Update utils.go to look more like Gitleaks version

Fix CLI always defaulting to github
Add BitBucket platform to secret scanning
2025-07-10 11:43:04 +00:00 · 2025-07-03 12:47:25 -04:00 · 2025-07-03 00:49:31 -04:00 · 2025-07-03 00:09:28 -04:00 · 2025-07-03 05:25:24 +04:00 · 2025-07-03 05:19:30 +04:00
709 changed files with 12573 additions and 14176 deletions
--- a/.github/workflows/release_build_infisical_cli.yml
+++ b/.github/workflows/release_build_infisical_cli.yml
@ -83,7 +83,7 @@ jobs:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

  goreleaser:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-8-cores
    needs: [cli-integration-tests]
    steps:
      - uses: actions/checkout@v3
--- a/backend/src/db/instance.ts
+++ b/backend/src/db/instance.ts
@ -110,7 +110,8 @@ export const initAuditLogDbConnection = ({
    },
    migrations: {
      tableName: "infisical_migrations"
-    }
+    },
+    pool: { min: 0, max: 10 }
  });

  // we add these overrides so that auditLogDb and the primary DB are interchangeable
--- a/backend/src/db/migrations/20250626101747_default-project-type.ts
+++ b/backend/src/db/migrations/20250626101747_default-project-type.ts
@ -0,0 +1,41 @@
+import { Knex } from "knex";
+
+import { ProjectType, TableName } from "../schemas";
+
+export async function up(knex: Knex): Promise<void> {
+  const hasTypeColumn = await knex.schema.hasColumn(TableName.Project, "type");
+  const hasDefaultTypeColumn = await knex.schema.hasColumn(TableName.Project, "defaultProduct");
+  if (hasTypeColumn && !hasDefaultTypeColumn) {
+    await knex.schema.alterTable(TableName.Project, (t) => {
+      t.string("type").nullable().alter();
+      t.string("defaultProduct").notNullable().defaultTo(ProjectType.SecretManager);
+    });
+
+    await knex(TableName.Project).update({
+      // eslint-disable-next-line
+      // @ts-ignore this is because this field is created later
+      defaultProduct: knex.raw(`
+    CASE 
+      WHEN "type" IS NULL OR "type" = '' THEN 'secret-manager' 
+      ELSE "type" 
+    END
+  `)
+    });
+  }
+
+  const hasTemplateTypeColumn = await knex.schema.hasColumn(TableName.ProjectTemplates, "type");
+  if (hasTemplateTypeColumn) {
+    await knex.schema.alterTable(TableName.ProjectTemplates, (t) => {
+      t.string("type").nullable().alter();
+    });
+  }
+}
+
+export async function down(knex: Knex): Promise<void> {
+  const hasDefaultTypeColumn = await knex.schema.hasColumn(TableName.Project, "defaultProduct");
+  if (hasDefaultTypeColumn) {
+    await knex.schema.alterTable(TableName.Project, (t) => {
+      t.dropColumn("defaultProduct");
+    });
+  }
+}
--- a/backend/src/db/migrations/20250630212553_user-latest-invite.ts
+++ b/backend/src/db/migrations/20250630212553_user-latest-invite.ts
@ -0,0 +1,21 @@
+import { Knex } from "knex";
+
+import { TableName } from "../schemas";
+
+export async function up(knex: Knex): Promise<void> {
+  const hasColumn = await knex.schema.hasColumn(TableName.OrgMembership, "lastInvitedAt");
+  await knex.schema.alterTable(TableName.OrgMembership, (t) => {
+    if (!hasColumn) {
+      t.datetime("lastInvitedAt").nullable();
+    }
+  });
+}
+
+export async function down(knex: Knex): Promise<void> {
+  const hasColumn = await knex.schema.hasColumn(TableName.OrgMembership, "lastInvitedAt");
+  await knex.schema.alterTable(TableName.OrgMembership, (t) => {
+    if (hasColumn) {
+      t.dropColumn("lastInvitedAt");
+    }
+  });
+}
--- a/backend/src/db/schemas/models.ts
+++ b/backend/src/db/schemas/models.ts
@ -267,16 +267,6 @@ export enum ProjectType {
  SecretScanning = "secret-scanning"
 }

-export enum ActionProjectType {
-  SecretManager = ProjectType.SecretManager,
-  CertificateManager = ProjectType.CertificateManager,
-  KMS = ProjectType.KMS,
-  SSH = ProjectType.SSH,
-  SecretScanning = ProjectType.SecretScanning,
-  // project operations that happen on all types
-  Any = "any"
-}
-
 export enum SortDirection {
  ASC = "asc",
  DESC = "desc"
--- a/backend/src/db/schemas/org-memberships.ts
+++ b/backend/src/db/schemas/org-memberships.ts
@ -18,7 +18,8 @@ export const OrgMembershipsSchema = z.object({
  orgId: z.string().uuid(),
  roleId: z.string().uuid().nullable().optional(),
  projectFavorites: z.string().array().nullable().optional(),
-  isActive: z.boolean().default(true)
+  isActive: z.boolean().default(true),
+  lastInvitedAt: z.date().nullable().optional()
 });

 export type TOrgMemberships = z.infer<typeof OrgMembershipsSchema>;
--- a/backend/src/db/schemas/project-templates.ts
+++ b/backend/src/db/schemas/project-templates.ts
@ -16,7 +16,7 @@ export const ProjectTemplatesSchema = z.object({
  orgId: z.string().uuid(),
  createdAt: z.date(),
  updatedAt: z.date(),
-  type: z.string().default("secret-manager")
+  type: z.string().nullable().optional()
 });

 export type TProjectTemplates = z.infer<typeof ProjectTemplatesSchema>;
--- a/backend/src/db/schemas/projects.ts
+++ b/backend/src/db/schemas/projects.ts
@ -25,11 +25,12 @@ export const ProjectsSchema = z.object({
  kmsSecretManagerKeyId: z.string().uuid().nullable().optional(),
  kmsSecretManagerEncryptedDataKey: zodBuffer.nullable().optional(),
  description: z.string().nullable().optional(),
-  type: z.string(),
+  type: z.string().nullable().optional(),
  enforceCapitalization: z.boolean().default(false),
  hasDeleteProtection: z.boolean().default(false).nullable().optional(),
  secretSharing: z.boolean().default(true),
-  showSnapshotsLegacy: z.boolean().default(false)
+  showSnapshotsLegacy: z.boolean().default(false),
+  defaultProduct: z.string().default("secret-manager")
 });

 export type TProjects = z.infer<typeof ProjectsSchema>;
--- a/backend/src/ee/routes/v1/access-approval-request-router.ts
+++ b/backend/src/ee/routes/v1/access-approval-request-router.ts
@ -60,7 +60,8 @@ export const registerAccessApprovalRequestRouter = async (server: FastifyZodProv
    method: "GET",
    schema: {
      querystring: z.object({
-        projectSlug: z.string().trim()
+        projectSlug: z.string().trim(),
+        policyId: z.string().trim().optional()
      }),
      response: {
        200: z.object({
@ -73,6 +74,7 @@ export const registerAccessApprovalRequestRouter = async (server: FastifyZodProv
    handler: async (req) => {
      const { count } = await server.services.accessApprovalRequest.getCount({
        projectSlug: req.query.projectSlug,
+        policyId: req.query.policyId,
        actor: req.permission.type,
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
--- a/backend/src/ee/routes/v1/project-router.ts
+++ b/backend/src/ee/routes/v1/project-router.ts
@ -111,15 +111,38 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
      params: z.object({
        workspaceId: z.string().trim().describe(AUDIT_LOGS.EXPORT.projectId)
      }),
-      querystring: z.object({
-        eventType: z.nativeEnum(EventType).optional().describe(AUDIT_LOGS.EXPORT.eventType),
-        userAgentType: z.nativeEnum(UserAgentType).optional().describe(AUDIT_LOGS.EXPORT.userAgentType),
-        startDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.startDate),
-        endDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.endDate),
-        offset: z.coerce.number().default(0).describe(AUDIT_LOGS.EXPORT.offset),
-        limit: z.coerce.number().default(20).describe(AUDIT_LOGS.EXPORT.limit),
-        actor: z.string().optional().describe(AUDIT_LOGS.EXPORT.actor)
-      }),
+      querystring: z
+        .object({
+          eventType: z.nativeEnum(EventType).optional().describe(AUDIT_LOGS.EXPORT.eventType),
+          userAgentType: z.nativeEnum(UserAgentType).optional().describe(AUDIT_LOGS.EXPORT.userAgentType),
+          startDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.startDate),
+          endDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.endDate),
+          offset: z.coerce.number().default(0).describe(AUDIT_LOGS.EXPORT.offset),
+          limit: z.coerce.number().max(1000).default(20).describe(AUDIT_LOGS.EXPORT.limit),
+          actor: z.string().optional().describe(AUDIT_LOGS.EXPORT.actor)
+        })
+        .superRefine((el, ctx) => {
+          if (el.endDate && el.startDate) {
+            const startDate = new Date(el.startDate);
+            const endDate = new Date(el.endDate);
+            const maxAllowedDate = new Date(startDate);
+            maxAllowedDate.setMonth(maxAllowedDate.getMonth() + 3);
+            if (endDate < startDate) {
+              ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                path: ["endDate"],
+                message: "End date cannot be before start date"
+              });
+            }
+            if (endDate > maxAllowedDate) {
+              ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                path: ["endDate"],
+                message: "Dates must be within 3 months"
+              });
+            }
+          }
+        }),
      response: {
        200: z.object({
          auditLogs: AuditLogsSchema.omit({
@ -161,7 +184,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
        filter: {
          ...req.query,
          projectId: req.params.workspaceId,
-          endDate: req.query.endDate,
+          endDate: req.query.endDate || new Date().toISOString(),
          startDate: req.query.startDate || getLastMidnightDateISO(),
          auditLogActorId: req.query.actor,
          eventType: req.query.eventType ? [req.query.eventType] : undefined
--- a/backend/src/ee/routes/v1/project-template-router.ts
+++ b/backend/src/ee/routes/v1/project-template-router.ts
@ -1,6 +1,6 @@
 import { z } from "zod";

-import { ProjectMembershipRole, ProjectTemplatesSchema, ProjectType } from "@app/db/schemas";
+import { ProjectMembershipRole, ProjectTemplatesSchema } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { ProjectPermissionV2Schema } from "@app/ee/services/permission/project-permission";
 import { isInfisicalProjectTemplate } from "@app/ee/services/project-template/project-template-fns";
@ -104,9 +104,6 @@ export const registerProjectTemplateRouter = async (server: FastifyZodProvider)
      hide: false,
      tags: [ApiDocsTags.ProjectTemplates],
      description: "List project templates for the current organization.",
-      querystring: z.object({
-        type: z.nativeEnum(ProjectType).optional().describe(ProjectTemplates.LIST.type)
-      }),
      response: {
        200: z.object({
          projectTemplates: SanitizedProjectTemplateSchema.array()
@ -115,8 +112,7 @@ export const registerProjectTemplateRouter = async (server: FastifyZodProvider)
    },
    onRequest: verifyAuth([AuthMode.JWT, AuthMode.IDENTITY_ACCESS_TOKEN]),
    handler: async (req) => {
-      const { type } = req.query;
-      const projectTemplates = await server.services.projectTemplate.listProjectTemplatesByOrg(req.permission, type);
+      const projectTemplates = await server.services.projectTemplate.listProjectTemplatesByOrg(req.permission);

      const auditTemplates = projectTemplates.filter((template) => !isInfisicalProjectTemplate(template.name));

@ -188,7 +184,6 @@ export const registerProjectTemplateRouter = async (server: FastifyZodProvider)
      tags: [ApiDocsTags.ProjectTemplates],
      description: "Create a project template.",
      body: z.object({
-        type: z.nativeEnum(ProjectType).describe(ProjectTemplates.CREATE.type),
        name: slugSchema({ field: "name" })
          .refine((val) => !isInfisicalProjectTemplate(val), {
            message: `The requested project template name is reserved.`
@ -284,7 +279,6 @@ export const registerProjectTemplateRouter = async (server: FastifyZodProvider)
      tags: [ApiDocsTags.ProjectTemplates],
      description: "Delete a project template.",
      params: z.object({ templateId: z.string().uuid().describe(ProjectTemplates.DELETE.templateId) }),
-
      response: {
        200: z.object({
          projectTemplate: SanitizedProjectTemplateSchema
--- a/backend/src/ee/routes/v1/secret-approval-request-router.ts
+++ b/backend/src/ee/routes/v1/secret-approval-request-router.ts
@ -94,7 +94,8 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
    },
    schema: {
      querystring: z.object({
-        workspaceId: z.string().trim()
+        workspaceId: z.string().trim(),
+        policyId: z.string().trim().optional()
      }),
      response: {
        200: z.object({
@ -112,7 +113,8 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
        actorId: req.permission.id,
        actorAuthMethod: req.permission.authMethod,
        actorOrgId: req.permission.orgId,
-        projectId: req.query.workspaceId
+        projectId: req.query.workspaceId,
+        policyId: req.query.policyId
      });
      return { approvals };
    }
--- a/backend/src/ee/services/access-approval-policy/access-approval-policy-service.ts
+++ b/backend/src/ee/services/access-approval-policy/access-approval-policy-service.ts
@ -1,6 +1,5 @@
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { BadRequestError, ForbiddenRequestError, NotFoundError } from "@app/lib/errors";
@ -97,8 +96,7 @@ export const accessApprovalPolicyServiceFactory = ({
      actorId,
      projectId: project.id,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -248,8 +246,7 @@ export const accessApprovalPolicyServiceFactory = ({
        actorId,
        projectId: project.id,
        actorAuthMethod,
-        actorOrgId,
-        actionProjectType: ActionProjectType.SecretManager
+        actorOrgId
      });

      const accessApprovalPolicies = await accessApprovalPolicyDAL.find({ projectId: project.id, deletedAt: null });
@ -301,8 +298,7 @@ export const accessApprovalPolicyServiceFactory = ({
      actorId,
      projectId: accessApprovalPolicy.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.SecretApproval);
@ -498,8 +494,7 @@ export const accessApprovalPolicyServiceFactory = ({
      actorId,
      projectId: policy.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Delete,
@ -549,8 +544,7 @@ export const accessApprovalPolicyServiceFactory = ({
      actorId,
      projectId: project.id,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    if (!membership) {
      throw new ForbiddenRequestError({ message: "You are not a member of this project" });
@ -589,8 +583,7 @@ export const accessApprovalPolicyServiceFactory = ({
      actorId,
      projectId: policy.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretApproval);
--- a/backend/src/ee/services/access-approval-request/access-approval-request-dal.ts
+++ b/backend/src/ee/services/access-approval-request/access-approval-request-dal.ts
@ -220,7 +220,7 @@ export interface TAccessApprovalRequestDALFactory extends Omit<TOrmify<TableName
      bypassers: string[];
    }[]
  >;
-  getCount: ({ projectId }: { projectId: string }) => Promise<{
+  getCount: ({ projectId }: { projectId: string; policyId?: string }) => Promise<{
    pendingCount: number;
    finalizedCount: number;
  }>;
@ -702,7 +702,7 @@ export const accessApprovalRequestDALFactory = (db: TDbClient): TAccessApprovalR
    }
  };

-  const getCount: TAccessApprovalRequestDALFactory["getCount"] = async ({ projectId }) => {
+  const getCount: TAccessApprovalRequestDALFactory["getCount"] = async ({ projectId, policyId }) => {
    try {
      const accessRequests = await db
        .replicaNode()(TableName.AccessApprovalRequest)
@ -723,8 +723,10 @@ export const accessApprovalRequestDALFactory = (db: TDbClient): TAccessApprovalR
          `${TableName.AccessApprovalRequest}.id`,
          `${TableName.AccessApprovalRequestReviewer}.requestId`
        )
-
        .where(`${TableName.Environment}.projectId`, projectId)
+        .where((qb) => {
+          if (policyId) void qb.where(`${TableName.AccessApprovalPolicy}.id`, policyId);
+        })
        .select(selectAllTableCols(TableName.AccessApprovalRequest))
        .select(db.ref("status").withSchema(TableName.AccessApprovalRequestReviewer).as("reviewerStatus"))
        .select(db.ref("reviewerUserId").withSchema(TableName.AccessApprovalRequestReviewer).as("reviewerUserId"))
--- a/backend/src/ee/services/access-approval-request/access-approval-request-service.ts
+++ b/backend/src/ee/services/access-approval-request/access-approval-request-service.ts
@ -1,7 +1,7 @@
 import slugify from "@sindresorhus/slugify";
 import msFn from "ms";

-import { ActionProjectType, ProjectMembershipRole } from "@app/db/schemas";
+import { ProjectMembershipRole } from "@app/db/schemas";
 import { getConfig } from "@app/lib/config/env";
 import { BadRequestError, ForbiddenRequestError, NotFoundError } from "@app/lib/errors";
 import { groupBy } from "@app/lib/fn";
@ -107,8 +107,7 @@ export const accessApprovalRequestServiceFactory = ({
      actorId,
      projectId: project.id,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    if (!membership) {
      throw new ForbiddenRequestError({ message: "You are not a member of this project" });
@ -217,7 +216,7 @@ export const accessApprovalRequestServiceFactory = ({
      );

      const requesterFullName = `${requestedByUser.firstName} ${requestedByUser.lastName}`;
-      const approvalUrl = `${cfg.SITE_URL}/secret-manager/${project.id}/approval`;
+      const approvalUrl = `${cfg.SITE_URL}/projects/${project.id}/secret-manager/approval`;

      await triggerWorkflowIntegrationNotification({
        input: {
@ -290,8 +289,7 @@ export const accessApprovalRequestServiceFactory = ({
      actorId,
      projectId: project.id,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    if (!membership) {
      throw new ForbiddenRequestError({ message: "You are not a member of this project" });
@ -337,8 +335,7 @@ export const accessApprovalRequestServiceFactory = ({
      actorId,
      projectId: accessApprovalRequest.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    if (!membership) {
@ -350,6 +347,12 @@ export const accessApprovalRequestServiceFactory = ({
    const canBypass = !policy.bypassers.length || policy.bypassers.some((bypasser) => bypasser.userId === actorId);
    const cannotBypassUnderSoftEnforcement = !(isSoftEnforcement && canBypass);

+    // Calculate break glass attempt before sequence checks
+    const isBreakGlassApprovalAttempt =
+      policy.enforcementLevel === EnforcementLevel.Soft &&
+      actorId === accessApprovalRequest.requestedByUserId &&
+      status === ApprovalStatus.APPROVED;
+
    const isApprover = policy.approvers.find((approver) => approver.userId === actorId);
    // If user is (not an approver OR cant self approve) AND can't bypass policy
    if ((!isApprover || (!policy.allowedSelfApprovals && isSelfApproval)) && cannotBypassUnderSoftEnforcement) {
@ -409,15 +412,14 @@ export const accessApprovalRequestServiceFactory = ({
      const isApproverOfTheSequence = policy.approvers.find(
        (el) => el.sequence === presentSequence.step && el.userId === actorId
      );
-      if (!isApproverOfTheSequence) throw new BadRequestError({ message: "You are not reviewer in this step" });
+
+      // Only throw if actor is not the approver and not bypassing
+      if (!isApproverOfTheSequence && !isBreakGlassApprovalAttempt) {
+        throw new BadRequestError({ message: "You are not a reviewer in this step" });
+      }
    }

    const reviewStatus = await accessApprovalRequestReviewerDAL.transaction(async (tx) => {
-      const isBreakGlassApprovalAttempt =
-        policy.enforcementLevel === EnforcementLevel.Soft &&
-        actorId === accessApprovalRequest.requestedByUserId &&
-        status === ApprovalStatus.APPROVED;
-
      let reviewForThisActorProcessing: {
        id: string;
        requestId: string;
@ -543,7 +545,7 @@ export const accessApprovalRequestServiceFactory = ({
                  bypassReason: bypassReason || "No reason provided",
                  secretPath: policy.secretPath || "/",
                  environment,
-                  approvalUrl: `${cfg.SITE_URL}/secret-manager/${project.id}/approval`,
+                  approvalUrl: `${cfg.SITE_URL}/projects/${project.id}/secret-manager/approval`,
                  requestType: "access"
                },
                template: SmtpTemplates.AccessSecretRequestBypassed
@ -560,6 +562,7 @@ export const accessApprovalRequestServiceFactory = ({

  const getCount: TAccessApprovalRequestServiceFactory["getCount"] = async ({
    projectSlug,
+    policyId,
    actor,
    actorAuthMethod,
    actorId,
@ -573,14 +576,13 @@ export const accessApprovalRequestServiceFactory = ({
      actorId,
      projectId: project.id,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    if (!membership) {
      throw new ForbiddenRequestError({ message: "You are not a member of this project" });
    }

-    const count = await accessApprovalRequestDAL.getCount({ projectId: project.id });
+    const count = await accessApprovalRequestDAL.getCount({ projectId: project.id, policyId });

    return { count };
  };
--- a/backend/src/ee/services/access-approval-request/access-approval-request-types.ts
+++ b/backend/src/ee/services/access-approval-request/access-approval-request-types.ts
@ -12,6 +12,7 @@ export type TVerifyPermission = {

 export type TGetAccessRequestCountDTO = {
  projectSlug: string;
+  policyId?: string;
 } & Omit<TProjectPermission, "projectId">;

 export type TReviewAccessRequestDTO = {
--- a/backend/src/ee/services/assume-privilege/assume-privilege-service.ts
+++ b/backend/src/ee/services/assume-privilege/assume-privilege-service.ts
@ -1,7 +1,6 @@
 import { ForbiddenError } from "@casl/ability";
 import jwt from "jsonwebtoken";

-import { ActionProjectType } from "@app/db/schemas";
 import { getConfig } from "@app/lib/config/env";
 import { ForbiddenRequestError, NotFoundError } from "@app/lib/errors";
 import { ActorType } from "@app/services/auth/auth-type";
@ -38,8 +37,7 @@ export const assumePrivilegeServiceFactory = ({
      actorId: actorPermissionDetails.id,
      projectId,
      actorAuthMethod: actorPermissionDetails.authMethod,
-      actorOrgId: actorPermissionDetails.orgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId: actorPermissionDetails.orgId
    });

    if (targetActorType === ActorType.USER) {
@ -60,8 +58,7 @@ export const assumePrivilegeServiceFactory = ({
      actorId: targetActorId,
      projectId,
      actorAuthMethod: actorPermissionDetails.authMethod,
-      actorOrgId: actorPermissionDetails.orgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId: actorPermissionDetails.orgId
    });

    const appCfg = getConfig();
--- a/backend/src/ee/services/audit-log/audit-log-dal.ts
+++ b/backend/src/ee/services/audit-log/audit-log-dal.ts
@ -30,10 +30,10 @@ type TFindQuery = {
  actor?: string;
  projectId?: string;
  environment?: string;
-  orgId?: string;
+  orgId: string;
  eventType?: string;
-  startDate?: string;
-  endDate?: string;
+  startDate: string;
+  endDate: string;
  userAgentType?: string;
  limit?: number;
  offset?: number;
@ -61,18 +61,15 @@ export const auditLogDALFactory = (db: TDbClient) => {
    },
    tx
  ) => {
-    if (!orgId && !projectId) {
-      throw new Error("Either orgId or projectId must be provided");
-    }
-
    try {
      // Find statements
      const sqlQuery = (tx || db.replicaNode())(TableName.AuditLog)
+        .where(`${TableName.AuditLog}.orgId`, orgId)
+        .whereRaw(`"${TableName.AuditLog}"."createdAt" >= ?::timestamptz`, [startDate])
+        .andWhereRaw(`"${TableName.AuditLog}"."createdAt" < ?::timestamptz`, [endDate])
        // eslint-disable-next-line func-names
        .where(function () {
-          if (orgId) {
-            void this.where(`${TableName.AuditLog}.orgId`, orgId);
-          } else if (projectId) {
+          if (projectId) {
            void this.where(`${TableName.AuditLog}.projectId`, projectId);
          }
        });
@ -135,14 +132,6 @@ export const auditLogDALFactory = (db: TDbClient) => {
        void sqlQuery.whereIn("eventType", eventType);
      }

-      // Filter by date range
-      if (startDate) {
-        void sqlQuery.whereRaw(`"${TableName.AuditLog}"."createdAt" >= ?::timestamptz`, [startDate]);
-      }
-      if (endDate) {
-        void sqlQuery.whereRaw(`"${TableName.AuditLog}"."createdAt" <= ?::timestamptz`, [endDate]);
-      }
-
      // we timeout long running queries to prevent DB resource issues (2 minutes)
      const docs = await sqlQuery.timeout(1000 * 120);

@ -174,6 +163,8 @@ export const auditLogDALFactory = (db: TDbClient) => {
      try {
        const findExpiredLogSubQuery = (tx || db)(TableName.AuditLog)
          .where("expiresAt", "<", today)
+          .where("createdAt", "<", today) // to use audit log partition
+          .orderBy(`${TableName.AuditLog}.createdAt`, "desc")
          .select("id")
          .limit(AUDIT_LOG_PRUNE_BATCH_SIZE);

--- a/backend/src/ee/services/audit-log/audit-log-queue.ts
+++ b/backend/src/ee/services/audit-log/audit-log-queue.ts
@ -131,7 +131,6 @@ export const auditLogQueueServiceFactory = async ({
                });

              try {
-                logger.info(`Streaming audit log [url=${url}] for org [orgId=${orgId}]`);
                const response = await request.post(
                  url,
                  { ...providerSpecificPayload(url), ...auditLog },
@ -143,9 +142,6 @@ export const auditLogQueueServiceFactory = async ({
                    signal: AbortSignal.timeout(AUDIT_LOG_STREAM_TIMEOUT)
                  }
                );
-                logger.info(
-                  `Successfully streamed audit log [url=${url}] for org [orgId=${orgId}] [response=${JSON.stringify(response.data)}]`
-                );
                return response;
              } catch (error) {
                logger.error(
@ -237,7 +233,6 @@ export const auditLogQueueServiceFactory = async ({
            });

          try {
-            logger.info(`Streaming audit log [url=${url}] for org [orgId=${orgId}]`);
            const response = await request.post(
              url,
              { ...providerSpecificPayload(url), ...auditLog },
@ -249,9 +244,6 @@ export const auditLogQueueServiceFactory = async ({
                signal: AbortSignal.timeout(AUDIT_LOG_STREAM_TIMEOUT)
              }
            );
-            logger.info(
-              `Successfully streamed audit log [url=${url}] for org [orgId=${orgId}] [response=${JSON.stringify(response.data)}]`
-            );
            return response;
          } catch (error) {
            logger.error(
--- a/backend/src/ee/services/audit-log/audit-log-service.ts
+++ b/backend/src/ee/services/audit-log/audit-log-service.ts
@ -1,7 +1,6 @@
 import { ForbiddenError } from "@casl/ability";
 import { requestContext } from "@fastify/request-context";

-import { ActionProjectType } from "@app/db/schemas";
 import { getConfig } from "@app/lib/config/env";
 import { BadRequestError } from "@app/lib/errors";
 import { ActorType } from "@app/services/auth/auth-type";
@ -38,8 +37,7 @@ export const auditLogServiceFactory = ({
        actorId,
        projectId: filter.projectId,
        actorAuthMethod,
-        actorOrgId,
-        actionProjectType: ActionProjectType.Any
+        actorOrgId
      });
      ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.AuditLogs);
    } else {
@ -69,7 +67,8 @@ export const auditLogServiceFactory = ({
      secretPath: filter.secretPath,
      secretKey: filter.secretKey,
      environment: filter.environment,
-      ...(filter.projectId ? { projectId: filter.projectId } : { orgId: actorOrgId })
+      orgId: actorOrgId,
+      ...(filter.projectId ? { projectId: filter.projectId } : {})
    });

    return auditLogs.map(({ eventType: logEventType, actor: eActor, actorMetadata, eventMetadata, ...el }) => ({
--- a/backend/src/ee/services/audit-log/audit-log-types.ts
+++ b/backend/src/ee/services/audit-log/audit-log-types.ts
@ -56,8 +56,8 @@ export type TListProjectAuditLogDTO = {
    eventType?: EventType[];
    offset?: number;
    limit: number;
-    endDate?: string;
-    startDate?: string;
+    endDate: string;
+    startDate: string;
    projectId?: string;
    environment?: string;
    auditLogActorId?: string;
--- a/backend/src/ee/services/certificate-authority-crl/certificate-authority-crl-service.ts
+++ b/backend/src/ee/services/certificate-authority-crl/certificate-authority-crl-service.ts
@ -1,7 +1,6 @@
 import { ForbiddenError } from "@casl/ability";
 import * as x509 from "@peculiar/x509";

-import { ActionProjectType } from "@app/db/schemas";
 import { TCertificateAuthorityCrlDALFactory } from "@app/ee/services/certificate-authority-crl/certificate-authority-crl-dal";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
@ -78,8 +77,7 @@ export const certificateAuthorityCrlServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
--- a/backend/src/ee/services/dynamic-secret-lease/dynamic-secret-lease-service.ts
+++ b/backend/src/ee/services/dynamic-secret-lease/dynamic-secret-lease-service.ts
@ -1,7 +1,6 @@
 import { ForbiddenError, subject } from "@casl/ability";
 import RE2 from "re2";

-import { ActionProjectType } from "@app/db/schemas";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import {
@ -85,8 +84,7 @@ export const dynamicSecretLeaseServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    const plan = await licenseService.getPlan(actorOrgId);
@ -202,8 +200,7 @@ export const dynamicSecretLeaseServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    const { decryptor: secretManagerDecryptor } = await kmsService.createCipherPairWithDataKey({
@ -300,8 +297,7 @@ export const dynamicSecretLeaseServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    const { decryptor: secretManagerDecryptor } = await kmsService.createCipherPairWithDataKey({
@ -389,8 +385,7 @@ export const dynamicSecretLeaseServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    const folder = await folderDAL.findBySecretPath(projectId, environmentSlug, path);
@ -437,8 +432,7 @@ export const dynamicSecretLeaseServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    const folder = await folderDAL.findBySecretPath(projectId, environmentSlug, path);
--- a/backend/src/ee/services/dynamic-secret/dynamic-secret-service.ts
+++ b/backend/src/ee/services/dynamic-secret/dynamic-secret-service.ts
@ -1,6 +1,5 @@
 import { ForbiddenError, subject } from "@casl/ability";

-import { ActionProjectType } from "@app/db/schemas";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import {
@ -78,8 +77,7 @@ export const dynamicSecretServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -202,8 +200,7 @@ export const dynamicSecretServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    const plan = await licenseService.getPlan(actorOrgId);
@ -354,8 +351,7 @@ export const dynamicSecretServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    const folder = await folderDAL.findBySecretPath(projectId, environmentSlug, path);
@ -420,8 +416,7 @@ export const dynamicSecretServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    const folder = await folderDAL.findBySecretPath(projectId, environmentSlug, path);
@ -485,8 +480,7 @@ export const dynamicSecretServiceFactory = ({
        actorId,
        projectId,
        actorAuthMethod,
-        actorOrgId,
-        actionProjectType: ActionProjectType.SecretManager
+        actorOrgId
      });

      // verify user has access to each env in request
@ -529,8 +523,7 @@ export const dynamicSecretServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionDynamicSecretActions.ReadRootCredential,
@ -578,8 +571,7 @@ export const dynamicSecretServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    const folder = await folderDAL.findBySecretPath(projectId, environmentSlug, path);
@ -616,8 +608,7 @@ export const dynamicSecretServiceFactory = ({
      actorId: actor.id,
      projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId: actor.orgId
    });

    const userAccessibleFolderMappings = folderMappings.filter(({ path, environment }) =>
@ -661,8 +652,7 @@ export const dynamicSecretServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    const folders = await folderDAL.findBySecretPathMultiEnv(projectId, environmentSlugs, path);
--- a/backend/src/ee/services/dynamic-secret/providers/github.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/github.ts
@ -1,5 +1,5 @@
 import axios from "axios";
-import * as jwt from "jsonwebtoken";
+import jwt from "jsonwebtoken";

 import { BadRequestError, InternalServerError } from "@app/lib/errors";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
--- a/backend/src/ee/services/identity-project-additional-privilege-v2/identity-project-additional-privilege-v2-service.ts
+++ b/backend/src/ee/services/identity-project-additional-privilege-v2/identity-project-additional-privilege-v2-service.ts
@ -1,7 +1,7 @@
 import { ForbiddenError, subject } from "@casl/ability";
 import { packRules } from "@casl/ability/extra";

-import { ActionProjectType, TableName } from "@app/db/schemas";
+import { TableName } from "@app/db/schemas";
 import { BadRequestError, NotFoundError, PermissionBoundaryError } from "@app/lib/errors";
 import { ms } from "@app/lib/ms";
 import { validateHandlebarTemplate } from "@app/lib/template/validate-handlebars";
@ -61,8 +61,7 @@ export const identityProjectAdditionalPrivilegeV2ServiceFactory = ({
      actorId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Edit,
@ -73,8 +72,7 @@ export const identityProjectAdditionalPrivilegeV2ServiceFactory = ({
      actorId: identityId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    // we need to validate that the privilege given is not higher than the assigning users permission
@ -160,8 +158,7 @@ export const identityProjectAdditionalPrivilegeV2ServiceFactory = ({
      actorId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Edit,
@ -172,8 +169,7 @@ export const identityProjectAdditionalPrivilegeV2ServiceFactory = ({
      actorId: identityProjectMembership.identityId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    // we need to validate that the privilege given is not higher than the assigning users permission
@ -260,8 +256,7 @@ export const identityProjectAdditionalPrivilegeV2ServiceFactory = ({
      actorId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Edit,
@ -272,8 +267,7 @@ export const identityProjectAdditionalPrivilegeV2ServiceFactory = ({
      actorId: identityProjectMembership.identityId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    const permissionBoundary = validatePrivilegeChangeOperation(
      membership.shouldUseNewPrivilegeSystem,
@ -321,8 +315,7 @@ export const identityProjectAdditionalPrivilegeV2ServiceFactory = ({
      actorId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Read,
@ -356,8 +349,7 @@ export const identityProjectAdditionalPrivilegeV2ServiceFactory = ({
      actorId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Read,
@ -392,8 +384,7 @@ export const identityProjectAdditionalPrivilegeV2ServiceFactory = ({
      actorId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Read,
--- a/backend/src/ee/services/identity-project-additional-privilege/identity-project-additional-privilege-service.ts
+++ b/backend/src/ee/services/identity-project-additional-privilege/identity-project-additional-privilege-service.ts
@ -1,7 +1,6 @@
 import { ForbiddenError, MongoAbility, RawRuleOf, subject } from "@casl/ability";
 import { PackRule, packRules, unpackRules } from "@casl/ability/extra";

-import { ActionProjectType } from "@app/db/schemas";
 import { BadRequestError, NotFoundError, PermissionBoundaryError } from "@app/lib/errors";
 import { ms } from "@app/lib/ms";
 import { validateHandlebarTemplate } from "@app/lib/template/validate-handlebars";
@ -73,8 +72,7 @@ export const identityProjectAdditionalPrivilegeServiceFactory = ({
      actorId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -87,8 +85,7 @@ export const identityProjectAdditionalPrivilegeServiceFactory = ({
      actorId: identityId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    // we need to validate that the privilege given is not higher than the assigning users permission
@ -175,8 +172,7 @@ export const identityProjectAdditionalPrivilegeServiceFactory = ({
      actorId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -189,8 +185,7 @@ export const identityProjectAdditionalPrivilegeServiceFactory = ({
      actorId: identityProjectMembership.identityId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    // we need to validate that the privilege given is not higher than the assigning users permission
@ -293,8 +288,7 @@ export const identityProjectAdditionalPrivilegeServiceFactory = ({
      actorId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Edit,
@ -306,8 +300,7 @@ export const identityProjectAdditionalPrivilegeServiceFactory = ({
      actorId: identityProjectMembership.identityId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    const permissionBoundary = validatePrivilegeChangeOperation(
      membership.shouldUseNewPrivilegeSystem,
@ -366,8 +359,7 @@ export const identityProjectAdditionalPrivilegeServiceFactory = ({
      actorId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Read,
@ -409,8 +401,7 @@ export const identityProjectAdditionalPrivilegeServiceFactory = ({
      actorId,
      projectId: identityProjectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
--- a/backend/src/ee/services/kmip/kmip-operation-service.ts
+++ b/backend/src/ee/services/kmip/kmip-operation-service.ts
@ -24,7 +24,7 @@ type TKmipOperationServiceFactoryDep = {
  kmsService: TKmsServiceFactory;
  kmsDAL: TKmsKeyDALFactory;
  kmipClientDAL: TKmipClientDALFactory;
-  projectDAL: Pick<TProjectDALFactory, "getProjectFromSplitId" | "findById">;
+  projectDAL: Pick<TProjectDALFactory, "findById">;
  permissionService: Pick<TPermissionServiceFactory, "getOrgPermission">;
 };

--- a/backend/src/ee/services/kmip/kmip-service.ts
+++ b/backend/src/ee/services/kmip/kmip-service.ts
@ -2,7 +2,6 @@ import { ForbiddenError } from "@casl/ability";
 import * as x509 from "@peculiar/x509";
 import crypto, { KeyObject } from "crypto";

-import { ActionProjectType } from "@app/db/schemas";
 import { BadRequestError, InternalServerError, NotFoundError } from "@app/lib/errors";
 import { isValidIp } from "@app/lib/ip";
 import { ms } from "@app/lib/ms";
@ -73,8 +72,7 @@ export const kmipServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -127,8 +125,7 @@ export const kmipServiceFactory = ({
      actorId,
      projectId: kmipClient.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -159,8 +156,7 @@ export const kmipServiceFactory = ({
      actorId,
      projectId: kmipClient.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -193,8 +189,7 @@ export const kmipServiceFactory = ({
      actorId,
      projectId: kmipClient.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionKmipActions.ReadClients, ProjectPermissionSub.Kmip);
@ -215,8 +210,7 @@ export const kmipServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionKmipActions.ReadClients, ProjectPermissionSub.Kmip);
@ -252,8 +246,7 @@ export const kmipServiceFactory = ({
      actorId,
      projectId: kmipClient.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
--- a/backend/src/ee/services/permission/permission-dal.ts
+++ b/backend/src/ee/services/permission/permission-dal.ts
@ -91,7 +91,7 @@ export interface TPermissionDALFactory {
        userId: string;
        projectId: string;
        username: string;
-        projectType: string;
+        projectType?: string | null;
        id: string;
        createdAt: Date;
        updatedAt: Date;
@ -163,7 +163,7 @@ export interface TPermissionDALFactory {
        createdAt: Date;
        updatedAt: Date;
        orgId: string;
-        projectType: string;
+        projectType?: string | null;
        shouldUseNewPrivilegeSystem: boolean;
        orgAuthEnforced: boolean;
        metadata: {
@ -201,7 +201,7 @@ export interface TPermissionDALFactory {
      userId: string;
      projectId: string;
      username: string;
-      projectType: string;
+      projectType?: string | null;
      id: string;
      createdAt: Date;
      updatedAt: Date;
@ -267,7 +267,7 @@ export interface TPermissionDALFactory {
      createdAt: Date;
      updatedAt: Date;
      orgId: string;
-      projectType: string;
+      projectType?: string | null;
      orgAuthEnforced: boolean;
      metadata: {
        id: string;
--- a/backend/src/ee/services/permission/permission-service-types.ts
+++ b/backend/src/ee/services/permission/permission-service-types.ts
@ -1,7 +1,6 @@
 import { MongoAbility, RawRuleOf } from "@casl/ability";
 import { MongoQuery } from "@ucast/mongo2js";

-import { ActionProjectType } from "@app/db/schemas";
 import { ActorAuthMethod, ActorType } from "@app/services/auth/auth-type";

 import { OrgPermissionSet } from "./org-permission";
@ -21,7 +20,6 @@ export type TGetUserProjectPermissionArg = {
  userId: string;
  projectId: string;
  authMethod: ActorAuthMethod;
-  actionProjectType: ActionProjectType;
  userOrgId?: string;
 };

@ -29,14 +27,12 @@ export type TGetIdentityProjectPermissionArg = {
  identityId: string;
  projectId: string;
  identityOrgId?: string;
-  actionProjectType: ActionProjectType;
 };

 export type TGetServiceTokenProjectPermissionArg = {
  serviceTokenId: string;
  projectId: string;
  actorOrgId?: string;
-  actionProjectType: ActionProjectType;
 };

 export type TGetProjectPermissionArg = {
@ -45,7 +41,6 @@ export type TGetProjectPermissionArg = {
  projectId: string;
  actorAuthMethod: ActorAuthMethod;
  actorOrgId?: string;
-  actionProjectType: ActionProjectType;
 };

 export type TPermissionServiceFactory = {
@ -143,13 +138,7 @@ export type TPermissionServiceFactory = {
        };
      }
  >;
-  getUserProjectPermission: ({
-    userId,
-    projectId,
-    authMethod,
-    userOrgId,
-    actionProjectType
-  }: TGetUserProjectPermissionArg) => Promise<{
+  getUserProjectPermission: ({ userId, projectId, authMethod, userOrgId }: TGetUserProjectPermissionArg) => Promise<{
    permission: MongoAbility<ProjectPermissionSet, MongoQuery>;
    membership: {
      id: string;
--- a/backend/src/ee/services/permission/permission-service.ts
+++ b/backend/src/ee/services/permission/permission-service.ts
@ -5,7 +5,6 @@ import { MongoQuery } from "@ucast/mongo2js";
 import handlebars from "handlebars";

 import {
-  ActionProjectType,
  OrgMembershipRole,
  ProjectMembershipRole,
  ServiceTokenScopes,
@ -214,8 +213,7 @@ export const permissionServiceFactory = ({
    userId,
    projectId,
    authMethod,
-    userOrgId,
-    actionProjectType
+    userOrgId
  }: TGetUserProjectPermissionArg): Promise<TProjectPermissionRT<ActorType.USER>> => {
    const userProjectPermission = await permissionDAL.getProjectPermission(userId, projectId);
    if (!userProjectPermission) throw new ForbiddenRequestError({ name: "User not a part of the specified project" });
@ -242,12 +240,6 @@ export const permissionServiceFactory = ({
      userProjectPermission.orgRole
    );

-    if (actionProjectType !== ActionProjectType.Any && actionProjectType !== userProjectPermission.projectType) {
-      throw new BadRequestError({
-        message: `The project is of type ${userProjectPermission.projectType}. Operations of type ${actionProjectType} are not allowed.`
-      });
-    }
-
    // join two permissions and pass to build the final permission set
    const rolePermissions = userProjectPermission.roles?.map(({ role, permissions }) => ({ role, permissions })) || [];
    const additionalPrivileges =
@ -295,8 +287,7 @@ export const permissionServiceFactory = ({
  const getIdentityProjectPermission = async ({
    identityId,
    projectId,
-    identityOrgId,
-    actionProjectType
+    identityOrgId
  }: TGetIdentityProjectPermissionArg): Promise<TProjectPermissionRT<ActorType.IDENTITY>> => {
    const identityProjectPermission = await permissionDAL.getProjectIdentityPermission(identityId, projectId);
    if (!identityProjectPermission)
@ -316,12 +307,6 @@ export const permissionServiceFactory = ({
      throw new ForbiddenRequestError({ name: "Identity is not a member of the specified organization" });
    }

-    if (actionProjectType !== ActionProjectType.Any && actionProjectType !== identityProjectPermission.projectType) {
-      throw new BadRequestError({
-        message: `The project is of type ${identityProjectPermission.projectType}. Operations of type ${actionProjectType} are not allowed.`
-      });
-    }
-
    const rolePermissions =
      identityProjectPermission.roles?.map(({ role, permissions }) => ({ role, permissions })) || [];
    const additionalPrivileges =
@ -376,8 +361,7 @@ export const permissionServiceFactory = ({
  const getServiceTokenProjectPermission = async ({
    serviceTokenId,
    projectId,
-    actorOrgId,
-    actionProjectType
+    actorOrgId
  }: TGetServiceTokenProjectPermissionArg) => {
    const serviceToken = await serviceTokenDAL.findById(serviceTokenId);
    if (!serviceToken) throw new NotFoundError({ message: `Service token with ID '${serviceTokenId}' not found` });
@ -402,12 +386,6 @@ export const permissionServiceFactory = ({
      });
    }

-    if (actionProjectType !== ActionProjectType.Any && actionProjectType !== serviceTokenProject.type) {
-      throw new BadRequestError({
-        message: `The project is of type ${serviceTokenProject.type}. Operations of type ${actionProjectType} are not allowed.`
-      });
-    }
-
    const scopes = ServiceTokenScopes.parse(serviceToken.scopes || []);
    return {
      permission: buildServiceTokenProjectPermission(scopes, serviceToken.permissions),
@ -559,8 +537,7 @@ export const permissionServiceFactory = ({
    actorId: inputActorId,
    projectId,
    actorAuthMethod,
-    actorOrgId,
-    actionProjectType
+    actorOrgId
  }: TGetProjectPermissionArg): Promise<TProjectPermissionRT<T>> => {
    let actor = inputActor;
    let actorId = inputActorId;
@ -581,22 +558,19 @@ export const permissionServiceFactory = ({
          userId: actorId,
          projectId,
          authMethod: actorAuthMethod,
-          userOrgId: actorOrgId,
-          actionProjectType
+          userOrgId: actorOrgId
        }) as Promise<TProjectPermissionRT<T>>;
      case ActorType.SERVICE:
        return getServiceTokenProjectPermission({
          serviceTokenId: actorId,
          projectId,
-          actorOrgId,
-          actionProjectType
+          actorOrgId
        }) as Promise<TProjectPermissionRT<T>>;
      case ActorType.IDENTITY:
        return getIdentityProjectPermission({
          identityId: actorId,
          projectId,
-          identityOrgId: actorOrgId,
-          actionProjectType
+          identityOrgId: actorOrgId
        }) as Promise<TProjectPermissionRT<T>>;
      default:
        throw new BadRequestError({
--- a/backend/src/ee/services/pit/pit-service.ts
+++ b/backend/src/ee/services/pit/pit-service.ts
@ -1,7 +1,6 @@
 /* eslint-disable no-await-in-loop */
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType } from "@app/db/schemas";
 import { ProjectPermissionCommitsActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { NotFoundError } from "@app/lib/errors";
 import { logger } from "@app/lib/logger";
@ -321,8 +320,7 @@ export const pitServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    ForbiddenError.from(userPermission).throwUnlessCan(
--- a/backend/src/ee/services/project-template/project-template-fns.ts
+++ b/backend/src/ee/services/project-template/project-template-fns.ts
@ -1,4 +1,3 @@
-import { ProjectType } from "@app/db/schemas";
 import {
  InfisicalProjectTemplate,
  TUnpackedPermission
@ -7,21 +6,18 @@ import { getPredefinedRoles } from "@app/services/project-role/project-role-fns"

 import { ProjectTemplateDefaultEnvironments } from "./project-template-constants";

-export const getDefaultProjectTemplate = (orgId: string, type: ProjectType) => ({
+export const getDefaultProjectTemplate = (orgId: string) => ({
  id: "b11b49a9-09a9-4443-916a-4246f9ff2c69", // random ID to appease zod
-  type,
  name: InfisicalProjectTemplate.Default,
  createdAt: new Date(),
  updatedAt: new Date(),
-  description: `Infisical's ${type} default project template`,
-  environments: type === ProjectType.SecretManager ? ProjectTemplateDefaultEnvironments : null,
-  roles: [...getPredefinedRoles({ projectId: "project-template", projectType: type })].map(
-    ({ name, slug, permissions }) => ({
-      name,
-      slug,
-      permissions: permissions as TUnpackedPermission[]
-    })
-  ),
+  description: `Infisical's default project template`,
+  environments: ProjectTemplateDefaultEnvironments,
+  roles: getPredefinedRoles({ projectId: "project-template" }) as Array<{
+    name: string;
+    slug: string;
+    permissions: TUnpackedPermission[];
+  }>,
  orgId
 });

--- a/backend/src/ee/services/project-template/project-template-service.ts
+++ b/backend/src/ee/services/project-template/project-template-service.ts
@ -1,7 +1,7 @@
 import { ForbiddenError } from "@casl/ability";
 import { packRules } from "@casl/ability/extra";

-import { ProjectType, TProjectTemplates } from "@app/db/schemas";
+import { TProjectTemplates } from "@app/db/schemas";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { OrgPermissionActions, OrgPermissionSubjects } from "@app/ee/services/permission/org-permission";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
@ -29,13 +29,11 @@ const $unpackProjectTemplate = ({ roles, environments, ...rest }: TProjectTempla
  ...rest,
  environments: environments as TProjectTemplateEnvironment[],
  roles: [
-    ...getPredefinedRoles({ projectId: "project-template", projectType: rest.type as ProjectType }).map(
-      ({ name, slug, permissions }) => ({
-        name,
-        slug,
-        permissions: permissions as TUnpackedPermission[]
-      })
-    ),
+    ...getPredefinedRoles({ projectId: "project-template" }).map(({ name, slug, permissions }) => ({
+      name,
+      slug,
+      permissions: permissions as TUnpackedPermission[]
+    })),
    ...(roles as TProjectTemplateRole[]).map((role) => ({
      ...role,
      permissions: unpackPermissions(role.permissions)
@ -48,10 +46,7 @@ export const projectTemplateServiceFactory = ({
  permissionService,
  projectTemplateDAL
 }: TProjectTemplatesServiceFactoryDep): TProjectTemplateServiceFactory => {
-  const listProjectTemplatesByOrg: TProjectTemplateServiceFactory["listProjectTemplatesByOrg"] = async (
-    actor,
-    type
-  ) => {
+  const listProjectTemplatesByOrg: TProjectTemplateServiceFactory["listProjectTemplatesByOrg"] = async (actor) => {
    const plan = await licenseService.getPlan(actor.orgId);

    if (!plan.projectTemplates)
@ -70,14 +65,11 @@ export const projectTemplateServiceFactory = ({
    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Read, OrgPermissionSubjects.ProjectTemplates);

    const projectTemplates = await projectTemplateDAL.find({
-      orgId: actor.orgId,
-      ...(type ? { type } : {})
+      orgId: actor.orgId
    });

    return [
-      ...(type
-        ? [getDefaultProjectTemplate(actor.orgId, type)]
-        : Object.values(ProjectType).map((projectType) => getDefaultProjectTemplate(actor.orgId, projectType))),
+      getDefaultProjectTemplate(actor.orgId),
      ...projectTemplates.map((template) => $unpackProjectTemplate(template))
    ];
  };
@ -142,7 +134,7 @@ export const projectTemplateServiceFactory = ({
  };

  const createProjectTemplate: TProjectTemplateServiceFactory["createProjectTemplate"] = async (
-    { roles, environments, type, ...params },
+    { roles, environments, ...params },
    actor
  ) => {
    const plan = await licenseService.getPlan(actor.orgId);
@ -162,10 +154,6 @@ export const projectTemplateServiceFactory = ({

    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Create, OrgPermissionSubjects.ProjectTemplates);

-    if (environments && type !== ProjectType.SecretManager) {
-      throw new BadRequestError({ message: "Cannot configure environments for non-SecretManager project templates" });
-    }
-
    if (environments && plan.environmentLimit !== null && environments.length > plan.environmentLimit) {
      throw new BadRequestError({
        // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
@ -188,10 +176,8 @@ export const projectTemplateServiceFactory = ({
    const projectTemplate = await projectTemplateDAL.create({
      ...params,
      roles: JSON.stringify(roles.map((role) => ({ ...role, permissions: packRules(role.permissions) }))),
-      environments:
-        type === ProjectType.SecretManager ? JSON.stringify(environments ?? ProjectTemplateDefaultEnvironments) : null,
-      orgId: actor.orgId,
-      type
+      environments: environments ? JSON.stringify(environments ?? ProjectTemplateDefaultEnvironments) : null,
+      orgId: actor.orgId
    });

    return $unpackProjectTemplate(projectTemplate);
@ -223,12 +209,6 @@ export const projectTemplateServiceFactory = ({

    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.ProjectTemplates);

-    if (projectTemplate.type !== ProjectType.SecretManager && environments)
-      throw new BadRequestError({ message: "Cannot configure environments for non-SecretManager project templates" });
-
-    if (projectTemplate.type === ProjectType.SecretManager && environments === null)
-      throw new BadRequestError({ message: "Environments cannot be removed for SecretManager project templates" });
-
    if (environments && plan.environmentLimit !== null && environments.length > plan.environmentLimit) {
      throw new BadRequestError({
        // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
--- a/backend/src/ee/services/project-template/project-template-types.ts
+++ b/backend/src/ee/services/project-template/project-template-types.ts
@ -1,6 +1,6 @@
 import { z } from "zod";

-import { ProjectMembershipRole, ProjectType, TProjectEnvironments } from "@app/db/schemas";
+import { ProjectMembershipRole, TProjectEnvironments } from "@app/db/schemas";
 import { TProjectPermissionV2Schema } from "@app/ee/services/permission/project-permission";
 import { OrgServiceActor } from "@app/lib/types";
 import { UnpackedPermissionSchema } from "@app/server/routes/sanitizedSchema/permission";
@ -16,7 +16,6 @@ export type TProjectTemplateRole = {
 export type TCreateProjectTemplateDTO = {
  name: string;
  description?: string;
-  type: ProjectType;
  roles: TProjectTemplateRole[];
  environments?: TProjectTemplateEnvironment[] | null;
 };
@ -30,14 +29,10 @@ export enum InfisicalProjectTemplate {
 }

 export type TProjectTemplateServiceFactory = {
-  listProjectTemplatesByOrg: (
-    actor: OrgServiceActor,
-    type?: ProjectType
-  ) => Promise<
+  listProjectTemplatesByOrg: (actor: OrgServiceActor) => Promise<
    (
      | {
          id: string;
-          type: ProjectType;
          name: InfisicalProjectTemplate;
          createdAt: Date;
          updatedAt: Date;
@ -74,7 +69,6 @@ export type TProjectTemplateServiceFactory = {
            name: string;
          }[];
          name: string;
-          type: string;
          orgId: string;
          id: string;
          createdAt: Date;
@ -99,7 +93,6 @@ export type TProjectTemplateServiceFactory = {
      name: string;
    }[];
    name: string;
-    type: string;
    orgId: string;
    id: string;
    createdAt: Date;
@ -123,7 +116,6 @@ export type TProjectTemplateServiceFactory = {
      name: string;
    }[];
    name: string;
-    type: string;
    orgId: string;
    id: string;
    createdAt: Date;
@ -146,7 +138,6 @@ export type TProjectTemplateServiceFactory = {
      name: string;
    }[];
    name: string;
-    type: string;
    orgId: string;
    id: string;
    createdAt: Date;
@ -170,7 +161,6 @@ export type TProjectTemplateServiceFactory = {
      name: string;
    }[];
    name: string;
-    type: string;
    orgId: string;
    id: string;
    createdAt: Date;
@ -194,7 +184,6 @@ export type TProjectTemplateServiceFactory = {
      name: string;
    }[];
    name: string;
-    type: string;
    orgId: string;
    id: string;
    createdAt: Date;
--- a/backend/src/ee/services/project-user-additional-privilege/project-user-additional-privilege-service.ts
+++ b/backend/src/ee/services/project-user-additional-privilege/project-user-additional-privilege-service.ts
@ -1,7 +1,7 @@
 import { ForbiddenError, MongoAbility, RawRuleOf } from "@casl/ability";
 import { PackRule, packRules, unpackRules } from "@casl/ability/extra";

-import { ActionProjectType, TableName } from "@app/db/schemas";
+import { TableName } from "@app/db/schemas";
 import { BadRequestError, NotFoundError, PermissionBoundaryError } from "@app/lib/errors";
 import { ms } from "@app/lib/ms";
 import { validateHandlebarTemplate } from "@app/lib/template/validate-handlebars";
@ -61,8 +61,7 @@ export const projectUserAdditionalPrivilegeServiceFactory = ({
      actorId,
      projectId: projectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionMemberActions.Edit, ProjectPermissionSub.Member);
    const { permission: targetUserPermission, membership } = await permissionService.getProjectPermission({
@ -70,8 +69,7 @@ export const projectUserAdditionalPrivilegeServiceFactory = ({
      actorId: projectMembership.userId,
      projectId: projectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    // we need to validate that the privilege given is not higher than the assigning users permission
@ -166,8 +164,7 @@ export const projectUserAdditionalPrivilegeServiceFactory = ({
      actorId,
      projectId: projectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionMemberActions.Edit, ProjectPermissionSub.Member);
    const { permission: targetUserPermission } = await permissionService.getProjectPermission({
@ -175,8 +172,7 @@ export const projectUserAdditionalPrivilegeServiceFactory = ({
      actorId: projectMembership.userId,
      projectId: projectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    // we need to validate that the privilege given is not higher than the assigning users permission
@ -276,8 +272,7 @@ export const projectUserAdditionalPrivilegeServiceFactory = ({
      actorId,
      projectId: projectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionMemberActions.Edit, ProjectPermissionSub.Member);

@ -322,8 +317,7 @@ export const projectUserAdditionalPrivilegeServiceFactory = ({
      actorId,
      projectId: projectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionMemberActions.Read, ProjectPermissionSub.Member);

@ -349,8 +343,7 @@ export const projectUserAdditionalPrivilegeServiceFactory = ({
      actorId,
      projectId: projectMembership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionMemberActions.Read, ProjectPermissionSub.Member);

--- a/backend/src/ee/services/secret-approval-policy/secret-approval-policy-service.ts
+++ b/backend/src/ee/services/secret-approval-policy/secret-approval-policy-service.ts
@ -1,7 +1,6 @@
 import { ForbiddenError } from "@casl/ability";
 import picomatch from "picomatch";

-import { ActionProjectType } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { BadRequestError, NotFoundError } from "@app/lib/errors";
@ -91,8 +90,7 @@ export const secretApprovalPolicyServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Create,
@ -267,8 +265,7 @@ export const secretApprovalPolicyServiceFactory = ({
      actorId,
      projectId: secretApprovalPolicy.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.SecretApproval);

@ -423,8 +420,7 @@ export const secretApprovalPolicyServiceFactory = ({
      actorId,
      projectId: sapPolicy.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Delete,
@ -463,8 +459,7 @@ export const secretApprovalPolicyServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretApproval);

@ -508,8 +503,7 @@ export const secretApprovalPolicyServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    return getSecretApprovalPolicy(projectId, environment, secretPath);
@ -535,8 +529,7 @@ export const secretApprovalPolicyServiceFactory = ({
      actorId,
      projectId: sapPolicy.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretApproval);
--- a/backend/src/ee/services/secret-approval-request/secret-approval-request-dal.ts
+++ b/backend/src/ee/services/secret-approval-request/secret-approval-request-dal.ts
@ -290,7 +290,7 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
    }
  };

-  const findProjectRequestCount = async (projectId: string, userId: string, tx?: Knex) => {
+  const findProjectRequestCount = async (projectId: string, userId: string, policyId?: string, tx?: Knex) => {
    try {
      const docs = await (tx || db)
        .with(
@ -309,6 +309,9 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
              `${TableName.SecretApprovalPolicy}.id`
            )
            .where({ projectId })
+            .where((qb) => {
+              if (policyId) void qb.where(`${TableName.SecretApprovalPolicy}.id`, policyId);
+            })
            .andWhere(
              (bd) =>
                void bd
--- a/backend/src/ee/services/secret-approval-request/secret-approval-request-fns.ts
+++ b/backend/src/ee/services/secret-approval-request/secret-approval-request-fns.ts
@ -36,7 +36,7 @@ export const sendApprovalEmailsFn = async ({
        firstName: reviewerUser.firstName,
        projectName: project.name,
        organizationName: project.organization.name,
-        approvalUrl: `${cfg.SITE_URL}/secret-manager/${project.id}/approval?requestId=${secretApprovalRequest.id}`
+        approvalUrl: `${cfg.SITE_URL}/projects/${project.id}/secret-manager/approval?requestId=${secretApprovalRequest.id}`
      },
      template: SmtpTemplates.SecretApprovalRequestNeedsReview
    });
--- a/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts
+++ b/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts
@ -2,7 +2,6 @@
 import { ForbiddenError, subject } from "@casl/ability";

 import {
-  ActionProjectType,
  ProjectMembershipRole,
  SecretEncryptionAlgo,
  SecretKeyEncoding,
@ -168,7 +167,14 @@ export const secretApprovalRequestServiceFactory = ({
  microsoftTeamsService,
  folderCommitService
 }: TSecretApprovalRequestServiceFactoryDep) => {
-  const requestCount = async ({ projectId, actor, actorId, actorOrgId, actorAuthMethod }: TApprovalRequestCountDTO) => {
+  const requestCount = async ({
+    projectId,
+    policyId,
+    actor,
+    actorId,
+    actorOrgId,
+    actorAuthMethod
+  }: TApprovalRequestCountDTO) => {
    if (actor === ActorType.SERVICE) throw new BadRequestError({ message: "Cannot use service token" });

    await permissionService.getProjectPermission({
@ -176,11 +182,10 @@ export const secretApprovalRequestServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

-    const count = await secretApprovalRequestDAL.findProjectRequestCount(projectId, actorId);
+    const count = await secretApprovalRequestDAL.findProjectRequestCount(projectId, actorId, policyId);
    return count;
  };

@ -204,8 +209,7 @@ export const secretApprovalRequestServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    const { shouldUseSecretV2Bridge } = await projectBotService.getBotKey(projectId);
@ -257,8 +261,7 @@ export const secretApprovalRequestServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    if (
      !hasRole(ProjectMembershipRole.Admin) &&
@ -407,8 +410,7 @@ export const secretApprovalRequestServiceFactory = ({
      actorId,
      projectId: secretApprovalRequest.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    if (
      !hasRole(ProjectMembershipRole.Admin) &&
@ -477,8 +479,7 @@ export const secretApprovalRequestServiceFactory = ({
      actorId,
      projectId: secretApprovalRequest.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    if (
      !hasRole(ProjectMembershipRole.Admin) &&
@ -534,8 +535,7 @@ export const secretApprovalRequestServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    if (
@ -951,7 +951,7 @@ export const secretApprovalRequestServiceFactory = ({
          bypassReason,
          secretPath: policy.secretPath,
          environment: env.name,
-          approvalUrl: `${cfg.SITE_URL}/secret-manager/${project.id}/approval`
+          approvalUrl: `${cfg.SITE_URL}/projects/${project.id}/secret-manager/approval`
        },
        template: SmtpTemplates.AccessSecretRequestBypassed
      });
@ -980,8 +980,7 @@ export const secretApprovalRequestServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    throwIfMissingSecretReadValueOrDescribePermission(permission, ProjectPermissionSecretActions.ReadValue, {
@ -1271,8 +1270,7 @@ export const secretApprovalRequestServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    const folder = await folderDAL.findBySecretPath(projectId, environment, secretPath);
    if (!folder)
--- a/backend/src/ee/services/secret-approval-request/secret-approval-request-types.ts
+++ b/backend/src/ee/services/secret-approval-request/secret-approval-request-types.ts
@ -84,7 +84,7 @@ export type TReviewRequestDTO = {
  comment?: string;
 } & Omit<TProjectPermission, "projectId">;

-export type TApprovalRequestCountDTO = TProjectPermission;
+export type TApprovalRequestCountDTO = TProjectPermission & { policyId?: string };

 export type TListApprovalsDTO = {
  projectId: string;
--- a/backend/src/ee/services/secret-rotation-v2/secret-rotation-v2-queue.ts
+++ b/backend/src/ee/services/secret-rotation-v2/secret-rotation-v2-queue.ts
@ -166,7 +166,9 @@ export const secretRotationV2QueueServiceFactory = async ({
            secretPath: folder.path,
            environment: environment.name,
            projectName: project.name,
-            rotationUrl: encodeURI(`${appCfg.SITE_URL}/secret-manager/${projectId}/secrets/${environment.slug}`)
+            rotationUrl: encodeURI(
+              `${appCfg.SITE_URL}/projects/${projectId}/secret-manager/secrets/${environment.slug}`
+            )
          }
        });
      } catch (error) {
--- a/backend/src/ee/services/secret-rotation-v2/secret-rotation-v2-service.ts
+++ b/backend/src/ee/services/secret-rotation-v2/secret-rotation-v2-service.ts
@ -2,7 +2,7 @@ import { ForbiddenError, subject } from "@casl/ability";
 import { Knex } from "knex";
 import isEqual from "lodash.isequal";

-import { ActionProjectType, SecretType, TableName } from "@app/db/schemas";
+import { SecretType, TableName } from "@app/db/schemas";
 import { EventType, TAuditLogServiceFactory } from "@app/ee/services/audit-log/audit-log-types";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { hasSecretReadValueOrDescribePermission } from "@app/ee/services/permission/permission-fns";
@ -218,7 +218,7 @@ export const secretRotationV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager,
+
      projectId
    });

@ -269,7 +269,7 @@ export const secretRotationV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager,
+
      projectId
    });

@ -315,7 +315,7 @@ export const secretRotationV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager,
+
      projectId
    });

@ -380,7 +380,7 @@ export const secretRotationV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager,
+
      projectId
    });

@ -424,7 +424,7 @@ export const secretRotationV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager,
+
      projectId
    });

@ -625,7 +625,7 @@ export const secretRotationV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager,
+
      projectId
    });

@ -775,7 +775,7 @@ export const secretRotationV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager,
+
      projectId
    });

@ -1105,7 +1105,7 @@ export const secretRotationV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager,
+
      projectId
    });

@ -1152,7 +1152,7 @@ export const secretRotationV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager,
+
      projectId
    });

@ -1204,7 +1204,7 @@ export const secretRotationV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager,
+
      projectId
    });

@ -1320,8 +1320,7 @@ export const secretRotationV2ServiceFactory = ({
      actorId: actor.id,
      projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId: actor.orgId
    });

    const permissiveFolderMappings = folderMappings.filter(({ path, environment }) =>
--- a/backend/src/ee/services/secret-rotation/secret-rotation-service.ts
+++ b/backend/src/ee/services/secret-rotation/secret-rotation-service.ts
@ -1,7 +1,7 @@
 import { ForbiddenError, subject } from "@casl/ability";
 import Ajv from "ajv";

-import { ActionProjectType, ProjectVersion, TableName } from "@app/db/schemas";
+import { ProjectVersion, TableName } from "@app/db/schemas";
 import { decryptSymmetric128BitHexKeyUTF8 } from "@app/lib/crypto/encryption";
 import { BadRequestError, NotFoundError } from "@app/lib/errors";
 import { TProjectPermission } from "@app/lib/types";
@ -66,8 +66,7 @@ export const secretRotationServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionSecretRotationActions.Read,
@ -98,8 +97,7 @@ export const secretRotationServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionSecretRotationActions.Read,
@ -215,8 +213,7 @@ export const secretRotationServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionSecretRotationActions.Read,
@ -264,8 +261,7 @@ export const secretRotationServiceFactory = ({
      actorId,
      projectId: project.id,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionSecretRotationActions.Edit,
@ -285,8 +281,7 @@ export const secretRotationServiceFactory = ({
      actorId,
      projectId: doc.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionSecretRotationActions.Delete,
--- a/backend/src/ee/services/secret-scanning-v2/secret-scanning-v2-queue.ts
+++ b/backend/src/ee/services/secret-scanning-v2/secret-scanning-v2-queue.ts
@ -318,7 +318,7 @@ export const secretScanningV2QueueServiceFactory = async ({
    },
    {
      batchSize: 1,
-      workerCount: 20,
+      workerCount: 2,
      pollingIntervalSeconds: 1
    }
  );
@ -539,7 +539,7 @@ export const secretScanningV2QueueServiceFactory = async ({
    },
    {
      batchSize: 1,
-      workerCount: 20,
+      workerCount: 2,
      pollingIntervalSeconds: 1
    }
  );
@ -588,7 +588,7 @@ export const secretScanningV2QueueServiceFactory = async ({
                  numberOfSecrets: payload.numberOfSecrets,
                  isDiffScan: payload.isDiffScan,
                  url: encodeURI(
-                    `${appCfg.SITE_URL}/secret-scanning/${projectId}/findings?search=scanId:${payload.scanId}`
+                    `${appCfg.SITE_URL}/projects/${projectId}/secret-scanning/findings?search=scanId:${payload.scanId}`
                  ),
                  timestamp
                }
@ -599,7 +599,7 @@ export const secretScanningV2QueueServiceFactory = async ({
                  timestamp,
                  errorMessage: payload.errorMessage,
                  url: encodeURI(
-                    `${appCfg.SITE_URL}/secret-scanning/${projectId}/data-sources/${dataSource.type}/${dataSource.id}`
+                    `${appCfg.SITE_URL}/projects/${projectId}/secret-scanning/data-sources/${dataSource.type}/${dataSource.id}`
                  )
                }
        });
@ -613,7 +613,7 @@ export const secretScanningV2QueueServiceFactory = async ({
    },
    {
      batchSize: 1,
-      workerCount: 5,
+      workerCount: 2,
      pollingIntervalSeconds: 1
    }
  );
--- a/backend/src/ee/services/secret-scanning-v2/secret-scanning-v2-service.ts
+++ b/backend/src/ee/services/secret-scanning-v2/secret-scanning-v2-service.ts
@ -1,7 +1,6 @@
 import { ForbiddenError } from "@casl/ability";
 import { join } from "path";

-import { ActionProjectType } from "@app/db/schemas";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import {
@ -92,7 +91,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId
    });

@ -154,7 +153,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId: dataSource.projectId
    });

@ -199,7 +198,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId
    });

@ -233,7 +232,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId: payload.projectId
    });

@ -346,7 +345,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId: dataSource.projectId
    });

@ -399,7 +398,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId: dataSource.projectId
    });

@ -444,7 +443,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId: dataSource.projectId
    });

@ -508,7 +507,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId: dataSource.projectId
    });

@ -553,7 +552,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId: dataSource.projectId
    });

@ -596,7 +595,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId: dataSource.projectId
    });

@ -639,7 +638,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId: dataSource.projectId
    });

@ -672,7 +671,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId
    });

@ -706,7 +705,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId
    });

@ -746,7 +745,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId: finding.projectId
    });

@ -777,7 +776,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId
    });

@ -812,7 +811,7 @@ export const secretScanningV2ServiceFactory = ({
      actorId: actor.id,
      actorAuthMethod: actor.authMethod,
      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.SecretScanning,
+
      projectId
    });

--- a/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
+++ b/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
@ -2,7 +2,7 @@
 // akhilmhdh: I did this, quite strange bug with eslint. Everything do have a type stil has this error
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType, TableName, TSecretTagJunctionInsert, TSecretV2TagJunctionInsert } from "@app/db/schemas";
+import { TableName, TSecretTagJunctionInsert, TSecretV2TagJunctionInsert } from "@app/db/schemas";
 import { decryptSymmetric128BitHexKeyUTF8 } from "@app/lib/crypto";
 import { InternalServerError, NotFoundError } from "@app/lib/errors";
 import { groupBy } from "@app/lib/fn";
@ -103,8 +103,7 @@ export const secretSnapshotServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretRollback);

@ -140,8 +139,7 @@ export const secretSnapshotServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretRollback);

@ -169,8 +167,7 @@ export const secretSnapshotServiceFactory = ({
      actorId,
      projectId: snapshot.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SecretRollback);
@ -390,8 +387,7 @@ export const secretSnapshotServiceFactory = ({
      actorId,
      projectId: snapshot.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Create,
--- a/backend/src/ee/services/ssh-certificate-template/ssh-certificate-template-service.ts
+++ b/backend/src/ee/services/ssh-certificate-template/ssh-certificate-template-service.ts
@ -1,6 +1,5 @@
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { BadRequestError, NotFoundError } from "@app/lib/errors";
@ -59,8 +58,7 @@ export const sshCertificateTemplateServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -132,8 +130,7 @@ export const sshCertificateTemplateServiceFactory = ({
      actorId,
      projectId: certTemplate.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -201,8 +198,7 @@ export const sshCertificateTemplateServiceFactory = ({
      actorId,
      projectId: certificateTemplate.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -228,8 +224,7 @@ export const sshCertificateTemplateServiceFactory = ({
      actorId,
      projectId: certTemplate.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
--- a/backend/src/ee/services/ssh-host-group/ssh-host-group-service.ts
+++ b/backend/src/ee/services/ssh-host-group/ssh-host-group-service.ts
@ -1,6 +1,5 @@
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { TSshHostDALFactory } from "@app/ee/services/ssh-host/ssh-host-dal";
@ -80,8 +79,7 @@ export const sshHostGroupServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.SshHostGroups);
@ -173,8 +171,7 @@ export const sshHostGroupServiceFactory = ({
      actorId,
      projectId: sshHostGroup.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.SshHostGroups);
@ -270,8 +267,7 @@ export const sshHostGroupServiceFactory = ({
      actorId,
      projectId: sshHostGroup.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SshHostGroups);
@ -294,8 +290,7 @@ export const sshHostGroupServiceFactory = ({
      actorId,
      projectId: sshHostGroup.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.SshHostGroups);
@ -321,8 +316,7 @@ export const sshHostGroupServiceFactory = ({
      actorId,
      projectId: sshHostGroup.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.SshHostGroups);
@ -360,8 +354,7 @@ export const sshHostGroupServiceFactory = ({
      actorId,
      projectId: sshHostGroup.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.SshHostGroups);
@ -400,8 +393,7 @@ export const sshHostGroupServiceFactory = ({
      actorId,
      projectId: sshHostGroup.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.SshHostGroups);
--- a/backend/src/ee/services/ssh-host/ssh-host-fns.ts
+++ b/backend/src/ee/services/ssh-host/ssh-host-fns.ts
@ -1,6 +1,5 @@
 import { Knex } from "knex";

-import { ActionProjectType } from "@app/db/schemas";
 import { BadRequestError } from "@app/lib/errors";

 import { ProjectPermissionSshHostActions, ProjectPermissionSub } from "../permission/project-permission";
@ -63,8 +62,7 @@ export const createSshLoginMappings = async ({
            userId: user.id,
            projectId,
            authMethod: actorAuthMethod,
-            userOrgId: actorOrgId,
-            actionProjectType: ActionProjectType.SSH
+            userOrgId: actorOrgId
          });
        }

--- a/backend/src/ee/services/ssh-host/ssh-host-service.ts
+++ b/backend/src/ee/services/ssh-host/ssh-host-service.ts
@ -1,6 +1,5 @@
 import { ForbiddenError, subject } from "@casl/ability";

-import { ActionProjectType, ProjectType } from "@app/db/schemas";
 import { TGroupDALFactory } from "@app/ee/services/group/group-dal";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionSshHostActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
@ -12,11 +11,13 @@ import { SshCertKeyAlgorithm } from "@app/ee/services/ssh-certificate/ssh-certif
 import { TSshHostDALFactory } from "@app/ee/services/ssh-host/ssh-host-dal";
 import { TSshHostLoginUserMappingDALFactory } from "@app/ee/services/ssh-host/ssh-host-login-user-mapping-dal";
 import { TSshHostLoginUserDALFactory } from "@app/ee/services/ssh-host/ssh-login-user-dal";
+import { PgSqlLock } from "@app/keystore/keystore";
 import { BadRequestError, NotFoundError, UnauthorizedError } from "@app/lib/errors";
 import { ActorType } from "@app/services/auth/auth-type";
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { KmsDataKey } from "@app/services/kms/kms-types";
 import { TProjectDALFactory } from "@app/services/project/project-dal";
+import { bootstrapSshProject } from "@app/services/project/project-fns";
 import { TProjectSshConfigDALFactory } from "@app/services/project/project-ssh-config-dal";
 import { TUserDALFactory } from "@app/services/user/user-dal";

@ -43,9 +44,9 @@ type TSshHostServiceFactoryDep = {
  userDAL: Pick<TUserDALFactory, "findById" | "find">;
  groupDAL: Pick<TGroupDALFactory, "findGroupsByProjectId">;
  projectDAL: Pick<TProjectDALFactory, "find">;
-  projectSshConfigDAL: Pick<TProjectSshConfigDALFactory, "findOne">;
-  sshCertificateAuthorityDAL: Pick<TSshCertificateAuthorityDALFactory, "findOne">;
-  sshCertificateAuthoritySecretDAL: Pick<TSshCertificateAuthoritySecretDALFactory, "findOne">;
+  projectSshConfigDAL: Pick<TProjectSshConfigDALFactory, "findOne" | "transaction" | "create">;
+  sshCertificateAuthorityDAL: Pick<TSshCertificateAuthorityDALFactory, "findOne" | "transaction" | "create">;
+  sshCertificateAuthoritySecretDAL: Pick<TSshCertificateAuthoritySecretDALFactory, "findOne" | "create">;
  sshCertificateDAL: Pick<TSshCertificateDALFactory, "create" | "transaction">;
  sshCertificateBodyDAL: Pick<TSshCertificateBodyDALFactory, "create">;
  userGroupMembershipDAL: Pick<TUserGroupMembershipDALFactory, "findGroupMembershipsByUserIdInOrg">;
@ -98,8 +99,7 @@ export const sshHostServiceFactory = ({
    }

    const sshProjects = await projectDAL.find({
-      orgId: actorOrgId,
-      type: ProjectType.SSH
+      orgId: actorOrgId
    });

    const allowedHosts = [];
@ -111,8 +111,7 @@ export const sshHostServiceFactory = ({
          actorId,
          projectId: project.id,
          actorAuthMethod,
-          actorOrgId,
-          actionProjectType: ActionProjectType.SSH
+          actorOrgId
        });

        const projectHosts = await sshHostDAL.findUserAccessibleSshHosts([project.id], actorId);
@ -145,8 +144,7 @@ export const sshHostServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -184,7 +182,25 @@ export const sshHostServiceFactory = ({
      return ca.id;
    };

-    const projectSshConfig = await projectSshConfigDAL.findOne({ projectId });
+    let projectSshConfig = await projectSshConfigDAL.findOne({ projectId });
+    if (!projectSshConfig) {
+      projectSshConfig = await projectSshConfigDAL.transaction(async (tx) => {
+        await tx.raw("SELECT pg_advisory_xact_lock(?)", [PgSqlLock.SshInit(projectId)]);
+
+        let sshConfig = await projectSshConfigDAL.findOne({ projectId }, tx);
+        if (sshConfig) return sshConfig;
+
+        sshConfig = await bootstrapSshProject({
+          projectId,
+          sshCertificateAuthorityDAL,
+          sshCertificateAuthoritySecretDAL,
+          kmsService,
+          projectSshConfigDAL,
+          tx
+        });
+        return sshConfig;
+      });
+    }

    const userSshCaId = await resolveSshCaId({
      requestedId: requestedUserSshCaId,
@ -257,8 +273,7 @@ export const sshHostServiceFactory = ({
      actorId,
      projectId: host.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -319,8 +334,7 @@ export const sshHostServiceFactory = ({
      actorId,
      projectId: host.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -348,8 +362,7 @@ export const sshHostServiceFactory = ({
      actorId,
      projectId: host.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -388,8 +401,7 @@ export const sshHostServiceFactory = ({
      actorId,
      projectId: host.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    const internalPrincipals = await convertActorToPrincipals({
@ -508,8 +520,7 @@ export const sshHostServiceFactory = ({
      actorId,
      projectId: host.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
--- a/backend/src/ee/services/ssh/ssh-certificate-authority-service.ts
+++ b/backend/src/ee/services/ssh/ssh-certificate-authority-service.ts
@ -1,6 +1,5 @@
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { TSshCertificateAuthorityDALFactory } from "@app/ee/services/ssh/ssh-certificate-authority-dal";
@ -73,8 +72,7 @@ export const sshCertificateAuthorityServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -109,8 +107,7 @@ export const sshCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -178,8 +175,7 @@ export const sshCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -217,8 +213,7 @@ export const sshCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -259,8 +254,7 @@ export const sshCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: sshCertificateTemplate.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -381,8 +375,7 @@ export const sshCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: sshCertificateTemplate.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -479,8 +472,7 @@ export const sshCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SSH
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
--- a/backend/src/ee/services/trusted-ip/trusted-ip-service.ts
+++ b/backend/src/ee/services/trusted-ip/trusted-ip-service.ts
@ -1,6 +1,5 @@
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType } from "@app/db/schemas";
 import { BadRequestError } from "@app/lib/errors";
 import { extractIPDetails, isValidIpOrCidr } from "@app/lib/ip";
 import { TProjectDALFactory } from "@app/services/project/project-dal";
@ -36,8 +35,7 @@ export const trustedIpServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.IpAllowList);
    const trustedIps = await trustedIpDAL.find({
@ -61,8 +59,7 @@ export const trustedIpServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.IpAllowList);

@ -107,8 +104,7 @@ export const trustedIpServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.IpAllowList);

@ -153,8 +149,7 @@ export const trustedIpServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.IpAllowList);

--- a/backend/src/keystore/keystore.ts
+++ b/backend/src/keystore/keystore.ts
@ -12,7 +12,8 @@ export const PgSqlLock = {
  OrgGatewayCertExchange: (orgId: string) => pgAdvisoryLockHashText(`org-gateway-cert-exchange:${orgId}`),
  SecretRotationV2Creation: (folderId: string) => pgAdvisoryLockHashText(`secret-rotation-v2-creation:${folderId}`),
  CreateProject: (orgId: string) => pgAdvisoryLockHashText(`create-project:${orgId}`),
-  CreateFolder: (envId: string, projectId: string) => pgAdvisoryLockHashText(`create-folder:${envId}-${projectId}`)
+  CreateFolder: (envId: string, projectId: string) => pgAdvisoryLockHashText(`create-folder:${envId}-${projectId}`),
+  SshInit: (projectId: string) => pgAdvisoryLockHashText(`ssh-bootstrap:${projectId}`)
 } as const;

 // all the key prefixes used must be set here to avoid conflict
--- a/backend/src/lib/api-docs/constants.ts
+++ b/backend/src/lib/api-docs/constants.ts
@ -700,7 +700,8 @@ export const PROJECTS = {
    slug: "An optional slug for the project. (must be unique within the organization)",
    hasDeleteProtection: "Enable or disable delete protection for the project.",
    secretSharing: "Enable or disable secret sharing for the project.",
-    showSnapshotsLegacy: "Enable or disable legacy snapshots for the project."
+    showSnapshotsLegacy: "Enable or disable legacy snapshots for the project.",
+    defaultProduct: "The default product in which the project will open"
  },
  GET_KEY: {
    workspaceId: "The ID of the project to get the key from."
@ -2267,6 +2268,10 @@ export const AppConnections = {
      accessToken: "The Access Token used to access GitLab.",
      code: "The OAuth code to use to connect with GitLab.",
      accessTokenType: "The type of token used to connect with GitLab."
+    },
+    ZABBIX: {
+      apiToken: "The API Token used to access Zabbix.",
+      instanceUrl: "The Zabbix instance URL to connect with."
    }
  }
 };
@ -2427,7 +2432,8 @@ export const SecretSyncs = {
      keyOcid: "The OCID (Oracle Cloud Identifier) of the encryption key to use when creating secrets in the vault."
    },
    ONEPASS: {
-      vaultId: "The ID of the 1Password vault to sync secrets to."
+      vaultId: "The ID of the 1Password vault to sync secrets to.",
+      valueLabel: "The label of the entry that holds the secret value."
    },
    HEROKU: {
      app: "The ID of the Heroku app to sync secrets to.",
@ -2455,6 +2461,12 @@ export const SecretSyncs = {
    CLOUDFLARE_PAGES: {
      projectName: "The name of the Cloudflare Pages project to sync secrets to.",
      environment: "The environment of the Cloudflare Pages project to sync secrets to."
+    },
+    ZABBIX: {
+      scope: "The Zabbix scope that secrets should be synced to.",
+      hostId: "The ID of the Zabbix host to sync secrets to.",
+      hostName: "The name of the Zabbix host to sync secrets to.",
+      macroType: "The type of macro to sync secrets to. (0: Text, 1: Secret)"
    }
  }
 };
--- a/backend/src/server/routes/index.ts
+++ b/backend/src/server/routes/index.ts
@ -995,8 +995,7 @@ export const registerRoutes = async (
    pkiAlertDAL,
    pkiCollectionDAL,
    permissionService,
-    smtpService,
-    projectDAL
+    smtpService
  });

  const pkiCollectionService = pkiCollectionServiceFactory({
@ -1004,8 +1003,7 @@ export const registerRoutes = async (
    pkiCollectionItemDAL,
    certificateAuthorityDAL,
    certificateDAL,
-    permissionService,
-    projectDAL
+    permissionService
  });

  const projectTemplateService = projectTemplateServiceFactory({
@ -1189,7 +1187,9 @@ export const registerRoutes = async (
    projectEnvDAL,
    snapshotService,
    projectDAL,
-    folderCommitService
+    folderCommitService,
+    secretApprovalPolicyService,
+    secretV2BridgeDAL
  });

  const secretImportService = secretImportServiceFactory({
@ -1419,7 +1419,8 @@ export const registerRoutes = async (
  const identityAccessTokenService = identityAccessTokenServiceFactory({
    identityAccessTokenDAL,
    identityOrgMembershipDAL,
-    accessTokenQueue
+    accessTokenQueue,
+    identityDAL
  });

  const identityProjectService = identityProjectServiceFactory({
@ -1614,7 +1615,8 @@ export const registerRoutes = async (
    secretSharingDAL,
    secretVersionV2DAL: secretVersionV2BridgeDAL,
    identityUniversalAuthClientSecretDAL: identityUaClientSecretDAL,
-    serviceTokenService
+    serviceTokenService,
+    orgService
  });

  const dailyExpiringPkiItemAlert = dailyExpiringPkiItemAlertQueueServiceFactory({
@ -1662,8 +1664,7 @@ export const registerRoutes = async (
  const cmekService = cmekServiceFactory({
    kmsDAL,
    kmsService,
-    permissionService,
-    projectDAL
+    permissionService
  });

  const externalMigrationQueue = externalMigrationQueueFactory({
@ -1805,7 +1806,6 @@ export const registerRoutes = async (

  const certificateAuthorityService = certificateAuthorityServiceFactory({
    certificateAuthorityDAL,
-    projectDAL,
    permissionService,
    appConnectionDAL,
    appConnectionService,
@ -1815,7 +1815,8 @@ export const registerRoutes = async (
    certificateBodyDAL,
    certificateSecretDAL,
    kmsService,
-    pkiSubscriberDAL
+    pkiSubscriberDAL,
+    projectDAL
  });

  const internalCaFns = InternalCertificateAuthorityFns({
--- a/backend/src/server/routes/sanitizedSchemas.ts
+++ b/backend/src/server/routes/sanitizedSchemas.ts
@ -251,6 +251,7 @@ export const SanitizedProjectSchema = ProjectsSchema.pick({
  name: true,
  description: true,
  type: true,
+  defaultProduct: true,
  slug: true,
  autoCapitalization: true,
  orgId: true,
--- a/backend/src/server/routes/v1/app-connection-routers/app-connection-router.ts
+++ b/backend/src/server/routes/v1/app-connection-routers/app-connection-router.ts
@ -84,6 +84,7 @@ import {
  SanitizedWindmillConnectionSchema,
  WindmillConnectionListItemSchema
 } from "@app/services/app-connection/windmill";
+import { SanitizedZabbixConnectionSchema, ZabbixConnectionListItemSchema } from "@app/services/app-connection/zabbix";
 import { AuthMode } from "@app/services/auth/auth-type";

 // can't use discriminated due to multiple schemas for certain apps
@ -116,7 +117,8 @@ const SanitizedAppConnectionSchema = z.union([
  ...SanitizedRenderConnectionSchema.options,
  ...SanitizedFlyioConnectionSchema.options,
  ...SanitizedGitLabConnectionSchema.options,
-  ...SanitizedCloudflareConnectionSchema.options
+  ...SanitizedCloudflareConnectionSchema.options,
+  ...SanitizedZabbixConnectionSchema.options
 ]);

 const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
@ -148,7 +150,8 @@ const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
  RenderConnectionListItemSchema,
  FlyioConnectionListItemSchema,
  GitLabConnectionListItemSchema,
-  CloudflareConnectionListItemSchema
+  CloudflareConnectionListItemSchema,
+  ZabbixConnectionListItemSchema
 ]);

 export const registerAppConnectionRouter = async (server: FastifyZodProvider) => {
--- a/backend/src/server/routes/v1/app-connection-routers/index.ts
+++ b/backend/src/server/routes/v1/app-connection-routers/index.ts
@ -29,6 +29,7 @@ import { registerTeamCityConnectionRouter } from "./teamcity-connection-router";
 import { registerTerraformCloudConnectionRouter } from "./terraform-cloud-router";
 import { registerVercelConnectionRouter } from "./vercel-connection-router";
 import { registerWindmillConnectionRouter } from "./windmill-connection-router";
+import { registerZabbixConnectionRouter } from "./zabbix-connection-router";

 export * from "./app-connection-router";

@ -62,5 +63,6 @@ export const APP_CONNECTION_REGISTER_ROUTER_MAP: Record<AppConnection, (server:
    [AppConnection.Render]: registerRenderConnectionRouter,
    [AppConnection.Flyio]: registerFlyioConnectionRouter,
    [AppConnection.GitLab]: registerGitLabConnectionRouter,
-    [AppConnection.Cloudflare]: registerCloudflareConnectionRouter
+    [AppConnection.Cloudflare]: registerCloudflareConnectionRouter,
+    [AppConnection.Zabbix]: registerZabbixConnectionRouter
  };
--- a/backend/src/server/routes/v1/app-connection-routers/zabbix-connection-router.ts
+++ b/backend/src/server/routes/v1/app-connection-routers/zabbix-connection-router.ts
@ -0,0 +1,51 @@
+import z from "zod";
+
+import { readLimit } from "@app/server/config/rateLimiter";
+import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import {
+  CreateZabbixConnectionSchema,
+  SanitizedZabbixConnectionSchema,
+  UpdateZabbixConnectionSchema
+} from "@app/services/app-connection/zabbix";
+import { AuthMode } from "@app/services/auth/auth-type";
+
+import { registerAppConnectionEndpoints } from "./app-connection-endpoints";
+
+export const registerZabbixConnectionRouter = async (server: FastifyZodProvider) => {
+  registerAppConnectionEndpoints({
+    app: AppConnection.Zabbix,
+    server,
+    sanitizedResponseSchema: SanitizedZabbixConnectionSchema,
+    createSchema: CreateZabbixConnectionSchema,
+    updateSchema: UpdateZabbixConnectionSchema
+  });
+
+  // The following endpoints are for internal Infisical App use only and not part of the public API
+  server.route({
+    method: "GET",
+    url: `/:connectionId/hosts`,
+    config: {
+      rateLimit: readLimit
+    },
+    schema: {
+      params: z.object({
+        connectionId: z.string().uuid()
+      }),
+      response: {
+        200: z
+          .object({
+            hostId: z.string(),
+            host: z.string()
+          })
+          .array()
+      }
+    },
+    onRequest: verifyAuth([AuthMode.JWT]),
+    handler: async (req) => {
+      const { connectionId } = req.params;
+      const hosts = await server.services.appConnection.zabbix.listHosts(connectionId, req.permission);
+      return hosts;
+    }
+  });
+};
--- a/backend/src/server/routes/v1/organization-router.ts
+++ b/backend/src/server/routes/v1/organization-router.ts
@ -113,52 +113,73 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
      hide: false,
      tags: [ApiDocsTags.AuditLogs],
      description: "Get all audit logs for an organization",
-      querystring: z.object({
-        projectId: z.string().optional().describe(AUDIT_LOGS.EXPORT.projectId),
-        environment: z.string().optional().describe(AUDIT_LOGS.EXPORT.environment),
-        actorType: z.nativeEnum(ActorType).optional(),
-        secretPath: z
-          .string()
-          .optional()
-          .transform((val) => (!val ? val : removeTrailingSlash(val)))
-          .describe(AUDIT_LOGS.EXPORT.secretPath),
-        secretKey: z.string().optional().describe(AUDIT_LOGS.EXPORT.secretKey),
+      querystring: z
+        .object({
+          projectId: z.string().optional().describe(AUDIT_LOGS.EXPORT.projectId),
+          environment: z.string().optional().describe(AUDIT_LOGS.EXPORT.environment),
+          actorType: z.nativeEnum(ActorType).optional(),
+          secretPath: z
+            .string()
+            .optional()
+            .transform((val) => (!val ? val : removeTrailingSlash(val)))
+            .describe(AUDIT_LOGS.EXPORT.secretPath),
+          secretKey: z.string().optional().describe(AUDIT_LOGS.EXPORT.secretKey),
+          // eventType is split with , for multiple values, we need to transform it to array
+          eventType: z
+            .string()
+            .optional()
+            .transform((val) => (val ? val.split(",") : undefined)),
+          userAgentType: z.nativeEnum(UserAgentType).optional().describe(AUDIT_LOGS.EXPORT.userAgentType),
+          eventMetadata: z
+            .string()
+            .optional()
+            .transform((val) => {
+              if (!val) {
+                return undefined;
+              }

-        // eventType is split with , for multiple values, we need to transform it to array
-        eventType: z
-          .string()
-          .optional()
-          .transform((val) => (val ? val.split(",") : undefined)),
-        userAgentType: z.nativeEnum(UserAgentType).optional().describe(AUDIT_LOGS.EXPORT.userAgentType),
-        eventMetadata: z
-          .string()
-          .optional()
-          .transform((val) => {
-            if (!val) {
-              return undefined;
+              const pairs = val.split(",");
+
+              return pairs.reduce(
+                (acc, pair) => {
+                  const [key, value] = pair.split("=");
+                  if (key && value) {
+                    acc[key] = value;
+                  }
+                  return acc;
+                },
+                {} as Record<string, string>
+              );
+            })
+            .describe(AUDIT_LOGS.EXPORT.eventMetadata),
+          startDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.startDate),
+          endDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.endDate),
+          offset: z.coerce.number().default(0).describe(AUDIT_LOGS.EXPORT.offset),
+          limit: z.coerce.number().max(1000).default(20).describe(AUDIT_LOGS.EXPORT.limit),
+          actor: z.string().optional().describe(AUDIT_LOGS.EXPORT.actor)
+        })
+        .superRefine((el, ctx) => {
+          if (el.endDate && el.startDate) {
+            const startDate = new Date(el.startDate);
+            const endDate = new Date(el.endDate);
+            const maxAllowedDate = new Date(startDate);
+            maxAllowedDate.setMonth(maxAllowedDate.getMonth() + 3);
+            if (endDate < startDate) {
+              ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                path: ["endDate"],
+                message: "End date cannot be before start date"
+              });
            }
-
-            const pairs = val.split(",");
-
-            return pairs.reduce(
-              (acc, pair) => {
-                const [key, value] = pair.split("=");
-                if (key && value) {
-                  acc[key] = value;
-                }
-                return acc;
-              },
-              {} as Record<string, string>
-            );
-          })
-          .describe(AUDIT_LOGS.EXPORT.eventMetadata),
-        startDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.startDate),
-        endDate: z.string().datetime().optional().describe(AUDIT_LOGS.EXPORT.endDate),
-        offset: z.coerce.number().default(0).describe(AUDIT_LOGS.EXPORT.offset),
-        limit: z.coerce.number().default(20).describe(AUDIT_LOGS.EXPORT.limit),
-        actor: z.string().optional().describe(AUDIT_LOGS.EXPORT.actor)
-      }),
-
+            if (endDate > maxAllowedDate) {
+              ctx.addIssue({
+                code: z.ZodIssueCode.custom,
+                path: ["endDate"],
+                message: "Dates must be within 3 months"
+              });
+            }
+          }
+        }),
      response: {
        200: z.object({
          auditLogs: AuditLogsSchema.omit({
@ -188,14 +209,13 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
      const auditLogs = await server.services.auditLog.listAuditLogs({
        filter: {
          ...req.query,
-          endDate: req.query.endDate,
+          endDate: req.query.endDate || new Date().toISOString(),
          projectId: req.query.projectId,
          startDate: req.query.startDate || getLastMidnightDateISO(),
          auditLogActorId: req.query.actor,
          actorType: req.query.actorType,
          eventType: req.query.eventType as EventType[] | undefined
        },
-
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
        actorAuthMethod: req.permission.authMethod,
--- a/backend/src/server/routes/v1/project-router.ts
+++ b/backend/src/server/routes/v1/project-router.ts
@ -158,17 +158,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
        includeRoles: z
          .enum(["true", "false"])
          .default("false")
-          .transform((value) => value === "true"),
-        type: z
-          .enum([
-            ProjectType.SecretManager,
-            ProjectType.KMS,
-            ProjectType.CertificateManager,
-            ProjectType.SSH,
-            ProjectType.SecretScanning,
-            "all"
-          ])
-          .optional()
+          .transform((value) => value === "true")
      }),
      response: {
        200: z.object({
@ -187,8 +177,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actorAuthMethod: req.permission.authMethod,
        actor: req.permission.type,
-        actorOrgId: req.permission.orgId,
-        type: req.query.type
+        actorOrgId: req.permission.orgId
      });
      return { workspaces };
    }
@ -377,7 +366,8 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
          .optional()
          .describe(PROJECTS.UPDATE.slug),
        secretSharing: z.boolean().optional().describe(PROJECTS.UPDATE.secretSharing),
-        showSnapshotsLegacy: z.boolean().optional().describe(PROJECTS.UPDATE.showSnapshotsLegacy)
+        showSnapshotsLegacy: z.boolean().optional().describe(PROJECTS.UPDATE.showSnapshotsLegacy),
+        defaultProduct: z.nativeEnum(ProjectType).optional().describe(PROJECTS.UPDATE.defaultProduct)
      }),
      response: {
        200: z.object({
@ -396,6 +386,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
          name: req.body.name,
          description: req.body.description,
          autoCapitalization: req.body.autoCapitalization,
+          defaultProduct: req.body.defaultProduct,
          hasDeleteProtection: req.body.hasDeleteProtection,
          slug: req.body.slug,
          secretSharing: req.body.secretSharing,
@ -1059,7 +1050,6 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
      body: z.object({
        limit: z.number().default(100),
        offset: z.number().default(0),
-        type: z.nativeEnum(ProjectType).optional(),
        orderBy: z.nativeEnum(SearchProjectSortBy).optional().default(SearchProjectSortBy.NAME),
        orderDirection: z.nativeEnum(SortDirection).optional().default(SortDirection.ASC),
        name: z
--- a/backend/src/server/routes/v1/secret-sync-routers/index.ts
+++ b/backend/src/server/routes/v1/secret-sync-routers/index.ts
@ -22,6 +22,7 @@ import { registerTeamCitySyncRouter } from "./teamcity-sync-router";
 import { registerTerraformCloudSyncRouter } from "./terraform-cloud-sync-router";
 import { registerVercelSyncRouter } from "./vercel-sync-router";
 import { registerWindmillSyncRouter } from "./windmill-sync-router";
+import { registerZabbixSyncRouter } from "./zabbix-sync-router";

 export * from "./secret-sync-router";

@ -47,5 +48,6 @@ export const SECRET_SYNC_REGISTER_ROUTER_MAP: Record<SecretSync, (server: Fastif
  [SecretSync.Render]: registerRenderSyncRouter,
  [SecretSync.Flyio]: registerFlyioSyncRouter,
  [SecretSync.GitLab]: registerGitLabSyncRouter,
-  [SecretSync.CloudflarePages]: registerCloudflarePagesSyncRouter
+  [SecretSync.CloudflarePages]: registerCloudflarePagesSyncRouter,
+  [SecretSync.Zabbix]: registerZabbixSyncRouter
 };
--- a/backend/src/server/routes/v1/secret-sync-routers/secret-sync-router.ts
+++ b/backend/src/server/routes/v1/secret-sync-routers/secret-sync-router.ts
@ -39,6 +39,7 @@ import { TeamCitySyncListItemSchema, TeamCitySyncSchema } from "@app/services/se
 import { TerraformCloudSyncListItemSchema, TerraformCloudSyncSchema } from "@app/services/secret-sync/terraform-cloud";
 import { VercelSyncListItemSchema, VercelSyncSchema } from "@app/services/secret-sync/vercel";
 import { WindmillSyncListItemSchema, WindmillSyncSchema } from "@app/services/secret-sync/windmill";
+import { ZabbixSyncListItemSchema, ZabbixSyncSchema } from "@app/services/secret-sync/zabbix";

 const SecretSyncSchema = z.discriminatedUnion("destination", [
  AwsParameterStoreSyncSchema,
@ -62,7 +63,8 @@ const SecretSyncSchema = z.discriminatedUnion("destination", [
  RenderSyncSchema,
  FlyioSyncSchema,
  GitLabSyncSchema,
-  CloudflarePagesSyncSchema
+  CloudflarePagesSyncSchema,
+  ZabbixSyncSchema
 ]);

 const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
@ -87,7 +89,8 @@ const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
  RenderSyncListItemSchema,
  FlyioSyncListItemSchema,
  GitLabSyncListItemSchema,
-  CloudflarePagesSyncListItemSchema
+  CloudflarePagesSyncListItemSchema,
+  ZabbixSyncListItemSchema
 ]);

 export const registerSecretSyncRouter = async (server: FastifyZodProvider) => {
--- a/backend/src/server/routes/v1/secret-sync-routers/zabbix-sync-router.ts
+++ b/backend/src/server/routes/v1/secret-sync-routers/zabbix-sync-router.ts
@ -0,0 +1,13 @@
+import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
+import { CreateZabbixSyncSchema, UpdateZabbixSyncSchema, ZabbixSyncSchema } from "@app/services/secret-sync/zabbix";
+
+import { registerSyncSecretsEndpoints } from "./secret-sync-endpoints";
+
+export const registerZabbixSyncRouter = async (server: FastifyZodProvider) =>
+  registerSyncSecretsEndpoints({
+    destination: SecretSync.Zabbix,
+    server,
+    responseSchema: ZabbixSyncSchema,
+    createSchema: CreateZabbixSyncSchema,
+    updateSchema: UpdateZabbixSyncSchema
+  });
--- a/backend/src/server/routes/v2/organization-router.ts
+++ b/backend/src/server/routes/v2/organization-router.ts
@ -4,7 +4,6 @@ import {
  OrgMembershipsSchema,
  ProjectMembershipsSchema,
  ProjectsSchema,
-  ProjectType,
  UserEncryptionKeysSchema,
  UsersSchema
 } from "@app/db/schemas";
@ -85,9 +84,6 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
      params: z.object({
        organizationId: z.string().trim().describe(ORGANIZATIONS.GET_PROJECTS.organizationId)
      }),
-      querystring: z.object({
-        type: z.nativeEnum(ProjectType).optional().describe(ORGANIZATIONS.GET_PROJECTS.type)
-      }),
      response: {
        200: z.object({
          workspaces: z
@ -114,8 +110,7 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
        actorId: req.permission.id,
        actorOrgId: req.permission.orgId,
        actorAuthMethod: req.permission.authMethod,
-        orgId: req.params.organizationId,
-        type: req.query.type
+        orgId: req.params.organizationId
      });

      return { workspaces };
--- a/backend/src/server/routes/v2/project-router.ts
+++ b/backend/src/server/routes/v2/project-router.ts
@ -457,6 +457,8 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
      rateLimit: readLimit
    },
    schema: {
+      hide: false,
+      tags: [ApiDocsTags.PkiAlerting],
      params: z.object({
        projectId: z.string().trim()
      }),
@ -487,6 +489,8 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
      rateLimit: readLimit
    },
    schema: {
+      hide: false,
+      tags: [ApiDocsTags.PkiCertificateCollections],
      params: z.object({
        projectId: z.string().trim()
      }),
@ -549,6 +553,8 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
      rateLimit: readLimit
    },
    schema: {
+      hide: false,
+      tags: [ApiDocsTags.PkiCertificateTemplates],
      params: z.object({
        projectId: z.string().trim()
      }),
--- a/backend/src/services/app-connection/app-connection-enums.ts
+++ b/backend/src/services/app-connection/app-connection-enums.ts
@ -27,7 +27,8 @@ export enum AppConnection {
  Render = "render",
  Flyio = "flyio",
  GitLab = "gitlab",
-  Cloudflare = "cloudflare"
+  Cloudflare = "cloudflare",
+  Zabbix = "zabbix"
 }

 export enum AWSRegion {
--- a/backend/src/services/app-connection/app-connection-fns.ts
+++ b/backend/src/services/app-connection/app-connection-fns.ts
@ -105,6 +105,7 @@ import {
  validateWindmillConnectionCredentials,
  WindmillConnectionMethod
 } from "./windmill";
+import { getZabbixConnectionListItem, validateZabbixConnectionCredentials, ZabbixConnectionMethod } from "./zabbix";

 export const listAppConnectionOptions = () => {
  return [
@ -136,7 +137,8 @@ export const listAppConnectionOptions = () => {
    getRenderConnectionListItem(),
    getFlyioConnectionListItem(),
    getGitLabConnectionListItem(),
-    getCloudflareConnectionListItem()
+    getCloudflareConnectionListItem(),
+    getZabbixConnectionListItem()
  ].sort((a, b) => a.name.localeCompare(b.name));
 };

@ -216,7 +218,8 @@ export const validateAppConnectionCredentials = async (
    [AppConnection.Render]: validateRenderConnectionCredentials as TAppConnectionCredentialsValidator,
    [AppConnection.Flyio]: validateFlyioConnectionCredentials as TAppConnectionCredentialsValidator,
    [AppConnection.GitLab]: validateGitLabConnectionCredentials as TAppConnectionCredentialsValidator,
-    [AppConnection.Cloudflare]: validateCloudflareConnectionCredentials as TAppConnectionCredentialsValidator
+    [AppConnection.Cloudflare]: validateCloudflareConnectionCredentials as TAppConnectionCredentialsValidator,
+    [AppConnection.Zabbix]: validateZabbixConnectionCredentials as TAppConnectionCredentialsValidator
  };

  return VALIDATE_APP_CONNECTION_CREDENTIALS_MAP[appConnection.app](appConnection);
@ -253,6 +256,7 @@ export const getAppConnectionMethodName = (method: TAppConnection["method"]) =>
    case VercelConnectionMethod.ApiToken:
    case OnePassConnectionMethod.ApiToken:
    case CloudflareConnectionMethod.APIToken:
+    case ZabbixConnectionMethod.ApiToken:
      return "API Token";
    case PostgresConnectionMethod.UsernameAndPassword:
    case MsSqlConnectionMethod.UsernameAndPassword:
@ -332,7 +336,8 @@ export const TRANSITION_CONNECTION_CREDENTIALS_TO_PLATFORM: Record<
  [AppConnection.Render]: platformManagedCredentialsNotSupported,
  [AppConnection.Flyio]: platformManagedCredentialsNotSupported,
  [AppConnection.GitLab]: platformManagedCredentialsNotSupported,
-  [AppConnection.Cloudflare]: platformManagedCredentialsNotSupported
+  [AppConnection.Cloudflare]: platformManagedCredentialsNotSupported,
+  [AppConnection.Zabbix]: platformManagedCredentialsNotSupported
 };

 export const enterpriseAppCheck = async (
--- a/backend/src/services/app-connection/app-connection-maps.ts
+++ b/backend/src/services/app-connection/app-connection-maps.ts
@ -29,7 +29,8 @@ export const APP_CONNECTION_NAME_MAP: Record<AppConnection, string> = {
  [AppConnection.Render]: "Render",
  [AppConnection.Flyio]: "Fly.io",
  [AppConnection.GitLab]: "GitLab",
-  [AppConnection.Cloudflare]: "Cloudflare"
+  [AppConnection.Cloudflare]: "Cloudflare",
+  [AppConnection.Zabbix]: "Zabbix"
 };

 export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanType> = {
@ -61,5 +62,6 @@ export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanTyp
  [AppConnection.Render]: AppConnectionPlanType.Regular,
  [AppConnection.Flyio]: AppConnectionPlanType.Regular,
  [AppConnection.GitLab]: AppConnectionPlanType.Regular,
-  [AppConnection.Cloudflare]: AppConnectionPlanType.Regular
+  [AppConnection.Cloudflare]: AppConnectionPlanType.Regular,
+  [AppConnection.Zabbix]: AppConnectionPlanType.Regular
 };
--- a/backend/src/services/app-connection/app-connection-service.ts
+++ b/backend/src/services/app-connection/app-connection-service.ts
@ -80,6 +80,8 @@ import { ValidateVercelConnectionCredentialsSchema } from "./vercel";
 import { vercelConnectionService } from "./vercel/vercel-connection-service";
 import { ValidateWindmillConnectionCredentialsSchema } from "./windmill";
 import { windmillConnectionService } from "./windmill/windmill-connection-service";
+import { ValidateZabbixConnectionCredentialsSchema } from "./zabbix";
+import { zabbixConnectionService } from "./zabbix/zabbix-connection-service";

 export type TAppConnectionServiceFactoryDep = {
  appConnectionDAL: TAppConnectionDALFactory;
@ -119,7 +121,8 @@ const VALIDATE_APP_CONNECTION_CREDENTIALS_MAP: Record<AppConnection, TValidateAp
  [AppConnection.Render]: ValidateRenderConnectionCredentialsSchema,
  [AppConnection.Flyio]: ValidateFlyioConnectionCredentialsSchema,
  [AppConnection.GitLab]: ValidateGitLabConnectionCredentialsSchema,
-  [AppConnection.Cloudflare]: ValidateCloudflareConnectionCredentialsSchema
+  [AppConnection.Cloudflare]: ValidateCloudflareConnectionCredentialsSchema,
+  [AppConnection.Zabbix]: ValidateZabbixConnectionCredentialsSchema
 };

 export const appConnectionServiceFactory = ({
@ -529,6 +532,7 @@ export const appConnectionServiceFactory = ({
    render: renderConnectionService(connectAppConnectionById),
    flyio: flyioConnectionService(connectAppConnectionById),
    gitlab: gitlabConnectionService(connectAppConnectionById, appConnectionDAL, kmsService),
-    cloudflare: cloudflareConnectionService(connectAppConnectionById)
+    cloudflare: cloudflareConnectionService(connectAppConnectionById),
+    zabbix: zabbixConnectionService(connectAppConnectionById)
  };
 };
--- a/backend/src/services/app-connection/app-connection-types.ts
+++ b/backend/src/services/app-connection/app-connection-types.ts
@ -165,6 +165,12 @@ import {
  TWindmillConnectionConfig,
  TWindmillConnectionInput
 } from "./windmill";
+import {
+  TValidateZabbixConnectionCredentialsSchema,
+  TZabbixConnection,
+  TZabbixConnectionConfig,
+  TZabbixConnectionInput
+} from "./zabbix";

 export type TAppConnection = { id: string } & (
  | TAwsConnection
@ -196,6 +202,7 @@ export type TAppConnection = { id: string } & (
  | TFlyioConnection
  | TGitLabConnection
  | TCloudflareConnection
+  | TZabbixConnection
 );

 export type TAppConnectionRaw = NonNullable<Awaited<ReturnType<TAppConnectionDALFactory["findById"]>>>;
@ -232,6 +239,7 @@ export type TAppConnectionInput = { id: string } & (
  | TFlyioConnectionInput
  | TGitLabConnectionInput
  | TCloudflareConnectionInput
+  | TZabbixConnectionInput
 );

 export type TSqlConnectionInput =
@ -275,7 +283,8 @@ export type TAppConnectionConfig =
  | TRenderConnectionConfig
  | TFlyioConnectionConfig
  | TGitLabConnectionConfig
-  | TCloudflareConnectionConfig;
+  | TCloudflareConnectionConfig
+  | TZabbixConnectionConfig;

 export type TValidateAppConnectionCredentialsSchema =
  | TValidateAwsConnectionCredentialsSchema
@ -306,7 +315,8 @@ export type TValidateAppConnectionCredentialsSchema =
  | TValidateRenderConnectionCredentialsSchema
  | TValidateFlyioConnectionCredentialsSchema
  | TValidateGitLabConnectionCredentialsSchema
-  | TValidateCloudflareConnectionCredentialsSchema;
+  | TValidateCloudflareConnectionCredentialsSchema
+  | TValidateZabbixConnectionCredentialsSchema;

 export type TListAwsConnectionKmsKeys = {
  connectionId: string;
--- a/backend/src/services/app-connection/gcp/gcp-connection-service.ts
+++ b/backend/src/services/app-connection/gcp/gcp-connection-service.ts
@ -1,3 +1,4 @@
+import { logger } from "@app/lib/logger";
 import { OrgServiceActor } from "@app/lib/types";

 import { AppConnection } from "../app-connection-enums";
@ -19,6 +20,7 @@ export const gcpConnectionService = (getAppConnection: TGetAppConnectionFunc) =>

      return projects;
    } catch (error) {
+      logger.error(error, "Error listing GCP secret manager projects");
      return [];
    }
  };
--- a/backend/src/services/app-connection/zabbix/index.ts
+++ b/backend/src/services/app-connection/zabbix/index.ts
@ -0,0 +1,4 @@
+export * from "./zabbix-connection-enums";
+export * from "./zabbix-connection-fns";
+export * from "./zabbix-connection-schemas";
+export * from "./zabbix-connection-types";
--- a/backend/src/services/app-connection/zabbix/zabbix-connection-enums.ts
+++ b/backend/src/services/app-connection/zabbix/zabbix-connection-enums.ts
@ -0,0 +1,3 @@
+export enum ZabbixConnectionMethod {
+  ApiToken = "api-token"
+}
--- a/backend/src/services/app-connection/zabbix/zabbix-connection-fns.ts
+++ b/backend/src/services/app-connection/zabbix/zabbix-connection-fns.ts
@ -0,0 +1,108 @@
+import { AxiosError } from "axios";
+import RE2 from "re2";
+
+import { request } from "@app/lib/config/request";
+import { BadRequestError } from "@app/lib/errors";
+import { blockLocalAndPrivateIpAddresses } from "@app/lib/validator";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+
+import { ZabbixConnectionMethod } from "./zabbix-connection-enums";
+import {
+  TZabbixConnection,
+  TZabbixConnectionConfig,
+  TZabbixHost,
+  TZabbixHostListResponse
+} from "./zabbix-connection-types";
+
+const TRAILING_SLASH_REGEX = new RE2("/+$");
+
+export const getZabbixConnectionListItem = () => {
+  return {
+    name: "Zabbix" as const,
+    app: AppConnection.Zabbix as const,
+    methods: Object.values(ZabbixConnectionMethod) as [ZabbixConnectionMethod.ApiToken]
+  };
+};
+
+export const validateZabbixConnectionCredentials = async (config: TZabbixConnectionConfig) => {
+  const { apiToken, instanceUrl } = config.credentials;
+  await blockLocalAndPrivateIpAddresses(instanceUrl);
+
+  try {
+    const apiUrl = `${instanceUrl.replace(TRAILING_SLASH_REGEX, "")}/api_jsonrpc.php`;
+
+    const payload = {
+      jsonrpc: "2.0",
+      method: "authentication.get",
+      params: {
+        output: "extend"
+      },
+      id: 1
+    };
+
+    const response: { data: { error?: { message: string }; result?: string } } = await request.post(apiUrl, payload, {
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${apiToken}`
+      }
+    });
+
+    if (response.data.error) {
+      throw new BadRequestError({
+        message: response.data.error.message
+      });
+    }
+
+    return config.credentials;
+  } catch (error) {
+    if (error instanceof AxiosError) {
+      throw new BadRequestError({
+        message: `Failed to connect to Zabbix instance: ${error.message}`
+      });
+    }
+    throw error;
+  }
+};
+
+export const listZabbixHosts = async (appConnection: TZabbixConnection): Promise<TZabbixHost[]> => {
+  const { apiToken, instanceUrl } = appConnection.credentials;
+  await blockLocalAndPrivateIpAddresses(instanceUrl);
+
+  try {
+    const apiUrl = `${instanceUrl.replace(TRAILING_SLASH_REGEX, "")}/api_jsonrpc.php`;
+
+    const payload = {
+      jsonrpc: "2.0",
+      method: "host.get",
+      params: {
+        output: ["hostid", "host"],
+        sortfield: "host",
+        sortorder: "ASC"
+      },
+      id: 1
+    };
+
+    const response: { data: TZabbixHostListResponse } = await request.post(apiUrl, payload, {
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${apiToken}`
+      }
+    });
+
+    return response.data.result
+      ? response.data.result.map((host) => ({
+          hostId: host.hostid,
+          host: host.host
+        }))
+      : [];
+  } catch (error: unknown) {
+    if (error instanceof AxiosError) {
+      throw new BadRequestError({
+        message: `Failed to validate credentials: ${error.message || "Unknown error"}`
+      });
+    }
+    throw new BadRequestError({
+      message: "Unable to validate connection: verify credentials"
+    });
+  }
+};
--- a/backend/src/services/app-connection/zabbix/zabbix-connection-schemas.ts
+++ b/backend/src/services/app-connection/zabbix/zabbix-connection-schemas.ts
@ -0,0 +1,62 @@
+import z from "zod";
+
+import { AppConnections } from "@app/lib/api-docs";
+import { AppConnection } from "@app/services/app-connection/app-connection-enums";
+import {
+  BaseAppConnectionSchema,
+  GenericCreateAppConnectionFieldsSchema,
+  GenericUpdateAppConnectionFieldsSchema
+} from "@app/services/app-connection/app-connection-schemas";
+
+import { ZabbixConnectionMethod } from "./zabbix-connection-enums";
+
+export const ZabbixConnectionApiTokenCredentialsSchema = z.object({
+  apiToken: z
+    .string()
+    .trim()
+    .min(1, "API Token required")
+    .max(1000)
+    .describe(AppConnections.CREDENTIALS.ZABBIX.apiToken),
+  instanceUrl: z.string().trim().url("Invalid Instance URL").describe(AppConnections.CREDENTIALS.ZABBIX.instanceUrl)
+});
+
+const BaseZabbixConnectionSchema = BaseAppConnectionSchema.extend({ app: z.literal(AppConnection.Zabbix) });
+
+export const ZabbixConnectionSchema = BaseZabbixConnectionSchema.extend({
+  method: z.literal(ZabbixConnectionMethod.ApiToken),
+  credentials: ZabbixConnectionApiTokenCredentialsSchema
+});
+
+export const SanitizedZabbixConnectionSchema = z.discriminatedUnion("method", [
+  BaseZabbixConnectionSchema.extend({
+    method: z.literal(ZabbixConnectionMethod.ApiToken),
+    credentials: ZabbixConnectionApiTokenCredentialsSchema.pick({ instanceUrl: true })
+  })
+]);
+
+export const ValidateZabbixConnectionCredentialsSchema = z.discriminatedUnion("method", [
+  z.object({
+    method: z.literal(ZabbixConnectionMethod.ApiToken).describe(AppConnections.CREATE(AppConnection.Zabbix).method),
+    credentials: ZabbixConnectionApiTokenCredentialsSchema.describe(
+      AppConnections.CREATE(AppConnection.Zabbix).credentials
+    )
+  })
+]);
+
+export const CreateZabbixConnectionSchema = ValidateZabbixConnectionCredentialsSchema.and(
+  GenericCreateAppConnectionFieldsSchema(AppConnection.Zabbix)
+);
+
+export const UpdateZabbixConnectionSchema = z
+  .object({
+    credentials: ZabbixConnectionApiTokenCredentialsSchema.optional().describe(
+      AppConnections.UPDATE(AppConnection.Zabbix).credentials
+    )
+  })
+  .and(GenericUpdateAppConnectionFieldsSchema(AppConnection.Zabbix));
+
+export const ZabbixConnectionListItemSchema = z.object({
+  name: z.literal("Zabbix"),
+  app: z.literal(AppConnection.Zabbix),
+  methods: z.nativeEnum(ZabbixConnectionMethod).array()
+});
--- a/backend/src/services/app-connection/zabbix/zabbix-connection-service.ts
+++ b/backend/src/services/app-connection/zabbix/zabbix-connection-service.ts
@ -0,0 +1,30 @@
+import { logger } from "@app/lib/logger";
+import { OrgServiceActor } from "@app/lib/types";
+
+import { AppConnection } from "../app-connection-enums";
+import { listZabbixHosts } from "./zabbix-connection-fns";
+import { TZabbixConnection } from "./zabbix-connection-types";
+
+type TGetAppConnectionFunc = (
+  app: AppConnection,
+  connectionId: string,
+  actor: OrgServiceActor
+) => Promise<TZabbixConnection>;
+
+export const zabbixConnectionService = (getAppConnection: TGetAppConnectionFunc) => {
+  const listHosts = async (connectionId: string, actor: OrgServiceActor) => {
+    const appConnection = await getAppConnection(AppConnection.Zabbix, connectionId, actor);
+
+    try {
+      const hosts = await listZabbixHosts(appConnection);
+      return hosts;
+    } catch (error) {
+      logger.error(error, "Failed to establish connection with zabbix");
+      return [];
+    }
+  };
+
+  return {
+    listHosts
+  };
+};
--- a/backend/src/services/app-connection/zabbix/zabbix-connection-types.ts
+++ b/backend/src/services/app-connection/zabbix/zabbix-connection-types.ts
@ -0,0 +1,33 @@
+import z from "zod";
+
+import { DiscriminativePick } from "@app/lib/types";
+
+import { AppConnection } from "../app-connection-enums";
+import {
+  CreateZabbixConnectionSchema,
+  ValidateZabbixConnectionCredentialsSchema,
+  ZabbixConnectionSchema
+} from "./zabbix-connection-schemas";
+
+export type TZabbixConnection = z.infer<typeof ZabbixConnectionSchema>;
+
+export type TZabbixConnectionInput = z.infer<typeof CreateZabbixConnectionSchema> & {
+  app: AppConnection.Zabbix;
+};
+
+export type TValidateZabbixConnectionCredentialsSchema = typeof ValidateZabbixConnectionCredentialsSchema;
+
+export type TZabbixConnectionConfig = DiscriminativePick<TZabbixConnectionInput, "method" | "app" | "credentials"> & {
+  orgId: string;
+};
+
+export type TZabbixHost = {
+  hostId: string;
+  host: string;
+};
+
+export type TZabbixHostListResponse = {
+  jsonrpc: string;
+  result: { hostid: string; host: string }[];
+  error?: { message: string };
+};
--- a/backend/src/services/certificate-authority/certificate-authority-service.ts
+++ b/backend/src/services/certificate-authority/certificate-authority-service.ts
@ -1,6 +1,6 @@
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType, ProjectType, TableName } from "@app/db/schemas";
+import { TableName } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { BadRequestError, NotFoundError } from "@app/lib/errors";
@ -50,10 +50,7 @@ type TCertificateAuthorityServiceFactoryDep = {
  >;
  externalCertificateAuthorityDAL: Pick<TExternalCertificateAuthorityDALFactory, "create" | "update">;
  internalCertificateAuthorityService: TInternalCertificateAuthorityServiceFactory;
-  projectDAL: Pick<
-    TProjectDALFactory,
-    "findProjectBySlug" | "findOne" | "updateById" | "findById" | "transaction" | "getProjectFromSplitId"
-  >;
+  projectDAL: Pick<TProjectDALFactory, "findProjectBySlug" | "findOne" | "updateById" | "findById" | "transaction">;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
  certificateDAL: Pick<TCertificateDALFactory, "create" | "transaction">;
  certificateBodyDAL: Pick<TCertificateBodyDALFactory, "create">;
@ -98,23 +95,12 @@ export const certificateAuthorityServiceFactory = ({
    { type, projectId, name, enableDirectIssuance, configuration, status }: TCreateCertificateAuthorityDTO,
    actor: OrgServiceActor
  ) => {
-    let finalProjectId: string = projectId;
-    const certManagerProjectFromSplit = await projectDAL.getProjectFromSplitId(
-      projectId,
-      ProjectType.CertificateManager
-    );
-
-    if (certManagerProjectFromSplit) {
-      finalProjectId = certManagerProjectFromSplit.id;
-    }
-
    const { permission } = await permissionService.getProjectPermission({
      actor: actor.type,
      actorId: actor.id,
-      projectId: finalProjectId,
+      projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -126,7 +112,7 @@ export const certificateAuthorityServiceFactory = ({
      const ca = await internalCertificateAuthorityService.createCa({
        ...(configuration as TCreateInternalCertificateAuthorityDTO["configuration"]),
        isInternal: true,
-        projectId: finalProjectId,
+        projectId,
        enableDirectIssuance,
        name
      });
@ -142,7 +128,7 @@ export const certificateAuthorityServiceFactory = ({
        type,
        enableDirectIssuance: ca.enableDirectIssuance,
        name: ca.name,
-        projectId: finalProjectId,
+        projectId,
        status,
        configuration: ca.internalCa
      } as TCertificateAuthority;
@ -151,7 +137,7 @@ export const certificateAuthorityServiceFactory = ({
    if (type === CaType.ACME) {
      return acmeFns.createCertificateAuthority({
        name,
-        projectId: finalProjectId,
+        projectId,
        configuration: configuration as TCreateAcmeCertificateAuthorityDTO["configuration"],
        enableDirectIssuance,
        status,
@ -181,8 +167,7 @@ export const certificateAuthorityServiceFactory = ({
      actorId: actor.id,
      projectId: certificateAuthority.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -225,23 +210,12 @@ export const certificateAuthorityServiceFactory = ({
    { projectId, type }: { projectId: string; type: CaType },
    actor: OrgServiceActor
  ) => {
-    let finalProjectId: string = projectId;
-    const certManagerProjectFromSplit = await projectDAL.getProjectFromSplitId(
-      projectId,
-      ProjectType.CertificateManager
-    );
-
-    if (certManagerProjectFromSplit) {
-      finalProjectId = certManagerProjectFromSplit.id;
-    }
-
    const { permission } = await permissionService.getProjectPermission({
      actor: actor.type,
      actorId: actor.id,
-      projectId: finalProjectId,
+      projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -251,7 +225,7 @@ export const certificateAuthorityServiceFactory = ({

    if (type === CaType.INTERNAL) {
      const cas = await certificateAuthorityDAL.findWithAssociatedCa({
-        [`${TableName.CertificateAuthority}.projectId` as "projectId"]: finalProjectId,
+        [`${TableName.CertificateAuthority}.projectId` as "projectId"]: projectId,
        $notNull: [`${TableName.InternalCertificateAuthority}.id` as "id"]
      });

@ -269,7 +243,7 @@ export const certificateAuthorityServiceFactory = ({
    }

    if (type === CaType.ACME) {
-      return acmeFns.listCertificateAuthorities({ projectId: finalProjectId });
+      return acmeFns.listCertificateAuthorities({ projectId });
    }

    throw new BadRequestError({ message: "Invalid certificate authority type" });
@ -294,8 +268,7 @@ export const certificateAuthorityServiceFactory = ({
      actorId: actor.id,
      projectId: certificateAuthority.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -368,8 +341,7 @@ export const certificateAuthorityServiceFactory = ({
      actorId: actor.id,
      projectId: certificateAuthority.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
--- a/backend/src/services/certificate-authority/internal/internal-certificate-authority-service.ts
+++ b/backend/src/services/certificate-authority/internal/internal-certificate-authority-service.ts
@ -5,13 +5,7 @@ import slugify from "@sindresorhus/slugify";
 import crypto, { KeyObject } from "crypto";
 import { z } from "zod";

-import {
-  ActionProjectType,
-  ProjectType,
-  TableName,
-  TCertificateAuthorities,
-  TCertificateTemplates
-} from "@app/db/schemas";
+import { TableName, TCertificateAuthorities, TCertificateTemplates } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import {
  ProjectPermissionActions,
@ -105,10 +99,7 @@ type TInternalCertificateAuthorityServiceFactoryDep = {
  certificateBodyDAL: Pick<TCertificateBodyDALFactory, "create">;
  pkiCollectionDAL: Pick<TPkiCollectionDALFactory, "findById">;
  pkiCollectionItemDAL: Pick<TPkiCollectionItemDALFactory, "create">;
-  projectDAL: Pick<
-    TProjectDALFactory,
-    "findProjectBySlug" | "findOne" | "updateById" | "findById" | "transaction" | "getProjectFromSplitId"
-  >;
+  projectDAL: Pick<TProjectDALFactory, "findProjectBySlug" | "findOne" | "updateById" | "findById" | "transaction">;
  kmsService: Pick<TKmsServiceFactory, "generateKmsKey" | "encryptWithKmsKey" | "decryptWithKmsKey">;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
 };
@ -154,21 +145,12 @@ export const internalCertificateAuthorityServiceFactory = ({
      if (!project) throw new NotFoundError({ message: `Project with slug '${dto.projectSlug}' not found` });
      projectId = project.id;

-      const certManagerProjectFromSplit = await projectDAL.getProjectFromSplitId(
-        projectId,
-        ProjectType.CertificateManager
-      );
-      if (certManagerProjectFromSplit) {
-        projectId = certManagerProjectFromSplit.id;
-      }
-
      const { permission } = await permissionService.getProjectPermission({
        actor: dto.actor,
        actorId: dto.actorId,
        projectId,
        actorAuthMethod: dto.actorAuthMethod,
-        actorOrgId: dto.actorOrgId,
-        actionProjectType: ActionProjectType.CertificateManager
+        actorOrgId: dto.actorOrgId
      });

      ForbiddenError.from(permission).throwUnlessCan(
@ -351,8 +333,7 @@ export const internalCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Read,
@ -376,8 +357,7 @@ export const internalCertificateAuthorityServiceFactory = ({
        actorId: dto.actorId,
        projectId: ca.projectId,
        actorAuthMethod: dto.actorAuthMethod,
-        actorOrgId: dto.actorOrgId,
-        actionProjectType: ActionProjectType.CertificateManager
+        actorOrgId: dto.actorOrgId
      });

      ForbiddenError.from(permission).throwUnlessCan(
@ -409,8 +389,7 @@ export const internalCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -435,8 +414,7 @@ export const internalCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -499,8 +477,7 @@ export const internalCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -786,8 +763,7 @@ export const internalCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -823,8 +799,7 @@ export const internalCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -904,8 +879,7 @@ export const internalCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -1052,8 +1026,7 @@ export const internalCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -1224,8 +1197,7 @@ export const internalCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -1581,8 +1553,7 @@ export const internalCertificateAuthorityServiceFactory = ({
        actorId: dto.actorId,
        projectId: ca.projectId,
        actorAuthMethod: dto.actorAuthMethod,
-        actorOrgId: dto.actorOrgId,
-        actionProjectType: ActionProjectType.CertificateManager
+        actorOrgId: dto.actorOrgId
      });

      ForbiddenError.from(permission).throwUnlessCan(
@ -1949,8 +1920,7 @@ export const internalCertificateAuthorityServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    const certificateTemplates = await certificateTemplateDAL.find({ caId });
--- a/backend/src/services/certificate-template/certificate-template-service.ts
+++ b/backend/src/services/certificate-template/certificate-template-service.ts
@ -2,7 +2,7 @@ import { ForbiddenError, subject } from "@casl/ability";
 import * as x509 from "@peculiar/x509";
 import bcrypt from "bcrypt";

-import { ActionProjectType, TCertificateTemplateEstConfigsUpdate } from "@app/db/schemas";
+import { TCertificateTemplateEstConfigsUpdate } from "@app/db/schemas";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import {
@ -76,8 +76,7 @@ export const certificateTemplateServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -138,8 +137,7 @@ export const certificateTemplateServiceFactory = ({
      actorId,
      projectId: certTemplate.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -203,8 +201,7 @@ export const certificateTemplateServiceFactory = ({
      actorId,
      projectId: certTemplate.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -230,8 +227,7 @@ export const certificateTemplateServiceFactory = ({
      actorId,
      projectId: certTemplate.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -272,8 +268,7 @@ export const certificateTemplateServiceFactory = ({
      actorId,
      projectId: certTemplate.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -355,8 +350,7 @@ export const certificateTemplateServiceFactory = ({
      actorId,
      projectId: certTemplate.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -435,8 +429,7 @@ export const certificateTemplateServiceFactory = ({
        actorId: dto.actorId,
        projectId: certTemplate.projectId,
        actorAuthMethod: dto.actorAuthMethod,
-        actorOrgId: dto.actorOrgId,
-        actionProjectType: ActionProjectType.CertificateManager
+        actorOrgId: dto.actorOrgId
      });

      ForbiddenError.from(permission).throwUnlessCan(
--- a/backend/src/services/certificate/certificate-service.ts
+++ b/backend/src/services/certificate/certificate-service.ts
@ -2,7 +2,6 @@ import { ForbiddenError } from "@casl/ability";
 import * as x509 from "@peculiar/x509";
 import { createPrivateKey, createPublicKey, sign, verify } from "crypto";

-import { ActionProjectType, ProjectType } from "@app/db/schemas";
 import { TCertificateAuthorityCrlDALFactory } from "@app/ee/services/certificate-authority-crl/certificate-authority-crl-dal";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import {
@ -48,10 +47,7 @@ type TCertificateServiceFactoryDep = {
  certificateAuthoritySecretDAL: Pick<TCertificateAuthoritySecretDALFactory, "findOne">;
  pkiCollectionDAL: Pick<TPkiCollectionDALFactory, "findById">;
  pkiCollectionItemDAL: Pick<TPkiCollectionItemDALFactory, "create">;
-  projectDAL: Pick<
-    TProjectDALFactory,
-    "findProjectBySlug" | "findOne" | "updateById" | "findById" | "transaction" | "getProjectFromSplitId"
-  >;
+  projectDAL: Pick<TProjectDALFactory, "findProjectBySlug" | "findOne" | "updateById" | "findById" | "transaction">;
  kmsService: Pick<TKmsServiceFactory, "generateKmsKey" | "encryptWithKmsKey" | "decryptWithKmsKey">;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
 };
@ -83,8 +79,7 @@ export const certificateServiceFactory = ({
      actorId,
      projectId: cert.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -114,8 +109,7 @@ export const certificateServiceFactory = ({
      actorId,
      projectId: cert.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -148,8 +142,7 @@ export const certificateServiceFactory = ({
      actorId,
      projectId: cert.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -198,8 +191,7 @@ export const certificateServiceFactory = ({
      actorId,
      projectId: ca.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -247,8 +239,7 @@ export const certificateServiceFactory = ({
      actorId,
      projectId: cert.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -321,23 +312,14 @@ export const certificateServiceFactory = ({

    const project = await projectDAL.findProjectBySlug(projectSlug, actorOrgId);
    if (!project) throw new NotFoundError({ message: `Project with slug '${projectSlug}' not found` });
-    let projectId = project.id;
-
-    const certManagerProjectFromSplit = await projectDAL.getProjectFromSplitId(
-      projectId,
-      ProjectType.CertificateManager
-    );
-    if (certManagerProjectFromSplit) {
-      projectId = certManagerProjectFromSplit.id;
-    }
+    const projectId = project.id;

    const { permission } = await permissionService.getProjectPermission({
      actor,
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -541,8 +523,7 @@ export const certificateServiceFactory = ({
      actorId,
      projectId: cert.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
--- a/backend/src/services/cmek/cmek-service.ts
+++ b/backend/src/services/cmek/cmek-service.ts
@ -1,6 +1,5 @@
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType, ProjectType } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionCmekActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { SigningAlgorithm } from "@app/lib/crypto/sign";
@ -23,32 +22,23 @@ import { TKmsKeyDALFactory } from "@app/services/kms/kms-key-dal";
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";

 import { KmsKeyUsage } from "../kms/kms-types";
-import { TProjectDALFactory } from "../project/project-dal";

 type TCmekServiceFactoryDep = {
  kmsService: TKmsServiceFactory;
  kmsDAL: TKmsKeyDALFactory;
  permissionService: TPermissionServiceFactory;
-  projectDAL: Pick<TProjectDALFactory, "getProjectFromSplitId">;
 };

 export type TCmekServiceFactory = ReturnType<typeof cmekServiceFactory>;

-export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, projectDAL }: TCmekServiceFactoryDep) => {
-  const createCmek = async ({ projectId: preSplitProjectId, ...dto }: TCreateCmekDTO, actor: OrgServiceActor) => {
-    let projectId = preSplitProjectId;
-    const cmekProjectFromSplit = await projectDAL.getProjectFromSplitId(projectId, ProjectType.KMS);
-    if (cmekProjectFromSplit) {
-      projectId = cmekProjectFromSplit.id;
-    }
-
+export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService }: TCmekServiceFactoryDep) => {
+  const createCmek = async ({ projectId, ...dto }: TCreateCmekDTO, actor: OrgServiceActor) => {
    const { permission } = await permissionService.getProjectPermission({
      actor: actor.type,
      actorId: actor.id,
      projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Create, ProjectPermissionSub.Cmek);

@ -87,8 +77,7 @@ export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, proj
      actorId: actor.id,
      projectId: key.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Edit, ProjectPermissionSub.Cmek);
@ -124,8 +113,7 @@ export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, proj
      actorId: actor.id,
      projectId: key.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Delete, ProjectPermissionSub.Cmek);
@ -135,23 +123,13 @@ export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, proj
    return key;
  };

-  const listCmeksByProjectId = async (
-    { projectId: preSplitProjectId, ...filters }: TListCmeksByProjectIdDTO,
-    actor: OrgServiceActor
-  ) => {
-    let projectId = preSplitProjectId;
-    const cmekProjectFromSplit = await projectDAL.getProjectFromSplitId(preSplitProjectId, ProjectType.KMS);
-    if (cmekProjectFromSplit) {
-      projectId = cmekProjectFromSplit.id;
-    }
-
+  const listCmeksByProjectId = async ({ projectId, ...filters }: TListCmeksByProjectIdDTO, actor: OrgServiceActor) => {
    const { permission } = await permissionService.getProjectPermission({
      actor: actor.type,
      actorId: actor.id,
      projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Read, ProjectPermissionSub.Cmek);
@ -173,8 +151,7 @@ export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, proj
      actorId: actor.id,
      projectId: key.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Read, ProjectPermissionSub.Cmek);
@ -195,8 +172,7 @@ export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, proj
      actorId: actor.id,
      projectId: key.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Read, ProjectPermissionSub.Cmek);
@ -218,8 +194,7 @@ export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, proj
      actorId: actor.id,
      projectId: key.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Encrypt, ProjectPermissionSub.Cmek);
@ -246,8 +221,7 @@ export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, proj
      actorId: actor.id,
      projectId: key.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Read, ProjectPermissionSub.Cmek);
@ -294,8 +268,7 @@ export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, proj
      actorId: actor.id,
      projectId: key.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Read, ProjectPermissionSub.Cmek);
@ -318,8 +291,7 @@ export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, proj
      actorId: actor.id,
      projectId: key.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Sign, ProjectPermissionSub.Cmek);
@ -353,8 +325,7 @@ export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, proj
      actorId: actor.id,
      projectId: key.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Verify, ProjectPermissionSub.Cmek);
@ -389,8 +360,7 @@ export const cmekServiceFactory = ({ kmsService, kmsDAL, permissionService, proj
      actorId: actor.id,
      projectId: key.projectId,
      actorAuthMethod: actor.authMethod,
-      actorOrgId: actor.orgId,
-      actionProjectType: ActionProjectType.KMS
+      actorOrgId: actor.orgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCmekActions.Decrypt, ProjectPermissionSub.Cmek);
--- a/backend/src/services/folder-commit/folder-commit-service.test.ts
+++ b/backend/src/services/folder-commit/folder-commit-service.test.ts
@ -4,7 +4,7 @@
 import { Knex } from "knex";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";

-import { ProjectType, TSecretFolderVersions, TSecretVersionsV2 } from "@app/db/schemas";
+import { TSecretFolderVersions, TSecretVersionsV2 } from "@app/db/schemas";
 import { BadRequestError, NotFoundError } from "@app/lib/errors";

 import { ActorType } from "../auth/auth-type";
@ -433,8 +433,7 @@ describe("folderCommitServiceFactory", () => {
      mockFolderCommitDAL.findCommitsToRecreate.mockResolvedValue([]);
      mockProjectDAL.findProjectByEnvId.mockResolvedValue({
        id: "project-id",
-        name: "test-project",
-        type: ProjectType.SecretManager
+        name: "test-project"
      });

      // Act
--- a/backend/src/services/folder-commit/folder-commit-service.ts
+++ b/backend/src/services/folder-commit/folder-commit-service.ts
@ -2,13 +2,7 @@
 import { ForbiddenError } from "@casl/ability";
 import { Knex } from "knex";

-import {
-  ActionProjectType,
-  TSecretFolders,
-  TSecretFolderVersions,
-  TSecretV2TagJunctionInsert,
-  TSecretVersionsV2
-} from "@app/db/schemas";
+import { TSecretFolders, TSecretFolderVersions, TSecretV2TagJunctionInsert, TSecretVersionsV2 } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionCommitsActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { getConfig } from "@app/lib/config/env";
@ -223,8 +217,7 @@ export const folderCommitServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionCommitsActions.Read, ProjectPermissionSub.Commits);
@ -2067,8 +2060,7 @@ export const folderCommitServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
--- a/backend/src/services/group-project/group-project-service.ts
+++ b/backend/src/services/group-project/group-project-service.ts
@ -1,6 +1,6 @@
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType, ProjectMembershipRole, SecretKeyEncoding, TGroups } from "@app/db/schemas";
+import { ProjectMembershipRole, SecretKeyEncoding, TGroups } from "@app/db/schemas";
 import { TListProjectGroupUsersDTO } from "@app/ee/services/group/group-types";
 import {
  constructPermissionErrorMessage,
@ -79,8 +79,7 @@ export const groupProjectServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionGroupActions.Create, ProjectPermissionSub.Groups);

@ -267,8 +266,7 @@ export const groupProjectServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionGroupActions.Edit, ProjectPermissionSub.Groups);

@ -381,8 +379,7 @@ export const groupProjectServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionGroupActions.Delete, ProjectPermissionSub.Groups);

@ -426,8 +423,7 @@ export const groupProjectServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionGroupActions.Read, ProjectPermissionSub.Groups);

@ -454,8 +450,7 @@ export const groupProjectServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionGroupActions.Read, ProjectPermissionSub.Groups);

@ -496,8 +491,7 @@ export const groupProjectServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionGroupActions.Read, ProjectPermissionSub.Groups);

--- a/backend/src/services/identity-access-token/identity-access-token-dal.ts
+++ b/backend/src/services/identity-access-token/identity-access-token-dal.ts
@ -17,77 +17,11 @@ export const identityAccessTokenDALFactory = (db: TDbClient) => {
      const doc = await (tx || db.replicaNode())(TableName.IdentityAccessToken)
        .where(filter)
        .join(TableName.Identity, `${TableName.Identity}.id`, `${TableName.IdentityAccessToken}.identityId`)
-        .leftJoin(
-          TableName.IdentityUaClientSecret,
-          `${TableName.IdentityAccessToken}.identityUAClientSecretId`,
-          `${TableName.IdentityUaClientSecret}.id`
-        )
-        .leftJoin(
-          TableName.IdentityUniversalAuth,
-          `${TableName.IdentityUaClientSecret}.identityUAId`,
-          `${TableName.IdentityUniversalAuth}.id`
-        )
-        .leftJoin(TableName.IdentityGcpAuth, `${TableName.Identity}.id`, `${TableName.IdentityGcpAuth}.identityId`)
-        .leftJoin(
-          TableName.IdentityAliCloudAuth,
-          `${TableName.Identity}.id`,
-          `${TableName.IdentityAliCloudAuth}.identityId`
-        )
-        .leftJoin(TableName.IdentityAwsAuth, `${TableName.Identity}.id`, `${TableName.IdentityAwsAuth}.identityId`)
-        .leftJoin(TableName.IdentityAzureAuth, `${TableName.Identity}.id`, `${TableName.IdentityAzureAuth}.identityId`)
-        .leftJoin(TableName.IdentityLdapAuth, `${TableName.Identity}.id`, `${TableName.IdentityLdapAuth}.identityId`)
-        .leftJoin(
-          TableName.IdentityKubernetesAuth,
-          `${TableName.Identity}.id`,
-          `${TableName.IdentityKubernetesAuth}.identityId`
-        )
-        .leftJoin(TableName.IdentityOciAuth, `${TableName.Identity}.id`, `${TableName.IdentityOciAuth}.identityId`)
-        .leftJoin(TableName.IdentityOidcAuth, `${TableName.Identity}.id`, `${TableName.IdentityOidcAuth}.identityId`)
-        .leftJoin(TableName.IdentityTokenAuth, `${TableName.Identity}.id`, `${TableName.IdentityTokenAuth}.identityId`)
-        .leftJoin(TableName.IdentityJwtAuth, `${TableName.Identity}.id`, `${TableName.IdentityJwtAuth}.identityId`)
-        .leftJoin(
-          TableName.IdentityTlsCertAuth,
-          `${TableName.Identity}.id`,
-          `${TableName.IdentityTlsCertAuth}.identityId`
-        )
        .select(selectAllTableCols(TableName.IdentityAccessToken))
-        .select(
-          db.ref("accessTokenTrustedIps").withSchema(TableName.IdentityUniversalAuth).as("accessTokenTrustedIpsUa"),
-          db.ref("accessTokenTrustedIps").withSchema(TableName.IdentityGcpAuth).as("accessTokenTrustedIpsGcp"),
-          db
-            .ref("accessTokenTrustedIps")
-            .withSchema(TableName.IdentityAliCloudAuth)
-            .as("accessTokenTrustedIpsAliCloud"),
-          db.ref("accessTokenTrustedIps").withSchema(TableName.IdentityAwsAuth).as("accessTokenTrustedIpsAws"),
-          db.ref("accessTokenTrustedIps").withSchema(TableName.IdentityAzureAuth).as("accessTokenTrustedIpsAzure"),
-          db.ref("accessTokenTrustedIps").withSchema(TableName.IdentityKubernetesAuth).as("accessTokenTrustedIpsK8s"),
-          db.ref("accessTokenTrustedIps").withSchema(TableName.IdentityOciAuth).as("accessTokenTrustedIpsOci"),
-          db.ref("accessTokenTrustedIps").withSchema(TableName.IdentityOidcAuth).as("accessTokenTrustedIpsOidc"),
-          db.ref("accessTokenTrustedIps").withSchema(TableName.IdentityTokenAuth).as("accessTokenTrustedIpsToken"),
-          db.ref("accessTokenTrustedIps").withSchema(TableName.IdentityJwtAuth).as("accessTokenTrustedIpsJwt"),
-          db.ref("accessTokenTrustedIps").withSchema(TableName.IdentityLdapAuth).as("accessTokenTrustedIpsLdap"),
-          db.ref("accessTokenTrustedIps").withSchema(TableName.IdentityTlsCertAuth).as("accessTokenTrustedIpsTlsCert"),
-          db.ref("name").withSchema(TableName.Identity)
-        )
+        .select(db.ref("name").withSchema(TableName.Identity))
        .first();

-      if (!doc) return;
-
-      return {
-        ...doc,
-        trustedIpsUniversalAuth: doc.accessTokenTrustedIpsUa,
-        trustedIpsGcpAuth: doc.accessTokenTrustedIpsGcp,
-        trustedIpsAliCloudAuth: doc.accessTokenTrustedIpsAliCloud,
-        trustedIpsAwsAuth: doc.accessTokenTrustedIpsAws,
-        trustedIpsAzureAuth: doc.accessTokenTrustedIpsAzure,
-        trustedIpsKubernetesAuth: doc.accessTokenTrustedIpsK8s,
-        trustedIpsOciAuth: doc.accessTokenTrustedIpsOci,
-        trustedIpsOidcAuth: doc.accessTokenTrustedIpsOidc,
-        trustedIpsAccessTokenAuth: doc.accessTokenTrustedIpsToken,
-        trustedIpsAccessJwtAuth: doc.accessTokenTrustedIpsJwt,
-        trustedIpsAccessLdapAuth: doc.accessTokenTrustedIpsLdap,
-        trustedIpsAccessTlsCertAuth: doc.accessTokenTrustedIpsTlsCert
-      };
+      return doc;
    } catch (error) {
      throw new DatabaseError({ error, name: "IdAccessTokenFindOne" });
    }
--- a/backend/src/services/identity-access-token/identity-access-token-service.ts
+++ b/backend/src/services/identity-access-token/identity-access-token-service.ts
@ -7,12 +7,14 @@ import { checkIPAgainstBlocklist, TIp } from "@app/lib/ip";

 import { TAccessTokenQueueServiceFactory } from "../access-token-queue/access-token-queue";
 import { AuthTokenType } from "../auth/auth-type";
+import { TIdentityDALFactory } from "../identity/identity-dal";
 import { TIdentityOrgDALFactory } from "../identity/identity-org-dal";
 import { TIdentityAccessTokenDALFactory } from "./identity-access-token-dal";
 import { TIdentityAccessTokenJwtPayload, TRenewAccessTokenDTO } from "./identity-access-token-types";

 type TIdentityAccessTokenServiceFactoryDep = {
  identityAccessTokenDAL: TIdentityAccessTokenDALFactory;
+  identityDAL: Pick<TIdentityDALFactory, "getTrustedIpsByAuthMethod">;
  identityOrgMembershipDAL: TIdentityOrgDALFactory;
  accessTokenQueue: Pick<
    TAccessTokenQueueServiceFactory,
@ -25,7 +27,8 @@ export type TIdentityAccessTokenServiceFactory = ReturnType<typeof identityAcces
 export const identityAccessTokenServiceFactory = ({
  identityAccessTokenDAL,
  identityOrgMembershipDAL,
-  accessTokenQueue
+  accessTokenQueue,
+  identityDAL
 }: TIdentityAccessTokenServiceFactoryDep) => {
  const validateAccessTokenExp = async (identityAccessToken: TIdentityAccessTokens) => {
    const {
@ -190,24 +193,11 @@ export const identityAccessTokenServiceFactory = ({
        message: "Failed to authorize revoked access token, access token is revoked"
      });

-    const trustedIpsMap: Record<IdentityAuthMethod, unknown> = {
-      [IdentityAuthMethod.UNIVERSAL_AUTH]: identityAccessToken.trustedIpsUniversalAuth,
-      [IdentityAuthMethod.GCP_AUTH]: identityAccessToken.trustedIpsGcpAuth,
-      [IdentityAuthMethod.ALICLOUD_AUTH]: identityAccessToken.trustedIpsAliCloudAuth,
-      [IdentityAuthMethod.AWS_AUTH]: identityAccessToken.trustedIpsAwsAuth,
-      [IdentityAuthMethod.OCI_AUTH]: identityAccessToken.trustedIpsOciAuth,
-      [IdentityAuthMethod.AZURE_AUTH]: identityAccessToken.trustedIpsAzureAuth,
-      [IdentityAuthMethod.KUBERNETES_AUTH]: identityAccessToken.trustedIpsKubernetesAuth,
-      [IdentityAuthMethod.OIDC_AUTH]: identityAccessToken.trustedIpsOidcAuth,
-      [IdentityAuthMethod.TOKEN_AUTH]: identityAccessToken.trustedIpsAccessTokenAuth,
-      [IdentityAuthMethod.JWT_AUTH]: identityAccessToken.trustedIpsAccessJwtAuth,
-      [IdentityAuthMethod.LDAP_AUTH]: identityAccessToken.trustedIpsAccessLdapAuth,
-      [IdentityAuthMethod.TLS_CERT_AUTH]: identityAccessToken.trustedIpsAccessTlsCertAuth
-    };
-
-    const trustedIps = trustedIpsMap[identityAccessToken.authMethod as IdentityAuthMethod];
-
-    if (ipAddress) {
+    const trustedIps = await identityDAL.getTrustedIpsByAuthMethod(
+      identityAccessToken.identityId,
+      identityAccessToken.authMethod as IdentityAuthMethod
+    );
+    if (ipAddress && trustedIps) {
      checkIPAgainstBlocklist({
        ipAddress,
        trustedIps: trustedIps as TIp[]
--- a/backend/src/services/identity-project/identity-project-service.ts
+++ b/backend/src/services/identity-project/identity-project-service.ts
@ -1,6 +1,6 @@
 import { ForbiddenError, subject } from "@casl/ability";

-import { ActionProjectType, ProjectMembershipRole } from "@app/db/schemas";
+import { ProjectMembershipRole } from "@app/db/schemas";
 import {
  constructPermissionErrorMessage,
  validatePrivilegeChangeOperation
@ -62,8 +62,7 @@ export const identityProjectServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Create,
@ -180,8 +179,7 @@ export const identityProjectServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Edit,
@ -291,8 +289,7 @@ export const identityProjectServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Delete,
@ -320,8 +317,7 @@ export const identityProjectServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionIdentityActions.Read,
@ -354,8 +350,7 @@ export const identityProjectServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -391,8 +386,7 @@ export const identityProjectServiceFactory = ({
      actorId,
      projectId: membership.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
--- a/backend/src/services/identity/identity-dal.ts
+++ b/backend/src/services/identity/identity-dal.ts
@ -1,5 +1,5 @@
 import { TDbClient } from "@app/db";
-import { TableName, TIdentities } from "@app/db/schemas";
+import { IdentityAuthMethod, TableName, TIdentities } from "@app/db/schemas";
 import { DatabaseError } from "@app/lib/errors";
 import { ormify, selectAllTableCols } from "@app/lib/knex";

@ -8,6 +8,28 @@ export type TIdentityDALFactory = ReturnType<typeof identityDALFactory>;
 export const identityDALFactory = (db: TDbClient) => {
  const identityOrm = ormify(db, TableName.Identity);

+  const getTrustedIpsByAuthMethod = async (identityId: string, authMethod: IdentityAuthMethod) => {
+    const authMethodToTableName = {
+      [IdentityAuthMethod.TOKEN_AUTH]: TableName.IdentityTokenAuth,
+      [IdentityAuthMethod.UNIVERSAL_AUTH]: TableName.IdentityUniversalAuth,
+      [IdentityAuthMethod.KUBERNETES_AUTH]: TableName.IdentityKubernetesAuth,
+      [IdentityAuthMethod.GCP_AUTH]: TableName.IdentityGcpAuth,
+      [IdentityAuthMethod.ALICLOUD_AUTH]: TableName.IdentityAliCloudAuth,
+      [IdentityAuthMethod.AWS_AUTH]: TableName.IdentityAwsAuth,
+      [IdentityAuthMethod.AZURE_AUTH]: TableName.IdentityAzureAuth,
+      [IdentityAuthMethod.TLS_CERT_AUTH]: TableName.IdentityTlsCertAuth,
+      [IdentityAuthMethod.OCI_AUTH]: TableName.IdentityOciAuth,
+      [IdentityAuthMethod.OIDC_AUTH]: TableName.IdentityOidcAuth,
+      [IdentityAuthMethod.JWT_AUTH]: TableName.IdentityJwtAuth,
+      [IdentityAuthMethod.LDAP_AUTH]: TableName.IdentityLdapAuth
+    } as const;
+    const tableName = authMethodToTableName[authMethod];
+    if (!tableName) return;
+    const data = await db(tableName).where({ identityId }).first();
+    if (!data) return;
+    return data.accessTokenTrustedIps;
+  };
+
  const getIdentitiesByFilter = async ({
    limit,
    offset,
@ -38,5 +60,5 @@ export const identityDALFactory = (db: TDbClient) => {
    }
  };

-  return { ...identityOrm, getIdentitiesByFilter };
+  return { ...identityOrm, getTrustedIpsByAuthMethod, getIdentitiesByFilter };
 };
--- a/backend/src/services/integration-auth/integration-auth-service.ts
+++ b/backend/src/services/integration-auth/integration-auth-service.ts
@ -4,13 +4,7 @@ import { Octokit } from "@octokit/rest";
 import { Client as OctopusClient, SpaceRepository as OctopusSpaceRepository } from "@octopusdeploy/api-client";
 import AWS from "aws-sdk";

-import {
-  ActionProjectType,
-  SecretEncryptionAlgo,
-  SecretKeyEncoding,
-  TIntegrationAuths,
-  TIntegrationAuthsInsert
-} from "@app/db/schemas";
+import { SecretEncryptionAlgo, SecretKeyEncoding, TIntegrationAuths, TIntegrationAuthsInsert } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { getConfig } from "@app/lib/config/env";
@ -103,8 +97,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const authorizations = await integrationAuthDAL.find({ projectId });
@ -122,8 +115,7 @@ export const integrationAuthServiceFactory = ({
            actorId,
            projectId: auth.projectId,
            actorAuthMethod,
-            actorOrgId,
-            actionProjectType: ActionProjectType.SecretManager
+            actorOrgId
          });

          return permission.can(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations) ? auth : null;
@ -146,8 +138,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    return integrationAuth;
@ -172,8 +163,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Integrations);

@ -282,8 +272,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Integrations);

@ -417,8 +406,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Integrations);

@ -679,8 +667,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);

@ -714,8 +701,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);

@ -745,8 +731,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -787,8 +772,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -816,8 +800,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -891,8 +874,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -939,8 +921,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -974,8 +955,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1033,8 +1013,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1070,8 +1049,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1112,8 +1090,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1153,8 +1130,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1194,8 +1170,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1234,8 +1209,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1275,8 +1249,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1344,8 +1317,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1419,8 +1391,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1470,8 +1441,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1519,8 +1489,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1588,8 +1557,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1630,8 +1598,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1743,8 +1710,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Integrations);

@ -1767,8 +1733,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Integrations);

@ -1801,8 +1766,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    ForbiddenError.from(sourcePermission).throwUnlessCan(
@ -1815,8 +1779,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });

    ForbiddenError.from(targetPermission).throwUnlessCan(
@ -1849,8 +1812,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);

@ -1884,8 +1846,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
@ -1925,8 +1886,7 @@ export const integrationAuthServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
--- a/backend/src/services/integration/integration-service.ts
+++ b/backend/src/services/integration/integration-service.ts
@ -1,6 +1,5 @@
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType } from "@app/db/schemas";
 import { throwIfMissingSecretReadValueOrDescribePermission } from "@app/ee/services/permission/permission-fns";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import {
@ -91,8 +90,7 @@ export const integrationServiceFactory = ({
      actorId,
      projectId: integrationAuth.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Integrations);

@ -167,8 +165,7 @@ export const integrationServiceFactory = ({
      actorId,
      projectId: integration.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.Integrations);

@ -231,8 +228,7 @@ export const integrationServiceFactory = ({
      actorId,
      projectId: integration.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);

@ -259,8 +255,7 @@ export const integrationServiceFactory = ({
      actorId,
      projectId: integration.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);

@ -302,8 +297,7 @@ export const integrationServiceFactory = ({
      actorId,
      projectId: integration.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.Integrations);

@ -339,8 +333,7 @@ export const integrationServiceFactory = ({
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);

@ -359,8 +352,7 @@ export const integrationServiceFactory = ({
      actorId,
      projectId: integration.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.SecretManager
+      actorOrgId
    });
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);

--- a/backend/src/services/microsoft-teams/microsoft-teams-fns.ts
+++ b/backend/src/services/microsoft-teams/microsoft-teams-fns.ts
@ -400,7 +400,7 @@ export const buildTeamsPayload = (notification: TNotification) => {
          {
            type: "Action.OpenUrl",
            title: "View request in Infisical",
-            url: `${appCfg.SITE_URL}/secret-manager/${payload.projectId}/approval?requestId=${payload.requestId}`
+            url: `${appCfg.SITE_URL}/projects/${payload.projectId}/secret-manager/approval?requestId=${payload.requestId}`
          }
        ]
      };
--- a/backend/src/services/org-membership/org-membership-dal.ts
+++ b/backend/src/services/org-membership/org-membership-dal.ts
@ -103,8 +103,41 @@ export const orgMembershipDALFactory = (db: TDbClient) => {
    }
  };

+  const findRecentInvitedMemberships = async () => {
+    try {
+      const now = new Date();
+      const oneWeekAgo = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000);
+      const oneMonthAgo = new Date(now.getTime() - 30 * 24 * 60 * 60 * 1000);
+      const threeMonthsAgo = new Date(now.getTime() - 90 * 24 * 60 * 60 * 1000);
+
+      const memberships = await db
+        .replicaNode()(TableName.OrgMembership)
+        .where("status", "invited")
+        .where((qb) => {
+          // lastInvitedAt is null AND createdAt is between 1 week and 3 months ago
+          void qb
+            .whereNull(`${TableName.OrgMembership}.lastInvitedAt`)
+            .whereBetween(`${TableName.OrgMembership}.createdAt`, [threeMonthsAgo, oneWeekAgo]);
+        })
+        .orWhere((qb) => {
+          // lastInvitedAt is older than 1 week ago AND createdAt is younger than 1 month ago
+          void qb
+            .where(`${TableName.OrgMembership}.lastInvitedAt`, "<", oneMonthAgo)
+            .where(`${TableName.OrgMembership}.createdAt`, ">", oneWeekAgo);
+        });
+
+      return memberships;
+    } catch (error) {
+      throw new DatabaseError({
+        error,
+        name: "Find recent invited memberships"
+      });
+    }
+  };
+
  return {
    ...orgMembershipOrm,
-    findOrgMembershipById
+    findOrgMembershipById,
+    findRecentInvitedMemberships
  };
 };
--- a/backend/src/services/org/org-service.ts
+++ b/backend/src/services/org/org-service.ts
@ -5,7 +5,6 @@ import jwt from "jsonwebtoken";
 import { Knex } from "knex";

 import {
-  ActionProjectType,
  OrgMembershipRole,
  OrgMembershipStatus,
  ProjectMembershipRole,
@ -108,7 +107,10 @@ type TOrgServiceFactoryDep = {
    "findProjectMembershipsByUserId" | "delete" | "create" | "find" | "insertMany" | "transaction"
  >;
  projectKeyDAL: Pick<TProjectKeyDALFactory, "find" | "delete" | "insertMany" | "findLatestProjectKey" | "create">;
-  orgMembershipDAL: Pick<TOrgMembershipDALFactory, "findOrgMembershipById" | "findOne" | "findById">;
+  orgMembershipDAL: Pick<
+    TOrgMembershipDALFactory,
+    "findOrgMembershipById" | "findOne" | "findById" | "findRecentInvitedMemberships" | "updateById"
+  >;
  incidentContactDAL: TIncidentContactsDALFactory;
  samlConfigDAL: Pick<TSamlConfigDALFactory, "findOne">;
  oidcConfigDAL: Pick<TOidcConfigDALFactory, "findOne">;
@ -235,14 +237,14 @@ export const orgServiceFactory = ({
    return org;
  };

-  const findAllWorkspaces = async ({ actor, actorId, orgId, type }: TFindAllWorkspacesDTO) => {
+  const findAllWorkspaces = async ({ actor, actorId, orgId }: TFindAllWorkspacesDTO) => {
    if (actor === ActorType.USER) {
-      const workspaces = await projectDAL.findUserProjects(actorId, orgId, type || "all");
+      const workspaces = await projectDAL.findUserProjects(actorId, orgId);
      return workspaces;
    }

    if (actor === ActorType.IDENTITY) {
-      const workspaces = await projectDAL.findAllProjectsByIdentity(actorId, type);
+      const workspaces = await projectDAL.findAllProjectsByIdentity(actorId);
      return workspaces;
    }

@ -972,8 +974,7 @@ export const orgServiceFactory = ({
          actorId,
          projectId,
          actorAuthMethod,
-          actorOrgId,
-          actionProjectType: ActionProjectType.Any
+          actorOrgId
        });
        ForbiddenError.from(projectPermission).throwUnlessCan(
          ProjectPermissionMemberActions.Create,
@ -1424,6 +1425,53 @@ export const orgServiceFactory = ({
    return incidentContact;
  };

+  /**
+   * Re-send emails to users who haven't accepted an invite yet
+   */
+  const notifyInvitedUsers = async () => {
+    const invitedUsers = await orgMembershipDAL.findRecentInvitedMemberships();
+    const appCfg = getConfig();
+
+    const orgCache: Record<string, { name: string; id: string } | undefined> = {};
+
+    await Promise.all(
+      invitedUsers.map(async (invitedUser) => {
+        let org = orgCache[invitedUser.orgId];
+        if (!org) {
+          org = await orgDAL.findById(invitedUser.orgId);
+          orgCache[invitedUser.orgId] = org;
+        }
+
+        if (!org || !invitedUser.userId) return;
+
+        const token = await tokenService.createTokenForUser({
+          type: TokenType.TOKEN_EMAIL_ORG_INVITATION,
+          userId: invitedUser.userId,
+          orgId: org.id
+        });
+
+        if (invitedUser.inviteEmail) {
+          await smtpService.sendMail({
+            template: SmtpTemplates.OrgInvite,
+            subjectLine: `Reminder: You have been invited to ${org.name} on Infisical`,
+            recipients: [invitedUser.inviteEmail],
+            substitutions: {
+              organizationName: org.name,
+              email: invitedUser.inviteEmail,
+              organizationId: org.id.toString(),
+              token,
+              callback_url: `${appCfg.SITE_URL}/signupinvite`
+            }
+          });
+        }
+
+        await orgMembershipDAL.updateById(invitedUser.id, {
+          lastInvitedAt: new Date()
+        });
+      })
+    );
+  };
+
  return {
    findOrganizationById,
    findAllOrgMembers,
@ -1447,6 +1495,7 @@ export const orgServiceFactory = ({
    listProjectMembershipsByOrgMembershipId,
    findOrgBySlug,
    resendOrgMemberInvitation,
-    upgradePrivilegeSystem
+    upgradePrivilegeSystem,
+    notifyInvitedUsers
  };
 };
--- a/backend/src/services/org/org-types.ts
+++ b/backend/src/services/org/org-types.ts
@ -1,4 +1,3 @@
-import { ProjectType } from "@app/db/schemas";
 import { TOrgPermission } from "@app/lib/types";

 import { ActorAuthMethod, ActorType, MfaMethod } from "../auth/auth-type";
@ -60,7 +59,6 @@ export type TFindAllWorkspacesDTO = {
  actorOrgId: string | undefined;
  actorAuthMethod: ActorAuthMethod;
  orgId: string;
-  type?: ProjectType;
 };

 export type TUpdateOrgDTO = {
--- a/backend/src/services/pki-alert/pki-alert-service.ts
+++ b/backend/src/services/pki-alert/pki-alert-service.ts
@ -1,6 +1,5 @@
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType, ProjectType } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { ForbiddenRequestError, NotFoundError } from "@app/lib/errors";
@ -9,7 +8,6 @@ import { TPkiCollectionDALFactory } from "@app/services/pki-collection/pki-colle
 import { pkiItemTypeToNameMap } from "@app/services/pki-collection/pki-collection-types";
 import { SmtpTemplates, TSmtpService } from "@app/services/smtp/smtp-service";

-import { TProjectDALFactory } from "../project/project-dal";
 import { TPkiAlertDALFactory } from "./pki-alert-dal";
 import { TCreateAlertDTO, TDeleteAlertDTO, TGetAlertByIdDTO, TUpdateAlertDTO } from "./pki-alert-types";

@ -21,7 +19,6 @@ type TPkiAlertServiceFactoryDep = {
  pkiCollectionDAL: Pick<TPkiCollectionDALFactory, "findById">;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
  smtpService: Pick<TSmtpService, "sendMail">;
-  projectDAL: Pick<TProjectDALFactory, "getProjectFromSplitId">;
 };

 export type TPkiAlertServiceFactory = ReturnType<typeof pkiAlertServiceFactory>;
@ -30,8 +27,7 @@ export const pkiAlertServiceFactory = ({
  pkiAlertDAL,
  pkiCollectionDAL,
  permissionService,
-  smtpService,
-  projectDAL
+  smtpService
 }: TPkiAlertServiceFactoryDep) => {
  const sendPkiItemExpiryNotices = async () => {
    const allAlertItems = await pkiAlertDAL.getExpiringPkiCollectionItemsForAlerting();
@ -67,7 +63,7 @@ export const pkiAlertServiceFactory = ({
  };

  const createPkiAlert = async ({
-    projectId: preSplitProjectId,
+    projectId,
    name,
    pkiCollectionId,
    alertBeforeDays,
@ -77,22 +73,12 @@ export const pkiAlertServiceFactory = ({
    actor,
    actorOrgId
  }: TCreateAlertDTO) => {
-    let projectId = preSplitProjectId;
-    const certManagerProjectFromSplit = await projectDAL.getProjectFromSplitId(
-      projectId,
-      ProjectType.CertificateManager
-    );
-    if (certManagerProjectFromSplit) {
-      projectId = certManagerProjectFromSplit.id;
-    }
-
    const { permission } = await permissionService.getProjectPermission({
      actor,
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.PkiAlerts);
@ -121,8 +107,7 @@ export const pkiAlertServiceFactory = ({
      actorId,
      projectId: alert.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.PkiAlerts);
@ -148,8 +133,7 @@ export const pkiAlertServiceFactory = ({
      actorId,
      projectId: alert.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.Any
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.PkiAlerts);
@ -181,8 +165,7 @@ export const pkiAlertServiceFactory = ({
      actorId,
      projectId: alert.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Delete, ProjectPermissionSub.PkiAlerts);
--- a/backend/src/services/pki-collection/pki-collection-service.ts
+++ b/backend/src/services/pki-collection/pki-collection-service.ts
@ -1,13 +1,12 @@
 import { ForbiddenError } from "@casl/ability";

-import { ActionProjectType, ProjectType, TPkiCollectionItems } from "@app/db/schemas";
+import { TPkiCollectionItems } from "@app/db/schemas";
 import { TPermissionServiceFactory } from "@app/ee/services/permission/permission-service-types";
 import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services/permission/project-permission";
 import { BadRequestError, NotFoundError } from "@app/lib/errors";
 import { TCertificateDALFactory } from "@app/services/certificate/certificate-dal";
 import { TCertificateAuthorityDALFactory } from "@app/services/certificate-authority/certificate-authority-dal";

-import { TProjectDALFactory } from "../project/project-dal";
 import { TPkiCollectionDALFactory } from "./pki-collection-dal";
 import { transformPkiCollectionItem } from "./pki-collection-fns";
 import { TPkiCollectionItemDALFactory } from "./pki-collection-item-dal";
@ -31,7 +30,6 @@ type TPkiCollectionServiceFactoryDep = {
  certificateAuthorityDAL: Pick<TCertificateAuthorityDALFactory, "find" | "findOne">;
  certificateDAL: Pick<TCertificateDALFactory, "find">;
  permissionService: Pick<TPermissionServiceFactory, "getProjectPermission">;
-  projectDAL: Pick<TProjectDALFactory, "getProjectFromSplitId">;
 };

 export type TPkiCollectionServiceFactory = ReturnType<typeof pkiCollectionServiceFactory>;
@ -41,34 +39,23 @@ export const pkiCollectionServiceFactory = ({
  pkiCollectionItemDAL,
  certificateAuthorityDAL,
  certificateDAL,
-  permissionService,
-  projectDAL
+  permissionService
 }: TPkiCollectionServiceFactoryDep) => {
  const createPkiCollection = async ({
    name,
    description,
-    projectId: preSplitProjectId,
+    projectId,
    actorId,
    actorAuthMethod,
    actor,
    actorOrgId
  }: TCreatePkiCollectionDTO) => {
-    let projectId = preSplitProjectId;
-    const certManagerProjectFromSplit = await projectDAL.getProjectFromSplitId(
-      projectId,
-      ProjectType.CertificateManager
-    );
-    if (certManagerProjectFromSplit) {
-      projectId = certManagerProjectFromSplit.id;
-    }
-
    const { permission } = await permissionService.getProjectPermission({
      actor,
      actorId,
      projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -100,8 +87,7 @@ export const pkiCollectionServiceFactory = ({
      actorId,
      projectId: pkiCollection.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.PkiCollections);
@ -125,8 +111,7 @@ export const pkiCollectionServiceFactory = ({
      actorId,
      projectId: pkiCollection.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Edit, ProjectPermissionSub.PkiCollections);
@ -153,8 +138,7 @@ export const pkiCollectionServiceFactory = ({
      actorId,
      projectId: pkiCollection.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -183,8 +167,7 @@ export const pkiCollectionServiceFactory = ({
      actorId,
      projectId: pkiCollection.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.PkiCollections);
@ -227,8 +210,7 @@ export const pkiCollectionServiceFactory = ({
      actorId,
      projectId: pkiCollection.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
@ -315,8 +297,7 @@ export const pkiCollectionServiceFactory = ({
      actorId,
      projectId: pkiCollection.projectId,
      actorAuthMethod,
-      actorOrgId,
-      actionProjectType: ActionProjectType.CertificateManager
+      actorOrgId
    });

    ForbiddenError.from(permission).throwUnlessCan(
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
x032205	42648a134c	Update utils.go to look more like Gitleaks version	2025-07-03 12:47:25 -04:00
x032205	23b20ebdab	Fix CLI always defaulting to github	2025-07-03 00:49:31 -04:00
x032205	37d490ede3	Add BitBucket platform to secret scanning	2025-07-03 00:09:28 -04:00
Daniel Hougaard	73025f5094	Merge pull request #3916 from Infisical/revert-3915-revert-3914-daniel/infisical-helm Revert "Revert "feat(helm-charts/infiscal-core): topologySpreadConstraints support""	2025-07-03 05:25:24 +04:00
Daniel Hougaard	82634983ce	Update Chart.yaml	2025-07-03 05:19:30 +04:00
Daniel Hougaard	af2f3017b7	fix: tests failing	2025-07-03 05:13:50 +04:00
Daniel Hougaard	a8f0eceeb9	Update helm-release-infisical-core.yml	2025-07-03 05:00:51 +04:00
Daniel Hougaard	36ff5e054b	Update helm-release-infisical-core.yml	2025-07-03 04:50:49 +04:00
Daniel Hougaard	eff73f1810	fix: update versions	2025-07-03 04:27:55 +04:00
Maidul Islam	68357b5669	Revert "Revert "feat(helm-charts/infiscal-core): topologySpreadConstraints support""	2025-07-02 20:25:36 -04:00
Maidul Islam	03c2e93bea	Merge pull request #3915 from Infisical/revert-3914-daniel/infisical-helm Revert "feat(helm-charts/infiscal-core): topologySpreadConstraints support"	2025-07-02 20:25:33 -04:00
Daniel Hougaard	8c1f3837e7	Revert "feat(helm-charts/infiscal-core): topologySpreadConstraints support"	2025-07-03 04:24:40 +04:00
Daniel Hougaard	7b47d91cc1	Merge pull request #3914 from Infisical/daniel/infisical-helm feat(helm-charts/infiscal-core): topologySpreadConstraints support	2025-07-03 04:21:34 +04:00
Daniel Hougaard	c37afaa050	feat(helm-charts/infiscal-core): topologySpreadConstraints support	2025-07-03 04:08:37 +04:00
carlosmonastyrski	811920f8bb	Merge pull request #3870 from Infisical/feat/zabbixSyncIntegration feat(secret-sync): add Zabbix secret sync	2025-07-02 20:59:51 -03:00
Daniel Hougaard	7b295c5a21	Merge pull request #3913 from Infisical/daniel/fix-folder-deletion fix(secret-folders): delete folder by ID	2025-07-03 03:49:01 +04:00
Daniel Hougaard	527a727c1c	fix: ts issue	2025-07-03 03:28:21 +04:00
Daniel Hougaard	0139064aaa	Update secret-folder-service.ts	2025-07-03 03:17:10 +04:00
Daniel Hougaard	a3859170fe	fix(secret-folders): delete folder by ID	2025-07-03 03:15:06 +04:00
Maidul Islam	02b97cbf5b	Merge pull request #3912 from Infisical/fix/multiEnvDeleteErrorMessage Improve multi-env error message to show full env name instead of slug	2025-07-02 17:43:32 -04:00
Carlos Monastyrski	8a65343f79	Add 15 seconds default duration for toast notifications	2025-07-02 18:42:02 -03:00
Carlos Monastyrski	cf6181eb73	Improve multi-env error message to show full env name instead of slug	2025-07-02 18:25:49 -03:00
carlosmonastyrski	984ffd2a53	Merge pull request #3911 from Infisical/fix/policyFolderDeletionAndBatchMessage Fix root folder issue with folder policies check and multi env error message improvement	2025-07-02 17:46:18 -03:00
Carlos Monastyrski	a1c44bd7a2	Improve multi-env error message	2025-07-02 17:40:37 -03:00
Scott Wilson	d7860e2491	Merge pull request #3904 from Infisical/secret-overview-expandable-header improvement: allow users to expand collapsed environment view header	2025-07-02 12:51:02 -07:00
Scott Wilson	db33349f49	Merge pull request #3910 from Infisical/misc/updated-worker-count-for-secret-scanning-jobs misc: downsize worker count for secret scanning jobs	2025-07-02 12:50:37 -07:00
Carlos Monastyrski	e14bb6b901	Fix root folder issue with folder policies check and multi env error message improvement	2025-07-02 16:22:16 -03:00
Sheen Capadngan	91d6d5d07b	misc: updated worker count for secret scanning jobs	2025-07-03 03:02:16 +08:00
Sheen	ac7b23da45	Merge pull request #3909 from Infisical/misc/update-tooltip-for-overwrite-sync misc: update tooltip for overwrite sync	2025-07-03 02:57:52 +08:00
Sheen Capadngan	1fdc82e494	misc: update tooltip for overwrite sync	2025-07-03 02:32:10 +08:00
Scott Wilson	3daae6f965	improvement: adjust header drag to use table container for positioning	2025-07-02 11:10:37 -07:00
Scott Wilson	833963af0c	improvement: remove additional relative and adjust handle position	2025-07-02 11:01:51 -07:00
Scott Wilson	aa560b8199	improvement: address feedback	2025-07-02 10:57:14 -07:00
Sheen	a215b99b3c	Merge pull request #3906 from Infisical/feat/audit-log-fix feat: audit log improvement	2025-07-03 01:49:06 +08:00
=	fbd9ecd980	feat: fixed ts error	2025-07-02 23:04:36 +05:30
=	3b839d4826	feat: addressed review comments	2025-07-02 23:04:36 +05:30
=	b52ec37f76	feat: added query size validation for audit log	2025-07-02 23:04:36 +05:30
=	5709afe0d3	feat: lint errors fix	2025-07-02 23:04:36 +05:30
=	566a243520	feat: seperated date filter	2025-07-02 23:04:36 +05:30
=	147c21ab9f	feat: updated backend logic to use parition and speed up audit log queries	2025-07-02 23:04:36 +05:30
x032205	f62eb9f8a2	Merge pull request #3892 from Infisical/ENG-1946 feat: Re-invite users every 1 week for up to a month.	2025-07-02 12:08:13 -04:00
Maidul Islam	ec60080e27	Merge pull request #3907 from Infisical/misc/update-cli-releaser-spec misc: updated CLI releaser spec	2025-07-02 10:44:55 -04:00
Sheen Capadngan	9fdc56bd6c	misc: updated CLI releaser spec	2025-07-02 22:41:51 +08:00
Carlos Monastyrski	9163da291e	feat(secret-sync): add PR suggestions for Zabbix secret sync	2025-07-02 10:18:20 -03:00
Carlos Monastyrski	307e6900ee	Merge branch 'main' into feat/zabbixSyncIntegration	2025-07-02 09:25:19 -03:00
x032205	bb59bb1868	Remove file	2025-07-01 22:46:16 -04:00
x032205	139f880be1	merge	2025-07-01 22:43:20 -04:00
Maidul Islam	f6002d81b3	Merge pull request #3872 from Infisical/feat/team-autonomy-product-migration feat: project ui v3	2025-07-01 21:09:43 -04:00
Scott Wilson	af240bd58c	Merge pull request #3886 from Infisical/policy-delete-requests-warning improvement(approval-policies): Add open request warning to remove policy modal	2025-07-01 18:07:22 -07:00
Maidul Islam	414de3c4d0	update broken import	2025-07-01 20:26:19 -04:00
Scott Wilson	1a7b810bad	improvement: allow users to expand collapsed environment view header	2025-07-01 17:22:49 -07:00
Maidul Islam	0379ba4eb1	Merge branch 'main' into feat/team-autonomy-product-migration	2025-07-01 20:21:00 -04:00
x032205	c2ce1aa5aa	Fix license fns	2025-07-01 20:06:51 -04:00
x032205	c8e155f0ca	Review fixes	2025-07-01 19:48:17 -04:00
carlosmonastyrski	5ced43574d	Merge pull request #3903 from Infisical/fix/blockFolderDeletionOnPolicyInPlace feat(change-approvals): block folder deletion if there is at least one secret protected by a policy	2025-07-01 20:39:28 -03:00
Scott Wilson	19ff045d2e	improvement: address feedback	2025-07-01 16:13:14 -07:00
Maidul Islam	4784f47a72	Merge pull request #3898 from Infisical/daniel/remove-mint docs: remove mint.json file in favor of docs.json	2025-07-01 19:01:42 -04:00
Carlos Monastyrski	28a27daf29	feat(change-approvals): block folder deletion if there is at least one secret protected by a policy	2025-07-01 19:55:38 -03:00
Maidul Islam	83f0a500bd	Merge pull request #3901 from Infisical/revert-3875-ENG-3009 Revert "feat(super-admin): Environment Overrides"	2025-07-01 17:43:49 -04:00
Maidul Islam	325d277021	Revert "feat(super-admin): Environment Overrides"	2025-07-01 17:43:38 -04:00
Maidul Islam	9ca71f663a	Merge pull request #3899 from Infisical/revert-3896-misc/final-changes-for-self-serve-en Revert "misc: updated sidebar name"	2025-07-01 17:42:51 -04:00
Maidul Islam	e5c7aba745	Revert "misc: updated sidebar name"	2025-07-01 17:42:33 -04:00
Daniel Hougaard	cada75bd0c	Delete mint.json	2025-07-02 01:29:49 +04:00
Maidul Islam	a37689eeca	Merge pull request #3897 from Infisical/misc/add-plain-support-for-user-get-token-cli misc: add plain support for user get token in CLI	2025-07-01 17:04:45 -04:00
Sheen Capadngan	38c9242e5b	misc: add plain support for user get token in CLI	2025-07-02 04:45:53 +08:00
x032205	8dafa75aa2	Merge pull request #3896 from Infisical/misc/final-changes-for-self-serve-en misc: updated sidebar name	2025-07-01 16:28:05 -04:00
Sheen Capadngan	aea61bae38	misc: label updates	2025-07-02 04:17:52 +08:00
Sheen Capadngan	37a10d1435	misc: updated sidebar name	2025-07-02 04:13:58 +08:00
=	a64c2173e7	feat: resolved broken row	2025-07-02 01:33:02 +05:30
=	ec0603a464	feat: resolved merge reviews	2025-07-02 01:16:52 +05:30
=	bf8d60fcdc	feat: resolved merge issues	2025-07-02 01:16:52 +05:30
=	b47846a780	feat: resolved type filter in ssh project	2025-07-02 01:16:52 +05:30
=	ea403b0393	feat: resolved review comments	2025-07-02 01:16:52 +05:30
=	9ab89fdef6	feat: resolved all broken urls in backend redirect	2025-07-02 01:16:52 +05:30
=	dea22ab844	feat: removed all getProjectFromSplitId	2025-07-02 01:16:52 +05:30
=	8bdf294a34	feat: added default product switch in project settings	2025-07-02 01:16:51 +05:30
=	0b2c967e63	feat: renamed defaultType to defaultProduct	2025-07-02 01:16:51 +05:30
=	c89876aa10	feat: corrected title for layout	2025-07-02 01:16:51 +05:30
=	76b3aab4c0	feat: removed hover thing	2025-07-02 01:16:51 +05:30
=	944319b9b6	feat: resolved alignement issue	2025-07-02 01:16:51 +05:30
Vladyslav Matsiiako	ac6f79815a	fix ui for navbar	2025-07-02 01:16:51 +05:30
=	6734bf245f	feat: corrected icon again and fixed incorrect title in settings page of products	2025-07-02 01:16:50 +05:30
=	b32584ce73	feat: changed vault lottie	2025-07-02 01:16:50 +05:30
=	3e41b359c5	feat: changed layout to absolute	2025-07-02 01:16:50 +05:30
=	2352bca03e	feat: resolved sidebar alignment issue of server admin	2025-07-02 01:16:50 +05:30
=	9f3236b47d	feat: added search to project nav	2025-07-02 01:16:50 +05:30
=	01c5f516f8	feat: resolved license-fn type error	2025-07-02 01:16:50 +05:30
=	74067751a6	feat: updated lotties for the products	2025-07-02 01:16:50 +05:30
=	fa7318eeb1	feat: done and dusted - new plasma ui	2025-07-02 01:16:49 +05:30
=	fb9c580e53	feat: fixed padding in layout	2025-07-02 01:16:49 +05:30
=	1bfdbb7314	feat: removed filters made in project roles	2025-07-02 01:16:49 +05:30
=	6b3279cbe5	feat: completed breadcrumb and settings changes	2025-07-02 01:16:49 +05:30
=	48ac6b4aff	feat: fixed all ts url errors	2025-07-02 01:16:49 +05:30
=	b0c1c9ce26	feat: added project settings and access management	2025-07-02 01:16:48 +05:30
=	d82d22a198	feat: seperated layouts for each product line	2025-07-02 01:16:48 +05:30
=	c66510f473	feat: completed the product sidebar	2025-07-02 01:16:48 +05:30
=	09cdd5ec91	feat: added project layout and project select in breadcrumb	2025-07-02 01:16:48 +05:30
=	e028b4e26d	feat: removed all action project type check	2025-07-02 01:16:48 +05:30
=	b8f7ffbf53	feat: re-arranged org project pages	2025-07-02 01:16:47 +05:30
=	0d97fc27c7	feat: moved org breadcrumbs to top level	2025-07-02 01:16:47 +05:30
=	098c1d840b	feat: org sidebar first version	2025-07-02 01:16:47 +05:30
Maidul Islam	cce2a54265	Merge pull request #3883 from Infisical/doc/add-mention-of-default-audience-support doc: add mention of default audience support for CSI	2025-07-01 14:35:15 -04:00
Sheen	d1033cb324	Merge pull request #3875 from Infisical/ENG-3009 feat(super-admin): Environment Overrides	2025-07-02 02:18:40 +08:00
Sheen Capadngan	7134e1dc66	misc: updated success notif	2025-07-02 02:18:04 +08:00
x032205	8aa26b77ed	Fix check	2025-07-01 13:11:15 -04:00
x032205	4b06880320	Feedback fixes	2025-07-01 11:52:01 -04:00
Sheen	124cd9f812	Merge pull request #3893 from Infisical/misc/added-missing-project-cert-endpoints-to-open-api-spec misc: added missing project cert endpoints to open api spec	2025-07-01 23:39:37 +08:00
x032205	d531d069d1	Add azure app connection	2025-07-01 11:23:44 -04:00
Scott Wilson	522a5d477d	Merge pull request #3889 from Infisical/minor-access-approval-modal-improvements improvement(approval-policy): minor create policy layout adjustments	2025-07-01 08:21:26 -07:00
Sheen	d2f0db669a	Merge pull request #3894 from Infisical/fix/address-instance-of-github-dynamic-secret fix: address instanceof check in github dynamic secret	2025-07-01 23:11:01 +08:00
Sheen Capadngan	4dd78d745b	fix: address instanceof check in github dynamic secret	2025-07-01 20:45:00 +08:00
Sheen Capadngan	4fef5c305d	misc: added missing project cert endpoints to open api spec	2025-07-01 18:53:13 +08:00
x032205	e5bbc46b0f	Add org caching + fix a line	2025-07-01 00:07:10 -04:00
x032205	30f3543850	Merge pull request #3876 from Infisical/ENG-2977 feat(secret-sync): Allow custom field label on 1pass sync	2025-06-30 23:36:22 -04:00
Scott Wilson	114915f913	Merge pull request #3891 from Infisical/change-request-page-improvements improvement(secret-approval-request): Color/layout styling adjustments to change request page	2025-06-30 19:35:40 -07:00
Scott Wilson	b5801af9a8	improvements: address feedback	2025-06-30 18:32:36 -07:00
Scott Wilson	20366a8c07	improvement: address feedback	2025-06-30 18:09:50 -07:00
x032205	60a4c72a5d	feat: Re-invite users every 1 week for up to a month.	2025-06-30 20:10:30 -04:00
Scott Wilson	447e28511c	improvement: update stale/conflict text	2025-06-30 16:44:29 -07:00
Scott Wilson	650ed656e3	improvement: color/layout styling adjustments to change request page	2025-06-30 16:30:37 -07:00
Scott Wilson	54ac450b63	improvement: minor layout adjustments	2025-06-30 14:38:23 -07:00
Maidul Islam	3871fa552c	Merge pull request #3888 from Infisical/revert-3885-misc/add-indices-for-referencing-columns-in-identity-access-token Revert "misc: add indices for referencing columns in identity access token"	2025-06-30 17:27:31 -04:00
Sheen	9c72ee7f10	Revert "misc: add indices for referencing columns in identity access token"	2025-07-01 05:23:51 +08:00
Maidul Islam	22e8617661	Merge pull request #3885 from Infisical/misc/add-indices-for-referencing-columns-in-identity-access-token misc: add indices for referencing columns in identity access token	2025-06-30 17:01:20 -04:00
Sheen Capadngan	2f29a513cc	misc: make index creation concurrently	2025-07-01 03:36:55 +08:00
x032205	cb6c28ac26	UI updates	2025-06-30 14:08:27 -04:00
x032205	d3833c33b3	Merge pull request #3878 from Infisical/fix-approval-policy-bypassing Fix bypassing approval policies	2025-06-30 13:37:28 -04:00
Sheen Capadngan	978a3e5828	misc: add indices for referencing columns in identity access token	2025-07-01 01:25:11 +08:00
Scott Wilson	27bf91e58f	Merge pull request #3873 from Infisical/org-access-control-improvements improvement(org-access-control): Standardize and improve org access control UI	2025-06-30 09:54:42 -07:00
x032205	3723afe595	Merge branch 'main' into ENG-3009	2025-06-30 12:01:14 -04:00
Akhil Mohan	02afd6a8e7	Merge pull request #3882 from Infisical/feat/fix-access-token-ips feat: resolved inefficient join for ip restriction in access token	2025-06-30 21:22:28 +05:30
Sheen Capadngan	14d6f6c048	doc: add mention of default audience support for CSI	2025-06-30 23:51:50 +08:00
=	929eac4350	feat: resolved inefficient join for ip restriction in access token	2025-06-30 20:13:26 +05:30
Vlad Matsiiako	c6074dd69a	Merge pull request #3881 from Infisical/docs-update update spend policy	2025-06-29 18:10:54 -07:00
Vladyslav Matsiiako	a9b26755ba	update spend policy	2025-06-29 17:43:05 -07:00
Vlad Matsiiako	033e5d3f81	Merge pull request #3880 from Infisical/docs-update update logos in docs	2025-06-28 16:38:05 -07:00
Vladyslav Matsiiako	90634e1913	update logos in docs	2025-06-28 16:26:58 -07:00
x032205	58b61a861a	Fix bypassing approval policies	2025-06-28 04:17:09 -04:00
x032205	3c8ec7d7fb	Merge pull request #3869 from Infisical/sequence-approval-policy-ui-additions improvement(access-policies): Revamp approval sequence table display and access request modal	2025-06-28 04:07:41 -04:00
x032205	26a59286c5	Merge pull request #3877 from Infisical/remove-datadog-logs Remove debug logs for DataDog stream	2025-06-28 03:45:14 -04:00
x032205	392792bb1e	Remove debug logs for DataDog stream	2025-06-28 03:37:32 -04:00
x032205	d79a6b8f25	Lint fixes	2025-06-28 03:35:52 -04:00
x032205	217a09c97b	Docs	2025-06-28 03:14:45 -04:00
x032205	a389ede03d	Review fixes	2025-06-28 03:01:34 -04:00
x032205	10939fecc0	feat(super-admin): Environment Overrides	2025-06-28 02:35:38 -04:00
Maidul Islam	969896e431	Merge pull request #3874 from Infisical/remove-certauth-join Remove cert auth left join	2025-06-27 20:41:58 -04:00
Maidul Islam	fd85da5739	set trusted ip to empty	2025-06-27 20:36:32 -04:00
Maidul Islam	2caf6ff94b	remove cert auth left join	2025-06-27 20:21:28 -04:00
Sheen	aff97374a9	Merge pull request #3868 from Infisical/misc/add-mention-of-service-usage-api-for-gcp misc: add mention of service usage API for GCP	2025-06-28 04:26:21 +08:00
carlosmonastyrski	68abd0f044	feat(secret-sync): fix docs	2025-06-27 14:23:39 -03:00
carlosmonastyrski	f3c11a0a17	feat(secret-sync): fix docs	2025-06-27 14:12:46 -03:00
carlosmonastyrski	f4779de051	feat(secret-sync): add re2 on replacements	2025-06-27 14:03:59 -03:00
carlosmonastyrski	defe7b8f0b	feat(secret-sync): add blockLocalAndPrivateIpAddresses on secret-sync fns functions	2025-06-27 13:37:57 -03:00
carlosmonastyrski	cf3113ac89	feat(secret-sync): add Zabbix secret sync	2025-06-27 13:31:41 -03:00
Scott Wilson	953cc3a850	improvements: revise approval sequence table display and access request modal	2025-06-27 09:30:11 -07:00
Sheen	7c4baa6fd4	misc: added image for service usage API	2025-06-27 13:19:14 +00:00
Sheen Capadngan	f285648c95	misc: add mention of service usage API for GCP	2025-06-27 21:10:02 +08:00
x032205	9af5a66bab	feat(secret-sync): Allow custom field label on 1pass sync	2025-06-26 16:07:08 -04:00