+  }
+
+  // Execute the transaction
+  const results = await pipeline.exec();
+
+  if (!results) {
+    throw new BadRequestError({ message: "Redis transaction failed: No results returned" });
+  }
+
+  // Check for errors in the results
+  const errors = results.filter(([err]) => err !== null);
+  if (errors.length > 0) {
+    throw new BadRequestError({ message: "Redis transaction failed with errors" });
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  return results.map(([_, result]) => result as string | null);
+};
+
+export const RedisDatabaseProvider = (): TDynamicProviderFns => {
+  const validateProviderInputs = async (inputs: unknown) => {
+    const appCfg = getConfig();
+    const isCloud = Boolean(appCfg.LICENSE_SERVER_KEY); // quick and dirty way to check if its cloud or not
+    const dbHost = appCfg.DB_HOST || getDbConnectionHost(appCfg.DB_CONNECTION_URI);
+
+    const providerInputs = await DynamicSecretRedisDBSchema.parseAsync(inputs);
+    if (
+      isCloud &&
+      // localhost
+      // internal ips
+      (providerInputs.host === "host.docker.internal" ||
+        providerInputs.host.match(/^10\.\d+\.\d+\.\d+/) ||
+        providerInputs.host.match(/^192\.168\.\d+\.\d+/))
+    )
+      throw new BadRequestError({ message: "Invalid db host" });
+    if (providerInputs.host === "localhost" || providerInputs.host === "127.0.0.1" || dbHost === providerInputs.host)
+      throw new BadRequestError({ message: "Invalid db host" });
+    return providerInputs;
+  };
+
+  const getClient = async (providerInputs: z.infer<typeof DynamicSecretRedisDBSchema>) => {
+    let connection: Redis | null = null;
+    try {
+      connection = new Redis({
+        username: providerInputs.username,
+        host: providerInputs.host,
+        port: providerInputs.port,
+        password: providerInputs.password,
+        ...(providerInputs.ca && {
+          tls: {
+            rejectUnauthorized: false,
+            ca: providerInputs.ca
+          }
+        })
+      });
+
+      let result: string;
+      if (providerInputs.password) {
+        result = await connection.auth(providerInputs.username, providerInputs.password, () => {});
+      } else {
+        result = await connection.auth(providerInputs.username, () => {});
+      }
+
+      if (result !== "OK") {
+        throw new BadRequestError({ message: `Invalid credentials, Redis returned ${result} status` });
+      }
+
+      return connection;
+    } catch (err) {
+      if (connection) await connection.quit();
+
+      throw err;
+    }
+  };
+
+  const validateConnection = async (inputs: unknown) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const connection = await getClient(providerInputs);
+
+    const pingResponse = await connection
+      .ping()
+      .then(() => true)
+      .catch(() => false);
+
+    return pingResponse;
+  };
+
+  const create = async (inputs: unknown, expireAt: number) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const connection = await getClient(providerInputs);
+
+    const username = generateUsername();
+    const password = generatePassword();
+    const expiration = new Date(expireAt).toISOString();
+
+    const creationStatement = handlebars.compile(providerInputs.creationStatement, { noEscape: true })({
+      username,
+      password,
+      expiration
+    });
+
+    const queries = creationStatement.toString().split(";").filter(Boolean);
+
+    await executeTransactions(connection, queries);
+
+    await connection.quit();
+    return { entityId: username, data: { DB_USERNAME: username, DB_PASSWORD: password } };
+  };
+
+  const revoke = async (inputs: unknown, entityId: string) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const connection = await getClient(providerInputs);
+
+    const username = entityId;
+
+    const revokeStatement = handlebars.compile(providerInputs.revocationStatement)({ username });
+    const queries = revokeStatement.toString().split(";").filter(Boolean);
+
+    await executeTransactions(connection, queries);
+
+    await connection.quit();
+    return { entityId: username };
+  };
+
+  const renew = async (inputs: unknown, entityId: string, expireAt: number) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const connection = await getClient(providerInputs);
+
+    const username = entityId;
+    const expiration = new Date(expireAt).toISOString();
+
+    const renewStatement = handlebars.compile(providerInputs.renewStatement)({ username, expiration });
+
+    if (renewStatement) {
+      const queries = renewStatement.toString().split(";").filter(Boolean);
+      await executeTransactions(connection, queries);
+    }
+
+    await connection.quit();
+    return { entityId: username };
+  };
+
+  return {
+    validateProviderInputs,
+    validateConnection,
+    create,
+    revoke,
+    renew
+  };
+};
--- a/backend/src/ee/services/scim/scim-fns.ts
+++ b/backend/src/ee/services/scim/scim-fns.ts
@ -44,19 +44,18 @@ export const buildScimUser = ({
  email,
  firstName,
  lastName,
-  groups = [],
-  active
+  active,
+  createdAt,
+  updatedAt
 }: {
  orgMembershipId: string;
  username: string;
  email?: string | null;
  firstName: string | null | undefined;
  lastName: string | null | undefined;
-  groups?: {
-    value: string;
-    display: string;
-  }[];
  active: boolean;
+  createdAt: Date;
+  updatedAt: Date;
 }): TScimUser => {
  const scimUser = {
    schemas: ["urn:ietf:params:scim:schemas:core:2.0:User"],
@ -78,10 +77,10 @@ export const buildScimUser = ({
        ]
      : [],
    active,
-    groups,
    meta: {
      resourceType: "User",
-      location: null
+      created: createdAt,
+      lastModified: updatedAt
    }
  };

@ -109,14 +108,18 @@ export const buildScimGroupList = ({
 export const buildScimGroup = ({
  groupId,
  name,
-  members
+  members,
+  updatedAt,
+  createdAt
 }: {
  groupId: string;
  name: string;
  members: {
    value: string;
-    display: string;
+    display?: string;
  }[];
+  createdAt: Date;
+  updatedAt: Date;
 }): TScimGroup => {
  const scimGroup = {
    schemas: ["urn:ietf:params:scim:schemas:core:2.0:Group"],
@ -125,7 +128,8 @@ export const buildScimGroup = ({
    members,
    meta: {
      resourceType: "Group",
-      location: null
+      created: createdAt,
+      lastModified: updatedAt
    }
  };

--- a/backend/src/ee/services/scim/scim-service.ts
+++ b/backend/src/ee/services/scim/scim-service.ts
@ -1,6 +1,7 @@
 import { ForbiddenError } from "@casl/ability";
 import slugify from "@sindresorhus/slugify";
 import jwt from "jsonwebtoken";
+import { scimPatch } from "scim-patch";

 import { OrgMembershipRole, OrgMembershipStatus, TableName, TOrgMemberships, TUsers } from "@app/db/schemas";
 import { TGroupDALFactory } from "@app/ee/services/group/group-dal";
@ -9,7 +10,6 @@ import { TUserGroupMembershipDALFactory } from "@app/ee/services/group/user-grou
 import { TScimDALFactory } from "@app/ee/services/scim/scim-dal";
 import { getConfig } from "@app/lib/config/env";
 import { BadRequestError, ScimRequestError, UnauthorizedError } from "@app/lib/errors";
-import { logger } from "@app/lib/logger";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 import { TOrgPermission } from "@app/lib/types";
 import { AuthTokenType } from "@app/services/auth/auth-type";
@ -32,14 +32,7 @@ import { TLicenseServiceFactory } from "../license/license-service";
 import { OrgPermissionActions, OrgPermissionSubjects } from "../permission/org-permission";
 import { TPermissionServiceFactory } from "../permission/permission-service";
 import { TProjectUserAdditionalPrivilegeDALFactory } from "../project-user-additional-privilege/project-user-additional-privilege-dal";
-import {
-  buildScimGroup,
-  buildScimGroupList,
-  buildScimUser,
-  buildScimUserList,
-  extractScimValueFromPath,
-  parseScimFilter
-} from "./scim-fns";
+import { buildScimGroup, buildScimGroupList, buildScimUser, buildScimUserList, parseScimFilter } from "./scim-fns";
 import {
  TCreateScimGroupDTO,
  TCreateScimTokenDTO,
@ -64,12 +57,18 @@ type TScimServiceFactoryDep = {
  scimDAL: Pick<TScimDALFactory, "create" | "find" | "findById" | "deleteById">;
  userDAL: Pick<
    TUserDALFactory,
-    "find" | "findOne" | "create" | "transaction" | "findUserEncKeyByUserIdsBatch" | "findById"
+    "find" | "findOne" | "create" | "transaction" | "findUserEncKeyByUserIdsBatch" | "findById" | "updateById"
  >;
-  userAliasDAL: Pick<TUserAliasDALFactory, "findOne" | "create" | "delete">;
+  userAliasDAL: Pick<TUserAliasDALFactory, "findOne" | "create" | "delete" | "update">;
  orgDAL: Pick<
    TOrgDALFactory,
-    "createMembership" | "findById" | "findMembership" | "deleteMembershipById" | "transaction" | "updateMembershipById"
+    | "createMembership"
+    | "findById"
+    | "findMembership"
+    | "findMembershipWithScimFilter"
+    | "deleteMembershipById"
+    | "transaction"
+    | "updateMembershipById"
  >;
  orgMembershipDAL: Pick<TOrgMembershipDALFactory, "find" | "findOne" | "create" | "updateById" | "findById">;
  projectDAL: Pick<TProjectDALFactory, "find" | "findProjectGhostUser">;
@ -193,7 +192,12 @@ export const scimServiceFactory = ({
  };

  // SCIM server endpoints
-  const listScimUsers = async ({ startIndex, limit, filter, orgId }: TListScimUsersDTO): Promise<TListScimUsers> => {
+  const listScimUsers = async ({
+    startIndex = 0,
+    limit = 100,
+    filter,
+    orgId
+  }: TListScimUsersDTO): Promise<TListScimUsers> => {
    const org = await orgDAL.findById(orgId);

    if (!org.scimEnabled)
@ -207,23 +211,20 @@ export const scimServiceFactory = ({
      ...(limit && { limit })
    };

-    const users = await orgDAL.findMembership(
-      {
-        [`${TableName.OrgMembership}.orgId` as "id"]: orgId,
-        ...parseScimFilter(filter)
-      },
-      findOpts
-    );
+    const users = await orgDAL.findMembershipWithScimFilter(orgId, filter, findOpts);

-    const scimUsers = users.map(({ id, externalId, username, firstName, lastName, email, isActive }) =>
-      buildScimUser({
-        orgMembershipId: id ?? "",
-        username: externalId ?? username,
-        firstName: firstName ?? "",
-        lastName: lastName ?? "",
-        email,
-        active: isActive
-      })
+    const scimUsers = users.map(
+      ({ id, externalId, username, firstName, lastName, email, isActive, createdAt, updatedAt }) =>
+        buildScimUser({
+          orgMembershipId: id ?? "",
+          username: externalId ?? username,
+          firstName: firstName ?? "",
+          lastName: lastName ?? "",
+          email,
+          active: isActive,
+          createdAt,
+          updatedAt
+        })
    );

    return buildScimUserList({
@ -258,11 +259,6 @@ export const scimServiceFactory = ({
        status: 403
      });

-    const groupMembershipsInOrg = await userGroupMembershipDAL.findGroupMembershipsByUserIdInOrg(
-      membership.userId,
-      orgId
-    );
-
    return buildScimUser({
      orgMembershipId: membership.id,
      username: membership.externalId ?? membership.username,
@ -270,10 +266,8 @@ export const scimServiceFactory = ({
      firstName: membership.firstName,
      lastName: membership.lastName,
      active: membership.isActive,
-      groups: groupMembershipsInOrg.map((group) => ({
-        value: group.groupId,
-        display: group.groupName
-      }))
+      createdAt: membership.createdAt,
+      updatedAt: membership.updatedAt
    });
  };

@ -322,7 +316,7 @@ export const scimServiceFactory = ({
              userId: userAlias.userId,
              inviteEmail: email,
              orgId,
-              role: OrgMembershipRole.Member,
+              role: OrgMembershipRole.NoAccess,
              status: user.isAccepted ? OrgMembershipStatus.Accepted : OrgMembershipStatus.Invited, // if user is fully completed, then set status to accepted, otherwise set it to invited so we can update it later
              isActive: true
            },
@ -349,7 +343,11 @@ export const scimServiceFactory = ({
        }

        if (!user) {
-          const uniqueUsername = await normalizeUsername(`${firstName}-${lastName}`, userDAL);
+          const uniqueUsername = await normalizeUsername(
+            // external id is username
+            `${firstName}-${lastName}`,
+            userDAL
+          );
          user = await userDAL.create(
            {
              username: serverCfg.trustSamlEmails ? email : uniqueUsername,
@ -430,10 +428,13 @@ export const scimServiceFactory = ({
      firstName: createdUser.firstName,
      lastName: createdUser.lastName,
      email: createdUser.email ?? "",
-      active: createdOrgMembership.isActive
+      active: createdOrgMembership.isActive,
+      createdAt: createdOrgMembership.createdAt,
+      updatedAt: createdOrgMembership.updatedAt
    });
  };

+  // partial
  const updateScimUser = async ({ orgMembershipId, orgId, operations }: TUpdateScimUserDTO) => {
    const [membership] = await orgDAL
      .findMembership({
@ -459,37 +460,52 @@ export const scimServiceFactory = ({
        status: 403
      });

-    let active = true;
-
-    operations.forEach((operation) => {
-      if (operation.op.toLowerCase() === "replace") {
-        if (operation.path === "active" && operation.value === "False") {
-          // azure scim op format
-          active = false;
-        } else if (typeof operation.value === "object" && operation.value.active === false) {
-          // okta scim op format
-          active = false;
-        }
-      }
-    });
-
-    if (!active) {
-      await orgMembershipDAL.updateById(membership.id, {
-        isActive: false
-      });
-    }
-
-    return buildScimUser({
+    const scimUser = buildScimUser({
      orgMembershipId: membership.id,
-      username: membership.externalId ?? membership.username,
      email: membership.email,
-      firstName: membership.firstName,
      lastName: membership.lastName,
-      active
+      firstName: membership.firstName,
+      active: membership.isActive,
+      username: membership.externalId ?? membership.username,
+      createdAt: membership.createdAt,
+      updatedAt: membership.updatedAt
    });
+    scimPatch(scimUser, operations);
+
+    const serverCfg = await getServerCfg();
+    await userDAL.transaction(async (tx) => {
+      await orgMembershipDAL.updateById(
+        membership.id,
+        {
+          isActive: scimUser.active
+        },
+        tx
+      );
+      const hasEmailChanged = scimUser.emails[0].value !== membership.email;
+      await userDAL.updateById(
+        membership.userId,
+        {
+          firstName: scimUser.name.givenName,
+          email: scimUser.emails[0].value,
+          lastName: scimUser.name.familyName,
+          isEmailVerified: hasEmailChanged ? serverCfg.trustSamlEmails : true
+        },
+        tx
+      );
+    });
+
+    return scimUser;
  };

-  const replaceScimUser = async ({ orgMembershipId, active, orgId }: TReplaceScimUserDTO) => {
+  const replaceScimUser = async ({
+    orgMembershipId,
+    active,
+    orgId,
+    lastName,
+    firstName,
+    email,
+    externalId
+  }: TReplaceScimUserDTO) => {
    const [membership] = await orgDAL
      .findMembership({
        [`${TableName.OrgMembership}.id` as "id"]: orgMembershipId,
@ -514,26 +530,47 @@ export const scimServiceFactory = ({
        status: 403
      });

-    await orgMembershipDAL.updateById(membership.id, {
-      isActive: active
+    const serverCfg = await getServerCfg();
+    await userDAL.transaction(async (tx) => {
+      await userAliasDAL.update(
+        {
+          orgId,
+          aliasType: UserAliasType.SAML,
+          userId: membership.userId
+        },
+        {
+          externalId
+        },
+        tx
+      );
+      await orgMembershipDAL.updateById(
+        membership.id,
+        {
+          isActive: active
+        },
+        tx
+      );
+      await userDAL.updateById(
+        membership.userId,
+        {
+          firstName,
+          email,
+          lastName,
+          isEmailVerified: serverCfg.trustSamlEmails
+        },
+        tx
+      );
    });

-    const groupMembershipsInOrg = await userGroupMembershipDAL.findGroupMembershipsByUserIdInOrg(
-      membership.userId,
-      orgId
-    );
-
    return buildScimUser({
      orgMembershipId: membership.id,
-      username: membership.externalId ?? membership.username,
+      username: externalId,
      email: membership.email,
      firstName: membership.firstName,
      lastName: membership.lastName,
      active,
-      groups: groupMembershipsInOrg.map((group) => ({
-        value: group.groupId,
-        display: group.groupName
-      }))
+      createdAt: membership.createdAt,
+      updatedAt: membership.updatedAt
    });
  };

@ -570,7 +607,7 @@ export const scimServiceFactory = ({
    return {}; // intentionally return empty object upon success
  };

-  const listScimGroups = async ({ orgId, startIndex, limit, filter }: TListScimGroupsDTO) => {
+  const listScimGroups = async ({ orgId, startIndex, limit, filter, isMembersExcluded }: TListScimGroupsDTO) => {
    const plan = await licenseService.getPlan(orgId);
    if (!plan.groups)
      throw new BadRequestError({
@ -603,6 +640,21 @@ export const scimServiceFactory = ({
    );

    const scimGroups: TScimGroup[] = [];
+    if (isMembersExcluded) {
+      return buildScimGroupList({
+        scimGroups: groups.map((group) =>
+          buildScimGroup({
+            groupId: group.id,
+            name: group.name,
+            members: [],
+            createdAt: group.createdAt,
+            updatedAt: group.updatedAt
+          })
+        ),
+        startIndex,
+        limit
+      });
+    }

    for await (const group of groups) {
      const members = await userGroupMembershipDAL.findGroupMembershipsByGroupIdInOrg(group.id, orgId);
@ -612,7 +664,9 @@ export const scimServiceFactory = ({
        members: members.map((member) => ({
          value: member.orgMembershipId,
          display: `${member.firstName ?? ""} ${member.lastName ?? ""}`
-        }))
+        })),
+        createdAt: group.createdAt,
+        updatedAt: group.updatedAt
      });
      scimGroups.push(scimGroup);
    }
@ -696,7 +750,9 @@ export const scimServiceFactory = ({
      members: orgMemberships.map(({ id, firstName, lastName }) => ({
        value: id,
        display: `${firstName} ${lastName}`
-      }))
+      })),
+      createdAt: newGroup.group.createdAt,
+      updatedAt: newGroup.group.updatedAt
    });
  };

@ -739,31 +795,17 @@ export const scimServiceFactory = ({
      members: orgMemberships.map(({ id, firstName, lastName }) => ({
        value: id,
        display: `${firstName} ${lastName}`
-      }))
+      })),
+      createdAt: group.createdAt,
+      updatedAt: group.updatedAt
    });
  };

-  const updateScimGroupNamePut = async ({ groupId, orgId, displayName, members }: TUpdateScimGroupNamePutDTO) => {
-    const plan = await licenseService.getPlan(orgId);
-    if (!plan.groups)
-      throw new BadRequestError({
-        message: "Failed to update SCIM group due to plan restriction. Upgrade plan to update SCIM group."
-      });
-
-    const org = await orgDAL.findById(orgId);
-    if (!org) {
-      throw new ScimRequestError({
-        detail: "Organization Not Found",
-        status: 404
-      });
-    }
-
-    if (!org.scimEnabled)
-      throw new ScimRequestError({
-        detail: "SCIM is disabled for the organization",
-        status: 403
-      });
-
+  const $replaceGroupDAL = async (
+    groupId: string,
+    orgId: string,
+    { displayName, members = [] }: { displayName: string; members: { value: string }[] }
+  ) => {
    const updatedGroup = await groupDAL.transaction(async (tx) => {
      const [group] = await groupDAL.update(
        {
@ -782,74 +824,96 @@ export const scimServiceFactory = ({
        });
      }

-      if (members) {
-        const orgMemberships = await orgMembershipDAL.find({
-          $in: {
-            id: members.map((member) => member.value)
-          }
+      const orgMemberships = members.length
+        ? await orgMembershipDAL.find({
+            $in: {
+              id: members.map((member) => member.value)
+            }
+          })
+        : [];
+
+      const membersIdsSet = new Set(orgMemberships.map((orgMembership) => orgMembership.userId));
+      const userGroupMembers = await userGroupMembershipDAL.find({
+        groupId: group.id
+      });
+      const directMemberUserIds = userGroupMembers.filter((el) => !el.isPending).map((membership) => membership.userId);
+
+      const pendingGroupAdditionsUserIds = userGroupMembers
+        .filter((el) => el.isPending)
+        .map((pendingGroupAddition) => pendingGroupAddition.userId);
+
+      const allMembersUserIds = directMemberUserIds.concat(pendingGroupAdditionsUserIds);
+      const allMembersUserIdsSet = new Set(allMembersUserIds);
+
+      const toAddUserIds = orgMemberships.filter((member) => !allMembersUserIdsSet.has(member.userId as string));
+      const toRemoveUserIds = allMembersUserIds.filter((userId) => !membersIdsSet.has(userId));
+
+      if (toAddUserIds.length) {
+        await addUsersToGroupByUserIds({
+          group,
+          userIds: toAddUserIds.map((member) => member.userId as string),
+          userDAL,
+          userGroupMembershipDAL,
+          orgDAL,
+          groupProjectDAL,
+          projectKeyDAL,
+          projectDAL,
+          projectBotDAL,
+          tx
        });
+      }

-        const membersIdsSet = new Set(orgMemberships.map((orgMembership) => orgMembership.userId));
-
-        const directMemberUserIds = (
-          await userGroupMembershipDAL.find({
-            groupId: group.id,
-            isPending: false
-          })
-        ).map((membership) => membership.userId);
-
-        const pendingGroupAdditionsUserIds = (
-          await userGroupMembershipDAL.find({
-            groupId: group.id,
-            isPending: true
-          })
-        ).map((pendingGroupAddition) => pendingGroupAddition.userId);
-
-        const allMembersUserIds = directMemberUserIds.concat(pendingGroupAdditionsUserIds);
-        const allMembersUserIdsSet = new Set(allMembersUserIds);
-
-        const toAddUserIds = orgMemberships.filter((member) => !allMembersUserIdsSet.has(member.userId as string));
-        const toRemoveUserIds = allMembersUserIds.filter((userId) => !membersIdsSet.has(userId));
-
-        if (toAddUserIds.length) {
-          await addUsersToGroupByUserIds({
-            group,
-            userIds: toAddUserIds.map((member) => member.userId as string),
-            userDAL,
-            userGroupMembershipDAL,
-            orgDAL,
-            groupProjectDAL,
-            projectKeyDAL,
-            projectDAL,
-            projectBotDAL,
-            tx
-          });
-        }
-
-        if (toRemoveUserIds.length) {
-          await removeUsersFromGroupByUserIds({
-            group,
-            userIds: toRemoveUserIds,
-            userDAL,
-            userGroupMembershipDAL,
-            groupProjectDAL,
-            projectKeyDAL,
-            tx
-          });
-        }
+      if (toRemoveUserIds.length) {
+        await removeUsersFromGroupByUserIds({
+          group,
+          userIds: toRemoveUserIds,
+          userDAL,
+          userGroupMembershipDAL,
+          groupProjectDAL,
+          projectKeyDAL,
+          tx
+        });
      }

      return group;
    });

+    return updatedGroup;
+  };
+
+  const replaceScimGroup = async ({ groupId, orgId, displayName, members }: TUpdateScimGroupNamePutDTO) => {
+    const plan = await licenseService.getPlan(orgId);
+    if (!plan.groups)
+      throw new BadRequestError({
+        message: "Failed to update SCIM group due to plan restriction. Upgrade plan to update SCIM group."
+      });
+
+    const org = await orgDAL.findById(orgId);
+    if (!org) {
+      throw new ScimRequestError({
+        detail: "Organization Not Found",
+        status: 404
+      });
+    }
+
+    if (!org.scimEnabled)
+      throw new ScimRequestError({
+        detail: "SCIM is disabled for the organization",
+        status: 403
+      });
+
+    const updatedGroup = await $replaceGroupDAL(groupId, orgId, { displayName, members });
+
    return buildScimGroup({
      groupId: updatedGroup.id,
      name: updatedGroup.name,
-      members
+      members,
+      updatedAt: updatedGroup.updatedAt,
+      createdAt: updatedGroup.createdAt
    });
  };

-  const updateScimGroupNamePatch = async ({ groupId, orgId, operations }: TUpdateScimGroupNamePatchDTO) => {
+  const updateScimGroup = async ({ groupId, orgId, operations }: TUpdateScimGroupNamePatchDTO) => {
    const plan = await licenseService.getPlan(orgId);
    if (!plan.groups)
      throw new BadRequestError({
@ -871,7 +935,7 @@ export const scimServiceFactory = ({
        status: 403
      });

-    let group = await groupDAL.findOne({
+    const group = await groupDAL.findOne({
      id: groupId,
      orgId
    });
@ -883,64 +947,28 @@ export const scimServiceFactory = ({
      });
    }

-    for await (const operation of operations) {
-      if (operation.op === "replace" || operation.op === "Replace") {
-        group = await groupDAL.updateById(group.id, {
-          name: operation.value.displayName
-        });
-      } else if (operation.op === "add" || operation.op === "Add") {
-        try {
-          const orgMemberships = await orgMembershipDAL.find({
-            $in: {
-              id: operation.value.map((member) => member.value)
-            }
-          });
-
-          await addUsersToGroupByUserIds({
-            group,
-            userIds: orgMemberships.map((membership) => membership.userId as string),
-            userDAL,
-            userGroupMembershipDAL,
-            orgDAL,
-            groupProjectDAL,
-            projectKeyDAL,
-            projectDAL,
-            projectBotDAL
-          });
-        } catch {
-          logger.info("Repeat SCIM user-group add operation");
-        }
-      } else if (operation.op === "remove" || operation.op === "Remove") {
-        const orgMembershipId = extractScimValueFromPath(operation.path);
-        if (!orgMembershipId) throw new ScimRequestError({ detail: "Invalid path value", status: 400 });
-        const orgMembership = await orgMembershipDAL.findById(orgMembershipId);
-        if (!orgMembership) throw new ScimRequestError({ detail: "Org Membership Not Found", status: 400 });
-        await removeUsersFromGroupByUserIds({
-          group,
-          userIds: [orgMembership.userId as string],
-          userDAL,
-          userGroupMembershipDAL,
-          groupProjectDAL,
-          projectKeyDAL
-        });
-      } else {
-        throw new ScimRequestError({
-          detail: "Invalid Operation",
-          status: 400
-        });
-      }
-    }
-
    const members = await userGroupMembershipDAL.findGroupMembershipsByGroupIdInOrg(group.id, orgId);
-
-    return buildScimGroup({
+    const scimGroup = buildScimGroup({
      groupId: group.id,
      name: group.name,
      members: members.map((member) => ({
+        value: member.orgMembershipId
+      })),
+      createdAt: group.createdAt,
+      updatedAt: group.updatedAt
+    });
+    scimPatch(scimGroup, operations);
+    // remove members is a weird case not following scim convention
+    await $replaceGroupDAL(groupId, orgId, { displayName: scimGroup.displayName, members: scimGroup.members });
+
+    const updatedScimMembers = await userGroupMembershipDAL.findGroupMembershipsByGroupIdInOrg(group.id, orgId);
+    return {
+      ...scimGroup,
+      members: updatedScimMembers.map((member) => ({
        value: member.orgMembershipId,
        display: `${member.firstName ?? ""} ${member.lastName ?? ""}`
      }))
-    });
+    };
  };

  const deleteScimGroup = async ({ groupId, orgId }: TDeleteScimGroupDTO) => {
@ -1016,8 +1044,8 @@ export const scimServiceFactory = ({
    createScimGroup,
    getScimGroup,
    deleteScimGroup,
-    updateScimGroupNamePut,
-    updateScimGroupNamePatch,
+    replaceScimGroup,
+    updateScimGroup,
    fnValidateScimToken
  };
 };
--- a/backend/src/ee/services/scim/scim-types.ts
+++ b/backend/src/ee/services/scim/scim-types.ts
@ -1,3 +1,5 @@
+import { ScimPatchOperation } from "scim-patch";
+
 import { TOrgPermission } from "@app/lib/types";

 export type TCreateScimTokenDTO = {
@ -34,29 +36,25 @@ export type TGetScimUserDTO = {
 export type TCreateScimUserDTO = {
  externalId: string;
  email?: string;
-  firstName: string;
-  lastName: string;
+  firstName?: string;
+  lastName?: string;
  orgId: string;
 };

 export type TUpdateScimUserDTO = {
  orgMembershipId: string;
  orgId: string;
-  operations: {
-    op: string;
-    path?: string;
-    value?:
-      | string
-      | {
-          active: boolean;
-        };
-  }[];
+  operations: ScimPatchOperation[];
 };

 export type TReplaceScimUserDTO = {
  orgMembershipId: string;
  active: boolean;
  orgId: string;
+  email?: string;
+  firstName?: string;
+  lastName?: string;
+  externalId: string;
 };

 export type TDeleteScimUserDTO = {
@ -69,6 +67,7 @@ export type TListScimGroupsDTO = {
  filter?: string;
  limit: number;
  orgId: string;
+  isMembersExcluded?: boolean;
 };

 export type TListScimGroups = {
@ -107,31 +106,7 @@ export type TUpdateScimGroupNamePutDTO = {
 export type TUpdateScimGroupNamePatchDTO = {
  groupId: string;
  orgId: string;
-  operations: (TRemoveOp | TReplaceOp | TAddOp)[];
-};
-
-// akhilmhdh: I know, this is done due to lack of time. Need to change later to support as normalized rather than like this
-// Forgive akhil blame tony
-type TReplaceOp = {
-  op: "replace" | "Replace";
-  value: {
-    id: string;
-    displayName: string;
-  };
-};
-
-type TRemoveOp = {
-  op: "remove" | "Remove";
-  path: string;
-};
-
-type TAddOp = {
-  op: "add" | "Add";
-  path: string;
-  value: {
-    value: string;
-    display?: string;
-  }[];
+  operations: ScimPatchOperation[];
 };

 export type TDeleteScimGroupDTO = {
@ -160,13 +135,10 @@ export type TScimUser = {
    type: string;
  }[];
  active: boolean;
-  groups: {
-    value: string;
-    display: string;
-  }[];
  meta: {
    resourceType: string;
-    location: null;
+    created: Date;
+    lastModified: Date;
  };
 };

@ -176,10 +148,11 @@ export type TScimGroup = {
  displayName: string;
  members: {
    value: string;
-    display: string;
+    display?: string;
  }[];
  meta: {
    resourceType: string;
-    location: null;
+    created: Date;
+    lastModified: Date;
  };
 };
--- a/backend/src/ee/services/secret-approval-request/secret-approval-request-fns.ts
+++ b/backend/src/ee/services/secret-approval-request/secret-approval-request-fns.ts
@ -36,9 +36,7 @@ export const sendApprovalEmailsFn = async ({
        firstName: reviewerUser.firstName,
        projectName: project.name,
        organizationName: project.organization.name,
-        approvalUrl: `${cfg.isDevelopmentMode ? "https" : "http"}://${cfg.SITE_URL}/project/${
-          project.id
-        }/approval?requestId=${secretApprovalRequest.id}`
+        approvalUrl: `${cfg.SITE_URL}/project/${project.id}/approval?requestId=${secretApprovalRequest.id}`
      },
      template: SmtpTemplates.SecretApprovalRequestNeedsReview
    });
--- a/backend/src/lib/api-docs/constants.ts
+++ b/backend/src/lib/api-docs/constants.ts
@ -964,6 +964,10 @@ export const INTEGRATION = {
      shouldAutoRedeploy: "Used by Render to trigger auto deploy.",
      secretGCPLabel: "The label for GCP secrets.",
      secretAWSTag: "The tags for AWS secrets.",
+      githubVisibility:
+        "Define where the secrets from the Github Integration should be visible. Option 'selected' lets you directly define which repositories to sync secrets to.",
+      githubVisibilityRepoIds:
+        "The repository IDs to sync secrets to when using the Github Integration. Only applicable when using Organization scope, and visibility is set to 'selected'",
      kmsKeyId: "The ID of the encryption key from AWS KMS.",
      shouldDisableDelete: "The flag to disable deletion of secrets in AWS Parameter Store.",
      shouldMaskSecrets: "Specifies if the secrets synced from Infisical to Gitlab should be marked as 'Masked'.",
--- a/backend/src/lib/axios/digest-auth.ts
+++ b/backend/src/lib/axios/digest-auth.ts
@ -0,0 +1,57 @@
+import crypto from "node:crypto";
+
+import { AxiosError, AxiosInstance, AxiosRequestConfig } from "axios";
+
+export const createDigestAuthRequestInterceptor = (
+  axiosInstance: AxiosInstance,
+  username: string,
+  password: string
+) => {
+  let nc = 0;
+
+  return async (opts: AxiosRequestConfig) => {
+    try {
+      return await axiosInstance.request(opts);
+    } catch (err) {
+      const error = err as AxiosError;
+      const authHeader = (error?.response?.headers?.["www-authenticate"] as string) || "";
+
+      if (error?.response?.status !== 401 || !authHeader?.includes("nonce")) {
+        return Promise.reject(error.message);
+      }
+
+      if (!error.config) {
+        return Promise.reject(error);
+      }
+
+      const authDetails = authHeader.split(",").map((el) => el.split("="));
+      nc += 1;
+      const nonceCount = nc.toString(16).padStart(8, "0");
+      const cnonce = crypto.randomBytes(24).toString("hex");
+      const realm = authDetails.find((el) => el[0].toLowerCase().indexOf("realm") > -1)?.[1].replace(/"/g, "");
+      const nonce = authDetails.find((el) => el[0].toLowerCase().indexOf("nonce") > -1)?.[1].replace(/"/g, "");
+      const ha1 = crypto.createHash("md5").update(`${username}:${realm}:${password}`).digest("hex");
+      const path = opts.url;
+
+      const ha2 = crypto
+        .createHash("md5")
+        .update(`${opts.method ?? "GET"}:${path}`)
+        .digest("hex");
+
+      const response = crypto
+        .createHash("md5")
+        .update(`${ha1}:${nonce}:${nonceCount}:${cnonce}:auth:${ha2}`)
+        .digest("hex");
+      const authorization = `Digest username="${username}",realm="${realm}",nonce="${nonce}",uri="${path}",qop="auth",algorithm="MD5",response="${response}",nc="${nonceCount}",cnonce="${cnonce}"`;
+
+      if (opts.headers) {
+        // eslint-disable-next-line
+        opts.headers.authorization = authorization;
+      } else {
+        // eslint-disable-next-line
+        opts.headers = { authorization };
+      }
+      return axiosInstance.request(opts);
+    }
+  };
+};
--- a/backend/src/lib/config/env.ts
+++ b/backend/src/lib/config/env.ts
@ -1,6 +1,7 @@
 import { Logger } from "pino";
 import { z } from "zod";

+import { removeTrailingSlash } from "../fn";
 import { zpStr } from "../zod";

 export const GITLAB_URL = "https://gitlab.com";
@ -63,7 +64,9 @@ const envSchema = z
      .string()
      .min(32)
      .default("#5VihU%rbXHcHwWwCot5L3vyPsx$7dWYw^iGk!EJg2bC*f$PD$%KCqx^R@#^LSEf"),
-    SITE_URL: zpStr(z.string().optional()),
+
+    // Ensure that the SITE_URL never ends with a trailing slash
+    SITE_URL: zpStr(z.string().transform((val) => (val ? removeTrailingSlash(val) : val))).optional(),
    // Telemetry
    TELEMETRY_ENABLED: zodStrBool.default("true"),
    POSTHOG_HOST: zpStr(z.string().optional().default("https://app.posthog.com")),
--- a/backend/src/lib/knex/scim.ts
+++ b/backend/src/lib/knex/scim.ts
@ -0,0 +1,121 @@
+import { Knex } from "knex";
+import { Compare, Filter, parse } from "scim2-parse-filter";
+
+const appendParentToGroupingOperator = (parentPath: string, filter: Filter) => {
+  if (filter.op !== "[]" && filter.op !== "and" && filter.op !== "or" && filter.op !== "not") {
+    return { ...filter, attrPath: `${parentPath}.${(filter as Compare).attrPath}` };
+  }
+  return filter;
+};
+
+export const generateKnexQueryFromScim = (
+  rootQuery: Knex.QueryBuilder,
+  rootScimFilter: string,
+  getAttributeField: (attr: string) => string | null
+) => {
+  const scimRootFilterAst = parse(rootScimFilter);
+  const stack = [
+    {
+      scimFilterAst: scimRootFilterAst,
+      query: rootQuery
+    }
+  ];
+
+  while (stack.length) {
+    const { scimFilterAst, query } = stack.pop()!;
+    switch (scimFilterAst.op) {
+      case "eq": {
+        const attrPath = getAttributeField(scimFilterAst.attrPath);
+        if (attrPath) void query.where(attrPath, scimFilterAst.compValue);
+        break;
+      }
+      case "pr": {
+        const attrPath = getAttributeField(scimFilterAst.attrPath);
+        if (attrPath) void query.whereNotNull(attrPath);
+        break;
+      }
+      case "gt": {
+        const attrPath = getAttributeField(scimFilterAst.attrPath);
+        if (attrPath) void query.where(attrPath, ">", scimFilterAst.compValue);
+        break;
+      }
+      case "ge": {
+        const attrPath = getAttributeField(scimFilterAst.attrPath);
+        if (attrPath) void query.where(attrPath, ">=", scimFilterAst.compValue);
+        break;
+      }
+      case "lt": {
+        const attrPath = getAttributeField(scimFilterAst.attrPath);
+        if (attrPath) void query.where(attrPath, "<", scimFilterAst.compValue);
+        break;
+      }
+      case "le": {
+        const attrPath = getAttributeField(scimFilterAst.attrPath);
+        if (attrPath) void query.where(attrPath, "<=", scimFilterAst.compValue);
+        break;
+      }
+      case "sw": {
+        const attrPath = getAttributeField(scimFilterAst.attrPath);
+        if (attrPath) void query.whereILike(attrPath, `${scimFilterAst.compValue}%`);
+        break;
+      }
+      case "ew": {
+        const attrPath = getAttributeField(scimFilterAst.attrPath);
+        if (attrPath) void query.whereILike(attrPath, `%${scimFilterAst.compValue}`);
+        break;
+      }
+      case "co": {
+        const attrPath = getAttributeField(scimFilterAst.attrPath);
+        if (attrPath) void query.whereILike(attrPath, `%${scimFilterAst.compValue}%`);
+        break;
+      }
+      case "ne": {
+        const attrPath = getAttributeField(scimFilterAst.attrPath);
+        if (attrPath) void query.whereNot(attrPath, "=", scimFilterAst.compValue);
+        break;
+      }
+      case "and": {
+        void query.andWhere((subQueryBuilder) => {
+          scimFilterAst.filters.forEach((el) => {
+            stack.push({
+              query: subQueryBuilder,
+              scimFilterAst: el
+            });
+          });
+        });
+        break;
+      }
+      case "or": {
+        void query.orWhere((subQueryBuilder) => {
+          scimFilterAst.filters.forEach((el) => {
+            stack.push({
+              query: subQueryBuilder,
+              scimFilterAst: el
+            });
+          });
+        });
+        break;
+      }
+      case "not": {
+        void query.whereNot((subQueryBuilder) => {
+          stack.push({
+            query: subQueryBuilder,
+            scimFilterAst: scimFilterAst.filter
+          });
+        });
+        break;
+      }
+      case "[]": {
+        void query.whereNot((subQueryBuilder) => {
+          stack.push({
+            query: subQueryBuilder,
+            scimFilterAst: appendParentToGroupingOperator(scimFilterAst.attrPath, scimFilterAst.valFilter)
+          });
+        });
+        break;
+      }
+      default:
+        break;
+    }
+  }
+};
--- a/backend/src/server/app.ts
+++ b/backend/src/server/app.ts
@ -49,6 +49,21 @@ export const main = async ({ db, smtp, logger, queue, keyStore }: TMain) => {
  server.setValidatorCompiler(validatorCompiler);
  server.setSerializerCompiler(serializerCompiler);

+  server.addContentTypeParser("application/scim+json", { parseAs: "string" }, (_, body, done) => {
+    try {
+      const strBody = body instanceof Buffer ? body.toString() : body;
+      if (!strBody) {
+        done(null, undefined);
+        return;
+      }
+      const json: unknown = JSON.parse(strBody);
+      done(null, json);
+    } catch (err) {
+      const error = err as Error;
+      done(error, undefined);
+    }
+  });
+
  try {
    await server.register<FastifyCookieOptions>(cookie, {
      secret: appCfg.COOKIE_SECRET_SIGN_KEY
--- a/backend/src/server/routes/v1/secret-sharing-router.ts
+++ b/backend/src/server/routes/v1/secret-sharing-router.ts
@ -48,7 +48,7 @@ export const registerSecretSharingRouter = async (server: FastifyZodProvider) =>
  });

  server.route({
-    method: "GET",
+    method: "POST",
    url: "/public/:id",
    config: {
      rateLimit: publicEndpointLimit
@ -57,38 +57,37 @@ export const registerSecretSharingRouter = async (server: FastifyZodProvider) =>
      params: z.object({
        id: z.string().uuid()
      }),
-      querystring: z.object({
-        hashedHex: z.string().min(1)
+      body: z.object({
+        hashedHex: z.string().min(1),
+        password: z.string().optional()
      }),
      response: {
-        200: SecretSharingSchema.pick({
-          encryptedValue: true,
-          iv: true,
-          tag: true,
-          expiresAt: true,
-          expiresAfterViews: true,
-          accessType: true
-        }).extend({
-          orgName: z.string().optional()
+        200: z.object({
+          isPasswordProtected: z.boolean(),
+          secret: SecretSharingSchema.pick({
+            encryptedValue: true,
+            iv: true,
+            tag: true,
+            expiresAt: true,
+            expiresAfterViews: true,
+            accessType: true
+          })
+            .extend({
+              orgName: z.string().optional()
+            })
+            .optional()
        })
      }
    },
    handler: async (req) => {
-      const sharedSecret = await req.server.services.secretSharing.getActiveSharedSecretById({
+      const sharedSecret = await req.server.services.secretSharing.getSharedSecretById({
        sharedSecretId: req.params.id,
-        hashedHex: req.query.hashedHex,
+        hashedHex: req.body.hashedHex,
+        password: req.body.password,
        orgId: req.permission?.orgId
      });
-      if (!sharedSecret) return undefined;
-      return {
-        encryptedValue: sharedSecret.encryptedValue,
-        iv: sharedSecret.iv,
-        tag: sharedSecret.tag,
-        expiresAt: sharedSecret.expiresAt,
-        expiresAfterViews: sharedSecret.expiresAfterViews,
-        accessType: sharedSecret.accessType,
-        orgName: sharedSecret.orgName
-      };
+
+      return sharedSecret;
    }
  });

@ -101,6 +100,7 @@ export const registerSecretSharingRouter = async (server: FastifyZodProvider) =>
    schema: {
      body: z.object({
        encryptedValue: z.string(),
+        password: z.string().optional(),
        hashedHex: z.string(),
        iv: z.string(),
        tag: z.string(),
@ -131,6 +131,7 @@ export const registerSecretSharingRouter = async (server: FastifyZodProvider) =>
    schema: {
      body: z.object({
        name: z.string().max(50).optional(),
+        password: z.string().optional(),
        encryptedValue: z.string(),
        hashedHex: z.string(),
        iv: z.string(),
--- a/backend/src/services/integration-auth/integration-sync-secret.ts
+++ b/backend/src/services/integration-auth/integration-sync-secret.ts
@ -1625,7 +1625,11 @@ const syncSecretsGitHub = async ({
          await octokit.request("PUT /orgs/{org}/actions/secrets/{secret_name}", {
            org: integration.owner as string,
            secret_name: key,
-            visibility: "all",
+            visibility: metadata.githubVisibility ?? "all",
+            ...(metadata.githubVisibility === "selected" && {
+              // we need to map the githubVisibilityRepoIds to numbers
+              selected_repository_ids: metadata.githubVisibilityRepoIds?.map(Number) ?? []
+            }),
            encrypted_value: encryptedSecret,
            key_id: repoPublicKey.key_id
          });
--- a/backend/src/services/integration/integration-schema.ts
+++ b/backend/src/services/integration/integration-schema.ts
@ -5,14 +5,18 @@ import { INTEGRATION } from "@app/lib/api-docs";
 import { IntegrationMappingBehavior } from "../integration-auth/integration-list";

 export const IntegrationMetadataSchema = z.object({
+  initialSyncBehavior: z.string().optional().describe(INTEGRATION.CREATE.metadata.initialSyncBehavoir),
+
  secretPrefix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretPrefix),
  secretSuffix: z.string().optional().describe(INTEGRATION.CREATE.metadata.secretSuffix),
-  initialSyncBehavior: z.string().optional().describe(INTEGRATION.CREATE.metadata.initialSyncBehavoir),
+
  mappingBehavior: z
    .nativeEnum(IntegrationMappingBehavior)
    .optional()
    .describe(INTEGRATION.CREATE.metadata.mappingBehavior),
+
  shouldAutoRedeploy: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldAutoRedeploy),
+
  secretGCPLabel: z
    .object({
      labelName: z.string(),
@ -20,6 +24,7 @@ export const IntegrationMetadataSchema = z.object({
    })
    .optional()
    .describe(INTEGRATION.CREATE.metadata.secretGCPLabel),
+
  secretAWSTag: z
    .array(
      z.object({
@ -29,7 +34,15 @@ export const IntegrationMetadataSchema = z.object({
    )
    .optional()
    .describe(INTEGRATION.CREATE.metadata.secretAWSTag),
+
+  githubVisibility: z
+    .union([z.literal("selected"), z.literal("private"), z.literal("all")])
+    .optional()
+    .describe(INTEGRATION.CREATE.metadata.githubVisibility),
+  githubVisibilityRepoIds: z.array(z.string()).optional().describe(INTEGRATION.CREATE.metadata.githubVisibilityRepoIds),
+
  kmsKeyId: z.string().optional().describe(INTEGRATION.CREATE.metadata.kmsKeyId),
+
  shouldDisableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldDisableDelete),
  shouldEnableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldEnableDelete),
  shouldMaskSecrets: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldMaskSecrets),
--- a/backend/src/services/integration/integration-types.ts
+++ b/backend/src/services/integration/integration-types.ts
@ -27,6 +27,10 @@ export type TCreateIntegrationDTO = {
      key: string;
      value: string;
    }[];
+
+    githubVisibility?: string;
+    githubVisibilityRepoIds?: string[];
+
    kmsKeyId?: string;
    shouldDisableDelete?: boolean;
    shouldMaskSecrets?: boolean;
--- a/backend/src/services/org/org-dal.ts
+++ b/backend/src/services/org/org-dal.ts
@ -12,6 +12,7 @@ import {
 } from "@app/db/schemas";
 import { DatabaseError } from "@app/lib/errors";
 import { buildFindFilter, ormify, selectAllTableCols, TFindFilter, TFindOpt, withTransaction } from "@app/lib/knex";
+import { generateKnexQueryFromScim } from "@app/lib/knex/scim";

 export type TOrgDALFactory = ReturnType<typeof orgDALFactory>;

@ -280,6 +281,67 @@ export const orgDALFactory = (db: TDbClient) => {
        .select(
          selectAllTableCols(TableName.OrgMembership),
          db.ref("email").withSchema(TableName.Users),
+          db.ref("isEmailVerified").withSchema(TableName.Users),
+          db.ref("username").withSchema(TableName.Users),
+          db.ref("firstName").withSchema(TableName.Users),
+          db.ref("lastName").withSchema(TableName.Users),
+          db.ref("scimEnabled").withSchema(TableName.Organization),
+          db.ref("externalId").withSchema(TableName.UserAliases)
+        )
+        .where({ isGhost: false });
+
+      if (limit) void query.limit(limit);
+      if (offset) void query.offset(offset);
+      if (sort) {
+        void query.orderBy(sort.map(([column, order, nulls]) => ({ column: column as string, order, nulls })));
+      }
+      const res = await query;
+      return res;
+    } catch (error) {
+      throw new DatabaseError({ error, name: "Find one" });
+    }
+  };
+
+  const findMembershipWithScimFilter = async (
+    orgId: string,
+    scimFilter: string | undefined,
+    { offset, limit, sort, tx }: TFindOpt<TOrgMemberships> = {}
+  ) => {
+    try {
+      const query = (tx || db.replicaNode())(TableName.OrgMembership)
+        // eslint-disable-next-line
+        .where(`${TableName.OrgMembership}.orgId`, orgId)
+        .where((qb) => {
+          if (scimFilter) {
+            void generateKnexQueryFromScim(qb, scimFilter, (attrPath) => {
+              switch (attrPath) {
+                case "active":
+                  return `${TableName.OrgMembership}.isActive`;
+                case "userName":
+                  return `${TableName.UserAliases}.externalId`;
+                case "name.givenName":
+                  return `${TableName.Users}.firstName`;
+                case "name.familyName":
+                  return `${TableName.Users}.lastName`;
+                case "email.value":
+                  return `${TableName.Users}.email`;
+                default:
+                  return null;
+              }
+            });
+          }
+        })
+        .join(TableName.Users, `${TableName.Users}.id`, `${TableName.OrgMembership}.userId`)
+        .join(TableName.Organization, `${TableName.Organization}.id`, `${TableName.OrgMembership}.orgId`)
+        .leftJoin(TableName.UserAliases, function joinUserAlias() {
+          this.on(`${TableName.UserAliases}.userId`, "=", `${TableName.OrgMembership}.userId`)
+            .andOn(`${TableName.UserAliases}.orgId`, "=", `${TableName.OrgMembership}.orgId`)
+            .andOn(`${TableName.UserAliases}.aliasType`, "=", (tx || db).raw("?", ["saml"]));
+        })
+        .select(
+          selectAllTableCols(TableName.OrgMembership),
+          db.ref("email").withSchema(TableName.Users),
+          db.ref("isEmailVerified").withSchema(TableName.Users),
          db.ref("username").withSchema(TableName.Users),
          db.ref("firstName").withSchema(TableName.Users),
          db.ref("lastName").withSchema(TableName.Users),
@ -314,6 +376,7 @@ export const orgDALFactory = (db: TDbClient) => {
    updateById,
    deleteById,
    findMembership,
+    findMembershipWithScimFilter,
    createMembership,
    updateMembershipById,
    deleteMembershipById,
--- a/backend/src/services/secret-sharing/secret-sharing-service.ts
+++ b/backend/src/services/secret-sharing/secret-sharing-service.ts
@ -1,3 +1,6 @@
+import bcrypt from "bcrypt";
+
+import { TSecretSharing } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service";
 import { BadRequestError, ForbiddenRequestError, NotFoundError, UnauthorizedError } from "@app/lib/errors";
 import { SecretSharingAccessType } from "@app/lib/types";
@ -36,6 +39,7 @@ export const secretSharingServiceFactory = ({
    iv,
    tag,
    name,
+    password,
    accessType,
    expiresAt,
    expiresAfterViews
@ -60,8 +64,10 @@ export const secretSharingServiceFactory = ({
      throw new BadRequestError({ message: "Shared secret value too long" });
    }

+    const hashedPassword = password ? await bcrypt.hash(password, 10) : null;
    const newSharedSecret = await secretSharingDAL.create({
      name,
+      password: hashedPassword,
      encryptedValue,
      hashedHex,
      iv,
@ -77,6 +83,7 @@ export const secretSharingServiceFactory = ({
  };

  const createPublicSharedSecret = async ({
+    password,
    encryptedValue,
    hashedHex,
    iv,
@ -102,7 +109,9 @@ export const secretSharingServiceFactory = ({
      throw new BadRequestError({ message: "Shared secret value too long" });
    }

+    const hashedPassword = password ? await bcrypt.hash(password, 10) : null;
    const newSharedSecret = await secretSharingDAL.create({
+      password: hashedPassword,
      encryptedValue,
      hashedHex,
      iv,
@ -111,6 +120,7 @@ export const secretSharingServiceFactory = ({
      expiresAfterViews,
      accessType
    });
+
    return { id: newSharedSecret.id };
  };

@ -152,7 +162,21 @@ export const secretSharingServiceFactory = ({
    };
  };

-  const getActiveSharedSecretById = async ({ sharedSecretId, hashedHex, orgId }: TGetActiveSharedSecretByIdDTO) => {
+  const $decrementSecretViewCount = async (sharedSecret: TSecretSharing, sharedSecretId: string) => {
+    const { expiresAfterViews } = sharedSecret;
+
+    if (expiresAfterViews) {
+      // decrement view count if view count expiry set
+      await secretSharingDAL.updateById(sharedSecretId, { $decr: { expiresAfterViews: 1 } });
+    }
+
+    await secretSharingDAL.updateById(sharedSecretId, {
+      lastViewedAt: new Date()
+    });
+  };
+
+  /** Get's passwordless secret. validates all secret's requested (must be fresh). */
+  const getSharedSecretById = async ({ sharedSecretId, hashedHex, orgId, password }: TGetActiveSharedSecretByIdDTO) => {
    const sharedSecret = await secretSharingDAL.findOne({
      id: sharedSecretId,
      hashedHex
@ -169,6 +193,8 @@ export const secretSharingServiceFactory = ({
    if (accessType === SecretSharingAccessType.Organization && orgId !== sharedSecret.orgId)
      throw new UnauthorizedError();

+    // all secrets pass through here, meaning we check if its expired first and then check if it needs verification
+    // or can be safely sent to the client.
    if (expiresAt !== null && expiresAt < new Date()) {
      // check lifetime expiry
      await secretSharingDAL.softDeleteById(sharedSecretId);
@ -185,21 +211,29 @@ export const secretSharingServiceFactory = ({
      });
    }

-    if (expiresAfterViews) {
-      // decrement view count if view count expiry set
-      await secretSharingDAL.updateById(sharedSecretId, { $decr: { expiresAfterViews: 1 } });
+    const isPasswordProtected = Boolean(sharedSecret.password);
+    const hasProvidedPassword = Boolean(password);
+    if (isPasswordProtected) {
+      if (hasProvidedPassword) {
+        const isMatch = await bcrypt.compare(password as string, sharedSecret.password as string);
+        if (!isMatch) throw new UnauthorizedError({ message: "Invalid credentials" });
+      } else {
+        return { isPasswordProtected };
+      }
    }

-    await secretSharingDAL.updateById(sharedSecretId, {
-      lastViewedAt: new Date()
-    });
+    // decrement when we are sure the user will view secret.
+    await $decrementSecretViewCount(sharedSecret, sharedSecretId);

    return {
-      ...sharedSecret,
-      orgName:
-        sharedSecret.accessType === SecretSharingAccessType.Organization && orgId === sharedSecret.orgId
-          ? orgName
-          : undefined
+      isPasswordProtected,
+      secret: {
+        ...sharedSecret,
+        orgName:
+          sharedSecret.accessType === SecretSharingAccessType.Organization && orgId === sharedSecret.orgId
+            ? orgName
+            : undefined
+      }
    };
  };

@ -216,6 +250,6 @@ export const secretSharingServiceFactory = ({
    createPublicSharedSecret,
    getSharedSecrets,
    deleteSharedSecretById,
-    getActiveSharedSecretById
+    getSharedSecretById
  };
 };
--- a/backend/src/services/secret-sharing/secret-sharing-types.ts
+++ b/backend/src/services/secret-sharing/secret-sharing-types.ts
@ -15,6 +15,7 @@ export type TSharedSecretPermission = {
  orgId: string;
  accessType?: SecretSharingAccessType;
  name?: string;
+  password?: string;
 };

 export type TCreatePublicSharedSecretDTO = {
@ -24,6 +25,7 @@ export type TCreatePublicSharedSecretDTO = {
  tag: string;
  expiresAt: string;
  expiresAfterViews?: number;
+  password?: string;
  accessType: SecretSharingAccessType;
 };

@ -31,6 +33,11 @@ export type TGetActiveSharedSecretByIdDTO = {
  sharedSecretId: string;
  hashedHex: string;
  orgId?: string;
+  password?: string;
+};
+
+export type TValidateActiveSharedSecretDTO = TGetActiveSharedSecretByIdDTO & {
+  password: string;
 };

 export type TCreateSharedSecretDTO = TSharedSecretPermission & TCreatePublicSharedSecretDTO;
--- a/cli/agent-config.yaml
+++ b/cli/agent-config.yaml
@ -11,12 +11,25 @@ sinks:
    config:
      path: "access-token"
 templates:
-  - source-path: my-dot-ev-secret-template
+  - template-content: |
+      {{- with secret "202f04d7-e4cb-43d4-a292-e893712d61fc" "dev" "/" }}
+      {{- range . }}
+      {{ .Key }}={{ .Value }}
+      {{- end }}
+      {{- end }}
+    destination-path: my-dot-env-0.env
+    config:
+      polling-interval: 60s
+      execute:
+        command: docker-compose -f docker-compose.prod.yml down && docker-compose -f docker-compose.prod.yml up -d
+
+  - base64-template-content: e3stIHdpdGggc2VjcmV0ICIyMDJmMDRkNy1lNGNiLTQzZDQtYTI5Mi1lODkzNzEyZDYxZmMiICJkZXYiICIvIiB9fQp7ey0gcmFuZ2UgLiB9fQp7eyAuS2V5IH19PXt7IC5WYWx1ZSB9fQp7ey0gZW5kIH19Cnt7LSBlbmQgfX0=
    destination-path: my-dot-env.env
    config:
      polling-interval: 60s
      execute:
        command: docker-compose -f docker-compose.prod.yml down && docker-compose -f docker-compose.prod.yml up -d
+
  - source-path: my-dot-ev-secret-template1
    destination-path: my-dot-env-1.env
    config:
--- a/cli/packages/cmd/agent.go
+++ b/cli/packages/cmd/agent.go
@ -95,6 +95,7 @@ type Template struct {
 	SourcePath            string `yaml:"source-path"`
 	Base64TemplateContent string `yaml:"base64-template-content"`
 	DestinationPath       string `yaml:"destination-path"`
+	TemplateContent       string `yaml:"template-content"`

 	Config struct { // Configurations for the template
 		PollingInterval string `yaml:"polling-interval"` // How often to poll for changes in the secret
@ -432,6 +433,30 @@ func ProcessBase64Template(templateId int, encodedTemplate string, data interfac
 	return &buf, nil
 }

+func ProcessLiteralTemplate(templateId int, templateString string, data interface{}, accessToken string, existingEtag string, currentEtag *string, dynamicSecretLeaser *DynamicSecretLeaseManager) (*bytes.Buffer, error) {
+	secretFunction := secretTemplateFunction(accessToken, existingEtag, currentEtag) // TODO: Fix this
+	dynamicSecretFunction := dynamicSecretTemplateFunction(accessToken, dynamicSecretLeaser, templateId)
+	funcs := template.FuncMap{
+		"secret":         secretFunction,
+		"dynamic_secret": dynamicSecretFunction,
+	}
+
+	templateName := "literalTemplate"
+
+	tmpl, err := template.New(templateName).Funcs(funcs).Parse(templateString)
+	if err != nil {
+		return nil, err
+	}
+
+	var buf bytes.Buffer
+	if err := tmpl.Execute(&buf, data); err != nil {
+		return nil, err
+	}
+
+	return &buf, nil
+}
+
+
 type AgentManager struct {
 	accessToken              string
 	accessTokenTTL           time.Duration
@ -820,6 +845,8 @@ func (tm *AgentManager) MonitorSecretChanges(secretTemplate Template, templateId

 					if secretTemplate.SourcePath != "" {
 						processedTemplate, err = ProcessTemplate(templateId, secretTemplate.SourcePath, nil, token, existingEtag, &currentEtag, tm.dynamicSecretLeases)
+					} else if secretTemplate.TemplateContent != "" {
+						processedTemplate, err = ProcessLiteralTemplate(templateId, secretTemplate.TemplateContent, nil, token, existingEtag, &currentEtag, tm.dynamicSecretLeases)
 					} else {
 						processedTemplate, err = ProcessBase64Template(templateId, secretTemplate.Base64TemplateContent, nil, token, existingEtag, &currentEtag, tm.dynamicSecretLeases)
 					}
--- a/company/handbook/onboarding.mdx
+++ b/company/handbook/onboarding.mdx
@ -19,10 +19,11 @@ Every new joiner has an onboarding buddy who should ideally be in the the same t
 1. Join the weekly all-hands meeting. It typically happens on Monday's at 8:30am PT.
 2. Ship something together on day one – even if tiny! It feels great to hit the ground running, with a development environment all ready to go.
 3. Check out the [Areas of Responsibility (AoR) Table](https://docs.google.com/spreadsheets/d/1RnXlGFg83Sgu0dh7ycuydsSobmFfI3A0XkGw7vrVxEI/edit?usp=sharing). This is helpful to know who you can ask about particular areas of Infisical. Feel free to add yourself to the areas you'd be most interesting to dive into.
-4. Read the [Infisical Strategy Doc](https://docs.google.com/document/d/1oy_NP1Q_Zt1oqxLpyNkLIGmhAI3N28AmZq6dDIOONSQ/edit?usp=sharing).
+4. Read the [Infisical Strategy Doc](https://docs.google.com/document/d/1RaJd3RoS2QpWLFHlgfHaXnHqCCwRt6mCGZkbJ75J_D0/edit?usp=sharing).
 5. Update your LinkedIn profile with one of [Infisical's official banners](https://drive.google.com/drive/u/0/folders/1oSNWjbpRl9oNYwxM_98IqzKs9fAskrb2) (if you want to). You can also coordinate your social posts in the #marketing Slack channel, so that we can boost it from Infisical's official social media accounts.
 6. Over the first few weeks, feel free to schedule 1:1s with folks on the team to get to know them a bit better.
 7. Change your Slack username in the users channel to `[NAME] (Infisical)`.
 8. Go through the [technical overview](https://infisical.com/docs/internals/overview) of Infisical. 
+9. Request a company credit card (Maidul will be able to help with that).


--- a/docs/documentation/platform/dynamic-secrets/aws-elasticache.mdx
+++ b/docs/documentation/platform/dynamic-secrets/aws-elasticache.mdx
@ -0,0 +1,144 @@
+---
+title: "AWS Elasticahe"
+description: "Learn how to dynamically generate Redis Database user credentials."
+---
+
+The Infisical Redis dynamic secret allows you to generate Redis Database credentials on demand based on configured role.
+
+## Prerequisites
+
+
+
+2. Create an AWS IAM user with the following permissions:
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Action": [
+        "elasticache:DescribeUsers",
+        "elasticache:ModifyUser",
+        "elasticache:CreateUser",
+        "elasticache:CreateUserGroup",
+        "elasticache:DeleteUser",
+        "elasticache:DescribeReplicationGroups",
+        "elasticache:DescribeUserGroups",
+        "elasticache:ModifyReplicationGroup",
+        "elasticache:ModifyUserGroup"
+      ],
+      "Resource": "arn:aws:elasticache:<region>:<account-id>:user:*"
+    }
+  ]
+}
+```
+
+3. Create an access key ID and secret access key for the user you created in the previous step. You will need these to configure the Infisical dynamic secret.
+
+<Note>
+  New leases may take up-to a couple of minutes before ElastiCache has the chance to complete their configuration.
+  It is recommended to use a retry strategy when establishing new Redis ElastiCache connections.
+  This may prevent errors when trying to use a password that isn't yet live on the targeted ElastiCache cluster.
+
+  While a leasing is being created, you will be unable to create new leases for the same dynamic secret.
+</Note>
+
+<Note>
+  Please ensure that your ElastiCache cluster has transit encryption enabled and set to required. This is required for the dynamic secret to work.
+</Note>
+
+
+
+
+## Set up Dynamic Secrets with Redis
+
+<Steps>
+  <Step title="Open Secret Overview Dashboard">
+	Open the Secret Overview dashboard and select the environment in which you would like to add a dynamic secret.
+  </Step>
+  <Step title="Click on the 'Add Dynamic Secret' button">
+	![Add Dynamic Secret Button](../../../images/platform/dynamic-secrets/add-dynamic-secret-button-redis.png)
+  </Step>
+  <Step title="Select 'Redis'">
+	![Dynamic Secret Modal](../../../images/platform/dynamic-secrets/dynamic-secret-modal-aws-elasti-cache)
+  </Step>
+  <Step title="Provide the inputs for dynamic secret parameters">
+	<ParamField path="Secret Name" type="string" required>
+		Name by which you want the secret to be referenced
+	</ParamField>
+
+	<ParamField path="Default TTL" type="string" required>
+		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+	</ParamField>
+
+	<ParamField path="Max TTL" type="string" required>
+		Maximum time-to-live for a generated secret.
+	</ParamField>
+
+	<ParamField path="Region" type="string" required>
+    The region that the ElastiCache cluster is located in. _(e.g. us-east-1)_
+	</ParamField>
+
+	<ParamField path="Access Key ID" type="string" required>
+    This is the access key ID of the AWS IAM user you created in the prerequisites. This will be used to provision and manage the dynamic secret leases.
+	</ParamField>
+
+	<ParamField path="Secret Access Key" type="string" required>
+		This is the secret access key of the AWS IAM user you created in the prerequisites. This will be used to provision and manage the dynamic secret leases.
+	</ParamField>
+
+	<ParamField path="CA(SSL)" type="string">
+		A CA may be required if your DB requires it for incoming connections. This is often the case when connecting to a managed service.
+	</ParamField>
+
+  </Step>
+  <Step title="(Optional) Modify ElastiCache Statements">
+  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the ElastiCache statement to your needs. This is useful if you want to only give access to a specific table(s).
+
+	![Modify ElastiCache Statements Modal](/images/platform/dynamic-secrets/modify-elasticache-statement.png)
+  </Step>
+  <Step title="Click `Submit`">
+  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+
+	<Note>
+		If this step fails, you may have to add the CA certificate. 
+	</Note>
+
+  </Step>
+  <Step title="Generate dynamic secrets">
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.
+
+	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate-redis.png)
+	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-lease-empty-redis.png)
+
+	When generating these secrets, it's important to specify a Time-to-Live (TTL) duration. This will dictate  how long the credentials are valid for.
+
+	![Provision Lease](/images/platform/dynamic-secrets/provision-lease-redis.png)
+
+	<Tip>
+		Ensure that the TTL for the lease fall within the maximum TTL defined when configuring the dynamic secret.
+	</Tip>
+
+
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you. 
+
+	![Provision Lease](/images/platform/dynamic-secrets/lease-values-redis.png)
+  </Step>
+</Steps>
+
+## Audit or Revoke Leases
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+This will allow you see the expiration time of the lease or delete a lease before it's set time to live.
+
+![Provision Lease](/images/platform/dynamic-secrets/lease-data-redis.png)
+
+## Renew Leases
+To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** as illustrated below.
+![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew-redis.png)
+
+<Warning>
+	Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret
+</Warning>
--- a/docs/documentation/platform/dynamic-secrets/aws-iam.mdx
+++ b/docs/documentation/platform/dynamic-secrets/aws-iam.mdx
@ -1,6 +1,6 @@
 ---
 title: "AWS IAM"
-description: "How to dynamically generate AWS IAM Users."
+description: "Learn how to dynamically generate AWS IAM Users."
 ---

 The Infisical AWS IAM dynamic secret allows you to generate AWS IAM Users on demand based on configured AWS policy.
--- a/docs/documentation/platform/dynamic-secrets/cassandra.mdx
+++ b/docs/documentation/platform/dynamic-secrets/cassandra.mdx
@ -1,6 +1,6 @@
 ---
 title: "Cassandra"
-description: "How to dynamically generate Cassandra database users."
+description: "Learn how to dynamically generate Cassandra database user credentials"
 ---

 The Infisical Cassandra dynamic secret allows you to generate Cassandra database credentials on demand based on configured role.
--- a/docs/documentation/platform/dynamic-secrets/mongo-atlas.mdx
+++ b/docs/documentation/platform/dynamic-secrets/mongo-atlas.mdx
@ -0,0 +1,114 @@
+---
+title: "Mongo Atlas"
+description: "Learn how to dynamically generate Mongo Atlas Database user credentials."
+---
+
+The Infisical Mongo Atlas dynamic secret allows you to generate Mongo Atlas Database credentials on demand based on configured role.
+
+## Prerequisite
+Create a project scopped API Key with the required permission in your Mongo Atlas following the [official doc](https://www.mongodb.com/docs/atlas/configure-api-access/#grant-programmatic-access-to-a-project).
+
+<Info>
+				The API Key must have permission to manage users in the project.
+</Info>
+
+## Set up Dynamic Secrets with Mongo Atlas
+
+<Steps>
+  <Step title="Open Secret Overview Dashboard">
+	Open the Secret Overview dashboard and select the environment in which you would like to add a dynamic secret.
+  </Step>
+  <Step title="Click on the 'Add Dynamic Secret' button">
+	![Add Dynamic Secret Button](../../../images/platform/dynamic-secrets/add-dynamic-secret-button.png)
+  </Step>
+  <Step title="Select Mongo Atlas">
+	![Dynamic Secret Modal](../../../images/platform/dynamic-secrets/dynamic-secret-atlas-modal.png)
+  </Step>
+  <Step title="Provide the inputs for dynamic secret parameters">
+	<ParamField path="Secret Name" type="string" required>
+		Name by which you want the secret to be referenced
+	</ParamField>
+
+	<ParamField path="Default TTL" type="string" required>
+		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+	</ParamField>
+
+	<ParamField path="Max TTL" type="string" required>
+		Maximum time-to-live for a generated secret
+	</ParamField>
+
+	<ParamField path="Admin public key" type="string" required>
+				The public key of your generated Atlas API Key. This acts as a username.
+	</ParamField>
+
+	<ParamField path="Admin private key" type="string" required>
+				The private key of your generated Atlas API Key. This acts as a password.
+	</ParamField>
+
+	<ParamField path="Group ID" type="number" required>
+				Unique 24-hexadecimal digit string that identifies your project. This is same as project id
+	</ParamField>
+
+	<ParamField path="Roles" type="string" required>
+	   List that provides the pairings of one role with one applicable database.
+		 - **Database Name**: Database to which the user is granted access privileges.
+		 - **Collection**: Collection on which this role applies.
+		 - **Role Name**: Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.
+				- Enum: `atlasAdmin` `backup` `clusterMonitor` `dbAdmin` `dbAdminAnyDatabase` `enableSharding` `read` `readAnyDatabase` `readWrite` `readWriteAnyDatabase` `<a custom role name>`.
+	</ParamField>
+
+	![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-modal-atlas.png)
+
+  </Step>
+  <Step title="(Optional) Modify Access Scope">
+  	List that contains clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances that this database user can access. If omitted, MongoDB Cloud grants the database user access to all the clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances in the project.
+
+				![Modify Scope Modal](../../../images/platform/dynamic-secrets/advanced-option-atlas.png)
+				- **Label**: Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access.
+				- **Type**: Category of resource that this database user can access.
+  </Step>
+  <Step title="Click 'Submit'">
+  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+
+	<Note>
+		If this step fails, you may have to add the CA certficate. 
+	</Note>
+
+	![Dynamic Secret](../../../images/platform/dynamic-secrets/dynamic-secret.png)
+  </Step>
+  <Step title="Generate dynamic secrets">
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.
+
+	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
+	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-lease-empty.png)
+
+	When generating these secrets, it's important to specify a Time-to-Live (TTL) duration. This will dictate how long the credentials are valid for.
+
+	![Provision Lease](/images/platform/dynamic-secrets/provision-lease.png)
+
+	<Tip>
+		Ensure that the TTL for the lease fall within the maximum TTL defined when configuring the dynamic secret.
+	</Tip>
+
+
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you. 
+
+	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
+  </Step>
+</Steps>
+
+## Audit or Revoke Leases
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+This will allow you see the expiration time of the lease or delete a lease before it's set time to live.
+
+![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
+
+## Renew Leases
+To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** as illustrated below.
+![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
+
+<Warning>
+	Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret
+</Warning>
--- a/docs/documentation/platform/dynamic-secrets/mssql.mdx
+++ b/docs/documentation/platform/dynamic-secrets/mssql.mdx
@ -1,6 +1,6 @@
 ---
 title: "MS SQL"
-description: "How to dynamically generate MS SQL database users."
+description: "Learn how to dynamically generate MS SQL database user credentials."
 ---

 The Infisical MS SQL dynamic secret allows you to generate Microsoft SQL server database credentials on demand based on configured role.
--- a/docs/documentation/platform/dynamic-secrets/mysql.mdx
+++ b/docs/documentation/platform/dynamic-secrets/mysql.mdx
@ -1,6 +1,6 @@
 ---
 title: "MySQL"
-description: "Learn how to dynamically generate MySQL Database user passwords."
+description: "Learn how to dynamically generate MySQL Database user credentials."
 ---

 The Infisical MySQL dynamic secret allows you to generate MySQL Database credentials on demand based on configured role.
--- a/docs/documentation/platform/dynamic-secrets/oracle.mdx
+++ b/docs/documentation/platform/dynamic-secrets/oracle.mdx
@ -1,6 +1,6 @@
 ---
 title: "Oracle"
-description: "Learn how to dynamically generate Oracle Database user passwords."
+description: "Learn how to dynamically generate Oracle Database user credentials."
 ---

 The Infisical Oracle dynamic secret allows you to generate Oracle Database credentials on demand based on configured role.
--- a/docs/documentation/platform/dynamic-secrets/overview.mdx
+++ b/docs/documentation/platform/dynamic-secrets/overview.mdx
@ -32,4 +32,5 @@ Dynamic secrets are particularly useful in environments with stringent security
 2. [MySQL](./mysql)
 3. [Cassandra](./cassandra)
 4. [Oracle](./oracle)
+6. [Redis](./redis)
 5. [AWS IAM](./aws-iam)
--- a/docs/documentation/platform/dynamic-secrets/postgresql.mdx
+++ b/docs/documentation/platform/dynamic-secrets/postgresql.mdx
@ -1,6 +1,6 @@
 ---
 title: "PostgreSQL"
-description: "How to dynamically generate PostgreSQL database users."
+description: "Learn how to dynamically generate PostgreSQL database users."
 ---

 The Infisical PostgreSQL dynamic secret allows you to generate PostgreSQL database credentials on demand based on configured role.
--- a/docs/documentation/platform/dynamic-secrets/redis.mdx
+++ b/docs/documentation/platform/dynamic-secrets/redis.mdx
@ -0,0 +1,106 @@
+---
+title: "Redis"
+description: "Learn how to dynamically generate Redis Database user credentials."
+---
+
+The Infisical Redis dynamic secret allows you to generate Redis Database credentials on demand based on configured role.
+
+## Prerequisite
+Create a user with the required permission in your Redis instance. This user will be used to create new accounts on-demand.
+
+
+## Set up Dynamic Secrets with Redis
+
+<Steps>
+  <Step title="Open Secret Overview Dashboard">
+	Open the Secret Overview dashboard and select the environment in which you would like to add a dynamic secret.
+  </Step>
+  <Step title="Click on the 'Add Dynamic Secret' button">
+	![Add Dynamic Secret Button](../../../images/platform/dynamic-secrets/add-dynamic-secret-button-redis.png)
+  </Step>
+  <Step title="Select 'Redis'">
+	![Dynamic Secret Modal](../../../images/platform/dynamic-secrets/dynamic-secret-modal-redis.png)
+  </Step>
+  <Step title="Provide the inputs for dynamic secret parameters">
+	<ParamField path="Secret Name" type="string" required>
+		Name by which you want the secret to be referenced
+	</ParamField>
+
+	<ParamField path="Default TTL" type="string" required>
+		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+	</ParamField>
+
+	<ParamField path="Max TTL" type="string" required>
+		Maximum time-to-live for a generated secret.
+	</ParamField>
+
+	<ParamField path="Host" type="string" required>
+		The database host, this can be an IP address or a domain name as long as Infisical can reach it.
+	</ParamField>
+
+	<ParamField path="Port" type="number" required>
+		The database port, this is the port that the Redis instance is listening on.
+	</ParamField>
+
+	<ParamField path="User" type="string" required>
+    Redis username that will be used to create new users on-demand. This is often 'default' or 'admin'.
+	</ParamField>
+
+	<ParamField path="Password" type="string" optional>
+		Password that will be used to create dynamic secrets. This is required if your Redis instance is password protected.
+	</ParamField>
+
+	<ParamField path="CA(SSL)" type="string">
+		A CA may be required if your DB requires it for incoming connections. This is often the case when connecting to a managed service.
+	</ParamField>
+
+  </Step>
+  <Step title="(Optional) Modify Redis Statements">
+  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the Redis statement to your needs. This is useful if you want to only give access to a specific table(s).
+
+	![Modify Redis Statements Modal](/images/platform/dynamic-secrets/modify-redis-statement.png)
+  </Step>
+  <Step title="Click `Submit`">
+  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+
+	<Note>
+		If this step fails, you may have to add the CA certificate. 
+	</Note>
+
+  </Step>
+  <Step title="Generate dynamic secrets">
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.
+
+	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate-redis.png)
+	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-lease-empty-redis.png)
+
+	When generating these secrets, it's important to specify a Time-to-Live (TTL) duration. This will dictate  how long the credentials are valid for.
+
+	![Provision Lease](/images/platform/dynamic-secrets/provision-lease-redis.png)
+
+	<Tip>
+		Ensure that the TTL for the lease fall within the maximum TTL defined when configuring the dynamic secret.
+	</Tip>
+
+
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials from it will be shown to you. 
+
+	![Provision Lease](/images/platform/dynamic-secrets/lease-values-redis.png)
+  </Step>
+</Steps>
+
+## Audit or Revoke Leases
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+This will allow you see the expiration time of the lease or delete a lease before it's set time to live.
+
+![Provision Lease](/images/platform/dynamic-secrets/lease-data-redis.png)
+
+## Renew Leases
+To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** as illustrated below.
+![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew-redis.png)
+
+<Warning>
+	Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret
+</Warning>
--- a/docs/images/integrations/github/integrations-github-scope-env.png
+++ b/docs/images/integrations/github/integrations-github-scope-env.png
--- a/docs/images/integrations/github/integrations-github-scope-org.png
+++ b/docs/images/integrations/github/integrations-github-scope-org.png
--- a/docs/images/integrations/github/integrations-github-scope-repo.png
+++ b/docs/images/integrations/github/integrations-github-scope-repo.png
--- a/docs/images/platform/dynamic-secrets/add-dynamic-secret-button-redis.png
+++ b/docs/images/platform/dynamic-secrets/add-dynamic-secret-button-redis.png
--- a/docs/images/platform/dynamic-secrets/advanced-option-atlas.png
+++ b/docs/images/platform/dynamic-secrets/advanced-option-atlas.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-atlas-modal.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-atlas-modal.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-generate-redis.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-generate-redis.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-lease-empty-redis.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-lease-empty-redis.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-lease-renew-redis.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-lease-renew-redis.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-modal-atlas.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-modal-atlas.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-modal-aws-elasti-cache.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-modal-aws-elasti-cache.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-modal-redis.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-modal-redis.png
--- a/docs/images/platform/dynamic-secrets/lease-data-redis.png
+++ b/docs/images/platform/dynamic-secrets/lease-data-redis.png
--- a/docs/images/platform/dynamic-secrets/lease-values-redis.png
+++ b/docs/images/platform/dynamic-secrets/lease-values-redis.png
--- a/docs/images/platform/dynamic-secrets/modify-elasticache-statement.png
+++ b/docs/images/platform/dynamic-secrets/modify-elasticache-statement.png
--- a/docs/images/platform/dynamic-secrets/modify-redis-statement.png
+++ b/docs/images/platform/dynamic-secrets/modify-redis-statement.png
--- a/docs/images/platform/dynamic-secrets/provision-lease-redis.png
+++ b/docs/images/platform/dynamic-secrets/provision-lease-redis.png
--- a/docs/integrations/cicd/githubactions.mdx
+++ b/docs/integrations/cicd/githubactions.mdx
@ -41,6 +41,13 @@ Prerequisites:
          </Tab>
          <Tab title="Organization">
            ![integrations github](../../images/integrations/github/integrations-github-scope-org.png)
+
+            When using the organization scope, your secrets will be saved in the top-level of your Github Organization.
+
+            You can choose the visibility, which defines which repositories can access the secrets. The options are:
+            - **All public repositories**: All public repositories in the organization can access the secrets.
+            - **All private repositories**: All private repositories in the organization can access the secrets.
+            - **Selected repositories**: Only the selected repositories can access the secrets. This gives a more fine-grained control over which repositories can access the secrets. You can select _both_ private and public repositories with this option.
          </Tab>
          <Tab title="Repository Environment">
          ![integrations github](../../images/integrations/github/integrations-github-scope-env.png)
--- a/docs/integrations/platforms/ecs-with-agent.mdx
+++ b/docs/integrations/platforms/ecs-with-agent.mdx
@ -1,27 +1,30 @@
 ---
-title: 'Amazon ECS'
+title: "Amazon ECS"
 description: "Learn how to deliver secrets to Amazon Elastic Container Service."
 ---

 ![ecs diagram](/images/guides/agent-with-ecs/ecs-diagram.png)

-This guide will go over the steps needed to access secrets stored in Infisical from Amazon Elastic Container Service (ECS). 
+This guide will go over the steps needed to access secrets stored in Infisical from Amazon Elastic Container Service (ECS).

-At a high level, the steps involve setting up an ECS task with a [Infisical Agent](/infisical-agent/overview) as a sidecar container. This sidecar container uses [Universal Auth](/documentation/platform/identities/universal-auth) to authenticate with Infisical to fetch secrets/access tokens.
+At a high level, the steps involve setting up an ECS task with an [Infisical Agent](/infisical-agent/overview) as a sidecar container. This sidecar container uses [AWS Auth](/documentation/platform/identities/aws-auth) to authenticate with Infisical to fetch secrets/access tokens.
 Once the secrets/access tokens are retrieved, they are then stored in a shared [Amazon Elastic File System](https://aws.amazon.com/efs/) (EFS) volume. This volume is then made accessible to your application and all of its replicas.

 This guide primarily focuses on integrating Infisical Cloud with Amazon ECS on AWS Fargate and Amazon EFS.
 However, the principles and steps can be adapted for use with any instance of Infisical (on premise or cloud) and different ECS launch configurations.

 ## Prerequisites
+
 This guide requires the following prerequisites:
- Infisical account 
+
+- Infisical account
 - Git installed
 - Terraform v1.0 or later installed
 - Access to AWS credentials
 - Understanding of [Infisical Agent](/infisical-agent/overview)

 ## What we will deploy
+
 For this demonstration, we'll deploy the [File Browser](https://github.com/filebrowser/filebrowser) application on our ECS cluster.
 Although this guide focuses on File Browser, the principles outlined here can be applied to any application of your choice.

@ -29,20 +32,20 @@ File Browser plays a key role in this context because it enables us to view all
 This feature is important for our demonstration, as it allows us to verify whether the Infisical agent is depositing the expected files into the designated file volume and if those files are accessible to the application.

 <Warning>
-Volumes that contain sensitive secrets should not be publicly accessible. The use of File Browser here is solely for demonstration and verification purposes.
+  Volumes that contain sensitive secrets should not be publicly accessible. The
+  use of File Browser here is solely for demonstration and verification
+  purposes.
 </Warning>

-
 ## Configure Authentication with Infisical
-In order for the Infisical agent to fetch credentials from Infisical, we'll first need to authenticate with Infisical.
-While Infisical supports various authentication methods, this guide focuses on using Universal Auth to authenticate the agent with Infisical.

-Follow the documentation to configure and generate a client id and client secret with Universal auth [here](/documentation/platform/identities/universal-auth).
-Make sure to save these credentials somewhere handy because you'll need them soon.
+In order for the Infisical agent to fetch credentials from Infisical, we'll first need to authenticate with Infisical. Follow the documentation to configure a machine identity with AWS Auth [here](/documentation/platform/identities/aws-auth).
+Take note of the Machine Identity ID as you will be needing this in the preceding steps.

 ## Clone guide assets repository
+
 To help you quickly deploy the example application, please clone the guide assets from this [Github repository](https://github.com/Infisical/infisical-guides.git).
-This repository contains assets for all Infisical guides. The content for this guide can be found within a sub directory called `aws-ecs-with-agent`. 
+This repository contains assets for all Infisical guides. The content for this guide can be found within a sub directory called `aws-ecs-with-agent`.
 The guide will assume that `aws-ecs-with-agent` is your working directory going forward.

 ## Deploy example application
@ -50,95 +53,84 @@ The guide will assume that `aws-ecs-with-agent` is your working directory going
 Before we can deploy our full application and its related infrastructure with Terraform, we'll need to first configure our Infisical agent.

 ### Agent configuration overview
+
 The agent config file defines what authentication method will be used when connecting with Infisical along with where the fetched secrets/access tokens should be saved to.

-Since the Infisical agent will be deployed as a sidecar, the agent configuration file and any secret template files will need to be encoded in base64. 
-This encoding step is necessary as it allows these files to be added into our Terraform configuration file without needing to upload them first.
-
-#### Secret template file
-The Infisical agent accepts one or more optional template files. If provided, the agent will fetch secrets using the set authentication method and format the fetched secrets according to the given template file. 
-
-For demonstration purposes, we will create the following secret template file. 
-This template will transform our secrets from Infisical project with the ID `62fd92aa8b63973fee23dec7`, in the `dev` environment, and secrets located in the path `/`, into a `KEY=VALUE` format. 
-
-<Tip>
-  Remember to update the project id, environment slug and secret path to one that exists within your Infisical project
-</Tip>
-
-```secrets.template secrets.template
-{{- with secret "62fd92aa8b63973fee23dec7" "dev" "/" }}
-{{- range . }}
-{{ .Key }}={{ .Value }}
-{{- end }}
-{{- end }}
-```
-
-Next, we need encode this template file in `base64` so it can be set in the agent configuration file.
-
-```bash
-cat secrets.template | base64 
-Cnt7LSB3aXRoIHNlY3JldCAiMWVkMjk2MWQtNDM5NS00MmNlLTlkNzQtYjk2ZGQwYmYzMDg0IiAiZGV2IiAiLyIgfX0Ke3stIHJhbmdlIC4gfX0Ke3sgLktleSB9fT17eyAuVmFsdWUgfX0Ke3stIGVuZCB9fQp7ey0gZW5kIH19
-```
+Since the Infisical agent will be deployed as a sidecar, the agent configuration file will need to be encoded in base64.
+This encoding step is necessary as it allows the agent configuration file to be added into our Terraform configuration without needing to upload it first.

 #### Full agent configuration file
-This agent config file will connect with Infisical Cloud using Universal Auth and deposit access tokens at path `/infisical-agent/access-token` and render secrets to file `/infisical-agent/secrets`.

-You'll notice that instead of passing the path to the secret template file as we normally would, we set the base64 encoded template from the previous step under `base64-template-content` property.
+Inside the `aws-ecs-with-agent` directory, you will find a sample `agent-config.yaml` file. This agent config file will connect with Infisical Cloud using AWS Auth and deposit access tokens at path `/infisical-agent/access-token` and render secrets to file `/infisical-agent/secrets`.

 ```yaml agent-config.yaml
 infisical:
  address: https://app.infisical.com
  exit-after-auth: true
 auth:
-  type: universal-auth
-  config:
-    remove_client_secret_on_read: false
+  type: aws-iam
 sinks:
  - type: file
    config:
      path: /infisical-agent/access-token
 templates:
-  - base64-template-content: Cnt7LSB3aXRoIHNlY3JldCAiMWVkMjk2MWQtNDM5NS00MmNlLTlkNzQtYjk2ZGQwYmYzMDg0IiAiZGV2IiAiLyIgfX0Ke3stIHJhbmdlIC4gfX0Ke3sgLktleSB9fT17eyAuVmFsdWUgfX0Ke3stIGVuZCB9fQp7ey0gZW5kIH19
+  - template-content: |
+      {{- with secret "202f04d7-e4cb-43d4-a292-e893712d61fc" "dev" "/" }}
+      {{- range . }}
+      {{ .Key }}={{ .Value }}
+      {{- end }}
+      {{- end }}
    destination-path: /infisical-agent/secrets
 ```

-Again, we'll need to encode the full configuration file in `base64` so it can be easily delivered via Terraform.
+#### Secret template

-```bash
-cat agent-config.yaml | base64 
-aW5maXNpY2FsOgogIGFkZHJlc3M6IGh0dHBzOi8vYXBwLmluZmlzaWNhbC5jb20KICBleGl0LWFmdGVyLWF1dGg6IHRydWUKYXV0aDoKICB0eXBlOiB1bml2ZXJzYWwtYXV0aAogIGNvbmZpZzoKICAgIHJlbW92ZV9jbGllbnRfc2VjcmV0X29uX3JlYWQ6IGZhbHNlCnNpbmtzOgogIC0gdHlwZTogZmlsZQogICAgY29uZmlnOgogICAgICBwYXRoOiAvaW5maXNpY2FsLWFnZW50L2FjY2Vzcy10b2tlbgp0ZW1wbGF0ZXM6CiAgLSBiYXNlNjQtdGVtcGxhdGUtY29udGVudDogQ250N0xTQjNhWFJvSUhObFkzSmxkQ0FpTVdWa01qazJNV1F0TkRNNU5TMDBNbU5sTFRsa056UXRZamsyWkdRd1ltWXpNRGcwSWlBaVpHVjJJaUFpTHlJZ2ZYMEtlM3N0SUhKaGJtZGxJQzRnZlgwS2Uzc2dMa3RsZVNCOWZUMTdleUF1Vm1Gc2RXVWdmWDBLZTNzdElHVnVaQ0I5ZlFwN2V5MGdaVzVrSUgxOQogICAgZGVzdGluYXRpb24tcGF0aDogL2luZmlzaWNhbC1hZ2VudC9zZWNyZXRzCg==
-```
+The Infisical agent accepts one or more optional templates. If provided, the agent will fetch secrets using the set authentication method and format the fetched secrets according to the given template.
+Typically, these templates are passed in to the agent configuration file via file reference using the `source-path` property but for simplicity we define them inline.

-## Add auth credentials & agent config
-With the base64 encoded agent config file and Universal Auth credentials in hand, it's time to assign them as values in our Terraform config file.
+In the agent configuration above, the template defined will transform the secrets from Infisical project with the ID `202f04d7-e4cb-43d4-a292-e893712d61fc`, in the `dev` environment, and secrets located in the path `/`, into a `KEY=VALUE` format.

-To configure these values, navigate to the `ecs.tf` file in your preferred code editor and assign values to `auth_client_id`, `auth_client_secret`, and `agent_config`. 
+<Tip>
+  Remember to update the project id, environment slug and secret path to one
+  that exists within your Infisical project
+</Tip>
+
+## Configure app on terraform
+
+Navigate to the `ecs.tf` file in your preferred code editor. In the container_definitions section, assign the values to the `machine_identity_id` and `agent_config` properties.
+The `agent_config` property expects the base64-encoded agent configuration file. In order to get this, we use the `base64encode` and `file` functions of HCL.

 ```hcl ecs.tf
 ...snip...
-data "template_file" "cb_app" {
-  template = file("./templates/ecs/cb_app.json.tpl")
-
-  vars = {
-    app_image          = var.app_image
-    sidecar_image      = var.sidecar_image
-    app_port           = var.app_port
-    fargate_cpu        = var.fargate_cpu
-    fargate_memory     = var.fargate_memory
-    aws_region         = var.aws_region
-    auth_client_id     = "<paste-client-id-string>"
-    auth_client_secret = "<paset-client-secret-string>"
-    agent_config       = "<paste-base64-encoded-agent-config-string>"
+resource "aws_ecs_task_definition" "app" {
+  family                   = "cb-app-task"
+  execution_role_arn       = aws_iam_role.ecs_task_execution_role.arn
+  task_role_arn            = aws_iam_role.ecs_task_role.arn
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = 4096
+  memory                   = 8192
+  container_definitions = templatefile("./templates/ecs/cb_app.json.tpl", {
+    app_image           = var.app_image
+    sidecar_image       = var.sidecar_image
+    app_port            = var.app_port
+    fargate_cpu         = var.fargate_cpu
+    fargate_memory      = var.fargate_memory
+    aws_region          = var.aws_region
+    machine_identity_id = "5655f4f5-332b-45f9-af06-8f493edff36f"
+    agent_config = base64encode(file("../agent-config.yaml"))
+  })
+  volume {
+    name = "infisical-efs"
+    efs_volume_configuration {
+      file_system_id = aws_efs_file_system.infisical_efs.id
+      root_directory = "/"
+    }
  }
 }
 ...snip...
 ```

-<Warning>
-  To keep this guide simple, `auth_client_id`, `auth_client_secret` have been added directly into the ECS container definition. 
-  However, in production, you should securely fetch these values from AWS Secrets Manager or AWS Parameter store and feed them directly to agent sidecar. 
-</Warning>
-
 After these values have been set, they will be passed to the Infisical agent during startup through environment variables, as configured in the `infisical-sidecar` container below.

 ```terraform templates/ecs/cb_app.json.tpl
@ -169,12 +161,8 @@ After these values have been set, they will be passed to the Infisical agent dur
    },
    "environment": [
      {
-        "name": "INFISICAL_UNIVERSAL_AUTH_CLIENT_ID",
-        "value": "${auth_client_id}"
-      },
-      {
-        "name": "INFISICAL_UNIVERSAL_CLIENT_SECRET",
-        "value": "${auth_client_secret}"
+        "name": "INFISICAL_MACHINE_IDENTITY_ID",
+        "value": "${machine_identity_id}"
      },
      {
        "name": "INFISICAL_AGENT_CONFIG_BASE64",
@ -191,9 +179,9 @@ After these values have been set, they will be passed to the Infisical agent dur
 ]
 ```

-In the above container definition, you'll notice that that the Infisical agent has a `mountPoints` defined. 
-This mount point is referencing to the already configured EFS volume as shown below. 
-`containerPath` is set to `/infisical-agent` because that is that the folder we have instructed the agent to deposit the credentials to. 
+In the above container definition, you'll notice that that the Infisical agent has a `mountPoints` defined.
+This mount point is referencing to the already configured EFS volume as shown below.
+`containerPath` is set to `/infisical-agent` because that is that the folder we have instructed the agent to deposit the credentials to.

 ```hcl terraform/efs.tf
 resource "aws_efs_file_system" "infisical_efs" {
@ -211,8 +199,9 @@ resource "aws_efs_mount_target" "mount" {
 ```

 ## Configure AWS credentials
+
 Because we'll be deploying the example file browser application to AWS via Terraform, you will need to obtain a set of `AWS Access Key` and `Secret Key`.
-Once you have generated these credentials, export them to your terminal. 
+Once you have generated these credentials, export them to your terminal.

 1. Export the AWS Access Key ID:

@ -227,26 +216,31 @@ Once you have generated these credentials, export them to your terminal.
   ```

 ## Deploy terraform configuration
+
 With the agent's sidecar configuration complete, we can now deploy our changes to AWS via Terraform.

 1. Change your directory to `terraform`
-```sh 
+
+```sh
 cd terraform
 ```

 2. Initialize Terraform
+
 ```
-$ terraform init 
+$ terraform init
 ```

-3. Preview resources that will be created 
+3. Preview resources that will be created
+
 ```
 $ terraform plan
 ```

 4. Trigger resource creation
+
 ```bash
-$ terraform apply 
+$ terraform apply

 Do you want to perform these actions?
  Terraform will perform the actions described above.
@ -264,24 +258,24 @@ Outputs:
 alb_hostname = "cb-load-balancer-1675475779.us-east-1.elb.amazonaws.com:8080"
 ```

-Once the resources have been successfully deployed, Terrafrom will output the host address where the file browser application will be accessible.
-It may take a few minutes for the application to become fully ready. 
-
+Once the resources have been successfully deployed, Terraform will output the host address where the file browser application will be accessible.
+It may take a few minutes for the application to become fully ready.

 ## Verify secrets/tokens in EFS volume
+
 To verify that the agent is depositing access tokens and rendering secrets to the paths specified in the agent config, navigate to the web address from the previous step.
 Once you visit the address, you'll be prompted to login. Enter the credentials shown below.

 ![file browser main login page](/images/guides/agent-with-ecs/file_browser_main.png)

-Since our EFS volume is mounted to the path of the file browser application, we should see the access token and rendered secret file we defined via the agent config file. 
+Since our EFS volume is mounted to the path of the file browser application, we should see the access token and rendered secret file we defined via the agent config file.

 ![file browswer dashbaord](/images/guides/agent-with-ecs/filebrowser_afterlogin.png)

-As expected, two files are present: `access-token` and `secrets`. 
-The `access-token` file should hold a valid `Bearer` token, which can be used to make HTTP requests to Infisical. 
+As expected, two files are present: `access-token` and `secrets`.
+The `access-token` file should hold a valid `Bearer` token, which can be used to make HTTP requests to Infisical.
 The `secrets` file should contain secrets, formatted according to the specifications in our secret template file (presented in key=value format).

 ![file browser access token deposit](/images/guides/agent-with-ecs/access-token-deposit.png)

-![file browser secrets render](/images/guides/agent-with-ecs/secrets-deposit.png)
+![file browser secrets render](/images/guides/agent-with-ecs/secrets-deposit.png)
--- a/docs/integrations/platforms/infisical-agent.mdx
+++ b/docs/integrations/platforms/infisical-agent.mdx
@ -9,56 +9,60 @@ It eliminates the need to modify application logic by enabling clients to decide
 ![agent diagram](/images/agent/infisical-agent-diagram.png)

 ### Key features:
+
 - Token renewal: Automatically authenticates with Infisical and deposits renewed access tokens at specified path for applications to consume
 - Templating: Renders secrets via user provided templates to desired formats for applications to consume

 ### Token renewal
+
 The Infisical agent can help manage the life cycle of access tokens. The token renewal process is split into two main components: a `Method`, which is the authentication process suitable for your current setup, and `Sinks`, which are the places where the agent deposits the new access token whenever it receives updates.

-When the Infisical Agent is started, it will attempt to obtain a valid access token using the authentication method you have configured. If the agent is unable to fetch a valid token, the agent will keep trying, increasing the time between each attempt. 
+When the Infisical Agent is started, it will attempt to obtain a valid access token using the authentication method you have configured. If the agent is unable to fetch a valid token, the agent will keep trying, increasing the time between each attempt.

 Once a access token is successfully fetched, the agent will make sure the access token stays valid, continuing to renew it before it expires.

 Every time the agent successfully retrieves a new access token, it writes the new token to the Sinks you've configured.

 <Info>
-  Access tokens can be utilized with Infisical SDKs or directly in API requests to retrieve secrets from Infisical
+  Access tokens can be utilized with Infisical SDKs or directly in API requests
+  to retrieve secrets from Infisical
 </Info>

 ### Templating
-The Infisical agent can help deliver formatted secrets to your application in a variety of environments. To achieve this, the agent will retrieve secrets from Infisical, format them using a specified template, and then save these formatted secrets to a designated file path. 

-Templating process is done through the use of Go language's [text/template feature](https://pkg.go.dev/text/template). Multiple template definitions can be set in the agent configuration file to generate a variety of formatted secret files.
+The Infisical agent can help deliver formatted secrets to your application in a variety of environments. To achieve this, the agent will retrieve secrets from Infisical, format them using a specified template, and then save these formatted secrets to a designated file path.

-When the agent is started and templates are defined in the agent configuration file, the agent will attempt to acquire a valid access token using the set authentication method outlined in the agent's configuration. 
+Templating process is done through the use of Go language's [text/template feature](https://pkg.go.dev/text/template).You can refer to the available secret template functions [here](#available-secret-template-functions). Multiple template definitions can be set in the agent configuration file to generate a variety of formatted secret files.
+
+When the agent is started and templates are defined in the agent configuration file, the agent will attempt to acquire a valid access token using the set authentication method outlined in the agent's configuration.
 If this initial attempt is unsuccessful, the agent will momentarily pauses before continuing to make more attempts.

-Once the agent successfully obtains a valid access token, the agent proceeds to fetch the secrets from Infisical using it. 
+Once the agent successfully obtains a valid access token, the agent proceeds to fetch the secrets from Infisical using it.
 It then formats these secrets using the user provided templates and writes the formatted data to configured file paths.

-## Agent configuration file 
+## Agent configuration file

-To set up the authentication method for token renewal and to define secret templates, the Infisical agent requires a YAML configuration file containing properties defined below. 
+To set up the authentication method for token renewal and to define secret templates, the Infisical agent requires a YAML configuration file containing properties defined below.
 While specifying an authentication method is mandatory to start the agent, configuring sinks and secret templates are optional.

-| Field                                           | Description                   |
-| ------------------------------------------------| ----------------------------- |
-| `infisical.address`                             | The URL of the Infisical service. Default: `"https://app.infisical.com"`. |
-| `auth.type`                                     | The type of authentication method used. Available options: `universal-auth`, `kubernetes`, `azure`, `gcp-id-token`, `gcp-iam`, `aws-iam`|
-| `auth.config.identity-id`                       | The file path where the machine identity id is stored<br/><br/>This field is required when using any of the following auth types: `kubernetes`, `azure`, `gcp-id-token`, `gcp-iam`, or `aws-iam`. |
-| `auth.config.service-account-token`             | Path to the Kubernetes service account token to use (optional)<br/><br/>Default: `/var/run/secrets/kubernetes.io/serviceaccount/token`  |
-| `auth.config.service-account-key`               | Path to your GCP service account key file. This field is required when using `gcp-iam` auth type.<br/><br/>Please note that the file should be in JSON format. |
-| `auth.config.client-id`                         | The file path where the universal-auth client id is stored.  |
-| `auth.config.client-secret`                     | The file path where the universal-auth client secret is stored.  |
-| `auth.config.remove_client_secret_on_read`      | This will instruct the agent to remove the client secret from disk.  |
-| `sinks[].type`                                  | The type of sink in a list of sinks. Each item specifies a sink type. Currently, only `"file"` type is available. |
-| `sinks[].config.path`                           | The file path where the access token should be stored for each sink in the list. |
-| `templates[].source-path`                       | The path to the template file that should be used to render secrets. |
-| `templates[].destination-path`                  | The path where the rendered secrets from the source template will be saved to. |
-| `templates[].config.polling-interval`           | How frequently to check for secret changes. Default: `5 minutes` (optional)  |
-| `templates[].config.execute.command`            | The command to execute when secret change is detected (optional) |
-| `templates[].config.execute.timeout`            | How long in seconds to wait for command to execute before timing out (optional) |
-
+| Field                                      | Description                                                                                                                                                                                       |
+| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `infisical.address`                        | The URL of the Infisical service. Default: `"https://app.infisical.com"`.                                                                                                                         |
+| `auth.type`                                | The type of authentication method used. Available options: `universal-auth`, `kubernetes`, `azure`, `gcp-id-token`, `gcp-iam`, `aws-iam`                                                          |
+| `auth.config.identity-id`                  | The file path where the machine identity id is stored<br/><br/>This field is required when using any of the following auth types: `kubernetes`, `azure`, `gcp-id-token`, `gcp-iam`, or `aws-iam`. |
+| `auth.config.service-account-token`        | Path to the Kubernetes service account token to use (optional)<br/><br/>Default: `/var/run/secrets/kubernetes.io/serviceaccount/token`                                                            |
+| `auth.config.service-account-key`          | Path to your GCP service account key file. This field is required when using `gcp-iam` auth type.<br/><br/>Please note that the file should be in JSON format.                                    |
+| `auth.config.client-id`                    | The file path where the universal-auth client id is stored.                                                                                                                                       |
+| `auth.config.client-secret`                | The file path where the universal-auth client secret is stored.                                                                                                                                   |
+| `auth.config.remove_client_secret_on_read` | This will instruct the agent to remove the client secret from disk.                                                                                                                               |
+| `sinks[].type`                             | The type of sink in a list of sinks. Each item specifies a sink type. Currently, only `"file"` type is available.                                                                                 |
+| `sinks[].config.path`                      | The file path where the access token should be stored for each sink in the list.                                                                                                                  |
+| `templates[].source-path`                  | The path to the template file that should be used to render secrets.                                                                                                                              |
+| `templates[].template-content`             | The inline secret template to be used for rendering the secrets.                                                                                                                                                      |
+| `templates[].destination-path`             | The path where the rendered secrets from the source template will be saved to.                                                                                                                    |
+| `templates[].config.polling-interval`      | How frequently to check for secret changes. Default: `5 minutes` (optional)                                                                                                                       |
+| `templates[].config.execute.command`       | The command to execute when secret change is detected (optional)                                                                                                                                  |
+| `templates[].config.execute.timeout`       | How long in seconds to wait for command to execute before timing out (optional)                                                                                                                   |

 ## Authentication

@ -68,19 +72,20 @@ The Infisical agent supports multiple authentication methods. Below are the avai
 <Accordion title="Universal Auth">
  The Universal Auth method is a simple and secure way to authenticate with Infisical. It requires a client ID and a client secret to authenticate with Infisical.

-  <ParamField query="config" type="UniversalAuthConfig">
-    <Expandable title="properties">
-        <ParamField query="client-id" type="string" required>
-          Path to the file containing the universal auth client ID.
-        </ParamField>
-        <ParamField query="client-secret" type="string" required>
-          Path to the file containing the universal auth client secret.
-        </ParamField>
-        <ParamField query="remove_client_secret_on_read" type="boolean" optional>
-          Instructs the agent to remove the client secret from disk after reading it.
-        </ParamField>
-    </Expandable>
-  </ParamField>
+<ParamField query="config" type="UniversalAuthConfig">
+  <Expandable title="properties">
+    <ParamField query="client-id" type="string" required>
+      Path to the file containing the universal auth client ID.
+    </ParamField>
+    <ParamField query="client-secret" type="string" required>
+      Path to the file containing the universal auth client secret.
+    </ParamField>
+    <ParamField query="remove_client_secret_on_read" type="boolean" optional>
+      Instructs the agent to remove the client secret from disk after reading
+      it.
+    </ParamField>
+  </Expandable>
+</ParamField>

  <Steps>
    <Step title="Create a universal auth machine identity">
@ -98,21 +103,25 @@ The Infisical agent supports multiple authentication methods. Below are the avai
        remove_client_secret_on_read: false # Optional field, instructs the agent to remove the client secret from disk after reading it
    ```
    </Step>
+
  </Steps>
 </Accordion>
 <Accordion title="Native Kubernetes">
  The Native Kubernetes method is used to authenticate with Infisical when running in a Kubernetes environment. It requires a service account token to authenticate with Infisical.

-  <ParamField query="config" type="KubernetesAuthConfig">
-    <Expandable title="properties">
-        <ParamField query="identity-id" type="string" required>
-          Path to the file containing the machine identity ID.
-        </ParamField>
-        <ParamField query="service-account-token" type="string" optional>
-          Path to the Kubernetes service account token to use. Default: `/var/run/secrets/kubernetes.io/serviceaccount/token`.
-        </ParamField>
-    </Expandable>
-  </ParamField>
+{" "}
+
+<ParamField query="config" type="KubernetesAuthConfig">
+  <Expandable title="properties">
+    <ParamField query="identity-id" type="string" required>
+      Path to the file containing the machine identity ID.
+    </ParamField>
+    <ParamField query="service-account-token" type="string" optional>
+      Path to the Kubernetes service account token to use. Default:
+      `/var/run/secrets/kubernetes.io/serviceaccount/token`.
+    </ParamField>
+  </Expandable>
+</ParamField>

  <Steps>
    <Step title="Create a Kubernetes machine identity">
@ -129,6 +138,7 @@ The Infisical agent supports multiple authentication methods. Below are the avai
        service-account-token: "/var/run/secrets/kubernetes.io/serviceaccount/token" # Optional field, custom path to the Kubernetes service account token to use
    ```
    </Step>
+
  </Steps>

 </Accordion>
@ -186,6 +196,7 @@ The Infisical agent supports multiple authentication methods. Below are the avai
      ```
      </Step>
    </Steps>
+
  </Accordion>
  <Accordion title="GCP IAM">
    The GCP IAM method is used to authenticate with Infisical with a GCP service account key.
@ -217,6 +228,7 @@ The Infisical agent supports multiple authentication methods. Below are the avai
      ```
      </Step>
    </Steps>
+
  </Accordion>
  <Accordion title="Native AWS IAM">
    The AWS IAM method is used to authenticate with Infisical with an AWS IAM role while running in an AWS environment like EC2, Lambda, etc.
@ -244,10 +256,12 @@ The Infisical agent supports multiple authentication methods. Below are the avai
      ```
      </Step>
    </Steps>
+
  </Accordion>
 </AccordionGroup>

 ## Quick start Infisical Agent
+
 To install the Infisical agent, you must first install the [Infisical CLI](../cli/overview) in the desired environment where you'd like the agent to run. This is because the Infisical agent is a sub-command of the Infisical CLI.

 Once you have the CLI installed, you will need to provision programmatic access for the agent via [Universal Auth](/documentation/platform/identities/universal-auth). To obtain a **Client ID** and a **Client Secret**, follow the step by step guide outlined [here](/documentation/platform/identities/universal-auth).
@ -277,8 +291,8 @@ templates:
        command: ./reload-app.sh
 ```

-The secret template below will be used to render the secrets with the key and the value separated by `=` sign. You'll notice that a custom function named `secret` is used to fetch the secrets. 
-This function takes the following arguments: `secret "<project-id>" "<environment-slug>" "<secret-path>"`. 
+The secret template below will be used to render the secrets with the key and the value separated by `=` sign. You'll notice that a custom function named `secret` is used to fetch the secrets.
+This function takes the following arguments: `secret "<project-id>" "<environment-slug>" "<secret-path>"`.

 ```text my-dot-ev-secret-template
 {{- with secret "6553ccb2b7da580d7f6e7260" "dev" "/" }}
@ -290,13 +304,12 @@ This function takes the following arguments: `secret "<project-id>" "<environmen

 After defining the agent configuration file, run the command below pointing to the path where the agent configuration file is located.

-
-```bash 
+```bash
 infisical agent --config example-agent-config-file.yaml
 ```

-
 ### Available secret template functions
+
 <Accordion title="listSecrets">
  ```bash
    listSecrets "<project-id>" "environment-slug" "<secret-path>"
@ -309,11 +322,12 @@ infisical agent --config example-agent-config-file.yaml
  {{- end }}
  ```

-  **Function name**: listSecrets
+**Function name**: listSecrets

-  **Description**: This function can be used to render the full list of secrets within a given project, environment and secret path. 
+**Description**: This function can be used to render the full list of secrets within a given project, environment and secret path.
+
+**Returns**: A single secret object with the following keys `Key, WorkspaceId, Value, Type, ID, and Comment`

-  **Returns**: A single secret object with the following keys `Key, WorkspaceId, Value, Type, ID, and Comment`  
 </Accordion>

 <Accordion title="getSecretByName">
@ -321,18 +335,18 @@ infisical agent --config example-agent-config-file.yaml
  getSecretByName "<project-id>" "<environment-slug>" "<secret-path>" "<secret-name>"
  ```

-  ```bash example-template-usage
-  {{ with getSecretByName "d821f21d-aa90-453b-8448-8c78c1160a0e" "dev" "/" "POSTHOG_HOST"}}
-  {{ if .Value }}
-  password = "{{ .Value }}"
-  {{ end }}
-  {{ end }}
-  ```
+```bash example-template-usage
+{{ with getSecretByName "d821f21d-aa90-453b-8448-8c78c1160a0e" "dev" "/" "POSTHOG_HOST"}}
+{{ if .Value }}
+password = "{{ .Value }}"
+{{ end }}
+{{ end }}
+```

-  **Function name**: getSecretByName
+**Function name**: getSecretByName

-  **Description**: This function can be used to render a single secret by it's name.
+**Description**: This function can be used to render a single secret by it's name.

-  **Returns**: A list of secret objects with the following keys `Key, WorkspaceId, Value, Type, ID, and Comment`
+**Returns**: A list of secret objects with the following keys `Key, WorkspaceId, Value, Type, ID, and Comment`

 </Accordion>
--- a/docs/mint.json
+++ b/docs/mint.json
@ -154,7 +154,10 @@
            "documentation/platform/dynamic-secrets/mssql",
            "documentation/platform/dynamic-secrets/oracle",
            "documentation/platform/dynamic-secrets/cassandra",
-            "documentation/platform/dynamic-secrets/aws-iam"
+            "documentation/platform/dynamic-secrets/redis",
+            "documentation/platform/dynamic-secrets/aws-elasticache",
+            "documentation/platform/dynamic-secrets/aws-iam",
+            "documentation/platform/dynamic-secrets/mongo-atlas"
          ]
        },
        {
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@ -4,6 +4,7 @@
  "requires": true,
  "packages": {
    "": {
+      "name": "frontend",
      "dependencies": {
        "@casl/ability": "^6.5.0",
        "@casl/react": "^3.1.0",
@ -84,6 +85,7 @@
        "react-grid-layout": "^1.3.4",
        "react-hook-form": "^7.43.0",
        "react-i18next": "^12.2.2",
+        "react-icons": "^5.3.0",
        "react-mailchimp-subscribe": "^2.1.3",
        "react-markdown": "^8.0.3",
        "react-redux": "^8.0.2",
@ -8609,26 +8611,6 @@
      "integrity": "sha512-AjwI4MvWx3HAOaZqYsjKWyEObT9lcVV0Y0V8nXo6cXzN8ZiMxVhf6F3d/UNvXVGKrEzL/Dluc5p+y9GkzlTWig==",
      "dev": true
    },
-    "node_modules/@types/eslint": {
-      "version": "8.56.2",
-      "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.56.2.tgz",
-      "integrity": "sha512-uQDwm1wFHmbBbCZCqAlq6Do9LYwByNZHWzXppSnay9SuwJ+VRbjkbLABer54kcPnMSlG6Fdiy2yaFXm/z9Z5gw==",
-      "dev": true,
-      "dependencies": {
-        "@types/estree": "*",
-        "@types/json-schema": "*"
-      }
-    },
-    "node_modules/@types/eslint-scope": {
-      "version": "3.7.7",
-      "resolved": "https://registry.npmjs.org/@types/eslint-scope/-/eslint-scope-3.7.7.tgz",
-      "integrity": "sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg==",
-      "dev": true,
-      "dependencies": {
-        "@types/eslint": "*",
-        "@types/estree": "*"
-      }
-    },
    "node_modules/@types/estree": {
      "version": "0.0.51",
      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-0.0.51.tgz",
@ -9298,9 +9280,9 @@
      "dev": true
    },
    "node_modules/@webassemblyjs/ast": {
-      "version": "1.11.6",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.11.6.tgz",
-      "integrity": "sha512-IN1xI7PwOvLPgjcf180gC1bqn3q/QaOCwYUahIOhbYUu8KA/3tw2RT/T0Gidi1l7Hhj5D/INhJxiICObqpMu4Q==",
+      "version": "1.12.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.12.1.tgz",
+      "integrity": "sha512-EKfMUOPRRUTy5UII4qJDGPpqfwjOmZ5jeGFwid9mnoqIFK+e0vqoi1qH56JpmZSzEL53jKnNzScdmftJyG5xWg==",
      "dev": true,
      "dependencies": {
        "@webassemblyjs/helper-numbers": "1.11.6",
@ -9320,9 +9302,9 @@
      "dev": true
    },
    "node_modules/@webassemblyjs/helper-buffer": {
-      "version": "1.11.6",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.11.6.tgz",
-      "integrity": "sha512-z3nFzdcp1mb8nEOFFk8DrYLpHvhKC3grJD2ardfKOzmbmJvEf/tPIqCY+sNcwZIY8ZD7IkB2l7/pqhUhqm7hLA==",
+      "version": "1.12.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.12.1.tgz",
+      "integrity": "sha512-nzJwQw99DNDKr9BVCOZcLuJJUlqkJh+kVzVl6Fmq/tI5ZtEyWT1KZMyOXltXLZJmDtvLCDgwsyrkohEtopTXCw==",
      "dev": true
    },
    "node_modules/@webassemblyjs/helper-numbers": {
@ -9343,15 +9325,15 @@
      "dev": true
    },
    "node_modules/@webassemblyjs/helper-wasm-section": {
-      "version": "1.11.6",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.11.6.tgz",
-      "integrity": "sha512-LPpZbSOwTpEC2cgn4hTydySy1Ke+XEu+ETXuoyvuyezHO3Kjdu90KK95Sh9xTbmjrCsUwvWwCOQQNta37VrS9g==",
+      "version": "1.12.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.12.1.tgz",
+      "integrity": "sha512-Jif4vfB6FJlUlSbgEMHUyk1j234GTNG9dBJ4XJdOySoj518Xj0oGsNi59cUQF4RRMS9ouBUxDDdyBVfPTypa5g==",
      "dev": true,
      "dependencies": {
-        "@webassemblyjs/ast": "1.11.6",
-        "@webassemblyjs/helper-buffer": "1.11.6",
+        "@webassemblyjs/ast": "1.12.1",
+        "@webassemblyjs/helper-buffer": "1.12.1",
        "@webassemblyjs/helper-wasm-bytecode": "1.11.6",
-        "@webassemblyjs/wasm-gen": "1.11.6"
+        "@webassemblyjs/wasm-gen": "1.12.1"
      }
    },
    "node_modules/@webassemblyjs/ieee754": {
@ -9379,28 +9361,28 @@
      "dev": true
    },
    "node_modules/@webassemblyjs/wasm-edit": {
-      "version": "1.11.6",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.11.6.tgz",
-      "integrity": "sha512-Ybn2I6fnfIGuCR+Faaz7YcvtBKxvoLV3Lebn1tM4o/IAJzmi9AWYIPWpyBfU8cC+JxAO57bk4+zdsTjJR+VTOw==",
+      "version": "1.12.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.12.1.tgz",
+      "integrity": "sha512-1DuwbVvADvS5mGnXbE+c9NfA8QRcZ6iKquqjjmR10k6o+zzsRVesil54DKexiowcFCPdr/Q0qaMgB01+SQ1u6g==",
      "dev": true,
      "dependencies": {
-        "@webassemblyjs/ast": "1.11.6",
-        "@webassemblyjs/helper-buffer": "1.11.6",
+        "@webassemblyjs/ast": "1.12.1",
+        "@webassemblyjs/helper-buffer": "1.12.1",
        "@webassemblyjs/helper-wasm-bytecode": "1.11.6",
-        "@webassemblyjs/helper-wasm-section": "1.11.6",
-        "@webassemblyjs/wasm-gen": "1.11.6",
-        "@webassemblyjs/wasm-opt": "1.11.6",
-        "@webassemblyjs/wasm-parser": "1.11.6",
-        "@webassemblyjs/wast-printer": "1.11.6"
+        "@webassemblyjs/helper-wasm-section": "1.12.1",
+        "@webassemblyjs/wasm-gen": "1.12.1",
+        "@webassemblyjs/wasm-opt": "1.12.1",
+        "@webassemblyjs/wasm-parser": "1.12.1",
+        "@webassemblyjs/wast-printer": "1.12.1"
      }
    },
    "node_modules/@webassemblyjs/wasm-gen": {
-      "version": "1.11.6",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.11.6.tgz",
-      "integrity": "sha512-3XOqkZP/y6B4F0PBAXvI1/bky7GryoogUtfwExeP/v7Nzwo1QLcq5oQmpKlftZLbT+ERUOAZVQjuNVak6UXjPA==",
+      "version": "1.12.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.12.1.tgz",
+      "integrity": "sha512-TDq4Ojh9fcohAw6OIMXqiIcTq5KUXTGRkVxbSo1hQnSy6lAM5GSdfwWeSxpAo0YzgsgF182E/U0mDNhuA0tW7w==",
      "dev": true,
      "dependencies": {
-        "@webassemblyjs/ast": "1.11.6",
+        "@webassemblyjs/ast": "1.12.1",
        "@webassemblyjs/helper-wasm-bytecode": "1.11.6",
        "@webassemblyjs/ieee754": "1.11.6",
        "@webassemblyjs/leb128": "1.11.6",
@ -9408,24 +9390,24 @@
      }
    },
    "node_modules/@webassemblyjs/wasm-opt": {
-      "version": "1.11.6",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.11.6.tgz",
-      "integrity": "sha512-cOrKuLRE7PCe6AsOVl7WasYf3wbSo4CeOk6PkrjS7g57MFfVUF9u6ysQBBODX0LdgSvQqRiGz3CXvIDKcPNy4g==",
+      "version": "1.12.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.12.1.tgz",
+      "integrity": "sha512-Jg99j/2gG2iaz3hijw857AVYekZe2SAskcqlWIZXjji5WStnOpVoat3gQfT/Q5tb2djnCjBtMocY/Su1GfxPBg==",
      "dev": true,
      "dependencies": {
-        "@webassemblyjs/ast": "1.11.6",
-        "@webassemblyjs/helper-buffer": "1.11.6",
-        "@webassemblyjs/wasm-gen": "1.11.6",
-        "@webassemblyjs/wasm-parser": "1.11.6"
+        "@webassemblyjs/ast": "1.12.1",
+        "@webassemblyjs/helper-buffer": "1.12.1",
+        "@webassemblyjs/wasm-gen": "1.12.1",
+        "@webassemblyjs/wasm-parser": "1.12.1"
      }
    },
    "node_modules/@webassemblyjs/wasm-parser": {
-      "version": "1.11.6",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.11.6.tgz",
-      "integrity": "sha512-6ZwPeGzMJM3Dqp3hCsLgESxBGtT/OeCvCZ4TA1JUPYgmhAx38tTPR9JaKy0S5H3evQpO/h2uWs2j6Yc/fjkpTQ==",
+      "version": "1.12.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.12.1.tgz",
+      "integrity": "sha512-xikIi7c2FHXysxXe3COrVUPSheuBtpcfhbpFj4gmu7KRLYOzANztwUU0IbsqvMqzuNK2+glRGWCEqZo1WCLyAQ==",
      "dev": true,
      "dependencies": {
-        "@webassemblyjs/ast": "1.11.6",
+        "@webassemblyjs/ast": "1.12.1",
        "@webassemblyjs/helper-api-error": "1.11.6",
        "@webassemblyjs/helper-wasm-bytecode": "1.11.6",
        "@webassemblyjs/ieee754": "1.11.6",
@ -9434,12 +9416,12 @@
      }
    },
    "node_modules/@webassemblyjs/wast-printer": {
-      "version": "1.11.6",
-      "resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.11.6.tgz",
-      "integrity": "sha512-JM7AhRcE+yW2GWYaKeHL5vt4xqee5N2WcezptmgyhNS+ScggqcT1OtXykhAb13Sn5Yas0j2uv9tHgrjwvzAP4A==",
+      "version": "1.12.1",
+      "resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.12.1.tgz",
+      "integrity": "sha512-+X4WAlOisVWQMikjbcvY2e0rwPsKQ9F688lksZhBcPycBBuii3O7m8FACbDMWDojpAqvjIncrG8J0XHKyQfVeA==",
      "dev": true,
      "dependencies": {
-        "@webassemblyjs/ast": "1.11.6",
+        "@webassemblyjs/ast": "1.12.1",
        "@xtuc/long": "4.2.2"
      }
    },
@ -12933,9 +12915,9 @@
      "integrity": "sha512-JGmudTwg7yxMYvR/gWbalqqQiyu7WTFv2Xu3vw4cJHXPFxNgAk0oy8UHaer8nLF4lZJa+rNoj6GsrKIVJTV6Tw=="
    },
    "node_modules/elliptic": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz",
-      "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==",
+      "version": "6.5.7",
+      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.7.tgz",
+      "integrity": "sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q==",
      "dev": true,
      "dependencies": {
        "bn.js": "^4.11.9",
@ -12998,9 +12980,9 @@
      }
    },
    "node_modules/enhanced-resolve": {
-      "version": "5.15.0",
-      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.15.0.tgz",
-      "integrity": "sha512-LXYT42KJ7lpIKECr2mAXIaMldcNCh/7E0KBKOu4KSfkHmP+mZmSs+8V5gBAqisWBy0OO4W5Oyys0GO1Y8KtdKg==",
+      "version": "5.17.1",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.17.1.tgz",
+      "integrity": "sha512-LMHl3dXhTcfv8gM4kEzIUeTQ+7fpdA0l2tUf34BddXPkz2A5xJ5L/Pchd5BL6rdccM9QGvu0sWZzK1Z1t4wwyg==",
      "dev": true,
      "dependencies": {
        "graceful-fs": "^4.2.4",
@ -15867,11 +15849,11 @@
      }
    },
    "node_modules/infisical-node/node_modules/axios": {
-      "version": "1.6.5",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.5.tgz",
-      "integrity": "sha512-Ii012v05KEVuUoFWmMW/UQv9aRIc3ZwkWDcM+h5Il8izZCtRVpDUfwpoFf7eOtajT3QiGR4yDUx7lPqHJULgbg==",
+      "version": "1.7.5",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.5.tgz",
+      "integrity": "sha512-fZu86yCo+svH3uqJ/yTdQ0QHpQu5oL+/QE+QPSv6BZSkDAoky9vytxp7u5qk83OJFS3kEBcesWni9WTZAv3tSw==",
      "dependencies": {
-        "follow-redirects": "^1.15.4",
+        "follow-redirects": "^1.15.6",
        "form-data": "^4.0.0",
        "proxy-from-env": "^1.1.0"
      }
@ -18133,12 +18115,12 @@
      ]
    },
    "node_modules/micromatch": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
-      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
+      "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
      "dev": true,
      "dependencies": {
-        "braces": "^3.0.2",
+        "braces": "^3.0.3",
        "picomatch": "^2.3.1"
      },
      "engines": {
@ -20968,6 +20950,14 @@
        }
      }
    },
+    "node_modules/react-icons": {
+      "version": "5.3.0",
+      "resolved": "https://registry.npmjs.org/react-icons/-/react-icons-5.3.0.tgz",
+      "integrity": "sha512-DnUk8aFbTyQPSkCfF8dbX6kQjXA9DktMeJqfjrg6cK9vwQVMxmcA3BfP4QoiztVmEHtwlTgLFsPuH2NskKT6eg==",
+      "peerDependencies": {
+        "react": "*"
+      }
+    },
    "node_modules/react-is": {
      "version": "18.2.0",
      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
@ -24479,9 +24469,9 @@
      }
    },
    "node_modules/watchpack": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.0.tgz",
-      "integrity": "sha512-Lcvm7MGST/4fup+ifyKi2hjyIAwcdI4HRgtvTpIUxBRhB+RFtUh8XtDOxUfctVCnhVi+QQj49i91OyvzkJl6cg==",
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.2.tgz",
+      "integrity": "sha512-TnbFSbcOCcDgjZ4piURLCbJ3nJhznVh9kw6F6iokjiFPl8ONxe9A6nMDVXDiNbrSfLILs6vB07F7wLBrwPYzJw==",
      "dev": true,
      "dependencies": {
        "glob-to-regexp": "^0.4.1",
@ -24506,34 +24496,33 @@
      "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
    },
    "node_modules/webpack": {
-      "version": "5.89.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.89.0.tgz",
-      "integrity": "sha512-qyfIC10pOr70V+jkmud8tMfajraGCZMBWJtrmuBymQKCrLTRejBI8STDp1MCyZu/QTdZSeacCQYpYNQVOzX5kw==",
+      "version": "5.94.0",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.94.0.tgz",
+      "integrity": "sha512-KcsGn50VT+06JH/iunZJedYGUJS5FGjow8wb9c0v5n1Om8O1g4L6LjtfxwlXIATopoQu+vOXXa7gYisWxCoPyg==",
      "dev": true,
      "dependencies": {
-        "@types/eslint-scope": "^3.7.3",
-        "@types/estree": "^1.0.0",
-        "@webassemblyjs/ast": "^1.11.5",
-        "@webassemblyjs/wasm-edit": "^1.11.5",
-        "@webassemblyjs/wasm-parser": "^1.11.5",
+        "@types/estree": "^1.0.5",
+        "@webassemblyjs/ast": "^1.12.1",
+        "@webassemblyjs/wasm-edit": "^1.12.1",
+        "@webassemblyjs/wasm-parser": "^1.12.1",
        "acorn": "^8.7.1",
-        "acorn-import-assertions": "^1.9.0",
-        "browserslist": "^4.14.5",
+        "acorn-import-attributes": "^1.9.5",
+        "browserslist": "^4.21.10",
        "chrome-trace-event": "^1.0.2",
-        "enhanced-resolve": "^5.15.0",
+        "enhanced-resolve": "^5.17.1",
        "es-module-lexer": "^1.2.1",
        "eslint-scope": "5.1.1",
        "events": "^3.2.0",
        "glob-to-regexp": "^0.4.1",
-        "graceful-fs": "^4.2.9",
+        "graceful-fs": "^4.2.11",
        "json-parse-even-better-errors": "^2.3.1",
        "loader-runner": "^4.2.0",
        "mime-types": "^2.1.27",
        "neo-async": "^2.6.2",
        "schema-utils": "^3.2.0",
        "tapable": "^2.1.1",
-        "terser-webpack-plugin": "^5.3.7",
-        "watchpack": "^2.4.0",
+        "terser-webpack-plugin": "^5.3.10",
+        "watchpack": "^2.4.1",
        "webpack-sources": "^3.2.3"
      },
      "bin": {
@ -24666,9 +24655,9 @@
      "dev": true
    },
    "node_modules/webpack/node_modules/acorn": {
-      "version": "8.11.3",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz",
-      "integrity": "sha512-Y9rRfJG5jcKOE0CLisYbojUjIrIEE7AGMzA/Sm4BslANhbS+cDMpgBdcPT91oJ7OuJ9hYJBx59RjbhxVnrF8Xg==",
+      "version": "8.12.1",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.12.1.tgz",
+      "integrity": "sha512-tcpGyI9zbizT9JbV6oYE477V6mTlXvvi0T0G3SNIYE2apm/G5huBa1+K89VGeovbg+jycCrfhl3ADxErOuO6Jg==",
      "dev": true,
      "bin": {
        "acorn": "bin/acorn"
@ -24677,10 +24666,10 @@
        "node": ">=0.4.0"
      }
    },
-    "node_modules/webpack/node_modules/acorn-import-assertions": {
-      "version": "1.9.0",
-      "resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.9.0.tgz",
-      "integrity": "sha512-cmMwop9x+8KFhxvKrKfPYmN6/pKTYYHBqLa0DfvVZcKMJWNyWLnaqND7dx/qn66R7ewM1UX5XMaDVP5wlVTaVA==",
+    "node_modules/webpack/node_modules/acorn-import-attributes": {
+      "version": "1.9.5",
+      "resolved": "https://registry.npmjs.org/acorn-import-attributes/-/acorn-import-attributes-1.9.5.tgz",
+      "integrity": "sha512-n02Vykv5uA3eHGM/Z2dQrcD56kL8TyDb2p1+0P83PClMnC/nc+anbQRhIOWnSq4Ke/KvDPrY3C9hDtC/A3eHnQ==",
      "dev": true,
      "peerDependencies": {
        "acorn": "^8"
--- a/frontend/package.json
+++ b/frontend/package.json
@ -92,6 +92,7 @@
    "react-grid-layout": "^1.3.4",
    "react-hook-form": "^7.43.0",
    "react-i18next": "^12.2.2",
+    "react-icons": "^5.3.0",
    "react-mailchimp-subscribe": "^2.1.3",
    "react-markdown": "^8.0.3",
    "react-redux": "^8.0.2",
--- a/frontend/src/components/v2/FormControl/FormControl.tsx
+++ b/frontend/src/components/v2/FormControl/FormControl.tsx
@ -9,36 +9,42 @@ import { Tooltip } from "../Tooltip";
 export type FormLabelProps = {
  id?: string;
  isRequired?: boolean;
-  isOptional?:boolean;
+  isOptional?: boolean;
  label?: ReactNode;
  icon?: ReactNode;
  className?: string;
-  tooltipText?: string;
+  tooltipClassName?: string;
+  tooltipText?: ReactNode;
 };

-export const FormLabel = ({ id, label, isRequired, icon, className,isOptional, tooltipText }: FormLabelProps) => (
+export const FormLabel = ({
+  id,
+  label,
+  isRequired,
+  icon,
+  className,
+  isOptional,
+  tooltipClassName,
+  tooltipText
+}: FormLabelProps) => (
  <Label.Root
    className={twMerge(
-      "mb-0.5 ml-1 flex items-center text-sm font-normal text-mineshaft-400",
+      "mb-0.5 flex items-center text-sm font-normal text-mineshaft-400",
      className
    )}
    htmlFor={id}
  >
    {label}
    {isRequired && <span className="ml-1 text-red">*</span>}
-    {isOptional && <span className="ml-1 text-gray-500 italic text-xs">- Optional</span>}
+    {isOptional && <span className="ml-1 text-xs italic text-gray-500">- Optional</span>}
    {icon && !tooltipText && (
      <span className="ml-2 cursor-default text-mineshaft-300 hover:text-mineshaft-200">
        {icon}
      </span>
    )}
    {tooltipText && (
-      <Tooltip content={tooltipText}>
-          <FontAwesomeIcon
-            icon={faQuestionCircle}
-            size="1x"
-            className="ml-2"
-          />
+      <Tooltip content={tooltipText} className={tooltipClassName}>
+        <FontAwesomeIcon icon={faQuestionCircle} size="1x" className="ml-2" />
      </Tooltip>
    )}
  </Label.Root>
--- a/frontend/src/hooks/api/dynamicSecret/types.ts
+++ b/frontend/src/hooks/api/dynamicSecret/types.ts
@ -18,7 +18,10 @@ export type TDynamicSecret = {
 export enum DynamicSecretProviders {
  SqlDatabase = "sql-database",
  Cassandra = "cassandra",
-  AwsIam = "aws-iam"
+  AwsIam = "aws-iam",
+  Redis = "redis",
+  AwsElastiCache = "aws-elasticache",
+  MongoAtlas = "mongo-db-atlas"
 }

 export enum SqlProviders {
@ -30,47 +33,89 @@ export enum SqlProviders {

 export type TDynamicSecretProvider =
  | {
-    type: DynamicSecretProviders.SqlDatabase;
-    inputs: {
-      client: SqlProviders;
-      host: string;
-      port: number;
-      database: string;
-      username: string;
-      password: string;
-      creationStatement: string;
-      revocationStatement: string;
-      renewStatement?: string;
-      ca?: string | undefined;
-    };
-  }
+      type: DynamicSecretProviders.SqlDatabase;
+      inputs: {
+        client: SqlProviders;
+        host: string;
+        port: number;
+        database: string;
+        username: string;
+        password: string;
+        creationStatement: string;
+        revocationStatement: string;
+        renewStatement?: string;
+        ca?: string | undefined;
+      };
+    }
  | {
-    type: DynamicSecretProviders.Cassandra;
-    inputs: {
-      host: string;
-      port: number;
-      keyspace?: string;
-      localDataCenter: string;
-      username: string;
-      password: string;
-      creationStatement: string;
-      revocationStatement: string;
-      renewStatement?: string;
-      ca?: string | undefined;
-    };
-  }
+      type: DynamicSecretProviders.Cassandra;
+      inputs: {
+        host: string;
+        port: number;
+        keyspace?: string;
+        localDataCenter: string;
+        username: string;
+        password: string;
+        creationStatement: string;
+        revocationStatement: string;
+        renewStatement?: string;
+        ca?: string | undefined;
+      };
+    }
  | {
-    type: DynamicSecretProviders.AwsIam;
-    inputs: {
-      accessKey: string;
-      secretAccessKey: string;
-      region: string;
-      awsPath?: string;
-      policyDocument?: string;
-      userGroups?: string;
-      policyArns?: string;
+      type: DynamicSecretProviders.AwsIam;
+      inputs: {
+        accessKey: string;
+        secretAccessKey: string;
+        region: string;
+        awsPath?: string;
+        policyDocument?: string;
+        userGroups?: string;
+        policyArns?: string;
+      };
+    }
+  | {
+      type: DynamicSecretProviders.Redis;
+      inputs: {
+        host: string;
+        port: number;
+        username: string;
+        password?: string;
+        creationStatement: string;
+        renewStatement?: string;
+        revocationStatement: string;
+        ca?: string | undefined;
+      };
+    }
+  | {
+      type: DynamicSecretProviders.AwsElastiCache;
+      inputs: {
+        clusterName: string;
+        accessKeyId: string;
+        secretAccessKey: string;
+        region: string;
+        creationStatement: string;
+        revocationStatement: string;
+        ca?: string | undefined;
+      }
+    }
+|{
+      type: DynamicSecretProviders.MongoAtlas;
+      inputs: {
+        adminPublicKey: string;
+        adminPrivateKey: string;
+        groupId: string;
+        roles: {
+          databaseName: string;
+          roleName: string;
+          collectionName?: string;
+        }[];
+        scopes?: {
+          name: string;
+          type: string;
+        }[];
+      };
    };
-  };

 export type TCreateDynamicSecretDTO = {
  projectSlug: string;
--- a/frontend/src/hooks/api/integrations/queries.tsx
+++ b/frontend/src/hooks/api/integrations/queries.tsx
@ -71,6 +71,8 @@ export const useCreateIntegration = () => {
          key: string;
          value: string;
        }[];
+        githubVisibility?: string;
+        githubVisibilityRepoIds?: string[];
        kmsKeyId?: string;
        shouldDisableDelete?: boolean;
        shouldMaskSecrets?: boolean;
--- a/frontend/src/hooks/api/integrations/types.ts
+++ b/frontend/src/hooks/api/integrations/types.ts
@ -34,6 +34,9 @@ export type TIntegration = {
  syncMessage?: string;
  __v: number;
  metadata?: {
+    githubVisibility?: string;
+    githubVisibilityRepoIds?: string[];
+
    secretSuffix?: string;
    syncBehavior?: IntegrationSyncBehavior;
    mappingBehavior?: IntegrationMappingBehavior;
--- a/frontend/src/hooks/api/secretSharing/queries.ts
+++ b/frontend/src/hooks/api/secretSharing/queries.ts
@ -7,7 +7,11 @@ import { TSharedSecret, TViewSharedSecretResponse } from "./types";
 export const secretSharingKeys = {
  allSharedSecrets: () => ["sharedSecrets"] as const,
  specificSharedSecrets: ({ offset, limit }: { offset: number; limit: number }) =>
-    [...secretSharingKeys.allSharedSecrets(), { offset, limit }] as const
+    [...secretSharingKeys.allSharedSecrets(), { offset, limit }] as const,
+  getSecretById: (arg: { id: string; hashedHex: string; password?: string }) => [
+    "shared-secret",
+    arg
+  ]
 };

 export const useGetSharedSecrets = ({
@ -38,31 +42,28 @@ export const useGetSharedSecrets = ({

 export const useGetActiveSharedSecretById = ({
  sharedSecretId,
-  hashedHex
+  hashedHex,
+  password
 }: {
  sharedSecretId: string;
  hashedHex: string;
+  password?: string;
 }) => {
-  return useQuery<TViewSharedSecretResponse, [string]>({
-    enabled: Boolean(sharedSecretId) && Boolean(hashedHex),
-    queryFn: async () => {
-      const params = new URLSearchParams({
-        hashedHex
-      });
-
-      const { data } = await apiRequest.get<TViewSharedSecretResponse>(
+  return useQuery<TViewSharedSecretResponse>(
+    secretSharingKeys.getSecretById({ id: sharedSecretId, hashedHex, password }),
+    async () => {
+      const { data } = await apiRequest.post<TViewSharedSecretResponse>(
        `/api/v1/secret-sharing/public/${sharedSecretId}`,
        {
-          params
+          hashedHex,
+          password
        }
      );
-      return {
-        encryptedValue: data.encryptedValue,
-        iv: data.iv,
-        tag: data.tag,
-        accessType: data.accessType,
-        orgName: data.orgName
-      };
+
+      return data;
+    },
+    {
+      enabled: Boolean(sharedSecretId) && Boolean(hashedHex)
    }
-  });
+  );
 };
--- a/frontend/src/hooks/api/secretSharing/types.ts
+++ b/frontend/src/hooks/api/secretSharing/types.ts
@ -15,6 +15,7 @@ export type TSharedSecret = {

 export type TCreateSharedSecretRequest = {
  name?: string;
+  password?: string;
  encryptedValue: string;
  hashedHex: string;
  iv: string;
@ -25,11 +26,14 @@ export type TCreateSharedSecretRequest = {
 };

 export type TViewSharedSecretResponse = {
-  encryptedValue: string;
-  iv: string;
-  tag: string;
-  accessType: SecretSharingAccessType;
-  orgName?: string;
+  isPasswordProtected: boolean;
+  secret: {
+    encryptedValue: string;
+    iv: string;
+    tag: string;
+    accessType: SecretSharingAccessType;
+    orgName?: string;
+  };
 };

 export type TDeleteSharedSecretRequest = {
@ -40,3 +44,4 @@ export enum SecretSharingAccessType {
  Anyone = "anyone",
  Organization = "organization"
 }
+
--- a/frontend/src/pages/integrations/github/create.tsx
+++ b/frontend/src/pages/integrations/github/create.tsx
@ -1,4 +1,4 @@
-import { useEffect, useState } from "react";
+import { useEffect, useMemo, useState } from "react";
 import { Controller, useForm } from "react-hook-form";
 import Head from "next/head";
 import Image from "next/image";
@ -53,6 +53,21 @@ enum TabSections {
  Options = "options"
 }

+const secretsVisibility = [
+  {
+    value: "selected",
+    label: "Select repositories"
+  },
+  {
+    value: "all",
+    label: "All public repositories"
+  },
+  {
+    value: "private",
+    label: "All private repositories"
+  }
+] as const;
+
 const targetEnv = ["github-repo", "github-org", "github-env"] as const;
 type TargetEnv = (typeof targetEnv)[number];

@ -63,9 +78,12 @@ const schema = yup.object({
  shouldEnableDelete: yup.boolean().optional(),
  scope: yup.mixed<TargetEnv>().oneOf(targetEnv.slice()).required(),

-  repoIds: yup.mixed().when("scope", {
-    is: "github-repo",
-    then: yup.array(yup.string().required()).min(1, "Select at least one repositories")
+  // Explanation: If scope is (github-repo) OR (github-org AND visibility is set to selected), then repoIds is required
+  repoIds: yup.mixed().when(["scope", "visibility"], {
+    is: (scope: string, visibility: string) =>
+      scope === "github-repo" || (scope === "github-org" && visibility === "selected"),
+    then: yup.array(yup.string().required()).min(1, "Select at least one repository"),
+    otherwise: yup.mixed().notRequired()
  }),

  repoId: yup.mixed().when("scope", {
@ -91,6 +109,10 @@ const schema = yup.object({
  orgId: yup.mixed().when("scope", {
    is: "github-org",
    then: yup.string().required("Organization is required")
+  }),
+  visibility: yup.mixed().when("scope", {
+    is: "github-org",
+    then: yup.string().required("Visibility is required")
  })
 });

@ -121,6 +143,7 @@ export default function GitHubCreateIntegrationPage() {
      secretPath: "/",
      scope: "github-repo",
      repoIds: [],
+      visibility: "all",
      shouldEnableDelete: false
    }
  });
@ -130,6 +153,7 @@ export default function GitHubCreateIntegrationPage() {
  const repoIds = watch("repoIds");
  const repoName = watch("repoName");
  const repoOwner = watch("repoOwner");
+  const selectedOrgId = watch("orgId");

  const { data: integrationAuthGithubEnvs } = useGetIntegrationAuthGithubEnvs(
    integrationAuthId as string,
@ -196,6 +220,8 @@ export default function GitHubCreateIntegrationPage() {
            scope: data.scope,
            owner: integrationAuthOrgs?.find((e) => e.orgId === data.orgId)?.name,
            metadata: {
+              githubVisibility: data.visibility,
+              githubVisibilityRepoIds: data.repoIds,
              secretSuffix: data.secretSuffix,
              shouldEnableDelete: data.shouldEnableDelete
            }
@ -242,6 +268,15 @@ export default function GitHubCreateIntegrationPage() {
    }
  };

+  const selectedOrganization = useMemo(() => {
+    if (!integrationAuthApps) return null;
+
+    return integrationAuthApps.filter(
+      (authApp) =>
+        integrationAuthOrgs?.find((e) => e.orgId === selectedOrgId)?.name === authApp.owner
+    );
+  }, [selectedOrgId, integrationAuthApps]);
+
  return integrationAuth && workspace && integrationAuthApps ? (
    <div className="flex h-full w-full flex-col items-center justify-center py-4">
      <Head>
@ -339,7 +374,10 @@ export default function GitHubCreateIntegrationPage() {
                    <FormControl label="Scope" errorText={error?.message} isError={Boolean(error)}>
                      <Select
                        defaultValue={field.value}
-                        onValueChange={onChange}
+                        onValueChange={(e) => {
+                          setValue("repoIds", []);
+                          onChange(e);
+                        }}
                        className="w-full border border-mineshaft-500"
                      >
                        <SelectItem value="github-org">Organization</SelectItem>
@ -430,32 +468,143 @@ export default function GitHubCreateIntegrationPage() {
                  />
                )}
                {scope === "github-org" && (
-                  <Controller
-                    control={control}
-                    name="orgId"
-                    render={({ field: { onChange, ...field }, fieldState: { error } }) => (
-                      <FormControl
-                        label="Organization"
-                        errorText={
-                          integrationAuthOrgs?.length ? error?.message : "No organizations found"
-                        }
-                        isError={Boolean(integrationAuthOrgs?.length && error?.message)}
-                      >
-                        <Select
-                          value={field.value}
-                          onValueChange={onChange}
-                          className="w-full border border-mineshaft-500"
+                  <>
+                    <Controller
+                      control={control}
+                      name="orgId"
+                      render={({ field: { onChange, ...field }, fieldState: { error } }) => (
+                        <FormControl
+                          label="Organization"
+                          errorText={
+                            integrationAuthOrgs?.length ? error?.message : "No organizations found"
+                          }
+                          isError={Boolean(integrationAuthOrgs?.length && error?.message)}
                        >
-                          {integrationAuthOrgs &&
-                            integrationAuthOrgs.map(({ name, orgId }) => (
-                              <SelectItem key={`github-organization-${orgId}`} value={orgId}>
-                                {name}
+                          <Select
+                            value={field.value}
+                            onValueChange={onChange}
+                            className="w-full border border-mineshaft-500"
+                          >
+                            {integrationAuthOrgs &&
+                              integrationAuthOrgs.map(({ name, orgId }) => (
+                                <SelectItem key={`github-organization-${orgId}`} value={orgId}>
+                                  {name}
+                                </SelectItem>
+                              ))}
+                          </Select>
+                        </FormControl>
+                      )}
+                    />
+
+                    <Controller
+                      control={control}
+                      name="visibility"
+                      render={({ field: { onChange, ...field }, fieldState: { error } }) => (
+                        <FormControl
+                          tooltipText="Select which type of repositories that the secrets should be synced to."
+                          label="Visibility"
+                          errorText={error?.message}
+                          isError={Boolean(error?.message)}
+                        >
+                          <Select
+                            value={field.value}
+                            onValueChange={onChange}
+                            className="w-full border border-mineshaft-500"
+                          >
+                            {secretsVisibility.map(({ label, value }) => (
+                              <SelectItem key={`github-visibility-${value}`} value={value}>
+                                {label}
                              </SelectItem>
                            ))}
-                        </Select>
-                      </FormControl>
+                          </Select>
+                        </FormControl>
+                      )}
+                    />
+
+                    {watch("visibility") === "selected" && (
+                      <Controller
+                        control={control}
+                        name="repoIds"
+                        render={({ field: { onChange }, fieldState: { error } }) => (
+                          <FormControl
+                            label="Selected Repositories"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                          >
+                            <DropdownMenu>
+                              <DropdownMenuTrigger asChild>
+                                {integrationAuthApps.length > 0 ? (
+                                  <div className="inline-flex w-full cursor-pointer items-center justify-between rounded-md border border-mineshaft-600 bg-mineshaft-900 px-3 py-2 font-inter text-sm font-normal text-bunker-200 outline-none data-[placeholder]:text-mineshaft-200">
+                                    {repoIds.length === 1
+                                      ? integrationAuthApps?.reduce(
+                                          (acc, { appId, name, owner }) =>
+                                            repoIds[0] === appId ? `${owner}/${name}` : acc,
+                                          ""
+                                        )
+                                      : `${repoIds.length} repositories selected`}
+                                    <FontAwesomeIcon icon={faAngleDown} className="text-xs" />
+                                  </div>
+                                ) : (
+                                  <div className="inline-flex w-full cursor-default items-center justify-between rounded-md border border-mineshaft-600 bg-mineshaft-900 px-3 py-2 font-inter text-sm font-normal text-bunker-200 outline-none data-[placeholder]:text-mineshaft-200">
+                                    No repositories found
+                                  </div>
+                                )}
+                              </DropdownMenuTrigger>
+                              <DropdownMenuContent
+                                align="start"
+                                className="thin-scrollbar z-[100] max-h-80 overflow-y-scroll"
+                              >
+                                {selectedOrganization ? (
+                                  selectedOrganization.map((integrationAuthApp) => {
+                                    const isSelected = repoIds.includes(
+                                      String(integrationAuthApp.appId)
+                                    );
+
+                                    return (
+                                      <DropdownMenuItem
+                                        onClick={() => {
+                                          if (repoIds.includes(String(integrationAuthApp.appId))) {
+                                            onChange(
+                                              repoIds.filter(
+                                                (appId: string) =>
+                                                  appId !== String(integrationAuthApp.appId)
+                                              )
+                                            );
+                                          } else {
+                                            onChange([
+                                              ...repoIds,
+                                              String(integrationAuthApp.appId)
+                                            ]);
+                                          }
+                                        }}
+                                        key={`repos-id-${integrationAuthApp.appId}`}
+                                        icon={
+                                          isSelected ? (
+                                            <FontAwesomeIcon
+                                              icon={faCheckCircle}
+                                              className="pr-0.5 text-primary"
+                                            />
+                                          ) : (
+                                            <div className="pl-[1.01rem]" />
+                                          )
+                                        }
+                                        iconPos="left"
+                                        className="w-[28.4rem] text-sm"
+                                      >
+                                        {integrationAuthApp.owner}/{integrationAuthApp.name}
+                                      </DropdownMenuItem>
+                                    );
+                                  })
+                                ) : (
+                                  <div />
+                                )}
+                              </DropdownMenuContent>
+                            </DropdownMenu>
+                          </FormControl>
+                        )}
+                      />
                    )}
-                  />
+                  </>
                )}
                {scope === "github-env" && (
                  <Controller
--- a/frontend/src/views/IntegrationsPage/components/IntegrationsSection/ConfiguredIntegrationItem.tsx
+++ b/frontend/src/views/IntegrationsPage/components/IntegrationsSection/ConfiguredIntegrationItem.tsx
@ -0,0 +1,229 @@
+import {
+  faArrowRight,
+  faCalendarCheck,
+  faRefresh,
+  faWarning,
+  faXmark
+} from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { format } from "date-fns";
+import { integrationSlugNameMapping } from "public/data/frequentConstants";
+
+import { ProjectPermissionCan } from "@app/components/permissions";
+import { Button, FormLabel, IconButton, Tag, Tooltip } from "@app/components/v2";
+import { ProjectPermissionActions, ProjectPermissionSub } from "@app/context";
+import { IntegrationMappingBehavior } from "@app/hooks/api/integrations/types";
+import { TIntegration } from "@app/hooks/api/types";
+
+type IProps = {
+  integration: TIntegration;
+  environments: Array<{ name: string; slug: string; id: string }>;
+  onRemoveIntegration: VoidFunction;
+  onManualSyncIntegration: VoidFunction;
+};
+
+export const ConfiguredIntegrationItem = ({
+  integration,
+  environments,
+  onRemoveIntegration,
+  onManualSyncIntegration
+}: IProps) => {
+  return (
+    <div
+      className="max-w-8xl flex justify-between rounded-md border border-mineshaft-600 bg-mineshaft-800 p-3"
+      key={`integration-${integration?.id.toString()}`}
+    >
+      <div className="flex">
+        <div className="ml-2 flex flex-col">
+          <FormLabel label="Environment" />
+          <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
+            {environments.find((e) => e.id === integration.envId)?.name || "-"}
+          </div>
+        </div>
+        <div className="ml-2 flex flex-col">
+          <FormLabel label="Secret Path" />
+          <div className="min-w-[8rem] rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
+            {integration.secretPath}
+          </div>
+        </div>
+        <div className="flex h-full items-center">
+          <FontAwesomeIcon icon={faArrowRight} className="mx-4 text-gray-400" />
+        </div>
+        <div className="ml-4 flex flex-col">
+          <FormLabel
+            tooltipText={
+              integration.integration === "github" ? (
+                <div className="text-xs">
+                  {/* eslint-disable-next-line no-nested-ternary */}
+                  {integration.metadata?.githubVisibility === "selected"
+                    ? "Syncing to selected repositories in the organization. "
+                    : integration.metadata?.githubVisibility === "private"
+                    ? "Syncing to all private repositories in the organization"
+                    : "Syncing to all public and private repositories in the organization"}
+                </div>
+              ) : undefined
+            }
+            label="Integration"
+          />
+          <div className="min-w-[8rem] rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
+            {integrationSlugNameMapping[integration.integration]}
+          </div>
+        </div>
+        {integration.integration === "qovery" && (
+          <div className="flex flex-row">
+            <div className="ml-2 flex flex-col">
+              <FormLabel label="Org" />
+              <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
+                {integration?.owner || "-"}
+              </div>
+            </div>
+            <div className="ml-2 flex flex-col">
+              <FormLabel label="Project" />
+              <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
+                {integration?.targetService || "-"}
+              </div>
+            </div>
+            <div className="ml-2 flex flex-col">
+              <FormLabel label="Env" />
+              <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
+                {integration?.targetEnvironment || "-"}
+              </div>
+            </div>
+          </div>
+        )}
+        {!(
+          integration.integration === "aws-secret-manager" &&
+          integration.metadata?.mappingBehavior === IntegrationMappingBehavior.ONE_TO_ONE
+        ) && (
+          <div className="ml-2 flex flex-col">
+            <FormLabel
+              label={
+                (integration.integration === "qovery" && integration?.scope) ||
+                (integration.integration === "aws-secret-manager" && "Secret") ||
+                (["aws-parameter-store", "rundeck"].includes(integration.integration) && "Path") ||
+                (integration?.integration === "terraform-cloud" && "Project") ||
+                (integration?.scope === "github-org" && "Organization") ||
+                (["github-repo", "github-env"].includes(integration?.scope as string) &&
+                  "Repository") ||
+                "App"
+              }
+            />
+            <div className="no-scrollbar::-webkit-scrollbar min-w-[8rem] max-w-[12rem] overflow-scroll whitespace-nowrap rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200 no-scrollbar">
+              {(integration.integration === "hashicorp-vault" &&
+                `${integration.app} - path: ${integration.path}`) ||
+                (integration.scope === "github-org" && `${integration.owner}`) ||
+                (["aws-parameter-store", "rundeck"].includes(integration.integration) &&
+                  `${integration.path}`) ||
+                (integration.scope?.startsWith("github-") &&
+                  `${integration.owner}/${integration.app}`) ||
+                integration.app}
+            </div>
+          </div>
+        )}
+        {(integration.integration === "vercel" ||
+          integration.integration === "netlify" ||
+          integration.integration === "railway" ||
+          integration.integration === "gitlab" ||
+          integration.integration === "teamcity" ||
+          integration.integration === "bitbucket" ||
+          (integration.integration === "github" && integration.scope === "github-env")) && (
+          <div className="ml-4 flex flex-col">
+            <FormLabel label="Target Environment" />
+            <div className="overflow-clip text-ellipsis whitespace-nowrap rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
+              {integration.targetEnvironment || integration.targetEnvironmentId}
+            </div>
+          </div>
+        )}
+        {integration.integration === "checkly" && integration.targetService && (
+          <div className="ml-2">
+            <FormLabel label="Group" />
+            <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
+              {integration.targetService}
+            </div>
+          </div>
+        )}
+        {integration.integration === "terraform-cloud" && integration.targetService && (
+          <div className="ml-2">
+            <FormLabel label="Category" />
+            <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
+              {integration.targetService}
+            </div>
+          </div>
+        )}
+        {(integration.integration === "checkly" || integration.integration === "github") && (
+          <div className="ml-2">
+            <FormLabel label="Secret Suffix" />
+            <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
+              {integration?.metadata?.secretSuffix || "-"}
+            </div>
+          </div>
+        )}
+      </div>
+      <div className="mt-[1.5rem] flex cursor-default">
+        {integration.isSynced != null && integration.lastUsed != null && (
+          <Tag key={integration.id} className={integration.isSynced ? "bg-green-800" : "bg-red/80"}>
+            <Tooltip
+              center
+              className="max-w-xs whitespace-normal break-words"
+              content={
+                <div className="flex max-h-[10rem] flex-col overflow-auto ">
+                  <div className="flex self-start">
+                    <FontAwesomeIcon icon={faCalendarCheck} className="pt-0.5 pr-2 text-sm" />
+                    <div className="text-sm">Last sync</div>
+                  </div>
+                  <div className="pl-5 text-left text-xs">
+                    {format(new Date(integration.lastUsed), "yyyy-MM-dd, hh:mm aaa")}
+                  </div>
+                  {!integration.isSynced && (
+                    <>
+                      <div className="mt-2 flex self-start">
+                        <FontAwesomeIcon icon={faXmark} className="pt-1 pr-2 text-sm" />
+                        <div className="text-sm">Fail reason</div>
+                      </div>
+                      <div className="pl-5 text-left text-xs">{integration.syncMessage}</div>
+                    </>
+                  )}
+                </div>
+              }
+            >
+              <div className="flex items-center space-x-2 text-white">
+                <div>{integration.isSynced ? "Synced" : "Not synced"}</div>
+                {!integration.isSynced && <FontAwesomeIcon icon={faWarning} />}
+              </div>
+            </Tooltip>
+          </Tag>
+        )}
+        <div className="mr-1 flex items-end opacity-80 duration-200 hover:opacity-100">
+          <Tooltip className="text-center" content="Manually sync integration secrets">
+            <Button
+              onClick={() => onManualSyncIntegration()}
+              className="max-w-[2.5rem] border-none bg-mineshaft-500"
+            >
+              <FontAwesomeIcon icon={faRefresh} className="px-1 text-bunker-200" />
+            </Button>
+          </Tooltip>
+        </div>
+        <ProjectPermissionCan
+          I={ProjectPermissionActions.Delete}
+          a={ProjectPermissionSub.Integrations}
+        >
+          {(isAllowed: boolean) => (
+            <div className="flex items-end opacity-80 duration-200 hover:opacity-100">
+              <Tooltip content="Remove Integration">
+                <IconButton
+                  onClick={() => onRemoveIntegration()}
+                  ariaLabel="delete"
+                  isDisabled={!isAllowed}
+                  colorSchema="danger"
+                  variant="star"
+                >
+                  <FontAwesomeIcon icon={faXmark} className="px-0.5" />
+                </IconButton>
+              </Tooltip>
+            </div>
+          )}
+        </ProjectPermissionCan>
+      </div>
+    </div>
+  );
+};
--- a/frontend/src/views/IntegrationsPage/components/IntegrationsSection/IntegrationsSection.tsx
+++ b/frontend/src/views/IntegrationsPage/components/IntegrationsSection/IntegrationsSection.tsx
@ -1,27 +1,10 @@
-import { faCalendarCheck } from "@fortawesome/free-regular-svg-icons";
-import { faArrowRight, faRefresh, faWarning, faXmark } from "@fortawesome/free-solid-svg-icons";
-import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
-import { format } from "date-fns";
-import { integrationSlugNameMapping } from "public/data/frequentConstants";
-
-import { ProjectPermissionCan } from "@app/components/permissions";
-import {
-  Button,
-  Checkbox,
-  DeleteActionModal,
-  EmptyState,
-  FormLabel,
-  IconButton,
-  Skeleton,
-  Tag,
-  Tooltip
-} from "@app/components/v2";
-import { ProjectPermissionActions, ProjectPermissionSub } from "@app/context";
+import { Checkbox, DeleteActionModal, EmptyState, Skeleton } from "@app/components/v2";
 import { usePopUp, useToggle } from "@app/hooks";
 import { useSyncIntegration } from "@app/hooks/api/integrations/queries";
-import { IntegrationMappingBehavior } from "@app/hooks/api/integrations/types";
 import { TIntegration } from "@app/hooks/api/types";

+import { ConfiguredIntegrationItem } from "./ConfiguredIntegrationItem";
+
 type Props = {
  environments: Array<{ name: string; slug: string; id: string }>;
  integrations?: TIntegration[];
@ -72,207 +55,22 @@ export const IntegrationsSection = ({
      {!isLoading && (
        <div className="flex min-w-max flex-col space-y-4 p-6 pt-0">
          {integrations?.map((integration) => (
-            <div
-              className="max-w-8xl flex justify-between rounded-md border border-mineshaft-600 bg-mineshaft-800 p-3"
-              key={`integration-${integration?.id.toString()}`}
-            >
-              <div className="flex">
-                <div className="ml-2 flex flex-col">
-                  <FormLabel label="Environment" />
-                  <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
-                    {environments.find((e) => e.id === integration.envId)?.name || "-"}
-                  </div>
-                </div>
-                <div className="ml-2 flex flex-col">
-                  <FormLabel label="Secret Path" />
-                  <div className="min-w-[8rem] rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
-                    {integration.secretPath}
-                  </div>
-                </div>
-                <div className="flex h-full items-center">
-                  <FontAwesomeIcon icon={faArrowRight} className="mx-4 text-gray-400" />
-                </div>
-                <div className="ml-4 flex flex-col">
-                  <FormLabel label="Integration" />
-                  <div className="min-w-[8rem] rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
-                    {integrationSlugNameMapping[integration.integration]}
-                  </div>
-                </div>
-                {integration.integration === "qovery" && (
-                  <div className="flex flex-row">
-                    <div className="ml-2 flex flex-col">
-                      <FormLabel label="Org" />
-                      <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
-                        {integration?.owner || "-"}
-                      </div>
-                    </div>
-                    <div className="ml-2 flex flex-col">
-                      <FormLabel label="Project" />
-                      <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
-                        {integration?.targetService || "-"}
-                      </div>
-                    </div>
-                    <div className="ml-2 flex flex-col">
-                      <FormLabel label="Env" />
-                      <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
-                        {integration?.targetEnvironment || "-"}
-                      </div>
-                    </div>
-                  </div>
-                )}
-                {!(
-                  integration.integration === "aws-secret-manager" &&
-                  integration.metadata?.mappingBehavior === IntegrationMappingBehavior.ONE_TO_ONE
-                ) && (
-                  <div className="ml-2 flex flex-col">
-                    <FormLabel
-                      label={
-                        (integration.integration === "qovery" && integration?.scope) ||
-                        (integration.integration === "aws-secret-manager" && "Secret") ||
-                        (["aws-parameter-store", "rundeck"].includes(integration.integration) &&
-                          "Path") ||
-                        (integration?.integration === "terraform-cloud" && "Project") ||
-                        (integration?.scope === "github-org" && "Organization") ||
-                        (["github-repo", "github-env"].includes(integration?.scope as string) &&
-                          "Repository") ||
-                        "App"
-                      }
-                    />
-                    <div className="no-scrollbar::-webkit-scrollbar min-w-[8rem] max-w-[12rem] overflow-scroll whitespace-nowrap rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200 no-scrollbar">
-                      {(integration.integration === "hashicorp-vault" &&
-                        `${integration.app} - path: ${integration.path}`) ||
-                        (integration.scope === "github-org" && `${integration.owner}`) ||
-                        (["aws-parameter-store", "rundeck"].includes(integration.integration) &&
-                          `${integration.path}`) ||
-                        (integration.scope?.startsWith("github-") &&
-                          `${integration.owner}/${integration.app}`) ||
-                        integration.app}
-                    </div>
-                  </div>
-                )}
-                {(integration.integration === "vercel" ||
-                  integration.integration === "netlify" ||
-                  integration.integration === "railway" ||
-                  integration.integration === "gitlab" ||
-                  integration.integration === "teamcity" ||
-                  integration.integration === "bitbucket" ||
-                  (integration.integration === "github" && integration.scope === "github-env")) && (
-                  <div className="ml-4 flex flex-col">
-                    <FormLabel label="Target Environment" />
-                    <div className="overflow-clip text-ellipsis whitespace-nowrap rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
-                      {integration.targetEnvironment || integration.targetEnvironmentId}
-                    </div>
-                  </div>
-                )}
-                {integration.integration === "checkly" && integration.targetService && (
-                  <div className="ml-2">
-                    <FormLabel label="Group" />
-                    <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
-                      {integration.targetService}
-                    </div>
-                  </div>
-                )}
-                {integration.integration === "terraform-cloud" && integration.targetService && (
-                  <div className="ml-2">
-                    <FormLabel label="Category" />
-                    <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
-                      {integration.targetService}
-                    </div>
-                  </div>
-                )}
-                {(integration.integration === "checkly" ||
-                  integration.integration === "github") && (
-                  <div className="ml-2">
-                    <FormLabel label="Secret Suffix" />
-                    <div className="rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
-                      {integration?.metadata?.secretSuffix || "-"}
-                    </div>
-                  </div>
-                )}
-              </div>
-              <div className="mt-[1.5rem] flex cursor-default">
-                {integration.isSynced != null && integration.lastUsed != null && (
-                  <Tag
-                    key={integration.id}
-                    className={integration.isSynced ? "bg-green-800" : "bg-red/80"}
-                  >
-                    <Tooltip
-                      center
-                      className="max-w-xs whitespace-normal break-words"
-                      content={
-                        <div className="flex max-h-[10rem] flex-col overflow-auto ">
-                          <div className="flex self-start">
-                            <FontAwesomeIcon
-                              icon={faCalendarCheck}
-                              className="pt-0.5 pr-2 text-sm"
-                            />
-                            <div className="text-sm">Last sync</div>
-                          </div>
-                          <div className="pl-5 text-left text-xs">
-                            {format(new Date(integration.lastUsed), "yyyy-MM-dd, hh:mm aaa")}
-                          </div>
-                          {!integration.isSynced && (
-                            <>
-                              <div className="mt-2 flex self-start">
-                                <FontAwesomeIcon icon={faXmark} className="pt-1 pr-2 text-sm" />
-                                <div className="text-sm">Fail reason</div>
-                              </div>
-                              <div className="pl-5 text-left text-xs">
-                                {integration.syncMessage}
-                              </div>
-                            </>
-                          )}
-                        </div>
-                      }
-                    >
-                      <div className="flex items-center space-x-2 text-white">
-                        <div>{integration.isSynced ? "Synced" : "Not synced"}</div>
-                        {!integration.isSynced && <FontAwesomeIcon icon={faWarning} />}
-                      </div>
-                    </Tooltip>
-                  </Tag>
-                )}
-                <div className="mr-1 flex items-end opacity-80 duration-200 hover:opacity-100">
-                  <Tooltip className="text-center" content="Manually sync integration secrets">
-                    <Button
-                      onClick={() =>
-                        syncIntegration({
-                          workspaceId,
-                          id: integration.id,
-                          lastUsed: integration.lastUsed as string
-                        })
-                      }
-                      className="max-w-[2.5rem] border-none bg-mineshaft-500"
-                    >
-                      <FontAwesomeIcon icon={faRefresh} className="px-1 text-bunker-200" />
-                    </Button>
-                  </Tooltip>
-                </div>
-                <ProjectPermissionCan
-                  I={ProjectPermissionActions.Delete}
-                  a={ProjectPermissionSub.Integrations}
-                >
-                  {(isAllowed: boolean) => (
-                    <div className="flex items-end opacity-80 duration-200 hover:opacity-100">
-                      <Tooltip content="Remove Integration">
-                        <IconButton
-                          onClick={() => {
-                            setShouldDeleteSecrets.off();
-                            handlePopUpOpen("deleteConfirmation", integration);
-                          }}
-                          ariaLabel="delete"
-                          isDisabled={!isAllowed}
-                          colorSchema="danger"
-                          variant="star"
-                        >
-                          <FontAwesomeIcon icon={faXmark} className="px-0.5" />
-                        </IconButton>
-                      </Tooltip>
-                    </div>
-                  )}
-                </ProjectPermissionCan>
-              </div>
-            </div>
+            <ConfiguredIntegrationItem
+              key={`integration-${integration.id}`}
+              onManualSyncIntegration={() => {
+                syncIntegration({
+                  workspaceId,
+                  id: integration.id,
+                  lastUsed: integration.lastUsed as string
+                });
+              }}
+              onRemoveIntegration={() => {
+                setShouldDeleteSecrets.off();
+                handlePopUpOpen("deleteConfirmation", integration);
+              }}
+              integration={integration}
+              environments={environments}
+            />
          ))}
        </div>
      )}
--- a/frontend/src/views/Org/MembersPage/components/OrgIdentityTab/components/IdentitySection/IdentityKubernetesAuthForm.tsx
+++ b/frontend/src/views/Org/MembersPage/components/OrgIdentityTab/components/IdentitySection/IdentityKubernetesAuthForm.tsx
@ -210,6 +210,7 @@ export const IdentityKubernetesAuthForm = ({
            label="Kubernetes Host / Base Kubernetes API URL "
            isError={Boolean(error)}
            errorText={error?.message}
+            tooltipText="The host string, host:port pair, or URL to the base of the Kubernetes API server. This can usually be obtained by running 'kubectl cluster-info'"
            isRequired
          >
            <Input {...field} placeholder="https://my-example-k8s-api-host.com" type="text" />
@ -224,6 +225,7 @@ export const IdentityKubernetesAuthForm = ({
            label="Token Reviewer JWT"
            isError={Boolean(error)}
            errorText={error?.message}
+            tooltipText="A long-lived service account JWT token for Infisical to access the TokenReview API to validate other service account JWT tokens submitted by applications/pods."
            isRequired
          >
            <Input {...field} placeholder="" type="password" />
@ -237,6 +239,7 @@ export const IdentityKubernetesAuthForm = ({
          <FormControl
            label="Allowed Service Account Names"
            isError={Boolean(error)}
+            tooltipText="An optional comma-separated list of trusted service account names that are allowed to authenticate with Infisical. Leave empty to allow any service account."
            errorText={error?.message}
          >
            <Input {...field} placeholder="service-account-1-name, service-account-1-name" />
@ -252,6 +255,7 @@ export const IdentityKubernetesAuthForm = ({
            label="Allowed Namespaces"
            isError={Boolean(error)}
            errorText={error?.message}
+            tooltipText="An optional comma-separated list of trusted service account names that are allowed to authenticate with Infisical. Leave empty to allow any namespaces."
          >
            <Input {...field} placeholder="namespaceA, namespaceB" type="text" />
          </FormControl>
@ -262,7 +266,11 @@ export const IdentityKubernetesAuthForm = ({
        defaultValue=""
        name="allowedAudience"
        render={({ field, fieldState: { error } }) => (
-          <FormControl label="Allowed Audience" isError={Boolean(error)} errorText={error?.message}>
+          <FormControl 
+            label="Allowed Audience" 
+            isError={Boolean(error)} errorText={error?.message} 
+            tooltipText="An optional audience claim that the service account JWT token must have to authenticate with Infisical. Leave empty to allow any audience claim."
+            >
            <Input {...field} placeholder="" type="text" />
          </FormControl>
        )}
@ -271,7 +279,11 @@ export const IdentityKubernetesAuthForm = ({
        control={control}
        name="caCert"
        render={({ field, fieldState: { error } }) => (
-          <FormControl label="CA Certificate" errorText={error?.message} isError={Boolean(error)}>
+          <FormControl 
+            label="CA Certificate" 
+            errorText={error?.message} isError={Boolean(error)} 
+            tooltipText="An optional PEM-encoded CA cert for the Kubernetes API server. This is used by the TLS client for secure communication with the Kubernetes API server."
+          >
            <TextArea {...field} placeholder="-----BEGIN CERTIFICATE----- ..." />
          </FormControl>
        )}
@ -283,6 +295,7 @@ export const IdentityKubernetesAuthForm = ({
        render={({ field, fieldState: { error } }) => (
          <FormControl
            label="Access Token TTL (seconds)"
+            tooltipText="The lifetime for an acccess token in seconds. This value will be referenced at renewal time."
            isError={Boolean(error)}
            errorText={error?.message}
          >
@ -299,6 +312,7 @@ export const IdentityKubernetesAuthForm = ({
            label="Access Token Max TTL (seconds)"
            isError={Boolean(error)}
            errorText={error?.message}
+            tooltipText="The maximum lifetime for an access token in seconds. This value will be referenced at renewal time."
          >
            <Input {...field} placeholder="2592000" type="number" min="1" step="1" />
          </FormControl>
@ -313,6 +327,7 @@ export const IdentityKubernetesAuthForm = ({
            label="Access Token Max Number of Uses"
            isError={Boolean(error)}
            errorText={error?.message}
+            tooltipText="The maximum number of times that an access token can be used; a value of 0 implies infinite number of uses."
          >
            <Input {...field} placeholder="0" type="number" min="0" step="1" />
          </FormControl>
@ -331,6 +346,7 @@ export const IdentityKubernetesAuthForm = ({
                  label={index === 0 ? "Access Token Trusted IPs" : undefined}
                  isError={Boolean(error)}
                  errorText={error?.message}
+                  tooltipText="The IPs or CIDR ranges that access tokens can be used from. By default, each token is given the 0.0.0.0/0, allowing usage from any network address."
                >
                  <Input
                    value={field.value}
--- a/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/AwsElastiCacheInputForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/AwsElastiCacheInputForm.tsx
@ -0,0 +1,318 @@
+import { Controller, useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import ms from "ms";
+import { z } from "zod";
+
+import { TtlFormLabel } from "@app/components/features";
+import { createNotification } from "@app/components/notifications";
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+  Button,
+  FormControl,
+  Input,
+  SecretInput,
+  TextArea
+} from "@app/components/v2";
+import { useCreateDynamicSecret } from "@app/hooks/api";
+import { DynamicSecretProviders } from "@app/hooks/api/dynamicSecret/types";
+
+const formSchema = z.object({
+  provider: z.object({
+    clusterName: z.string().trim().min(1),
+    accessKeyId: z.string().trim().min(1),
+    secretAccessKey: z.string().trim().min(1),
+
+    region: z.string().trim(),
+    creationStatement: z.string().trim(),
+    revocationStatement: z.string().trim(),
+    ca: z.string().optional()
+  }),
+  defaultTTL: z.string().superRefine((val, ctx) => {
+    const valMs = ms(val);
+    if (valMs < 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+    // a day
+    if (valMs > 24 * 60 * 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+  }),
+  maxTTL: z
+    .string()
+    .optional()
+    .superRefine((val, ctx) => {
+      if (!val) return;
+      const valMs = ms(val);
+      if (valMs < 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+      // a day
+      if (valMs > 24 * 60 * 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+    }),
+  name: z.string().refine((val) => val.toLowerCase() === val, "Must be lowercase")
+});
+type TForm = z.infer<typeof formSchema>;
+
+type Props = {
+  onCompleted: () => void;
+  onCancel: () => void;
+  secretPath: string;
+  projectSlug: string;
+  environment: string;
+};
+
+export const AwsElastiCacheInputForm = ({
+  onCompleted,
+  onCancel,
+  environment,
+  secretPath,
+  projectSlug
+}: Props) => {
+  const {
+    control,
+    formState: { isSubmitting, errors },
+    handleSubmit
+  } = useForm<TForm>({
+    resolver: zodResolver(formSchema),
+    defaultValues: {
+      provider: {
+        creationStatement: `{
+        "UserId": "{{username}}",
+        "UserName": "{{username}}",
+        "Engine": "redis",
+        "Passwords": ["{{password}}"],
+        "AccessString": "on ~* +@all"
+}`,
+        revocationStatement: `{
+        "UserId": "{{username}}"
+}`
+      }
+    }
+  });
+
+  const createDynamicSecret = useCreateDynamicSecret();
+
+  console.log("formState", errors);
+  const handleCreateDynamicSecret = async ({ name, maxTTL, provider, defaultTTL }: TForm) => {
+    // wait till previous request is finished
+    if (createDynamicSecret.isLoading) return;
+    try {
+      await createDynamicSecret.mutateAsync({
+        provider: { type: DynamicSecretProviders.AwsElastiCache, inputs: provider },
+        maxTTL,
+        name,
+        path: secretPath,
+        defaultTTL,
+        projectSlug,
+        environmentSlug: environment
+      });
+      onCompleted();
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to create dynamic secret"
+      });
+    }
+  };
+
+  return (
+    <div>
+      <form onSubmit={handleSubmit(handleCreateDynamicSecret)} autoComplete="off">
+        <div>
+          <div className="flex items-center space-x-2">
+            <div className="flex-grow">
+              <Controller
+                control={control}
+                defaultValue=""
+                name="name"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Secret Name"
+                    isError={Boolean(error)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} placeholder="dynamic-secret" />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="defaultTTL"
+                defaultValue="1h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Default TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="maxTTL"
+                defaultValue="24h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Max TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+          </div>
+          <div>
+            <div className="mb-4 mt-4 border-b border-mineshaft-500 pb-2 pl-1 font-medium text-mineshaft-200">
+              Configuration
+            </div>
+            <div className="flex flex-col">
+              <div className="flex items-center space-x-2">
+                <Controller
+                  control={control}
+                  name="provider.clusterName"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Cluster name"
+                      className="flex-grow"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} placeholder="redis-oss-cluster" />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  defaultValue=""
+                  name="provider.region"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Region"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input placeholder="us-east-1" {...field} type="text" />
+                    </FormControl>
+                  )}
+                />
+              </div>
+              <div className="flex w-full items-center space-x-2">
+                <Controller
+                  control={control}
+                  name="provider.accessKeyId"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Access Key ID"
+                      className="w-full"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} autoComplete="off" />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="provider.secretAccessKey"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Secret Access Key"
+                      className="w-full"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} type="password" autoComplete="new-password" />
+                    </FormControl>
+                  )}
+                />
+              </div>
+              <div>
+                <Controller
+                  control={control}
+                  name="provider.ca"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      isOptional
+                      label="CA(SSL)"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <SecretInput
+                        {...field}
+                        containerClassName="text-bunker-300 hover:border-primary-400/50 border border-mineshaft-600 bg-mineshaft-900 px-2 py-1.5"
+                      />
+                    </FormControl>
+                  )}
+                />
+                <Accordion type="single" collapsible className="mb-2 w-full bg-mineshaft-700">
+                  <AccordionItem value="advance-statements">
+                    <AccordionTrigger>Modify ElastiCache Statements</AccordionTrigger>
+                    <AccordionContent>
+                      <Controller
+                        control={control}
+                        name="provider.creationStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Creation Statement"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            helperText="username, password and expiration are dynamically provisioned"
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                      <Controller
+                        control={control}
+                        name="provider.revocationStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Revocation Statement"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            helperText="username is dynamically provisioned"
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                    </AccordionContent>
+                  </AccordionItem>
+                </Accordion>
+              </div>
+            </div>
+          </div>
+        </div>
+        <div className="mt-4 flex items-center space-x-4">
+          <Button type="submit" isLoading={isSubmitting}>
+            Submit
+          </Button>
+          <Button variant="outline_bg" onClick={onCancel}>
+            Cancel
+          </Button>
+        </div>
+      </form>
+    </div>
+  );
+};
--- a/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/CreateDynamicSecretForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/CreateDynamicSecretForm.tsx
@ -1,4 +1,5 @@
 import { useState } from "react";
+import { SiApachecassandra,SiMongodb } from "react-icons/si";
 import { faAws } from "@fortawesome/free-brands-svg-icons";
 import { faDatabase } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
@ -7,8 +8,11 @@ import { AnimatePresence, motion } from "framer-motion";
 import { Modal, ModalContent } from "@app/components/v2";
 import { DynamicSecretProviders } from "@app/hooks/api/dynamicSecret/types";

+import { AwsElastiCacheInputForm } from "./AwsElastiCacheInputForm";
 import { AwsIamInputForm } from "./AwsIamInputForm";
 import { CassandraInputForm } from "./CassandraInputForm";
+import { MongoAtlasInputForm } from "./MongoAtlasInputForm";
+import { RedisInputForm } from "./RedisInputForm";
 import { SqlDatabaseInputForm } from "./SqlDatabaseInputForm";

 type Props = {
@ -26,19 +30,34 @@ enum WizardSteps {

 const DYNAMIC_SECRET_LIST = [
  {
-    icon: faDatabase,
+    icon: <FontAwesomeIcon icon={faDatabase} size="lg" />,
    provider: DynamicSecretProviders.SqlDatabase,
    title: "SQL\nDatabase"
  },
  {
-    icon: faDatabase,
+    icon: <SiApachecassandra size="2rem" />,
    provider: DynamicSecretProviders.Cassandra,
    title: "Cassandra"
  },
  {
-    icon: faAws,
+    icon:  <FontAwesomeIcon icon={faDatabase} size="lg" />,
+    provider: DynamicSecretProviders.Redis,
+    title: "Redis"
+  },
+  {
+    icon:  <FontAwesomeIcon icon={faAws} size="lg" />,
+    provider: DynamicSecretProviders.AwsElastiCache,
+    title: "AWS ElastiCache"
+  },
+  {
+    icon: <FontAwesomeIcon icon={faAws} size="lg" />,
    provider: DynamicSecretProviders.AwsIam,
    title: "AWS IAM"
+  },
+  {
+    icon: <SiMongodb size="2rem" />,
+    provider: DynamicSecretProviders.MongoAtlas,
+    title: "Mongo Atlas"
  }
 ];

@ -93,7 +112,7 @@ export const CreateDynamicSecretForm = ({
                      }
                    }}
                  >
-                    <FontAwesomeIcon icon={icon} size="lg" />
+                    {icon}
                    <div className="whitespace-pre-wrap text-center text-sm">{title}</div>
                  </div>
                ))}
@ -118,6 +137,42 @@ export const CreateDynamicSecretForm = ({
                />
              </motion.div>
            )}
+          {wizardStep === WizardSteps.ProviderInputs &&
+            selectedProvider === DynamicSecretProviders.Redis && (
+              <motion.div
+                key="dynamic-redis-step"
+                transition={{ duration: 0.1 }}
+                initial={{ opacity: 0, translateX: 30 }}
+                animate={{ opacity: 1, translateX: 0 }}
+                exit={{ opacity: 0, translateX: -30 }}
+              >
+                <RedisInputForm
+                  onCompleted={handleFormReset}
+                  onCancel={handleFormReset}
+                  projectSlug={projectSlug}
+                  secretPath={secretPath}
+                  environment={environment}
+                />
+              </motion.div>
+            )}
+          {wizardStep === WizardSteps.ProviderInputs &&
+            selectedProvider === DynamicSecretProviders.AwsElastiCache && (
+              <motion.div
+                key="dynamic-aws-elasticache-step"
+                transition={{ duration: 0.1 }}
+                initial={{ opacity: 0, translateX: 30 }}
+                animate={{ opacity: 1, translateX: 0 }}
+                exit={{ opacity: 0, translateX: -30 }}
+              >
+                <AwsElastiCacheInputForm
+                  onCompleted={handleFormReset}
+                  onCancel={handleFormReset}
+                  projectSlug={projectSlug}
+                  secretPath={secretPath}
+                  environment={environment}
+                />
+              </motion.div>
+            )}
          {wizardStep === WizardSteps.ProviderInputs &&
            selectedProvider === DynamicSecretProviders.Cassandra && (
              <motion.div
@ -154,6 +209,24 @@ export const CreateDynamicSecretForm = ({
                />
              </motion.div>
            )}
+          {wizardStep === WizardSteps.ProviderInputs &&
+            selectedProvider === DynamicSecretProviders.MongoAtlas && (
+              <motion.div
+                key="dynamic-atlas-step"
+                transition={{ duration: 0.1 }}
+                initial={{ opacity: 0, translateX: 30 }}
+                animate={{ opacity: 1, translateX: 0 }}
+                exit={{ opacity: 0, translateX: -30 }}
+              >
+                <MongoAtlasInputForm
+                  onCompleted={handleFormReset}
+                  onCancel={handleFormReset}
+                  projectSlug={projectSlug}
+                  secretPath={secretPath}
+                  environment={environment}
+                />
+              </motion.div>
+            )}
        </AnimatePresence>
      </ModalContent>
    </Modal>
--- a/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/MongoAtlasInputForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/MongoAtlasInputForm.tsx
@ -0,0 +1,455 @@
+import { Controller, useFieldArray, useForm } from "react-hook-form";
+import { faPlus, faTrash } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { zodResolver } from "@hookform/resolvers/zod";
+import ms from "ms";
+import { z } from "zod";
+
+import { TtlFormLabel } from "@app/components/features";
+import { createNotification } from "@app/components/notifications";
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+  Button,
+  FormControl,
+  FormLabel,
+  IconButton,
+  Input,
+  Select,
+  SelectItem
+} from "@app/components/v2";
+import { useCreateDynamicSecret } from "@app/hooks/api";
+import { DynamicSecretProviders } from "@app/hooks/api/dynamicSecret/types";
+
+const formSchema = z.object({
+  provider: z.object({
+    adminPublicKey: z.string().trim().min(1),
+    adminPrivateKey: z.string().trim().min(1),
+    groupId: z.string().trim().min(1),
+    roles: z
+      .object({
+        collectionName: z.string().optional(),
+        databaseName: z.string().min(1),
+        roleName: z.string().min(1)
+      })
+      .array()
+      .min(1),
+    scopes: z
+      .object({
+        name: z.string().min(1),
+        type: z.string().min(1)
+      })
+      .array()
+  }),
+  defaultTTL: z.string().superRefine((val, ctx) => {
+    const valMs = ms(val);
+    if (valMs < 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+    // a day
+    if (valMs > 24 * 60 * 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+  }),
+  maxTTL: z
+    .string()
+    .optional()
+    .superRefine((val, ctx) => {
+      if (!val) return;
+      const valMs = ms(val);
+      if (valMs < 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+      // a day
+      if (valMs > 24 * 60 * 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+    }),
+  name: z.string().refine((val) => val.toLowerCase() === val, "Must be lowercase")
+});
+type TForm = z.infer<typeof formSchema>;
+
+type Props = {
+  onCompleted: () => void;
+  onCancel: () => void;
+  secretPath: string;
+  projectSlug: string;
+  environment: string;
+};
+
+const ATLAS_SCOPE_TYPES = [
+  {
+    label: "Cluster",
+    value: "CLUSTER"
+  },
+  {
+    label: "Data Lake",
+    value: "DATA_LAKE"
+  },
+  {
+    label: "Stream",
+    value: "STREAM"
+  }
+];
+
+export const MongoAtlasInputForm = ({
+  onCompleted,
+  onCancel,
+  environment,
+  secretPath,
+  projectSlug
+}: Props) => {
+  const {
+    control,
+    getValues,
+    setValue,
+    formState: { isSubmitting },
+    handleSubmit
+  } = useForm<TForm>({
+    resolver: zodResolver(formSchema),
+    defaultValues: {
+      provider: {
+        roles: [{ databaseName: "", roleName: "" }]
+      }
+    }
+  });
+
+  const roleFields = useFieldArray({
+    control,
+    name: "provider.roles"
+  });
+
+  const scopeFields = useFieldArray({
+    control,
+    name: "provider.scopes"
+  });
+
+  const createDynamicSecret = useCreateDynamicSecret();
+
+  const handleCreateDynamicSecret = async ({ name, maxTTL, provider, defaultTTL }: TForm) => {
+    // wait till previous request is finished
+    if (createDynamicSecret.isLoading) return;
+    try {
+      await createDynamicSecret.mutateAsync({
+        provider: { type: DynamicSecretProviders.MongoAtlas, inputs: provider },
+        maxTTL,
+        name,
+        path: secretPath,
+        defaultTTL,
+        projectSlug,
+        environmentSlug: environment
+      });
+      onCompleted();
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to create dynamic secret"
+      });
+    }
+  };
+
+  return (
+    <div>
+      <form onSubmit={handleSubmit(handleCreateDynamicSecret)} autoComplete="off">
+        <div>
+          <div className="flex items-center space-x-2">
+            <div className="flex-grow">
+              <Controller
+                control={control}
+                defaultValue=""
+                name="name"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Secret Name"
+                    isError={Boolean(error)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} placeholder="dynamic-secret" />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="defaultTTL"
+                defaultValue="1h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Default TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="maxTTL"
+                defaultValue="24h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Max TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+          </div>
+          <div>
+            <div className="mb-4 mt-4 border-b border-mineshaft-500 pb-2 pl-1 font-medium text-mineshaft-200">
+              Configuration
+            </div>
+            <div className="flex flex-col">
+              <div className="flex items-center space-x-2">
+                <Controller
+                  control={control}
+                  name="provider.adminPublicKey"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Admin Public Key"
+                      className="flex-grow"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} placeholder="" />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="provider.adminPrivateKey"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Admin Private Key"
+                      className="flex-grow"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} type="password" />
+                    </FormControl>
+                  )}
+                />
+              </div>
+              <Controller
+                control={control}
+                name="provider.groupId"
+                defaultValue=""
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Group/Project ID"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                    helperText="Unique 24-hexadecimal digit string that identifies your project"
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+              <FormLabel label="Roles" />
+              <div className="mb-3 flex flex-col space-y-2">
+                {roleFields.fields.map(({ id: roleFieldId }, i) => (
+                  <div key={roleFieldId} className="flex items-end space-x-2">
+                    <div className="flex-grow">
+                      {i === 0 && <span className="text-xs text-mineshaft-400">Database Name</span>}
+                      <Controller
+                        control={control}
+                        name={`provider.roles.${i}.databaseName`}
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            className="mb-0"
+                          >
+                            <Input {...field} />
+                          </FormControl>
+                        )}
+                      />
+                    </div>
+                    <div className="flex-grow">
+                      {i === 0 && (
+                        <FormLabel
+                          label="Collection Name"
+                          className="text-xs text-mineshaft-400"
+                          isOptional
+                        />
+                      )}
+                      <Controller
+                        control={control}
+                        name={`provider.roles.${i}.collectionName`}
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            className="mb-0"
+                          >
+                            <Input {...field} />
+                          </FormControl>
+                        )}
+                      />
+                    </div>
+                    <div className="flex-grow">
+                      {i === 0 && (
+                        <FormLabel
+                          label="Role"
+                          className="text-xs text-mineshaft-400"
+                          tooltipClassName="max-w-md whitespace-pre-line"
+                          tooltipText={`Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role. 
+														Built-in: atlasAdmin, backup, clusterMonitor, dbAdmin, dbAdminAnyDatabase, enableSharding, read, readAnyDatabase, readWrite, readWriteAnyDatabase.`}
+                        />
+                      )}
+                      <Controller
+                        control={control}
+                        name={`provider.roles.${i}.roleName`}
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            className="mb-0 flex-grow"
+                          >
+                            <Input {...field} />
+                          </FormControl>
+                        )}
+                      />
+                    </div>
+                    <IconButton
+                      ariaLabel="delete key"
+                      className="bottom-0.5 h-9"
+                      variant="outline_bg"
+                      onClick={() => {
+                        const roles = getValues("provider.roles");
+                        if (roles && roles?.length > 1) {
+                          roleFields.remove(i);
+                        } else {
+                          setValue("provider.roles", [{ databaseName: "", roleName: "" }]);
+                        }
+                      }}
+                    >
+                      <FontAwesomeIcon icon={faTrash} />
+                    </IconButton>
+                  </div>
+                ))}
+                <div>
+                  <Button
+                    leftIcon={<FontAwesomeIcon icon={faPlus} />}
+                    size="xs"
+                    variant="outline_bg"
+                    onClick={() => roleFields.append({ databaseName: "", roleName: "" })}
+                  >
+                    Add Role
+                  </Button>
+                </div>
+              </div>
+              <Accordion type="single" collapsible className="mb-2 w-full bg-mineshaft-700">
+                <AccordionItem value="advance-section">
+                  <AccordionTrigger>Advanced</AccordionTrigger>
+                  <AccordionContent>
+                    <FormLabel
+                      label="Scopes"
+                      isOptional
+                      className="mb-2"
+                      tooltipClassName="max-w-md whitespace-pre-line"
+                      tooltipText="List that contains clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances that this database user can access. If omitted, MongoDB Cloud grants the database user access to all the clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances in the project."
+                    />
+                    <div className="mb-2 flex flex-col space-y-2">
+                      {scopeFields.fields.map(({ id: scopeFieldId }, i) => (
+                        <div key={scopeFieldId} className="flex items-end space-x-2">
+                          <div className="flex-grow">
+                            {i === 0 && (
+                              <FormLabel
+                                label="Label"
+                                className="text-xs text-mineshaft-400"
+                                tooltipClassName="max-w-md whitespace-pre-line"
+                                tooltipText="Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access."
+                              />
+                            )}
+                            <Controller
+                              control={control}
+                              name={`provider.scopes.${i}.name`}
+                              render={({ field, fieldState: { error } }) => (
+                                <FormControl
+                                  isError={Boolean(error?.message)}
+                                  errorText={error?.message}
+                                  className="mb-0 flex-grow"
+                                >
+                                  <Input {...field} placeholder="Cluster or data lake id" />
+                                </FormControl>
+                              )}
+                            />
+                          </div>
+                          <div className="flex-grow">
+                            {i === 0 && <span className="text-xs text-mineshaft-400">Type</span>}
+                            <Controller
+                              control={control}
+                              name={`provider.scopes.${i}.type`}
+                              render={({ field, fieldState: { error } }) => (
+                                <FormControl
+                                  isError={Boolean(error?.message)}
+                                  errorText={error?.message}
+                                  className="mb-0 flex-grow"
+                                >
+                                  <Select
+                                    defaultValue={field.value}
+                                    {...field}
+                                    onValueChange={(e) => field.onChange(e)}
+                                    className="w-full"
+                                  >
+                                    {ATLAS_SCOPE_TYPES.map((el) => (
+                                      <SelectItem value={el.value} key={`atlas-scope-${el.value}`}>
+                                        {el.label}
+                                      </SelectItem>
+                                    ))}
+                                  </Select>
+                                </FormControl>
+                              )}
+                            />
+                          </div>
+                          <IconButton
+                            ariaLabel="delete key"
+                            className="bottom-0.5 h-9"
+                            variant="outline_bg"
+                            onClick={() => {
+                              scopeFields.remove(i);
+                            }}
+                          >
+                            <FontAwesomeIcon icon={faTrash} />
+                          </IconButton>
+                        </div>
+                      ))}
+                      <div>
+                        <Button
+                          leftIcon={<FontAwesomeIcon icon={faPlus} />}
+                          size="xs"
+                          variant="outline_bg"
+                          onClick={() =>
+                            scopeFields.append({ name: "", type: ATLAS_SCOPE_TYPES[0].value })
+                          }
+                        >
+                          Add Scope
+                        </Button>
+                      </div>
+                    </div>
+                  </AccordionContent>
+                </AccordionItem>
+              </Accordion>
+            </div>
+          </div>
+        </div>
+        <div className="mt-4 flex items-center space-x-4">
+          <Button type="submit" isLoading={isSubmitting}>
+            Submit
+          </Button>
+          <Button variant="outline_bg" onClick={onCancel}>
+            Cancel
+          </Button>
+        </div>
+      </form>
+    </div>
+  );
+};
--- a/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/RedisInputForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/RedisInputForm.tsx
@ -0,0 +1,331 @@
+import { Controller, useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import ms from "ms";
+import { z } from "zod";
+
+import { TtlFormLabel } from "@app/components/features";
+import { createNotification } from "@app/components/notifications";
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+  Button,
+  FormControl,
+  Input,
+  SecretInput,
+  TextArea
+} from "@app/components/v2";
+import { useCreateDynamicSecret } from "@app/hooks/api";
+import { DynamicSecretProviders } from "@app/hooks/api/dynamicSecret/types";
+
+const formSchema = z.object({
+  provider: z.object({
+    host: z.string().toLowerCase().min(1),
+    port: z.coerce.number(),
+    username: z.string().min(1),
+    password: z.string().min(1).optional(),
+    creationStatement: z.string().min(1),
+    renewStatement: z.string().optional(),
+    revocationStatement: z.string().min(1),
+    ca: z.string().optional()
+  }),
+  defaultTTL: z.string().superRefine((val, ctx) => {
+    const valMs = ms(val);
+    if (valMs < 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+    // a day
+    if (valMs > 24 * 60 * 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+  }),
+  maxTTL: z
+    .string()
+    .optional()
+    .superRefine((val, ctx) => {
+      if (!val) return;
+      const valMs = ms(val);
+      if (valMs < 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+      // a day
+      if (valMs > 24 * 60 * 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+    }),
+  name: z.string().refine((val) => val.toLowerCase() === val, "Must be lowercase")
+});
+type TForm = z.infer<typeof formSchema>;
+
+type Props = {
+  onCompleted: () => void;
+  onCancel: () => void;
+  secretPath: string;
+  projectSlug: string;
+  environment: string;
+};
+
+export const RedisInputForm = ({
+  onCompleted,
+  onCancel,
+  environment,
+  secretPath,
+  projectSlug
+}: Props) => {
+  const {
+    control,
+    formState: { isSubmitting },
+    handleSubmit
+  } = useForm<TForm>({
+    resolver: zodResolver(formSchema),
+    defaultValues: {
+      provider: {
+        username: "default",
+        port: 6379,
+        creationStatement: "ACL SETUSER {{username}} on >{{password}} ~* &* +@all",
+        revocationStatement: "ACL DELUSER {{username}}"
+      }
+    }
+  });
+
+  const createDynamicSecret = useCreateDynamicSecret();
+
+  const handleCreateDynamicSecret = async ({ name, maxTTL, provider, defaultTTL }: TForm) => {
+    // wait till previous request is finished
+    if (createDynamicSecret.isLoading) return;
+    try {
+      await createDynamicSecret.mutateAsync({
+        provider: { type: DynamicSecretProviders.Redis, inputs: provider },
+        maxTTL,
+        name,
+        path: secretPath,
+        defaultTTL,
+        projectSlug,
+        environmentSlug: environment
+      });
+      onCompleted();
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to create dynamic secret"
+      });
+    }
+  };
+
+  return (
+    <div>
+      <form onSubmit={handleSubmit(handleCreateDynamicSecret)} autoComplete="off">
+        <div>
+          <div className="flex items-center space-x-2">
+            <div className="flex-grow">
+              <Controller
+                control={control}
+                defaultValue=""
+                name="name"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Secret Name"
+                    isError={Boolean(error)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} placeholder="dynamic-secret" />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="defaultTTL"
+                defaultValue="1h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Default TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="maxTTL"
+                defaultValue="24h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Max TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+          </div>
+          <div>
+            <div className="mb-4 mt-4 border-b border-mineshaft-500 pb-2 pl-1 font-medium text-mineshaft-200">
+              Configuration
+            </div>
+            <div className="flex flex-col">
+              <div className="flex items-center space-x-2">
+                <Controller
+                  control={control}
+                  name="provider.host"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Host"
+                      className="flex-grow"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="provider.port"
+                  defaultValue={5432}
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Port"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} type="number" />
+                    </FormControl>
+                  )}
+                />
+              </div>
+              <div className="flex w-full items-center space-x-2">
+                <Controller
+                  control={control}
+                  name="provider.username"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="User"
+                      className="w-full"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} autoComplete="off" />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="provider.password"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      tooltipText="Required if your Redis instance is password protected."
+                      label="Password"
+                      className="w-full"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} type="password" autoComplete="new-password" />
+                    </FormControl>
+                  )}
+                />
+              </div>
+              <div>
+                <Controller
+                  control={control}
+                  name="provider.ca"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      isOptional
+                      label="CA(SSL)"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <SecretInput
+                        {...field}
+                        containerClassName="text-bunker-300 hover:border-primary-400/50 border border-mineshaft-600 bg-mineshaft-900 px-2 py-1.5"
+                      />
+                    </FormControl>
+                  )}
+                />
+                <Accordion type="single" collapsible className="mb-2 w-full bg-mineshaft-700">
+                  <AccordionItem value="advance-statements">
+                    <AccordionTrigger>Modify Redis Statements</AccordionTrigger>
+                    <AccordionContent>
+                      <Controller
+                        control={control}
+                        name="provider.creationStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Creation Statement"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            helperText="username, password and expiration are dynamically provisioned"
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                      <Controller
+                        control={control}
+                        name="provider.revocationStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Revocation Statement"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            helperText="username is dynamically provisioned"
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                      <Controller
+                        control={control}
+                        name="provider.renewStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Renew Statement"
+                            helperText="username and expiration are dynamically provisioned"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                    </AccordionContent>
+                  </AccordionItem>
+                </Accordion>
+              </div>
+            </div>
+          </div>
+        </div>
+        <div className="mt-4 flex items-center space-x-4">
+          <Button type="submit" isLoading={isSubmitting}>
+            Submit
+          </Button>
+          <Button variant="outline_bg" onClick={onCancel}>
+            Cancel
+          </Button>
+        </div>
+      </form>
+    </div>
+  );
+};
--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/CreateDynamicSecretLease.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/CreateDynamicSecretLease.tsx
@ -1,3 +1,4 @@
+import { ReactNode } from "react";
 import { Controller, useForm } from "react-hook-form";
 import { faCheck, faCopy } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
@ -20,7 +21,7 @@ const OutputDisplay = ({
 }: {
  value: string;
  label: string;
-  helperText?: string;
+  helperText?: ReactNode;
 }) => {
  const [copyText, isCopying, setCopyText] = useTimedReset<string>({
    initialState: "Copy to clipboard"
@ -56,7 +57,8 @@ const OutputDisplay = ({
 const renderOutputForm = (provider: DynamicSecretProviders, data: unknown) => {
  if (
    provider === DynamicSecretProviders.SqlDatabase ||
-    provider === DynamicSecretProviders.Cassandra
+    provider === DynamicSecretProviders.Cassandra ||
+    provider === DynamicSecretProviders.MongoAtlas
  ) {
    const { DB_PASSWORD, DB_USERNAME } = data as { DB_USERNAME: string; DB_PASSWORD: string };
    return (
@ -89,6 +91,54 @@ const renderOutputForm = (provider: DynamicSecretProviders, data: unknown) => {
      </div>
    );
  }
+
+  if (provider === DynamicSecretProviders.Redis) {
+    const { DB_USERNAME, DB_PASSWORD } = data as {
+      DB_USERNAME: string;
+      DB_PASSWORD: string;
+    };
+
+    return (
+      <div>
+        <OutputDisplay label="Redis Username" value={DB_USERNAME} />
+        <OutputDisplay
+          label="Redis Password"
+          value={DB_PASSWORD}
+          helperText="Important: Copy these credentials now. You will not be able to see them again after you close the modal."
+        />
+      </div>
+    );
+  }
+
+  if (provider === DynamicSecretProviders.AwsElastiCache) {
+    const { DB_USERNAME, DB_PASSWORD } = data as {
+      DB_USERNAME: string;
+      DB_PASSWORD: string;
+    };
+
+    return (
+      <div>
+        <OutputDisplay label="Cluster Username" value={DB_USERNAME} />
+        <OutputDisplay
+          label="Cluster Password"
+          value={DB_PASSWORD}
+          helperText={
+            <div className="space-y-4">
+              <p>
+                Important: Copy these credentials now. You will not be able to see them again after
+                you close the modal.
+              </p>
+              <p className="font-medium">
+                Please note that it may take a few minutes before the credentials are available for
+                use.
+              </p>
+            </div>
+          }
+        />
+      </div>
+    );
+  }
+
  return null;
 };

--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretAwsElastiCacheProviderForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretAwsElastiCacheProviderForm.tsx
@ -0,0 +1,319 @@
+import { Controller, useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import ms from "ms";
+import { z } from "zod";
+
+import { TtlFormLabel } from "@app/components/features";
+import { createNotification } from "@app/components/notifications";
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+  Button,
+  FormControl,
+  Input,
+  SecretInput,
+  TextArea
+} from "@app/components/v2";
+import { useUpdateDynamicSecret } from "@app/hooks/api";
+import { TDynamicSecret } from "@app/hooks/api/dynamicSecret/types";
+
+const formSchema = z.object({
+  inputs: z
+    .object({
+      clusterName: z.string().trim().min(1),
+      accessKeyId: z.string().trim().min(1),
+      secretAccessKey: z.string().trim().min(1),
+
+      region: z.string().trim(),
+      creationStatement: z.string().trim(),
+      revocationStatement: z.string().trim(),
+      ca: z.string().optional()
+    })
+    .partial(),
+  defaultTTL: z.string().superRefine((val, ctx) => {
+    const valMs = ms(val);
+    if (valMs < 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+    // a day
+    if (valMs > 24 * 60 * 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+  }),
+  maxTTL: z
+    .string()
+    .optional()
+    .superRefine((val, ctx) => {
+      if (!val) return;
+      const valMs = ms(val);
+      if (valMs < 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+      // a day
+      if (valMs > 24 * 60 * 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+    })
+    .nullable(),
+  newName: z
+    .string()
+    .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+    .optional()
+});
+type TForm = z.infer<typeof formSchema>;
+
+type Props = {
+  onClose: () => void;
+  dynamicSecret: TDynamicSecret & { inputs: unknown };
+  secretPath: string;
+  environment: string;
+  projectSlug: string;
+};
+
+export const EditDynamicSecretAwsElastiCacheProviderForm = ({
+  onClose,
+  dynamicSecret,
+  environment,
+  secretPath,
+  projectSlug
+}: Props) => {
+  const {
+    control,
+    formState: { isSubmitting },
+    handleSubmit
+  } = useForm<TForm>({
+    resolver: zodResolver(formSchema),
+    values: {
+      defaultTTL: dynamicSecret.defaultTTL,
+      maxTTL: dynamicSecret.maxTTL,
+      newName: dynamicSecret.name,
+      inputs: {
+        ...(dynamicSecret.inputs as TForm["inputs"])
+      }
+    }
+  });
+
+  const updateDynamicSecret = useUpdateDynamicSecret();
+
+  const handleUpdateDynamicSecret = async ({ inputs, maxTTL, defaultTTL, newName }: TForm) => {
+    // wait till previous request is finished
+    if (updateDynamicSecret.isLoading) return;
+    try {
+      await updateDynamicSecret.mutateAsync({
+        name: dynamicSecret.name,
+        path: secretPath,
+        projectSlug,
+        environmentSlug: environment,
+        data: {
+          maxTTL: maxTTL || undefined,
+          defaultTTL,
+          inputs,
+          newName: newName === dynamicSecret.name ? undefined : newName
+        }
+      });
+      onClose();
+      createNotification({
+        type: "success",
+        text: "Successfully updated dynamic secret"
+      });
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to update dynamic secret"
+      });
+    }
+  };
+
+  return (
+    <div>
+      <form onSubmit={handleSubmit(handleUpdateDynamicSecret)} autoComplete="off">
+        <div className="flex items-center space-x-2">
+          <div className="flex-grow">
+            <Controller
+              control={control}
+              name="newName"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label="Secret Name"
+                  isError={Boolean(error)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} placeholder="DYN-1" />
+                </FormControl>
+              )}
+            />
+          </div>
+          <div className="w-32">
+            <Controller
+              control={control}
+              name="defaultTTL"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label={<TtlFormLabel label="Default TTL" />}
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} />
+                </FormControl>
+              )}
+            />
+          </div>
+          <div className="w-32">
+            <Controller
+              control={control}
+              name="maxTTL"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label={<TtlFormLabel label="Max TTL" />}
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} value={field.value || ""} />
+                </FormControl>
+              )}
+            />
+          </div>
+        </div>
+        <div>
+          <div className="mb-4 mt-4 border-b border-mineshaft-500 pb-2 pl-1 font-medium text-mineshaft-200">
+            Configuration
+          </div>
+          <div className="flex flex-col">
+            <div className="flex items-center space-x-2">
+              <Controller
+                control={control}
+                name="inputs.clusterName"
+                defaultValue=""
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Cluster name"
+                    className="flex-grow"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} placeholder="redis-oss-cluster" />
+                  </FormControl>
+                )}
+              />
+              <Controller
+                control={control}
+                defaultValue=""
+                name="inputs.region"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Region"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input placeholder="us-east-1" {...field} type="text" />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="flex w-full items-center space-x-2">
+              <Controller
+                control={control}
+                name="inputs.accessKeyId"
+                defaultValue=""
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Access Key ID"
+                    className="w-full"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} autoComplete="off" />
+                  </FormControl>
+                )}
+              />
+              <Controller
+                control={control}
+                name="inputs.secretAccessKey"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Secret Access Key"
+                    className="w-full"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} type="password" autoComplete="new-password" />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div>
+              <Controller
+                control={control}
+                name="inputs.ca"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    isOptional
+                    label="CA(SSL)"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <SecretInput
+                      {...field}
+                      containerClassName="text-bunker-300 hover:border-primary-400/50 border border-mineshaft-600 bg-mineshaft-900 px-2 py-1.5"
+                    />
+                  </FormControl>
+                )}
+              />
+              <Accordion type="single" collapsible className="mb-2 w-full bg-mineshaft-700">
+                <AccordionItem value="advance-statements">
+                  <AccordionTrigger>Modify ElastiCache Statements</AccordionTrigger>
+                  <AccordionContent>
+                    <Controller
+                      control={control}
+                      name="inputs.creationStatement"
+                      render={({ field, fieldState: { error } }) => (
+                        <FormControl
+                          label="Creation Statement"
+                          isError={Boolean(error?.message)}
+                          errorText={error?.message}
+                          helperText="username, password and expiration are dynamically provisioned"
+                        >
+                          <TextArea
+                            {...field}
+                            reSize="none"
+                            rows={3}
+                            className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                          />
+                        </FormControl>
+                      )}
+                    />
+                    <Controller
+                      control={control}
+                      name="inputs.revocationStatement"
+                      render={({ field, fieldState: { error } }) => (
+                        <FormControl
+                          label="Revocation Statement"
+                          isError={Boolean(error?.message)}
+                          errorText={error?.message}
+                          helperText="username is dynamically provisioned"
+                        >
+                          <TextArea
+                            {...field}
+                            reSize="none"
+                            rows={3}
+                            className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                          />
+                        </FormControl>
+                      )}
+                    />
+                  </AccordionContent>
+                </AccordionItem>
+              </Accordion>
+            </div>
+          </div>
+        </div>
+        <div className="mt-4 flex items-center space-x-4">
+          <Button type="submit" isLoading={isSubmitting}>
+            Save
+          </Button>
+          <Button variant="outline_bg" onClick={onClose}>
+            Cancel
+          </Button>
+        </div>
+      </form>
+    </div>
+  );
+};
--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretForm.tsx
@ -4,8 +4,11 @@ import { Spinner } from "@app/components/v2";
 import { useGetDynamicSecretDetails } from "@app/hooks/api";
 import { DynamicSecretProviders } from "@app/hooks/api/dynamicSecret/types";

+import { EditDynamicSecretAwsElastiCacheProviderForm } from "./EditDynamicSecretAwsElastiCacheProviderForm";
 import { EditDynamicSecretAwsIamForm } from "./EditDynamicSecretAwsIamForm";
 import { EditDynamicSecretCassandraForm } from "./EditDynamicSecretCassandraForm";
+import { EditDynamicSecretMongoAtlasForm } from "./EditDynamicSecretMongoAtlasForm";
+import { EditDynamicSecretRedisProviderForm } from "./EditDynamicSecretRedisProviderForm";
 import { EditDynamicSecretSqlProviderForm } from "./EditDynamicSecretSqlProviderForm";

 type Props = {
@ -92,6 +95,57 @@ export const EditDynamicSecretForm = ({
          />
        </motion.div>
      )}
+      {dynamicSecretDetails?.type === DynamicSecretProviders.Redis && (
+        <motion.div
+          key="redis-provider-edit"
+          transition={{ duration: 0.1 }}
+          initial={{ opacity: 0, translateX: 30 }}
+          animate={{ opacity: 1, translateX: 0 }}
+          exit={{ opacity: 0, translateX: -30 }}
+        >
+          <EditDynamicSecretRedisProviderForm
+            onClose={onClose}
+            projectSlug={projectSlug}
+            secretPath={secretPath}
+            dynamicSecret={dynamicSecretDetails}
+            environment={environment}
+          />
+        </motion.div>
+      )}
+      {dynamicSecretDetails?.type === DynamicSecretProviders.AwsElastiCache && (
+        <motion.div
+          key="redis-provider-edit"
+          transition={{ duration: 0.1 }}
+          initial={{ opacity: 0, translateX: 30 }}
+          animate={{ opacity: 1, translateX: 0 }}
+          exit={{ opacity: 0, translateX: -30 }}
+        >
+          <EditDynamicSecretAwsElastiCacheProviderForm
+            onClose={onClose}
+            projectSlug={projectSlug}
+            secretPath={secretPath}
+            dynamicSecret={dynamicSecretDetails}
+            environment={environment}
+          />
+        </motion.div>
+      )}
+      {dynamicSecretDetails?.type === DynamicSecretProviders.MongoAtlas && (
+        <motion.div
+          key="mongo-atlas-edit"
+          transition={{ duration: 0.1 }}
+          initial={{ opacity: 0, translateX: 30 }}
+          animate={{ opacity: 1, translateX: 0 }}
+          exit={{ opacity: 0, translateX: -30 }}
+        >
+          <EditDynamicSecretMongoAtlasForm
+            onClose={onClose}
+            projectSlug={projectSlug}
+            secretPath={secretPath}
+            dynamicSecret={dynamicSecretDetails}
+            environment={environment}
+          />
+        </motion.div>
+      )}
    </AnimatePresence>
  );
 };
--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretMongoAtlasForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretMongoAtlasForm.tsx
@ -0,0 +1,466 @@
+import { Controller, useFieldArray, useForm } from "react-hook-form";
+import { faPlus, faTrash } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { zodResolver } from "@hookform/resolvers/zod";
+import ms from "ms";
+import { z } from "zod";
+
+import { TtlFormLabel } from "@app/components/features";
+import { createNotification } from "@app/components/notifications";
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+  Button,
+  FormControl,
+  FormLabel,
+  IconButton,
+  Input,
+  Select,
+  SelectItem
+} from "@app/components/v2";
+import { useUpdateDynamicSecret } from "@app/hooks/api";
+import { TDynamicSecret } from "@app/hooks/api/dynamicSecret/types";
+
+const formSchema = z.object({
+  inputs: z
+    .object({
+      adminPublicKey: z.string().trim().min(1),
+      adminPrivateKey: z.string().trim().min(1),
+      groupId: z.string().trim().min(1),
+      roles: z
+        .object({
+          collectionName: z.string().optional(),
+          databaseName: z.string().min(1),
+          roleName: z.string().min(1)
+        })
+        .array()
+        .min(1),
+      scopes: z
+        .object({
+          name: z.string().min(1),
+          type: z.string().min(1)
+        })
+        .array()
+    })
+    .partial(),
+  defaultTTL: z.string().superRefine((val, ctx) => {
+    const valMs = ms(val);
+    if (valMs < 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+    // a day
+    if (valMs > 24 * 60 * 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+  }),
+  maxTTL: z
+    .string()
+    .optional()
+    .superRefine((val, ctx) => {
+      if (!val) return;
+      const valMs = ms(val);
+      if (valMs < 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+      // a day
+      if (valMs > 24 * 60 * 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+    })
+    .nullable(),
+  newName: z
+    .string()
+    .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+    .optional()
+});
+type TForm = z.infer<typeof formSchema>;
+
+type Props = {
+  onClose: () => void;
+  dynamicSecret: TDynamicSecret & { inputs: unknown };
+  secretPath: string;
+  environment: string;
+  projectSlug: string;
+};
+
+const ATLAS_SCOPE_TYPES = [
+  {
+    label: "Cluster",
+    value: "CLUSTER"
+  },
+  {
+    label: "Data Lake",
+    value: "DATA_LAKE"
+  },
+  {
+    label: "Stream",
+    value: "STREAM"
+  }
+];
+
+export const EditDynamicSecretMongoAtlasForm = ({
+  onClose,
+  dynamicSecret,
+  environment,
+  secretPath,
+  projectSlug
+}: Props) => {
+  const {
+    control,
+    getValues,
+    setValue,
+    formState: { isSubmitting },
+    handleSubmit
+  } = useForm<TForm>({
+    resolver: zodResolver(formSchema),
+    values: {
+      defaultTTL: dynamicSecret.defaultTTL,
+      maxTTL: dynamicSecret.maxTTL,
+      newName: dynamicSecret.name,
+      inputs: {
+        ...(dynamicSecret.inputs as TForm["inputs"])
+      }
+    }
+  });
+
+  const roleFields = useFieldArray({
+    control,
+    name: "inputs.roles"
+  });
+
+  const scopeFields = useFieldArray({
+    control,
+    name: "inputs.scopes"
+  });
+
+  const updateDynamicSecret = useUpdateDynamicSecret();
+
+  const handleUpdateDynamicSecret = async ({ inputs, maxTTL, defaultTTL, newName }: TForm) => {
+    // wait till previous request is finished
+    if (updateDynamicSecret.isLoading) return;
+    try {
+      await updateDynamicSecret.mutateAsync({
+        name: dynamicSecret.name,
+        path: secretPath,
+        projectSlug,
+        environmentSlug: environment,
+        data: {
+          maxTTL: maxTTL || undefined,
+          defaultTTL,
+          inputs,
+          newName: newName === dynamicSecret.name ? undefined : newName
+        }
+      });
+      onClose();
+      createNotification({
+        type: "success",
+        text: "Successfully updated dynamic secret"
+      });
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to update dynamic secret"
+      });
+    }
+  };
+
+  return (
+    <div>
+      <form onSubmit={handleSubmit(handleUpdateDynamicSecret)} autoComplete="off">
+        <div className="flex items-center space-x-2">
+          <div className="flex-grow">
+            <Controller
+              control={control}
+              name="newName"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label="Secret Name"
+                  isError={Boolean(error)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} placeholder="DYN-1" />
+                </FormControl>
+              )}
+            />
+          </div>
+          <div className="w-32">
+            <Controller
+              control={control}
+              name="defaultTTL"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label={<TtlFormLabel label="Default TTL" />}
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} />
+                </FormControl>
+              )}
+            />
+          </div>
+          <div className="w-32">
+            <Controller
+              control={control}
+              name="maxTTL"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label={<TtlFormLabel label="Max TTL" />}
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} value={field.value || ""} />
+                </FormControl>
+              )}
+            />
+          </div>
+        </div>
+        <div>
+          <div className="mb-4 mt-4 border-b border-mineshaft-500 pb-2 pl-1 font-medium text-mineshaft-200">
+            Configuration
+          </div>
+          <div className="flex flex-col">
+            <div className="flex items-center space-x-2">
+              <Controller
+                control={control}
+                name="inputs.adminPublicKey"
+                defaultValue=""
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Admin Public Key"
+                    className="flex-grow"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} placeholder="" />
+                  </FormControl>
+                )}
+              />
+              <Controller
+                control={control}
+                name="inputs.adminPrivateKey"
+                defaultValue=""
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Admin Private Key"
+                    className="flex-grow"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} type="password" />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <Controller
+              control={control}
+              name="inputs.groupId"
+              defaultValue=""
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label="Group/Project ID"
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                  helperText="Unique 24-hexadecimal digit string that identifies your project"
+                >
+                  <Input {...field} />
+                </FormControl>
+              )}
+            />
+            <FormLabel label="Roles" />
+            <div className="mb-3 flex flex-col space-y-2">
+              {roleFields.fields.map(({ id: roleFieldId }, i) => (
+                <div key={roleFieldId} className="flex items-end space-x-2">
+                  <div className="flex-grow">
+                    {i === 0 && <span className="text-xs text-mineshaft-400">Database Name</span>}
+                    <Controller
+                      control={control}
+                      name={`inputs.roles.${i}.databaseName`}
+                      render={({ field, fieldState: { error } }) => (
+                        <FormControl
+                          isError={Boolean(error?.message)}
+                          errorText={error?.message}
+                          className="mb-0"
+                        >
+                          <Input {...field} />
+                        </FormControl>
+                      )}
+                    />
+                  </div>
+                  <div className="flex-grow">
+                    {i === 0 && (
+                      <FormLabel
+                        label="Collection Name"
+                        className="text-xs text-mineshaft-400"
+                        isOptional
+                      />
+                    )}
+                    <Controller
+                      control={control}
+                      name={`inputs.roles.${i}.collectionName`}
+                      render={({ field, fieldState: { error } }) => (
+                        <FormControl
+                          isError={Boolean(error?.message)}
+                          errorText={error?.message}
+                          className="mb-0"
+                        >
+                          <Input {...field} />
+                        </FormControl>
+                      )}
+                    />
+                  </div>
+                  <div className="flex-grow">
+                    {i === 0 && (
+                      <FormLabel
+                        label="Role"
+                        className="text-xs text-mineshaft-400"
+                        tooltipClassName="max-w-md whitespace-pre-line"
+                        tooltipText={`Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role. 
+														Built-in: atlasAdmin, backup, clusterMonitor, dbAdmin, dbAdminAnyDatabase, enableSharding, read, readAnyDatabase, readWrite, readWriteAnyDatabase.`}
+                      />
+                    )}
+                    <Controller
+                      control={control}
+                      name={`inputs.roles.${i}.roleName`}
+                      render={({ field, fieldState: { error } }) => (
+                        <FormControl
+                          isError={Boolean(error?.message)}
+                          errorText={error?.message}
+                          className="mb-0 flex-grow"
+                        >
+                          <Input {...field} />
+                        </FormControl>
+                      )}
+                    />
+                  </div>
+                  <IconButton
+                    ariaLabel="delete key"
+                    className="bottom-0.5 h-9"
+                    variant="outline_bg"
+                    onClick={() => {
+                      const roles = getValues("inputs.roles");
+                      if (roles && roles?.length > 1) {
+                        roleFields.remove(i);
+                      } else {
+                        setValue("inputs.roles", [{ databaseName: "", roleName: "" }]);
+                      }
+                    }}
+                  >
+                    <FontAwesomeIcon icon={faTrash} />
+                  </IconButton>
+                </div>
+              ))}
+              <div>
+                <Button
+                  leftIcon={<FontAwesomeIcon icon={faPlus} />}
+                  size="xs"
+                  variant="outline_bg"
+                  onClick={() => roleFields.append({ databaseName: "", roleName: "" })}
+                >
+                  Add Role
+                </Button>
+              </div>
+            </div>
+            <Accordion type="single" collapsible className="mb-2 w-full bg-mineshaft-700">
+              <AccordionItem value="advance-section">
+                <AccordionTrigger>Advanced</AccordionTrigger>
+                <AccordionContent>
+                  <FormLabel
+                    label="Scopes"
+                    isOptional
+                    className="mb-2"
+                    tooltipClassName="max-w-md whitespace-pre-line"
+                    tooltipText="List that contains clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances that this database user can access. If omitted, MongoDB Cloud grants the database user access to all the clusters, MongoDB Atlas Data Lakes, and MongoDB Atlas Streams Instances in the project."
+                  />
+                  <div className="mb-2 flex flex-col space-y-2">
+                    {scopeFields.fields.map(({ id: scopeFieldId }, i) => (
+                      <div key={scopeFieldId} className="flex items-end space-x-2">
+                        <div className="flex-grow">
+                          {i === 0 && (
+                            <FormLabel
+                              label="Label"
+                              className="text-xs text-mineshaft-400"
+                              tooltipClassName="max-w-md whitespace-pre-line"
+                              tooltipText="Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access."
+                            />
+                          )}
+                          <Controller
+                            control={control}
+                            name={`inputs.scopes.${i}.name`}
+                            render={({ field, fieldState: { error } }) => (
+                              <FormControl
+                                isError={Boolean(error?.message)}
+                                errorText={error?.message}
+                                className="mb-0 flex-grow"
+                              >
+                                <Input {...field} placeholder="Cluster or data lake id" />
+                              </FormControl>
+                            )}
+                          />
+                        </div>
+                        <div className="flex-grow">
+                          {i === 0 && <span className="text-xs text-mineshaft-400">Type</span>}
+                          <Controller
+                            control={control}
+                            name={`inputs.scopes.${i}.type`}
+                            render={({ field, fieldState: { error } }) => (
+                              <FormControl
+                                isError={Boolean(error?.message)}
+                                errorText={error?.message}
+                                className="mb-0 flex-grow"
+                              >
+                                <Select
+                                  defaultValue={field.value}
+                                  {...field}
+                                  onValueChange={(e) => field.onChange(e)}
+                                  className="w-full"
+                                >
+                                  {ATLAS_SCOPE_TYPES.map((el) => (
+                                    <SelectItem value={el.value} key={`atlas-scope-${el.value}`}>
+                                      {el.label}
+                                    </SelectItem>
+                                  ))}
+                                </Select>
+                              </FormControl>
+                            )}
+                          />
+                        </div>
+                        <IconButton
+                          ariaLabel="delete key"
+                          className="bottom-0.5 h-9"
+                          variant="outline_bg"
+                          onClick={() => {
+                            scopeFields.remove(i);
+                          }}
+                        >
+                          <FontAwesomeIcon icon={faTrash} />
+                        </IconButton>
+                      </div>
+                    ))}
+                    <div>
+                      <Button
+                        leftIcon={<FontAwesomeIcon icon={faPlus} />}
+                        size="xs"
+                        variant="outline_bg"
+                        onClick={() =>
+                          scopeFields.append({ name: "", type: ATLAS_SCOPE_TYPES[0].value })
+                        }
+                      >
+                        Add Scope
+                      </Button>
+                    </div>
+                  </div>
+                </AccordionContent>
+              </AccordionItem>
+            </Accordion>
+          </div>
+        </div>
+        <div className="mt-4 flex items-center space-x-4">
+          <Button type="submit" isLoading={isSubmitting}>
+            Save
+          </Button>
+          <Button variant="outline_bg" onClick={onClose}>
+            Cancel
+          </Button>
+        </div>
+      </form>
+    </div>
+  );
+};
--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretRedisProviderForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretRedisProviderForm.tsx
@ -0,0 +1,338 @@
+import { Controller, useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import ms from "ms";
+import { z } from "zod";
+
+import { TtlFormLabel } from "@app/components/features";
+import { createNotification } from "@app/components/notifications";
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+  Button,
+  FormControl,
+  Input,
+  SecretInput,
+  TextArea
+} from "@app/components/v2";
+import { useUpdateDynamicSecret } from "@app/hooks/api";
+import { TDynamicSecret } from "@app/hooks/api/dynamicSecret/types";
+
+const formSchema = z.object({
+  inputs: z
+    .object({
+      host: z.string().toLowerCase().min(1),
+      port: z.coerce.number(),
+      username: z.string().min(1),
+      password: z.string().min(1).optional(),
+
+      creationStatement: z.string().min(1),
+      renewStatement: z.string().optional(),
+      revocationStatement: z.string().min(1),
+      ca: z.string().optional()
+    })
+    .partial(),
+  defaultTTL: z.string().superRefine((val, ctx) => {
+    const valMs = ms(val);
+    if (valMs < 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+    // a day
+    if (valMs > 24 * 60 * 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+  }),
+  maxTTL: z
+    .string()
+    .optional()
+    .superRefine((val, ctx) => {
+      if (!val) return;
+      const valMs = ms(val);
+      if (valMs < 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+      // a day
+      if (valMs > 24 * 60 * 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+    })
+    .nullable(),
+  newName: z
+    .string()
+    .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+    .optional()
+});
+type TForm = z.infer<typeof formSchema>;
+
+type Props = {
+  onClose: () => void;
+  dynamicSecret: TDynamicSecret & { inputs: unknown };
+  secretPath: string;
+  environment: string;
+  projectSlug: string;
+};
+
+export const EditDynamicSecretRedisProviderForm = ({
+  onClose,
+  dynamicSecret,
+  environment,
+  secretPath,
+  projectSlug
+}: Props) => {
+  const {
+    control,
+    formState: { isSubmitting },
+    handleSubmit
+  } = useForm<TForm>({
+    resolver: zodResolver(formSchema),
+    values: {
+      defaultTTL: dynamicSecret.defaultTTL,
+      maxTTL: dynamicSecret.maxTTL,
+      newName: dynamicSecret.name,
+      inputs: {
+        ...(dynamicSecret.inputs as TForm["inputs"])
+      }
+    }
+  });
+
+  const updateDynamicSecret = useUpdateDynamicSecret();
+
+  const handleUpdateDynamicSecret = async ({ inputs, maxTTL, defaultTTL, newName }: TForm) => {
+    // wait till previous request is finished
+    if (updateDynamicSecret.isLoading) return;
+    try {
+      await updateDynamicSecret.mutateAsync({
+        name: dynamicSecret.name,
+        path: secretPath,
+        projectSlug,
+        environmentSlug: environment,
+        data: {
+          maxTTL: maxTTL || undefined,
+          defaultTTL,
+          inputs,
+          newName: newName === dynamicSecret.name ? undefined : newName
+        }
+      });
+      onClose();
+      createNotification({
+        type: "success",
+        text: "Successfully updated dynamic secret"
+      });
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to update dynamic secret"
+      });
+    }
+  };
+
+  return (
+    <div>
+      <form onSubmit={handleSubmit(handleUpdateDynamicSecret)} autoComplete="off">
+        <div className="flex items-center space-x-2">
+          <div className="flex-grow">
+            <Controller
+              control={control}
+              name="newName"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label="Secret Name"
+                  isError={Boolean(error)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} placeholder="DYN-1" />
+                </FormControl>
+              )}
+            />
+          </div>
+          <div className="w-32">
+            <Controller
+              control={control}
+              name="defaultTTL"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label={<TtlFormLabel label="Default TTL" />}
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} />
+                </FormControl>
+              )}
+            />
+          </div>
+          <div className="w-32">
+            <Controller
+              control={control}
+              name="maxTTL"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label={<TtlFormLabel label="Max TTL" />}
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} value={field.value || ""} />
+                </FormControl>
+              )}
+            />
+          </div>
+        </div>
+        <div>
+          <div className="mb-4 mt-4 border-b border-mineshaft-500 pb-2 pl-1 font-medium text-mineshaft-200">
+            Configuration
+          </div>
+          <div className="flex flex-col">
+            <Controller
+              control={control}
+              name="inputs.host"
+              defaultValue=""
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label="Host"
+                  className="flex-grow"
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} />
+                </FormControl>
+              )}
+            />
+            <Controller
+              control={control}
+              name="inputs.port"
+              defaultValue={6379}
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label="Port"
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} type="number" />
+                </FormControl>
+              )}
+            />
+          </div>
+          <div className="flex space-x-2">
+            <Controller
+              control={control}
+              name="inputs.username"
+              defaultValue=""
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label="Username"
+                  className="w-full"
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} autoComplete="off" />
+                </FormControl>
+              )}
+            />
+            <Controller
+              control={control}
+              name="inputs.password"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  className="w-full"
+                  tooltipText="Required if your Redis server is password protected."
+                  label="Username"
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} type="password" autoComplete="new-password" />
+                </FormControl>
+              )}
+            />
+          </div>
+          <div>
+            <Controller
+              control={control}
+              name="inputs.ca"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  isOptional
+                  label="CA(SSL)"
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <SecretInput
+                    {...field}
+                    containerClassName="text-bunker-300 hover:border-primary-400/50 border border-mineshaft-600 bg-mineshaft-900 px-2 py-1.5"
+                  />
+                </FormControl>
+              )}
+            />
+            <Accordion type="single" collapsible className="mb-2 w-full bg-mineshaft-700">
+              <AccordionItem value="advance-statements">
+                <AccordionTrigger>Modify Redis Statements</AccordionTrigger>
+                <AccordionContent>
+                  <Controller
+                    control={control}
+                    name="inputs.creationStatement"
+                    render={({ field, fieldState: { error } }) => (
+                      <FormControl
+                        label="Creation Statement"
+                        isError={Boolean(error?.message)}
+                        errorText={error?.message}
+                        helperText="username, password and expiration are dynamically provisioned"
+                      >
+                        <TextArea
+                          {...field}
+                          reSize="none"
+                          rows={3}
+                          className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                        />
+                      </FormControl>
+                    )}
+                  />
+                  <Controller
+                    control={control}
+                    name="inputs.revocationStatement"
+                    render={({ field, fieldState: { error } }) => (
+                      <FormControl
+                        label="Revocation Statement"
+                        isError={Boolean(error?.message)}
+                        errorText={error?.message}
+                        helperText="username is dynamically provisioned"
+                      >
+                        <TextArea
+                          {...field}
+                          reSize="none"
+                          rows={3}
+                          className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                        />
+                      </FormControl>
+                    )}
+                  />
+                  <Controller
+                    control={control}
+                    name="inputs.renewStatement"
+                    render={({ field, fieldState: { error } }) => (
+                      <FormControl
+                        label="Renew Statement"
+                        helperText="username and expiration are dynamically provisioned"
+                        isError={Boolean(error?.message)}
+                        errorText={error?.message}
+                      >
+                        <TextArea
+                          {...field}
+                          reSize="none"
+                          rows={3}
+                          className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                        />
+                      </FormControl>
+                    )}
+                  />
+                </AccordionContent>
+              </AccordionItem>
+            </Accordion>
+          </div>
+        </div>
+        <div className="mt-4 flex items-center space-x-4">
+          <Button type="submit" isLoading={isSubmitting}>
+            Save
+          </Button>
+          <Button variant="outline_bg" onClick={onClose}>
+            Cancel
+          </Button>
+        </div>
+      </form>
+    </div>
+  );
+};
--- a/frontend/src/views/ShareSecretPublicPage/components/ShareSecretForm.tsx
+++ b/frontend/src/views/ShareSecretPublicPage/components/ShareSecretForm.tsx
@ -32,7 +32,8 @@ const viewLimitOptions = [

 const schema = z.object({
  name: z.string().optional(),
-  secret: z.string(),
+  password: z.string().optional(),
+  secret: z.string().min(1),
  expiresIn: z.string(),
  viewLimit: z.string(),
  accessType: z.nativeEnum(SecretSharingAccessType).optional()
@ -67,7 +68,14 @@ export const ShareSecretForm = ({ isPublic, value }: Props) => {
    }
  });

-  const onFormSubmit = async ({ name, secret, expiresIn, viewLimit, accessType }: FormData) => {
+  const onFormSubmit = async ({
+    name,
+    password,
+    secret,
+    expiresIn,
+    viewLimit,
+    accessType
+  }: FormData) => {
    try {
      const expiresAt = new Date(new Date().getTime() + Number(expiresIn));

@ -80,6 +88,7 @@ export const ShareSecretForm = ({ isPublic, value }: Props) => {

      const { id } = await createSharedSecret.mutateAsync({
        name,
+        password,
        encryptedValue: ciphertext,
        hashedHex,
        iv,
@ -149,6 +158,20 @@ export const ShareSecretForm = ({ isPublic, value }: Props) => {
          </FormControl>
        )}
      />
+      <Controller
+        control={control}
+        name="password"
+        render={({ field, fieldState: { error } }) => (
+          <FormControl
+            label="Password"
+            isError={Boolean(error)}
+            errorText={error?.message}
+            isOptional
+          >
+            <Input {...field} placeholder="Password" type="password" />
+          </FormControl>
+        )}
+      />
      <Controller
        control={control}
        name="expiresIn"
--- a/frontend/src/views/ViewSecretPublicPage/ViewSecretPublicPage.tsx
+++ b/frontend/src/views/ViewSecretPublicPage/ViewSecretPublicPage.tsx
@ -1,26 +1,43 @@
+import { useState } from "react";
 import Image from "next/image";
 import Link from "next/link";
 import { useRouter } from "next/router";
 import { faArrowRight } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { AxiosError } from "axios";

 import { useGetActiveSharedSecretById } from "@app/hooks/api/secretSharing";

-import { SecretContainer, SecretErrorContainer } from "./components";
+import { PasswordContainer,SecretContainer, SecretErrorContainer } from "./components";

 export const ViewSecretPublicPage = () => {
  const router = useRouter();
+  const [password, setPassword] = useState<string>();
  const { id, key: urlEncodedPublicKey } = router.query;

  const [hashedHex, key] = urlEncodedPublicKey
    ? urlEncodedPublicKey.toString().split("-")
    : ["", ""];

-  const { data: secret, error } = useGetActiveSharedSecretById({
+  const {
+    data: fetchSecret,
+    error,
+    isLoading,
+    isFetching
+  } = useGetActiveSharedSecretById({
    sharedSecretId: id as string,
-    hashedHex
+    hashedHex,
+    password
  });

+  const isInvalidCredential =
+    ((error as AxiosError)?.response?.data as { message: string })?.message ===
+    "Invalid credentials";
+
+  const shouldShowPasswordPrompt =
+    isInvalidCredential || (fetchSecret?.isPasswordProtected && !fetchSecret.secret);
+  const isValidatingPassword = Boolean(password) && isFetching;
+
  return (
    <div className="flex h-screen flex-col justify-between overflow-auto bg-gradient-to-tr from-mineshaft-700 to-bunker-800 text-gray-200 dark:[color-scheme:dark]">
      <div />
@ -52,8 +69,23 @@ export const ViewSecretPublicPage = () => {
            </a>
          </p>
        </div>
-        {secret && key && <SecretContainer secret={secret} secretKey={key} />}
-        {error && <SecretErrorContainer />}
+        {(shouldShowPasswordPrompt || isValidatingPassword) && (
+          <PasswordContainer
+            isSubmitting={isValidatingPassword}
+            onPasswordSubmit={(el) => {
+              setPassword(el);
+            }}
+            isInvalidCredential={!isFetching && isInvalidCredential}
+          />
+        )}
+        {!isLoading && (
+          <>
+            {!error && fetchSecret?.secret && key && (
+              <SecretContainer secret={fetchSecret.secret} secretKey={key} />
+            )}
+            {error && !isInvalidCredential && <SecretErrorContainer />}
+          </>
+        )}
        <div className="m-auto my-8 flex w-full">
          <div className="w-full border-t border-mineshaft-600" />
        </div>
--- a/frontend/src/views/ViewSecretPublicPage/components/PasswordContainer.tsx
+++ b/frontend/src/views/ViewSecretPublicPage/components/PasswordContainer.tsx
@ -0,0 +1,80 @@
+import { Controller, useForm } from "react-hook-form";
+import { faArrowRight, faSpinner } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { z } from "zod";
+
+import { Button, FormControl, IconButton, Input } from "@app/components/v2";
+
+type Props = {
+  onPasswordSubmit: (val: any) => void;
+  isSubmitting?: boolean;
+  isInvalidCredential?: boolean;
+};
+
+const formSchema = z.object({
+  password: z.string()
+});
+
+export type FormData = z.infer<typeof formSchema>;
+
+export const PasswordContainer = ({
+  onPasswordSubmit,
+  isSubmitting,
+  isInvalidCredential
+}: Props) => {
+  const { control, handleSubmit } = useForm<FormData>({
+    resolver: zodResolver(formSchema)
+  });
+
+  const onFormSubmit = async ({ password }: FormData) => {
+    onPasswordSubmit(password);
+  };
+
+  return (
+    <div className="rounded-lg border border-mineshaft-600 bg-mineshaft-800 p-4">
+      <form onSubmit={handleSubmit(onFormSubmit)}>
+        <Controller
+          control={control}
+          name="password"
+          defaultValue=""
+          render={({ field, fieldState: { error } }) => (
+            <FormControl
+              isError={Boolean(error) || isInvalidCredential}
+              errorText={isInvalidCredential ? "Invalid credential" : error?.message}
+              isRequired
+              label="Password"
+            >
+              <div className="flex items-center justify-between gap-2 rounded-md">
+                <Input {...field} placeholder="Enter Password to view secret" type="password" />
+                <div className="flex">
+                  <IconButton
+                    ariaLabel="copy icon"
+                    colorSchema="secondary"
+                    className="group relative"
+                    onClick={handleSubmit(onFormSubmit)}
+                  >
+                    <FontAwesomeIcon
+                      className={isSubmitting ? "fa-spin" : ""}
+                      icon={isSubmitting ? faSpinner : faArrowRight}
+                    />
+                  </IconButton>
+                </div>
+              </div>
+            </FormControl>
+          )}
+        />
+      </form>
+      <Button
+        className="w-full bg-mineshaft-700 py-3 text-bunker-200"
+        colorSchema="primary"
+        variant="outline_bg"
+        size="sm"
+        onClick={() => window.open("https://app.infisical.com/share-secret", "_blank")}
+        rightIcon={<FontAwesomeIcon icon={faArrowRight} className="pl-2" />}
+      >
+        Share your own secret
+      </Button>
+    </div>
+  );
+};
--- a/frontend/src/views/ViewSecretPublicPage/components/SecretContainer.tsx
+++ b/frontend/src/views/ViewSecretPublicPage/components/SecretContainer.tsx
@ -14,7 +14,7 @@ import { useTimedReset, useToggle } from "@app/hooks";
 import { TViewSharedSecretResponse } from "@app/hooks/api/secretSharing";

 type Props = {
-  secret: TViewSharedSecretResponse;
+  secret: TViewSharedSecretResponse["secret"];
  secretKey: string;
 };

--- a/frontend/src/views/ViewSecretPublicPage/components/index.tsx
+++ b/frontend/src/views/ViewSecretPublicPage/components/index.tsx
@ -1,2 +1,3 @@
+export { PasswordContainer } from "./PasswordContainer";
 export { SecretContainer } from "./SecretContainer";
 export { SecretErrorContainer } from "./SecretErrorContainer";
Author	SHA1	Message	Date
Daniel Hougaard	c59a53180c	Update integrations-github-scope-org.png	2024-09-03 04:40:59 +04:00
Daniel Hougaard	f56d265e62	Revert "Docs: Redirect to new SDK" This reverts commit 56dce67378b3601aec9f45eee0c52e50c1a7e36a.	2024-09-03 04:40:59 +04:00
Daniel Hougaard	cc0ff98d4f	chore: cleaned up integrations page	2024-09-03 04:40:59 +04:00
Daniel Hougaard	4a14c3efd2	feat(integrations): visibility support for github integration	2024-09-03 04:40:59 +04:00
Daniel Hougaard	b2d2297914	Fix: Document formatting & changed tooltipText prop to ReactNode type	2024-09-03 04:40:59 +04:00
Daniel Hougaard	836bb6d835	feat(integrations): visibility support for github integration	2024-09-03 04:40:19 +04:00
Daniel Hougaard	177eb2afee	docs(github-integration): Updated documentation for github integration	2024-09-03 04:40:19 +04:00
Daniel Hougaard	594df18611	Docs: Redirect to new SDK	2024-09-03 04:40:19 +04:00
Maidul Islam	3bcb8bf6fc	Merge pull request #2364 from akhilmhdh/fix/scim-rfc Resolved scim failing due to missing rfc cases	2024-09-02 18:59:20 -04:00
Maidul Islam	a74c37c18b	Merge pull request #2350 from akhilmhdh/dynamic-secret/atlas MongoDB atlas dynamic secret	2024-09-02 10:39:34 -04:00
=	3ece81d663	docs: improved test as commented	2024-09-02 14:43:11 +05:30
=	f6d87ebf32	feat: changed text to advanced as review comment	2024-09-02 14:36:32 +05:30
=	23483ab7e1	feat: removed non rfc related groups in user scim resource	2024-09-02 13:55:56 +05:30
=	fe31d44d22	feat: made scim user default permission as no access in org	2024-09-02 13:50:55 +05:30
=	58bab4d163	feat: resolved some more missing corner case in scim	2024-09-02 13:50:55 +05:30
=	8f48a64fd6	feat: finished fixing scim group	2024-09-02 13:50:55 +05:30
=	929dc059c3	feat: updated scim user endpoint	2024-09-02 13:50:55 +05:30
Maidul Islam	7c540b6be8	Merge pull request #2244 from LemmyMwaura/password-protect-secret-share feat: password protect secret share	2024-08-30 13:43:24 -04:00
Maidul Islam	b975996158	Merge pull request #2330 from Infisical/doc/made-ecs-with-agent-doc-use-aws-native doc: updated ecs-with-agent documentation to use AWS native auth	2024-08-29 14:25:45 -04:00
Maidul Islam	122f789cdf	Merge pull request #2329 from Infisical/feat/raw-agent-template feat: added raw template for agent	2024-08-29 14:24:50 -04:00
Maidul Islam	c9911aa841	Merge pull request #2335 from Infisical/vmatsiiako-patch-handbook-1 Update onboarding.mdx	2024-08-29 14:22:30 -04:00
Maidul Islam	32cd0d8af8	Merge pull request #2352 from Infisical/revert-2341-daniel/cli-run-watch-mode Revert "feat(cli): `run` watch mode"	2024-08-29 12:46:39 -04:00
Maidul Islam	585f0d9f1b	Revert "feat(cli): `run` watch mode"	2024-08-29 12:44:24 -04:00
Daniel Hougaard	d0292aa139	Merge pull request #2341 from Infisical/daniel/cli-run-watch-mode feat(cli): `run` watch mode	2024-08-29 17:51:41 +04:00
Daniel Hougaard	4e9be8ca3c	Changes	2024-08-29 17:38:00 +04:00
=	ad49e9eaf1	docs: updated doc for mongo atlas dynamic secret	2024-08-29 14:52:40 +05:30
=	fed60f7c03	feat: resolved lint fix after rebase	2024-08-29 13:28:45 +05:30
=	1bc0e3087a	feat: completed atlas dynamic secret logic for ui	2024-08-29 13:26:15 +05:30
=	80a4f838a1	feat: completed mongo atlas dynamic secret backend logic	2024-08-29 13:22:25 +05:30
Sheen	d31ec44f50	Merge pull request #2345 from Infisical/misc/finalize-certificate-template-and-est finalized certificate template and EST	2024-08-29 12:47:13 +08:00
Maidul Islam	d0caef37ce	Merge pull request #2349 from Infisical/mzidul-wjdhbwhufhjwebf Add tool tip for k8s auth	2024-08-28 17:11:06 -04:00
Maidul Islam	2d26febe58	a to an	2024-08-28 17:09:47 -04:00
Maidul Islam	c23ad8ebf2	improve tooltip	2024-08-28 17:04:56 -04:00
Maidul Islam	bad068ef19	add tool tip for k8s auth	2024-08-28 16:59:14 -04:00
Daniel Hougaard	53430608a8	Merge pull request #2348 from Infisical/daniel/env-transform-trailing-slashes Fix: Always remove trailing slashes from SITE_URL	2024-08-28 22:52:03 +04:00
Daniel Hougaard	b9071ab2b3	Fix: Always remove trailing slashes from SITE_URL	2024-08-28 22:45:08 +04:00
Daniel Hougaard	bfab270d68	Merge pull request #2347 from Infisical/daniel/fix-secret-change-emails Fix: Removed protocol parsing on secret change emails	2024-08-28 22:16:28 +04:00
Daniel Hougaard	8ea6a1f3d5	Fix: Removed protocol parsing	2024-08-28 22:07:31 +04:00
Daniel Hougaard	3c39bf6a0f	Add watch interval	2024-08-28 21:11:09 +04:00
Daniel Hougaard	828644799f	Merge pull request #2319 from Infisical/daniel/redis-dynamic-secrets Feat: Redis support for dynamic secrets	2024-08-28 18:06:57 +04:00
Daniel Hougaard	411e67ae41	Finally resolved package-lock	2024-08-28 18:01:31 +04:00
Daniel Hougaard	4914bc4b5a	Fix: Package json bugged generation	2024-08-28 18:00:05 +04:00
Daniel Hougaard	d7050a1947	Update package-lock.json	2024-08-28 17:58:32 +04:00
Daniel Hougaard	3c59422511	Fixed package	2024-08-28 17:57:31 +04:00
Daniel Hougaard	c81204e6d5	Test	2024-08-28 17:57:31 +04:00
Daniel Hougaard	880f39519f	Update aws-elasticache.mdx	2024-08-28 17:57:31 +04:00
Daniel Hougaard	8646f6c50b	Requested changes	2024-08-28 17:57:30 +04:00
Daniel Hougaard	437a9e6ccb	AWS elasticache	2024-08-28 17:57:30 +04:00
Daniel Hougaard	b54139bd37	Fix	2024-08-28 17:57:30 +04:00
Daniel Hougaard	8a6a36ac54	Update package-lock.json	2024-08-28 17:57:20 +04:00
Daniel Hougaard	c6eb973da0	Uninstalled unused dependencies	2024-08-28 17:57:19 +04:00
Daniel Hougaard	21750a8c20	Fix: Refactored aws elasticache to separate provider	2024-08-28 17:57:19 +04:00
Daniel Hougaard	a598665b2f	Docs: ElastiCache Docs	2024-08-28 17:57:19 +04:00
Daniel Hougaard	56bbf502a2	Update redis.ts	2024-08-28 17:57:19 +04:00
Daniel Hougaard	9975f7d83f	Edition fixes	2024-08-28 17:57:19 +04:00
Daniel Hougaard	7ad366b363	Update licence-fns.ts	2024-08-28 17:57:19 +04:00
Daniel Hougaard	cca4d68d94	Fix: AWS ElastiCache support	2024-08-28 17:57:19 +04:00
Daniel Hougaard	b82b94db54	Docs: Redis Dynamic secrets docs	2024-08-28 17:55:04 +04:00
Daniel Hougaard	de9cb265e0	Feat: Redis support for dynamic secrets	2024-08-28 17:55:04 +04:00
Sheen Capadngan	5611b9aba1	misc: added reference to secret template functions	2024-08-28 15:53:36 +08:00
Sheen Capadngan	53075d503a	misc: added note to secret template docs	2024-08-28 15:48:25 +08:00
Daniel Hougaard	5138d588db	Update cli.go	2024-08-28 05:35:03 +04:00
Daniel Hougaard	7e2d093e29	Docs: watch mode	2024-08-28 05:34:21 +04:00
Daniel Hougaard	2d780e0566	Feat: watch mode for run command	2024-08-28 05:22:27 +04:00
Daniel Hougaard	8eb234a12f	Update run.go	2024-08-27 21:58:53 +04:00
Daniel Hougaard	85590af99e	Fix: Removed more duplicate code and started using process groups to fix memory leak	2024-08-27 21:44:32 +04:00
Daniel Hougaard	5c7cec0c81	Update run.go	2024-08-27 20:11:27 +04:00
Daniel Hougaard	68f768749b	Update run.go	2024-08-27 20:10:50 +04:00
Daniel Hougaard	2c7e342b18	Update run.go	2024-08-27 20:10:11 +04:00
Daniel Hougaard	632900e516	Update run.go	2024-08-27 20:10:00 +04:00
Daniel Hougaard	5fd975b1d7	Fix: Console error on manual cancel when not using hot reload	2024-08-27 20:09:40 +04:00
Daniel Hougaard	d45ac66064	Fix: Match test cases	2024-08-27 20:03:01 +04:00
Daniel Hougaard	47cba8ec3c	Update test-TestUniversalAuth_SecretsGetWrongEnvironment	2024-08-27 19:48:20 +04:00
Daniel Hougaard	d4aab66da2	Update test-TestUniversalAuth_SecretsGetWrongEnvironment	2024-08-27 19:45:00 +04:00
Daniel Hougaard	0dc4c92c89	Feat: --watch flag for watching for secret changes	2024-08-27 19:37:11 +04:00
Daniel Hougaard	f49c963367	Settings for hot reloading	2024-08-27 19:36:38 +04:00
Daniel Hougaard	fe11b8e57e	Function for locally generating ETag	2024-08-27 19:36:02 +04:00
Vlad Matsiiako	0401f55bc3	Update onboarding.mdx	2024-08-26 13:28:37 -07:00
Vlad Matsiiako	403e0d2d9d	Update onboarding.mdx	2024-08-26 13:26:21 -07:00
Maidul Islam	e73d3f87f3	small nit	2024-08-23 14:29:29 -04:00
Sheen Capadngan	b53607f8e4	doc: updated ecs with agent doc to use aws auth	2024-08-24 01:51:39 +08:00
Sheen Capadngan	8f79d3210a	feat: added raw template for agent	2024-08-24 01:48:39 +08:00
=	3ddb4cd27a	feat: simplified ui for password based secret sharing	2024-08-10 22:21:17 +05:30
=	a5555c3816	feat: simplified endpoints to support password based secret sharing	2024-08-10 22:19:42 +05:30
lemmyMwaura	8479c406a5	fix: fix type assersion error	2024-08-08 10:06:55 +03:00
lemmyMwaura	8e0b4254b1	refactor: fix lint issues and refactor code	2024-08-08 09:56:18 +03:00
lemmyMwaura	069651bdb4	fix: fix lint errors	2024-08-07 23:26:24 +03:00
lemmyMwaura	9061ec2dff	fix(lint): fix type errors	2024-08-07 22:59:50 +03:00
lemmyMwaura	b0a5023723	feat: check if secret is expired before checking if secret has password	2024-08-07 20:55:37 +03:00
lemmyMwaura	69fe5bf71d	feat: only update view count when we validate the password if it's set	2024-08-07 16:52:11 +03:00
lemmyMwaura	f12d4d80c6	feat: address changes on the client	2024-08-07 16:13:29 +03:00
lemmyMwaura	56f2a3afa4	feat: only fetch secret if password wasn't set on initial load	2024-08-07 16:06:37 +03:00
lemmyMwaura	406da1b5f0	refactor: convert usequery hook to normal fetch fn (no need for caching)	2024-08-07 08:27:17 +03:00
lemmyMwaura	da45e132a3	Merge branch 'main' of github.com:Infisical/infisical into password-protect-secret-share	2024-08-06 19:49:25 +03:00
lemmyMwaura	fb719a9383	fix(lint): fix some lint issues	2024-08-06 19:25:04 +03:00
lemmyMwaura	3c64359597	feat: handle error logs and validate password	2024-08-06 18:36:21 +03:00
lemmyMwaura	e420973dd2	feat: hashpassword and add validation endpoint	2024-08-06 17:01:13 +03:00
lemmyMwaura	15cc157c5f	fix(lint): make password optional	2024-08-06 15:32:48 +03:00
lemmyMwaura	ad89ffe94d	feat: show secret if no password was set	2024-08-06 14:42:01 +03:00
lemmyMwaura	4de1713a18	fix: remove error logs	2024-08-06 14:28:02 +03:00
lemmyMwaura	1917e0fdb7	feat: validate via password before showing secret	2024-08-06 14:13:03 +03:00
lemmyMwaura	4b07234997	feat: update frontend queries to retrieve password	2024-08-06 14:08:40 +03:00
lemmyMwaura	6a402950c3	chore: add check migration status cmd scripts	2024-08-06 12:59:46 +03:00
lemmyMwaura	63333159ca	feat: fetch password when fetching secrets	2024-08-06 12:58:53 +03:00
lemmyMwaura	ce4ba24ef2	feat: create secret with password	2024-08-06 12:58:27 +03:00
lemmyMwaura	f606e31b98	feat: apply table migrations (add password field)	2024-08-06 12:28:03 +03:00
lemmyMwaura	ecdbb3eb53	feat: update type resolvers to include password	2024-08-06 12:27:16 +03:00
lemmyMwaura	0321ec32fb	feat: add password input	2024-08-06 12:26:23 +03:00