update imports/service token crud

removed posthog cli export events

.goreleaser.yaml

@@ -108,7 +108,7 @@ brews:
       zsh_completion.install "completions/infisical.zsh" => "_infisical"
       fish_completion.install "completions/infisical.fish"
       man1.install "manpages/infisical.1.gz"
-  - name: 'infisical@{{.Version}}'
+  - name: "infisical@{{.Version}}"
     tap:
       owner: Infisical
       name: homebrew-get-cli
@@ -186,12 +186,14 @@ aurs:
       # man pages
       install -Dm644 "./manpages/infisical.1.gz" "${pkgdir}/usr/share/man/man1/infisical.1.gz"
 
-# dockers:
-#   - dockerfile: cli/docker/Dockerfile
-#     goos: linux
-#     goarch: amd64
-#     ids:
-#       - infisical
-#     image_templates:
-#       - "infisical/cli:{{ .Version }}"
-#       - "infisical/cli:latest"
+dockers:
+  - dockerfile: docker/alpine
+    goos: linux
+    goarch: amd64
+    ids:
+      - all-other-builds
+    image_templates:
+      - "infisical/cli:{{ .Version }}"
+      - "infisical/cli:{{ .Major }}.{{ .Minor }}"
+      - "infisical/cli:{{ .Major }}"
+      - "infisical/cli:latest"

backend/src/controllers/v1/secretImpsController.ts

@@ -111,11 +111,17 @@ export const createSecretImp = async (req: Request, res: Response) => {
       authData: req.authData,
       workspaceId: new Types.ObjectId(workspaceId)
     });
-    
+
     ForbiddenError.from(permission).throwUnlessCan(
       ProjectPermissionActions.Create,
       subject(ProjectPermissionSub.Secrets, { environment, secretPath: directory })
     );
+
+    ForbiddenError.from(permission).throwUnlessCan(
+      ProjectPermissionActions.Create,
+      subject(ProjectPermissionSub.Secrets, { environment: secretImport.environment, secretPath: secretImport.secretPath })
+    );
+
   }
 
   const folders = await Folder.findOne({
@@ -323,7 +329,7 @@ export const updateSecretImport = async (req: Request, res: Response) => {
       authData: req.authData,
       workspaceId: importSecDoc.workspace
     });
-    
+
     ForbiddenError.from(permission).throwUnlessCan(
       ProjectPermissionActions.Edit,
       subject(ProjectPermissionSub.Secrets, {
@@ -331,6 +337,13 @@ export const updateSecretImport = async (req: Request, res: Response) => {
         secretPath
       })
     );
+
+    secretImports.forEach(({ environment, secretPath }) => {
+      ForbiddenError.from(permission).throwUnlessCan(
+        ProjectPermissionActions.Create,
+        subject(ProjectPermissionSub.Secrets, { environment, secretPath })
+      );
+    })
   }
 
   const orderBefore = importSecDoc.imports;
@@ -453,7 +466,7 @@ export const deleteSecretImport = async (req: Request, res: Response) => {
       authData: req.authData,
       workspaceId: importSecDoc.workspace
     });
-    
+
     ForbiddenError.from(permission).throwUnlessCan(
       ProjectPermissionActions.Delete,
       subject(ProjectPermissionSub.Secrets, {
@@ -620,7 +633,7 @@ export const getAllSecretsFromImport = async (req: Request, res: Response) => {
       authData: req.authData,
       workspaceId: new Types.ObjectId(workspaceId)
     });
-    
+
     ForbiddenError.from(permission).throwUnlessCan(
       ProjectPermissionActions.Read,
       subject(ProjectPermissionSub.Secrets, {
@@ -677,7 +690,7 @@ export const getAllSecretsFromImport = async (req: Request, res: Response) => {
       authData: req.authData,
       workspaceId: importSecDoc.workspace
     });
-    
+
     ForbiddenError.from(permission).throwUnlessCan(
       ProjectPermissionActions.Read,
       subject(ProjectPermissionSub.Secrets, {

backend/src/controllers/v1/universalAuthController.ts

@@ -129,9 +129,14 @@ export const renewAccessToken = async (req: Request, res: Response) => {
         accessTokenTTL,
         accessTokenLastRenewedAt,
         accessTokenMaxTTL,
-        createdAt: accessTokenCreatedAt
+        createdAt: accessTokenCreatedAt,
+        accessTokenNumUses,
+        accessTokenNumUsesLimit
     } = identityAccessToken;
 
+    if (accessTokenNumUses >= accessTokenNumUsesLimit) {
+        throw BadRequestError({ message: "Unable to renew because access token number of uses limit reached" })
+    }
 
     // ttl check
     if (accessTokenTTL > 0) {

backend/src/controllers/v2/serviceTokenDataController.ts

@@ -13,7 +13,7 @@ import {
   ProjectPermissionSub,
   getAuthDataProjectPermissions
 } from "../../ee/services/ProjectRoleService";
-import { ForbiddenError } from "@casl/ability";
+import { ForbiddenError, subject } from "@casl/ability";
 import { Types } from "mongoose";
 
 /**
@@ -86,6 +86,14 @@ export const createServiceTokenData = async (req: Request, res: Response) => {
     ProjectPermissionSub.ServiceTokens
   );
 
+  scopes.forEach(({ environment, secretPath }) => {
+    ForbiddenError.from(permission).throwUnlessCan(
+      ProjectPermissionActions.Create,
+      subject(ProjectPermissionSub.Secrets, { environment, secretPath: secretPath })
+    );
+  })
+
+
   const secret = crypto.randomBytes(16).toString("hex");
   const secretHash = await bcrypt.hash(secret, await getSaltRounds());
 

backend/src/ee/controllers/v1/secretApprovalRequestsController.ts

@@ -17,12 +17,12 @@ export const getSecretApprovalRequestCount = async (req: Request, res: Response)
   } = await validateRequest(reqValidator.getSecretApprovalRequestCount, req);
 
   if (!(req.authData.authPayload instanceof User)) return;
-  
+
   const membership = await Membership.findOne({
     user: req.authData.authPayload._id,
     workspace: new Types.ObjectId(workspaceId)
   });
-  
+
   if (!membership) throw UnauthorizedRequestError();
 
   const approvalRequestCount = await SecretApprovalRequest.aggregate([
@@ -73,12 +73,12 @@ export const getSecretApprovalRequests = async (req: Request, res: Response) =>
   } = await validateRequest(reqValidator.getSecretApprovalRequests, req);
 
   if (!(req.authData.authPayload instanceof User)) return;
-  
+
   const membership = await Membership.findOne({
     user: req.authData.authPayload._id,
     workspace: new Types.ObjectId(workspaceId)
   });
-  
+
   if (!membership) throw UnauthorizedRequestError();
 
   const query = {
@@ -168,13 +168,13 @@ export const getSecretApprovalRequestDetails = async (req: Request, res: Respons
     user: req.authData.authPayload._id,
     workspace: secretApprovalRequest.workspace
   });
-  
+
   if (!membership) throw UnauthorizedRequestError();
 
   // allow to fetch only if its admin or is the committer or approver
   if (
     membership.role !== "admin" &&
-    secretApprovalRequest.committer !== membership.id &&
+    !secretApprovalRequest.committer.equals(membership.id) &&
     !secretApprovalRequest.policy.approvers.find(
       (approverId) => approverId.toString() === membership._id.toString()
     )
@@ -215,7 +215,7 @@ export const updateSecretApprovalReviewStatus = async (req: Request, res: Respon
     user: req.authData.authPayload._id,
     workspace: secretApprovalRequest.workspace
   });
-  
+
   if (!membership) throw UnauthorizedRequestError();
 
   if (
@@ -257,7 +257,7 @@ export const mergeSecretApprovalRequest = async (req: Request, res: Response) =>
     user: req.authData.authPayload._id,
     workspace: secretApprovalRequest.workspace
   });
-  
+
   if (!membership) throw UnauthorizedRequestError();
 
   if (
@@ -307,7 +307,7 @@ export const updateSecretApprovalRequestStatus = async (req: Request, res: Respo
     user: req.authData.authPayload._id,
     workspace: secretApprovalRequest.workspace
   });
-  
+
   if (!membership) throw UnauthorizedRequestError();
 
   if (

backend/src/ee/models/auditLog/enums.ts

@@ -8,7 +8,10 @@ export enum UserAgentType {
   WEB = "web",
   CLI = "cli",
   K8_OPERATOR = "k8-operator",
-  OTHER = "other"
+  TERRAFORM = "terraform",
+  OTHER = "other",
+  PYTHON_SDK = "InfisicalPythonSDK",
+  NODE_SDK = "InfisicalNodeSDK"
 }
 
 export enum EventType {

backend/src/helpers/rateLimiter.ts

@@ -10,7 +10,7 @@ export const apiLimiter = rateLimit({
   //   errorHandler: console.error.bind(null, 'rate-limit-mongo')
   // }),
   windowMs: 60 * 1000,
-  max: 350,
+  max: 480,
   standardHeaders: true,
   legacyHeaders: false,
   skip: (request) => {
@@ -30,7 +30,7 @@ const authLimit = rateLimit({
   //   collectionName: "expressRateRecords-authLimit",
   // }),
   windowMs: 60 * 1000,
-  max: 100,
+  max: 300,
   standardHeaders: true,
   legacyHeaders: false,
   keyGenerator: (req, res) => {
@@ -46,8 +46,8 @@ export const passwordLimiter = rateLimit({
   //   errorHandler: console.error.bind(null, 'rate-limit-mongo'),
   //   collectionName: "expressRateRecords-passwordLimiter",
   // }),
-  windowMs: 60 * 60 * 1000,
-  max: 10,
+  windowMs: 60 * 1000,
+  max: 300,
   standardHeaders: true,
   legacyHeaders: false,
   keyGenerator: (req, res) => {

backend/src/services/TelemetryService.ts

@@ -8,12 +8,12 @@ import {
   getTelemetryEnabled,
 } from "../config";
 import {
+  Identity,
   ServiceTokenData,
-  User,
+  User
 } from "../models";
 import {
   AccountNotFoundError,
-  BadRequestError,
 } from "../utils/errors";
 
 class Telemetry {
@@ -22,7 +22,7 @@ class Telemetry {
    */
   static logTelemetryMessage = async () => {
 
-    if(!(await getTelemetryEnabled())){
+    if (!(await getTelemetryEnabled())) {
       [
         "To improve, Infisical collects telemetry data about general usage.",
         "This helps us understand how the product is doing and guide our product development to create the best possible platform; it also helps us demonstrate growth as we support Infisical as open-source software.",
@@ -42,8 +42,8 @@ class Telemetry {
       postHogClient = new PostHog(await getPostHogProjectApiKey(), {
         host: await getPostHogHost(),
       });
-    } 
-    
+    }
+
     return postHogClient;
   }
 
@@ -52,6 +52,7 @@ class Telemetry {
   }: {
     authData: AuthData;
   }) => {
+
     let distinctId = "";
     if (authData.authPayload instanceof User) {
       distinctId = authData.authPayload.email;
@@ -59,14 +60,14 @@ class Telemetry {
       if (authData.authPayload.user) {
         const user = await User.findById(authData.authPayload.user, "email");
         if (!user) throw AccountNotFoundError();
-        distinctId = user.email; 
+        distinctId = user.email;
       }
+    } else if (authData.authPayload instanceof Identity) {
+      distinctId = `identity-${authData.authPayload._id.toString()}`
+    } else {
+      distinctId = "unknown-auth-data"
     }
-    
-    if (distinctId === "") throw BadRequestError({
-      message: "Failed to obtain distinct id for logging telemetry",
-    });
-    
+
     return distinctId;
   }
 }

backend/src/utils/authn/passport/saml.ts

@@ -75,7 +75,7 @@ export const initializeSamlStrategy = async () => {
           const organization = await Organization.findById(req.ssoConfig.organization);
           
           if (!organization) return done(OrganizationNotFoundError());
-    
+          
           const email = profile.email;
           const firstName = profile.firstName;
           const lastName = profile.lastName;
@@ -154,6 +154,7 @@ export const initializeSamlStrategy = async () => {
               firstName,
               lastName,
               organizationName: organization?.name,
+              organizationId: organization?._id,
               authMethod: req.ssoConfig.authProvider,
               isUserCompleted,
               ...(req.body.RelayState ? {

backend/src/utils/posthog.ts

@@ -7,8 +7,14 @@ export const getUserAgentType = function (userAgent: string | undefined) {
     return UserAgentType.CLI;
   } else if (userAgent == UserAgentType.K8_OPERATOR) {
     return UserAgentType.K8_OPERATOR;
+  } else if (userAgent == UserAgentType.TERRAFORM) {
+    return UserAgentType.TERRAFORM;
   } else if (userAgent.toLowerCase().includes("mozilla")) {
     return UserAgentType.WEB;
+  } else if (userAgent.includes(UserAgentType.NODE_SDK)) {
+    return UserAgentType.NODE_SDK;
+  } else if (userAgent.includes(UserAgentType.PYTHON_SDK)) {
+    return UserAgentType.PYTHON_SDK;
   } else {
     return UserAgentType.OTHER;
   }

backend/src/validation/serviceTokenData.ts

@@ -158,7 +158,7 @@ export const CreateServiceTokenV2 = z.object({
     encryptedKey: z.string().trim(),
     iv: z.string().trim(),
     tag: z.string().trim(),
-    expiresIn: z.number(),
+    expiresIn: z.number().nullable().optional(),
     permissions: z.enum(["read", "write"]).array()
   })
 });

cli/docker/Dockerfile

@@ -1,4 +0,0 @@
-FROM alpine
-RUN apk add --no-cache tini
-COPY infisical /bin/infisical
-ENTRYPOINT ["/sbin/tini", "--", "/bin/infisical"]

cli/docker/alpine

@@ -0,0 +1,9 @@
+FROM alpine
+RUN apk add --no-cache tini
+
+## Upgrade OpenSSL libraries to mitigate known vulnerabilities as the current Alpine image has not been patched yet.
+RUN apk update && apk upgrade --no-cache libcrypto3 libssl3
+
+
+COPY infisical /bin/infisical
+ENTRYPOINT ["/sbin/tini", "--", "/bin/infisical"]

cli/packages/cmd/agent.go

@@ -9,6 +9,7 @@ import (
 	"io/ioutil"
 	"os"
 	"os/signal"
+	"path"
 	"strings"
 	"sync"
 	"syscall"
@@ -189,7 +190,9 @@ func ProcessTemplate(templatePath string, data interface{}, accessToken string)
 		"secret": secretFunction,
 	}
 
-	tmpl, err := template.New(templatePath).Funcs(funcs).ParseFiles(templatePath)
+	templateName := path.Base(templatePath)
+
+	tmpl, err := template.New(templateName).Funcs(funcs).ParseFiles(templatePath)
 	if err != nil {
 		return nil, err
 	}

cli/packages/cmd/export.go

@@ -11,7 +11,6 @@ import (
 
 	"github.com/Infisical/infisical-merge/packages/models"
 	"github.com/Infisical/infisical-merge/packages/util"
-	"github.com/posthog/posthog-go"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 )
@@ -102,7 +101,7 @@ var exportCmd = &cobra.Command{
 
 		fmt.Print(output)
 
-		Telemetry.CaptureEvent("cli-command:export", posthog.NewProperties().Set("secretsCount", len(secrets)).Set("version", util.CLI_VERSION))
+		// Telemetry.CaptureEvent("cli-command:export", posthog.NewProperties().Set("secretsCount", len(secrets)).Set("version", util.CLI_VERSION))
 	},
 }
 

docs/changelog/overview.mdx

@@ -6,6 +6,9 @@ The changelog below reflects new product developments and updates on a monthly b
 
 ## December 2023
 
+- Released [(machine) identities](https://infisical.com/docs/documentation/platform/identities/overview) and [universal auth](https://infisical.com/docs/documentation/platform/identities/universal-auth) features.
+- Created new cross-language SDKs for [Python](https://infisical.com/docs/sdks/languages/python), [Node](https://infisical.com/docs/sdks/languages/node), and [Java](https://infisical.com/docs/sdks/languages/java). 
+- Released first version of the [Infisical Agent](https://infisical.com/docs/infisical-agent/overview)
 - Added ability to [manage folders via CLI](https://infisical.com/docs/cli/commands/secrets).  
 
 ## November 2023

docs/documentation/getting-started/sdks.mdx

@@ -13,7 +13,8 @@ Prerequisites:
 
 Follow the instructions for your language use the SDK for it:
 
-- [Node SDK](https://github.com/Infisical/infisical-node)
-- [Python SDK](https://github.com/Infisical/infisical-python)
+- [Node SDK](https://infisical.com/docs/sdks/languages/node)
+- [Python SDK](https://infisical.com/docs/sdks/languages/python)
+- [Java SDK](https://infisical.com/docs/sdks/languages/java)
 
 Missing a language? [Throw in a request](https://github.com/Infisical/infisical/issues).

docs/documentation/guides/nextjs-vercel.mdx

@@ -240,12 +240,6 @@ At this stage, you know how to use the Infisical-Vercel integration to sync prod
         
         Check out the [security guide](/security/overview).
     </Accordion>
-    <Accordion title="Is there way to retain end-to-end encryption for syncing production secrets to Vercel?">
-        Yes. You can also use the Infisical [Node SDK](https://github.com/Infisical/infisical-node) to fetch secrets back to your Next.js app
-        in both development and production.
-
-        Depending on how you use it, however, it may require certain pages to be server-side rendered.  
-    </Accordion>
 </AccordionGroup>
 
 See also:

docs/documentation/platform/identities/overview.mdx

@@ -4,8 +4,7 @@ description: "Programmatically interact with Infisical"
 ---
 
 <Note>
-  Currently, identities can only be used to make authenticated requests to the Infisical API and do not work with any clients such as [Node SDK](https://github.com/Infisical/infisical-node)
-  , [Python SDK](https://github.com/Infisical/infisical-python), CLI, K8s operator, Terraform Provider, etc.
+  Currently, identities can only be used to make authenticated requests to the Infisical API and SDKs. They do not work with clients such as CLI, K8s Operator, Terraform Provider, etc.
 
   We will be releasing compatibility with it across clients in the coming quarter.
 </Note>

docs/documentation/platform/identities/universal-auth.mdx

@@ -24,11 +24,11 @@ using the Universal Auth authentication method.
   <Step title="Creating an identity">
     To create an identity, head to your Organization Settings > Access Control > Machine Identities and press **Create identity**.
 
-    ![identities organization](../../images/platform/identities/identities-org.png)
+    ![identities organization](/images/platform/identities/identities-org.png)
 
     When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
     
-    ![identities organization create](../../images/platform/identities/identities-org-create.png)
+    ![identities organization create](/images/platform/identities/identities-org-create.png)
 
     Now input a few details for your new identity. Here's some guidance for each field:
 
@@ -37,7 +37,7 @@ using the Universal Auth authentication method.
     
     Once you've created an identity, you'll be prompted to configure the **Universal Auth** authentication method for it.
     
-    ![identities organization create auth method](../../images/platform/identities/identities-org-create-auth-method.png)
+    ![identities organization create auth method](/images/platform/identities/identities-org-create-auth-method.png)
     
     Here's some more guidance on each field:
 
@@ -60,9 +60,9 @@ using the Universal Auth authentication method.
     and password used to authenticate with the Infisical API. With that, press on the key icon on the identity to generate a **Client Secret**
     for it.
     
-    ![identities client secret create](../../images/platform/identities/identities-org-client-secret.png)
-    ![identities client secret create](../../images/platform/identities/identities-org-client-secret-create-1.png)
-    ![identities client secret create](../../images/platform/identities/identities-org-client-secret-create-2.png)
+    ![identities client secret create](/images/platform/identities/identities-org-client-secret.png)
+    ![identities client secret create](/images/platform/identities/identities-org-client-secret-create-1.png)
+    ![identities client secret create](/images/platform/identities/identities-org-client-secret-create-2.png)
     
     Feel free to input any (optional) details for the **Client Secret** configuration:
     
@@ -77,9 +77,9 @@ using the Universal Auth authentication method.
 
     Next, select the identity you want to add to the project and the project level role you want to allow it to assume. The project role assigned will determine what project level resources this identity can have access to.
 
-    ![identities project](../../images/platform/identities/identities-project.png)
+    ![identities project](/images/platform/identities/identities-project.png)
     
-    ![identities project create](../../images/platform/identities/identities-project-create.png)
+    ![identities project create](/images/platform/identities/identities-project-create.png)
   </Step>
   <Step title="Accessing the Infisical API with the identity">
     To access the Infisical API as the identity, you should first perform a login operation

docs/documentation/platform/secret-reference.mdx

@@ -12,8 +12,8 @@ This means that updating the value of a base secret propagates directly to other
     Currently, the secret referencing feature is only supported by the 
     [Infisical CLI](/cli/overview) and [native integrations](/integrations/overview).
 
-    We intend to add support for it to the [Node SDK](https://github.com/Infisical/infisical-node)
-    and [Python SDK](https://github.com/Infisical/infisical-python) this quarter.
+    We intend to add support for it to the [Node SDK](https://infisical.com/docs/sdks/languages/node), 
+    [Python SDK](https://infisical.com/docs/sdks/languages/python), and [Java SDK](https://infisical.com/docs/sdks/languages/java) this quarter.
 </Note>
 
 ![secret referencing](../../images/platform/secret-references-imports/secret-reference.png)

docs/documentation/platform/sso/azure.mdx

@@ -10,97 +10,97 @@ description: "Configure Azure SAML for Infisical SSO"
    then you should contact team@infisical.com to purchase an enterprise license to use it.
 </Info>
 
-1. In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
-   Next, copy the **Reply URL (Assertion Consumer Service URL)** and **Identifier (Entity ID)** to use when configuring the Azure SAML application.
+<Steps>
+   <Step title="Prepare the SAML SSO configuration in Infisical">
+      In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
 
-![Azure SAML initial configuration](../../../images/sso/azure/init-config.png)
+      Next, copy the **Reply URL (Assertion Consumer Service URL)** and **Identifier (Entity ID)** to use when configuring the Azure SAML application.
 
-2. In the Azure Portal, navigate to the Azure Active Directory and select **Enterprise applications**. On this screen, select
-   **+ New application**.
+      ![Azure SAML initial configuration](../../../images/sso/azure/init-config.png)
+   </Step>
+   <Step title="Create a SAML application in Azure">
+      In the Azure Portal, navigate to the Azure Active Directory and select **Enterprise applications**. On this screen, select **+ New application**.
 
-![Azure SAML enterprise applications](../../../images/sso/azure/enterprise-applications.png)
+      ![Azure SAML enterprise applications](../../../images/sso/azure/enterprise-applications.png)
 
-![Azure SAML new application](../../../images/sso/azure/new-application.png)
+      ![Azure SAML new application](../../../images/sso/azure/new-application.png)
+      
+      On the next screen, press the **+ Create your own application** button.
+      Give the application a unique name like Infisical; choose the "Integrate any other application you don't find in the gallery (Non-gallery)"
+      option and hit the **Create** button.
 
-2. On the next screen, press the **+ Create your own application** button.
-   Give the application a unique name like Infisical; choose the "Integrate any other application you don't find in the gallery (Non-gallery)"
-   option and hit the **Create** button.
+      ![Azure SAML create own application](../../../images/sso/azure/create-own-application.png)
 
-![Azure SAML create own application](../../../images/sso/azure/create-own-application.png)
+      On the application overview screen, select **Single sign-on** from the left sidebar. From there, select the **SAML** single sign-on method.
 
-3. On the application overview screen, select **Single sign-on** from the left sidebar. From there,
-   select the **SAML** single sign-on method.
+      ![Azure SAML sign on method](../../../images/sso/azure/sso-method.png)
 
-![Azure SAML sign on method](../../../images/sso/azure/sso-method.png)
+      Next, select **Edit** in the **Basic SAML Configuration** section and add/set the **Identifier (Entity ID)** to **Entity ID** and add/set the **Reply URL (Assertion Consumer Service URL)** to **ACS URL** from step 1.
 
-4. Next, select **Edit** in the **Basic SAML Configuration** section and add/set the **Identifier (Entity ID)**
-   to **Entity ID** and add/set the **Reply URL (Assertion Consumer Service URL)** to **ACS URL** from step 1.
+      ![Azure SAML edit basic configuration](../../../images/sso/azure/edit-basic-config.png)
 
-![Azure SAML edit basic configuration](../../../images/sso/azure/edit-basic-config.png)
+      ![Azure SAML edit basic configuration 2](../../../images/sso/azure/edit-basic-config-2.png)
 
-![Azure SAML edit basic configuration 2](../../../images/sso/azure/edit-basic-config-2.png)
+      <Note>
+      If you're self-hosting Infisical, then you will want to replace
+      `https://app.infisical.com` with your own domain.
+      </Note>
 
-<Note>
-  If you're self-hosting Infisical, then you will want to replace
-  `https://app.infisical.com` with your own domain.
-</Note>
+      Back in the **Set up Single Sign-On with SAML** screen, select **Edit** in the **Attributes & Claims** section and configure the following map:
 
-5. Back in the **Set up Single Sign-On with SAML** screen, select **Edit** in the **Attributes & Claims** section and configure the following map:
+      - `email -> user.userprinciplename`
+      - `firstName -> user.firstName`
+      - `lastName -> user.lastName`
 
-- `email -> user.userprinciplename`
-- `firstName -> user.firstName`
-- `lastName -> user.lastName`
+      ![Azure SAML edit attributes and claims](../../../images/sso/azure/edit-attributes-claims.png)
 
-![Azure SAML edit attributes and claims](../../../images/sso/azure/edit-attributes-claims.png)
+      ![Azure SAML edit attributes and claims 2](../../../images/sso/azure/edit-attributes-claims-2.png)
 
-![Azure SAML edit attributes and claims 2](../../../images/sso/azure/edit-attributes-claims-2.png)
+      Back in the **Set up Single Sign-On with SAML** screen, select **Edit** in the **SAML Certificates** section and set the **Signing Option** field to **Sign SAML response and assertion**.
 
-6. Back in the **Set up Single Sign-On with SAML** screen, select **Edit** in the **SAML Certificates** section and set the **Signing Option** field to **Sign SAML response and assertion**.
+      ![Azure SAML edit certificate](../../../images/sso/azure/edit-saml-certificate.png)
 
-![Azure SAML edit certificate](../../../images/sso/azure/edit-saml-certificate.png)
+      ![Azure SAML edit certificate signing option](../../../images/sso/azure/edit-saml-certificate-2.png)
+   </Step>
+   <Step title="Retrieve Identity Provider (IdP) Information from Okta">
+      In the **Set up Single Sign-On with SAML** screen, copy the **Login URL** and **SAML Certificate** to use when finishing configuring Azure SAML in Infisical.
 
-![Azure SAML edit certificate signing option](../../../images/sso/azure/edit-saml-certificate-2.png)
+      ![Azure SAML identity provider values 1](../../../images/sso/azure/idp-values.png)
 
-7. Get IdP values:
+      In the **Properties** screen, copy the **Application ID** to use when finishing configuring Azure SAML in Infisical.
 
-In the **Set up Single Sign-On with SAML** screen, copy the **Login URL** and **SAML Certificate** to use when finishing configuring Azure SAML in Infisical.
+      ![Azure SAML identity provider values 2](../../../images/sso/azure/idp-values-2.png)
+   </Step>
+   <Step title="Finish configuring SAML in Infisical">
+      Back in Infisical, set **Login URL**, **Azure Application ID**, and **SAML Certificate** from step 3. Once you've done that, press **Update** to complete the required configuration.
 
-![Azure SAML identity provider values 1](../../../images/sso/azure/idp-values.png)
+      ![Azure SAML paste identity provider values](../../../images/sso/azure/idp-values-3.png)
 
-In the **Properties** screen, copy the **Application ID** to use when finishing configuring Azure SAML in Infisical.
+      <Note>
+      When pasting the certificate into Infisical, you'll want to retain `-----BEGIN
+      CERTIFICATE-----` and `-----END CERTIFICATE-----` at the first and last line
+      of the text area respectively.
 
-![Azure SAML identity provider values 2](../../../images/sso/azure/idp-values-2.png)
+      Having trouble?, try copying the X509 certificate information from the Federation Metadata XML file in Azure.
 
-Back in Infisical, set **Login URL**, **Azure Application ID**, and **SAML Certificate** from above. Once you've done that, press **Update** to complete the required configuration.
+      </Note>
+   </Step>
+   <Step title="Assign users in Azure to the application">
+      Back in Azure, navigate to the **Users and groups** tab and select **+ Add user/group** to assign access to the login with SSO application on a user or group-level.
+      
+      ![Azure SAML assignment](../../../images/sso/azure/assignment.png)
+   </Step>   
+   <Step title="Enable SAML SSO in Infisical">
+      Enabling SAML SSO enforces all members in your organization to only be able to log into Infisical via Azure.
 
-![Azure SAML paste identity provider values](../../../images/sso/azure/idp-values-3.png)
-
-<Note>
-When pasting the certificate into Infisical, you'll want to retain `-----BEGIN
-  CERTIFICATE-----` and `-----END CERTIFICATE-----` at the first and last line
-  of the text area respectively.
-
-Having trouble?, try copying the X509 certificate information from the Federation Metadata XML file in Azure.
-
-</Note>
-
-7. Assignments
-
-Back in Azure, navigate to the **Users and groups** tab and select **+ Add user/group** to assign access to the login with SSO application on a user or group-level.
-![Azure SAML assignment](../../../images/sso/azure/assignment.png)
-
-8. Return to Infisical and enable SAML SSO.
-
-Enabling SAML SSO enforces all members in your organization to only be able to log into Infisical via Azure.
-
-![Azure SAML assignment](../../../images/sso/azure/enable-saml.png)
+      ![Azure SAML assignment](../../../images/sso/azure/enable-saml.png)
+   </Step>
+</Steps>
 
 <Note>
    If you're configuring SAML SSO on a self-hosted instance of Infisical, make sure to
-   set the `JWT_PROVIDER_AUTH_SECRET` and `SITE_URL` environment variable for it to work:
+   set the `AUTH_SECRET` and `SITE_URL` environment variable for it to work:
    
-   - `JWT_PROVIDER_AUTH_SECRET`: This is secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
+   - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
    - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
-</Note>
-
-
+</Note>

docs/documentation/platform/sso/github.mdx

@@ -5,38 +5,39 @@ description: "Configure GitHub SSO for Infisical"
 
 Using GitHub SSO on a self-hosted instance of Infisical requires configuring an OAuth2 application in GitHub and registering your instance with it.
 
-## Create an OAuth application in GitHub
+<Steps>
+  <Step title="Create an OAuth application in GitHub">
+    Navigate to your user Settings > Developer settings > OAuth Apps to create a new GitHub OAuth application.
 
-Navigate to your user Settings > Developer settings > OAuth Apps to create a new GitHub OAuth application.
+    ![GitHub settings](../../../images/sso/github/settings.png)
+    ![GitHub developer settings](../../../images/sso/github/dev-settings.png)
+    ![GitHub create new OAuth application](../../../images/sso/github/new-app.png)
 
-![GitHub settings](../../../images/sso/github/settings.png)
-![GitHub developer settings](../../../images/sso/github/dev-settings.png)
-![GitHub create new OAuth application](../../../images/sso/github/new-app.png)
+    Create the OAuth application. As part of the form, set the **Homepage URL** to your self-hosted domain `https://your-domain.com`
+    and the **Authorization callback URL** to `https://your-domain.com/api/v1/sso/github`.
 
-Create the OAuth application. As part of the form, set the **Homepage URL** to your self-hosted domain `https://your-domain.com`
-and the **Authorization callback URL** to `https://your-domain.com/api/v1/sso/github`.
+    ![GitHub create new OAuth application form](../../../images/sso/github/new-app-form.png)
 
-![GitHub create new OAuth application form](../../../images/sso/github/new-app-form.png)
+    <Note>
+        If you have a GitHub organization, you can create an OAuth application under it
+        in your organization Settings > Developer settings > OAuth Apps > New Org OAuth App.
+    </Note>
+  </Step>
+  <Step title="Add your OAuth application credentials to Infisical">
+    Obtain the **Client ID** and generate a new **Client Secret** for your GitHub OAuth application.
 
-<Note>
-    If you have a GitHub organization, you can create an OAuth application under it
-    in your organization Settings > Developer settings > OAuth Apps > New Org OAuth App.
-</Note>
+    ![GCP obtain OAuth2 credentials](../../../images/sso/github/credentials.png)
 
-## Add your OAuth application credentials to Infisical
+    Back in your Infisical instance, make sure to set the following environment variables:
 
-Obtain the **Client ID** and generate a new **Client Secret** for your GitHub OAuth application.
-
-![GCP obtain OAuth2 credentials](../../../images/sso/github/credentials.png)
-
-Back in your Infisical instance, make sure to set the following environment variables:
-
-- `CLIENT_ID_GITHUB_LOGIN`: The **Client ID** of your GitHub OAuth application.
-- `CLIENT_SECRET_GITHUB_LOGIN`: The **Client Secret** of your GitHub OAuth application.
-- `JWT_PROVIDER_AUTH_SECRET`: A secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
-- `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
-   
-Once added, restart your Infisical instance and log in with GitHub.
+    - `CLIENT_ID_GITHUB_LOGIN`: The **Client ID** of your GitHub OAuth application.
+    - `CLIENT_SECRET_GITHUB_LOGIN`: The **Client Secret** of your GitHub OAuth application.
+    - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
+    - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
+      
+    Once added, restart your Infisical instance and log in with GitHub.
+  </Step>
+</Steps>
 
 ## FAQ
 
@@ -45,7 +46,7 @@ Once added, restart your Infisical instance and log in with GitHub.
     It is likely that you have misconfigured your self-hosted instance of Infisical. You should:
 
     - Check that you have set the `CLIENT_ID_GITHUB_LOGIN`, `CLIENT_SECRET_GITHUB_LOGIN`, 
-    `JWT_PROVIDER_AUTH_SECRET`, and `SITE_URL` environment variables.
+    `AUTH_SECRET`, and `SITE_URL` environment variables.
     - Check that the **Authorization callback URL** specified in GitHub matches the `SITE_URL` environment variable.
     For example, if the former is `https://app.infisical.com/api/v1/sso/github` then the latter should be `https://app.infisical.com`.
   </Accordion>

docs/documentation/platform/sso/gitlab.mdx

@@ -5,38 +5,39 @@ description: "Configure GitLab SSO for Infisical"
 
 Using GitLab SSO on a self-hosted instance of Infisical requires configuring an OAuth application in GitLab and registering your instance with it.
 
-## Create an OAuth application in GitLab
+<Steps>
+  <Step title="Create an OAuth application in GitLab">
+    Navigate to your user Settings > Applications to create a new GitLab application.
 
-Navigate to your user Settings > Applications to create a new GitLab application.
+    ![sso gitlab config](/images/sso/gitlab/edit-profile.png) 
+    ![sso gitlab config](/images/sso/gitlab/new-app.png) 
 
-![sso gitlab config](/images/sso/gitlab/edit-profile.png) 
-![sso gitlab config](/images/sso/gitlab/new-app.png) 
+    Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/api/v1/sso/gitlab`.
+    Note that only `read_user` is required as part of the **Scopes** configuration.
 
-Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/api/v1/sso/gitlab`.
-Note that only `read_user` is required as part of the **Scopes** configuration.
+    ![sso gitlab config](/images/sso/gitlab/new-app-form.png) 
 
-![sso gitlab config](/images/sso/gitlab/new-app-form.png) 
+    <Note>
+        If you have a GitLab group, you can create an OAuth application under it
+        in your group Settings > Applications.
+    </Note>
+  </Step>
+  <Step title="Add your OAuth application credentials to Infisical">
+    Obtain the **Application ID** and **Secret** for your GitLab application.
 
-<Note>
-    If you have a GitLab group, you can create an OAuth application under it
-    in your group Settings > Applications.
-</Note>
+    ![sso gitlab config](/images/sso/gitlab/credentials.png) 
 
-## Add your OAuth application credentials to Infisical
+    Back in your Infisical instance, make sure to set the following environment variables:
 
-Obtain the **Application ID** and **Secret** for your GitLab application.
-
-![sso gitlab config](/images/sso/gitlab/credentials.png) 
-
-Back in your Infisical instance, make sure to set the following environment variables:
-
-- `CLIENT_ID_GITLAB_LOGIN`: The **Client ID** of your GitLab application.
-- `CLIENT_SECRET_GITLAB_LOGIN`: The **Secret** of your GitLab application.
-- (optional) `URL_GITLAB_LOGIN`: The URL of your self-hosted instance of GitLab where the OAuth application is registered. If no URL is passed in, this will default to `https://gitlab.com`.
-- `JWT_PROVIDER_AUTH_SECRET`: A secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
-- `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
-   
-Once added, restart your Infisical instance and log in with GitLab.
+    - `CLIENT_ID_GITLAB_LOGIN`: The **Client ID** of your GitLab application.
+    - `CLIENT_SECRET_GITLAB_LOGIN`: The **Secret** of your GitLab application.
+    - (optional) `URL_GITLAB_LOGIN`: The URL of your self-hosted instance of GitLab where the OAuth application is registered. If no URL is passed in, this will default to `https://gitlab.com`.
+    - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
+    - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
+      
+    Once added, restart your Infisical instance and log in with GitLab.
+  </Step>
+</Steps>
 
 ## FAQ
 
@@ -45,7 +46,7 @@ Once added, restart your Infisical instance and log in with GitLab.
     It is likely that you have misconfigured your self-hosted instance of Infisical. You should:
 
     - Check that you have set the `CLIENT_ID_GITLAB_LOGIN`, `CLIENT_SECRET_GITLAB_LOGIN`, 
-    `JWT_PROVIDER_AUTH_SECRET`, and `SITE_URL` environment variables.
+    `AUTH_SECRET`, and `SITE_URL` environment variables.
     - Check that the **Redirect URI** specified in GitLab matches the `SITE_URL` environment variable.
     For example, if the former is `https://app.infisical.com/api/v1/sso/gitlab` then the latter should be `https://app.infisical.com`.
   </Accordion>

docs/documentation/platform/sso/google.mdx

@@ -5,31 +5,32 @@ description: "Configure Google SSO for Infisical"
 
 Using Google SSO on a self-hosted instance of Infisical requires configuring an OAuth2 application in GCP and registering your instance with it.
 
-## Create an OAuth2 application in GCP
+<Steps>
+  <Step title="Create an OAuth2 application in GCP">
+    Navigate to your project API & Services > Credentials to create a new OAuth2 application.
+        
+    ![GCP API services](../../../images/sso/google/api-services.png)
+    ![GCP create new OAuth2 application](../../../images/sso/google/new-app.png)
 
-Navigate to your project API & Services > Credentials to create a new OAuth2 application.
-    
-![GCP API services](../../../images/sso/google/api-services.png)
-![GCP create new OAuth2 application](../../../images/sso/google/new-app.png)
+    Create the application. As part of the form, add to **Authorized redirect URIs**: `https://your-domain.com/api/v1/sso/google`.
 
-Create the application. As part of the form, add to **Authorized redirect URIs**: `https://your-domain.com/api/v1/sso/google`.
+    ![GCP create new OAuth2 application form](../../../images/sso/google/new-app-form.png)
+  </Step>
+  <Step title="Add your OAuth2 application credentials to Infisical">
+    Obtain the **Client ID** and **Client Secret** for your GCP OAuth2 application.
 
-![GCP create new OAuth2 application form](../../../images/sso/google/new-app-form.png)
+    ![GCP obtain OAuth2 credentials](../../../images/sso/google/credentials.png)
+      
+    Back in your Infisical instance, make sure to set the following environment variables:
 
-## Add your OAuth2 application credentials to Infisical
-   
-Obtain the **Client ID** and **Client Secret** for your GCP OAuth2 application.
-
-![GCP obtain OAuth2 credentials](../../../images/sso/google/credentials.png)
-   
-Back in your Infisical instance, make sure to set the following environment variables:
-
-- `CLIENT_ID_GOOGLE_LOGIN`: The **Client ID** of your GCP OAuth2 application.
-- `CLIENT_SECRET_GOOGLE_LOGIN`: The **Client Secret** of your GCP OAuth2 application.
-- `JWT_PROVIDER_AUTH_SECRET`: A secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
-- `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
-   
-Once added, restart your Infisical instance and log in with Google
+    - `CLIENT_ID_GOOGLE_LOGIN`: The **Client ID** of your GCP OAuth2 application.
+    - `CLIENT_SECRET_GOOGLE_LOGIN`: The **Client Secret** of your GCP OAuth2 application.
+    - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
+    - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
+      
+    Once added, restart your Infisical instance and log in with Google
+  </Step>
+</Steps>
 
 ## FAQ
 
@@ -38,7 +39,7 @@ Once added, restart your Infisical instance and log in with Google
     It is likely that you have misconfigured your self-hosted instance of Infisical. You should:
 
     - Check that you have set the `CLIENT_ID_GOOGLE_LOGIN`, `CLIENT_SECRET_GOOGLE_LOGIN`, 
-    `JWT_PROVIDER_AUTH_SECRET`, and `SITE_URL` environment variables.
+    `AUTH_SECRET`, and `SITE_URL` environment variables.
     - Check that the **Authorized redirect URI** specified in GCP matches the `SITE_URL` environment variable.
     For example, if the former is `https://app.infisical.com/api/v1/sso/google` then the latter should be `https://app.infisical.com`.
   </Accordion>

docs/documentation/platform/sso/jumpcloud.mdx

@@ -10,73 +10,77 @@ description: "Configure JumpCloud SAML for Infisical SSO"
    then you should contact team@infisical.com to purchase an enterprise license to use it.
 </Info>
 
-1. In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
-   Next, copy the **ACS URL** and **SP Entity ID** to use when configuring the JumpCloud SAML application.
+<Steps>
+   <Step title="Prepare the SAML SSO configuration in Infisical">
+      In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
 
-![JumpCloud SAML initial configuration](../../../images/sso/jumpcloud/init-config.png)
+      Next, copy the **ACS URL** and **SP Entity ID** to use when configuring the JumpCloud SAML application.
 
-2. In the JumpCloud Admin Portal, navigate to User Authentication > SSO and create an application. If this is your first application, select **Get Started**;
-   if not, select **+Add New Application**
+      ![JumpCloud SAML initial configuration](../../../images/sso/jumpcloud/init-config.png)
+   </Step>
+   <Step title="Create a SAML application in JumpCloud">
+      2.1. In the JumpCloud Admin Portal, navigate to User Authentication > SSO and create an application. If this is your first application, select **Get Started**; if not, select **+Add New Application**
 
-![JumpCloud SAML new application](../../../images/sso/jumpcloud/new-application.png)
+      ![JumpCloud SAML new application](../../../images/sso/jumpcloud/new-application.png)
 
-3. Next, select **Custom SAML App** to open up the **New SSO** dialog.
+      2.2. Next, select **Custom SAML App** to open up the **New SSO** dialog.
 
-![JumpCloud custom SAML app](../../../images/sso/jumpcloud/custom-saml-app.png)
+      ![JumpCloud custom SAML app](../../../images/sso/jumpcloud/custom-saml-app.png)
 
-4. In the **General Info** tab, give the application a unique name like Infisical.
+      2.3. In the **General Info** tab, give the application a unique name like Infisical.
 
-![JumpCloud general info](../../../images/sso/jumpcloud/general-info.png)
+      ![JumpCloud general info](../../../images/sso/jumpcloud/general-info.png)
 
-5. In the **SSO** tab, set the **SP Entity ID** and **ACS URL** from step 1; set the **IdP Entity ID** to the same value as the **SP Entity ID**.
+      2.4. In the **SSO** tab, set the **SP Entity ID** and **ACS URL** from step 1; set the **IdP Entity ID** to the same value as the **SP Entity ID**.
 
-![JumpCloud edit basic config](../../../images/sso/jumpcloud/edit-basic-config.png)
+      ![JumpCloud edit basic config](../../../images/sso/jumpcloud/edit-basic-config.png)
 
-6. On the same tab, check the **Sign Assertion** checkbox and fill the **IDP URL** to something unique.
-   Copy the **IDP URL** to use when finishing configuring the JumpCloud SAML in Infisical.
+      2.5. On the same tab, check the **Sign Assertion** checkbox and fill the **IDP URL** to something unique.
+         Copy the **IDP URL** to use when finishing configuring the JumpCloud SAML in Infisical.
 
-![JumpCloud edit basic config 2](../../../images/sso/jumpcloud/edit-basic-config-2.png)
+      ![JumpCloud edit basic config 2](../../../images/sso/jumpcloud/edit-basic-config-2.png)
 
-7. On the same tab, in the **Attributes** section, configure the following map:
+      2.6. On the same tab, in the **Attributes** section, configure the following map:
 
-- `email -> email`
-- `firstName -> firstname`
-- `lastName -> lastname`
+      - `email -> email`
+      - `firstName -> firstname`
+      - `lastName -> lastname`
 
-![JumpCloud attribute statements](../../../images/sso/jumpcloud/attribute-statements.png)
+      ![JumpCloud attribute statements](../../../images/sso/jumpcloud/attribute-statements.png)
 
-Finally press activate to create the SAML application.
+      Finally press activate to create the SAML application.
 
-8. Next, select the newly created SAML application and select **Download certificate** under the **IDP Certificate Valid** dropdown
+      2.7. Next, select the newly created SAML application and select **Download certificate** under the **IDP Certificate Valid** dropdown
 
-![JumpCloud download certificate](../../../images/sso/jumpcloud/download-saml-certificate.png)
+      ![JumpCloud download certificate](../../../images/sso/jumpcloud/download-saml-certificate.png)
+   </Step>
+   <Step title="Finish configuring SAML in Infisical">
+      Back in Infisical, set the **IDP URL** from step 2.5 and the **IdP Entity ID** from step 2.4. Also, paste the certificate from the previous step.
 
-9. Back in Infisical, set the **IDP URL** from step 6 and the **IdP Entity ID** from step 5. Also, paste the certificate from the previous step.
+      ![JumpCloud IdP values](../../../images/sso/jumpcloud/idp-values.png)
 
-![JumpCloud IdP values](../../../images/sso/jumpcloud/idp-values.png)
+      <Note>
+         When pasting the certificate into Infisical, you'll want to retain `-----BEGIN
+         CERTIFICATE-----` and `-----END CERTIFICATE-----` at the first and last line
+         of the text area respectively.
+      </Note>
+   </Step>
+   <Step title="Assign users in JumpCloud to the application">
+      Back in JumpCloud, navigate to the **User Groups** tab and assign users to the newly created application.
 
-<Note>
-  When pasting the certificate into Infisical, you'll want to retain `-----BEGIN
-  CERTIFICATE-----` and `-----END CERTIFICATE-----` at the first and last line
-  of the text area respectively.
-</Note>
+      ![JumpCloud SAML assignment](../../../images/sso/jumpcloud/assignment.png)
+   </Step>
+   <Step title="Enable SAML SSO in Infisical">
+      Enabling SAML SSO enforces all members in your organization to only be able to log into Infisical via JumpCloud.
 
-10. Assignments
-
-Back in JumpCloud, navigate to the **User Groups** tab and assign users to the newly created application.
-
-![JumpCloud SAML assignment](../../../images/sso/jumpcloud/assignment.png)
-
-11. Return to Infisical and enable SAML SSO.
-
-Enabling SAML SSO enforces all members in your organization to only be able to log into Infisical via JumpCloud.
-
-![JumpCloud SAML assignment](../../../images/sso/jumpcloud/enable-saml.png)
+      ![JumpCloud SAML assignment](../../../images/sso/jumpcloud/enable-saml.png)
+   </Step>
+</Steps>
 
 <Note>
    If you're configuring SAML SSO on a self-hosted instance of Infisical, make sure to
-   set the `JWT_PROVIDER_AUTH_SECRET` and `SITE_URL` environment variable for it to work:
+   set the `AUTH_SECRET` and `SITE_URL` environment variable for it to work:
    
-   - `JWT_PROVIDER_AUTH_SECRET`: This is secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
+   - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
    - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
 </Note>

docs/documentation/platform/sso/okta.mdx

@@ -10,78 +10,80 @@ description: "Configure Okta SAML 2.0 for Infisical SSO"
    then you should contact team@infisical.com to purchase an enterprise license to use it.
 </Info>
 
-1. In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
-   Next, copy the **Single sign-on URL** and **Audience URI (SP Entity ID)** to use when configuring the Okta SAML 2.0 application.
+<Steps>
+   <Step title="Prepare the SAML SSO configuration in Infisical">
+      In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
+      
+      Next, copy the **Single sign-on URL** and **Audience URI (SP Entity ID)** to use when configuring the Okta SAML 2.0 application.
+      ![Okta SAML initial configuration](../../../images/sso/okta/init-config.png)
+   </Step>
+   <Step title="Create a SAML application in Okta">
+      In the Okta Admin Portal, select Applications > Applications from the navigation. On the Applications screen, select the **Create App Integration**
+      button.
 
-![Okta SAML initial configuration](../../../images/sso/okta/init-config.png)
+      ![SAML Okta create app integration](../../../images/sso/okta/create-app-integration.png)
+      
+      In the Create a New Application Integration dialog, select the **SAML 2.0** radio button:
 
-2. In the Okta Admin Portal, select Applications > Applications from the
-   navigation. On the Applications screen, select the **Create App Integration**
-   button.
+      ![SAML Okta create SAML 2.0 integration](../../../images/sso/okta/create-saml-app.png)
+      
+      On the General Settings screen, give the application a unique name like Infisical and select **Next**.
+      
+      ![SAML Okta create SAML 2.0 integration](../../../images/sso/okta/general-settings.png)
+      
+      On the Configure SAML screen, set the **Single sign-on URL** and **Audience URI (SP Entity ID)** from step 1.
 
-![SAML Okta create app integration](../../../images/sso/okta/create-app-integration.png)
+      ![SAML Okta configure IdP fields](../../../images/sso/okta/configure-saml.png)
+      
+      <Note>
+         If you're self-hosting Infisical, then you will want to replace
+         `https://app.infisical.com` with your own domain.
+      </Note>
+      
+      Also on the Configure SAML screen, configure the **Attribute Statements** to map:
 
-3. In the Create a New Application Integration dialog, select the **SAML 2.0** radio button:
+      - `id -> user.id`,
+      - `email -> user.email`,
+      - `firstName -> user.firstName`
+      - `lastName -> user.lastName`
 
-![SAML Okta create SAML 2.0 integration](../../../images/sso/okta/create-saml-app.png)
+      ![SAML Okta attribute statements](../../../images/sso/okta/attribute-statements.png)
 
-4. On the General Settings screen, give the application a unique name like Infisical and select **Next**.
+      Once configured, select **Next** to proceed to the Feedback screen and select **Finish**.
+   </Step>
+   <Step title="Retrieve Identity Provider (IdP) Information from Okta">
+      Once your application is created, select the **Sign On** tab for the app and select the **View Setup Instructions** button located on the right side of the screen:
 
-![SAML Okta create SAML 2.0 integration](../../../images/sso/okta/general-settings.png)
+      ![SAML Okta view setup instructions](../../../images/sso/okta/view-setup-instructions.png)
 
-5. On the Configure SAML screen, set the **Single sign-on URL** and **Audience URI (SP Entity ID)** from step 1.
+      Copy the **Identity Provider Single Sign-On URL**, the **Identity Provider Issuer**, and the **X.509 Certificate** to use when finishing configuring Okta SAML in Infisical.
 
-![SAML Okta configure IdP fields](../../../images/sso/okta/configure-saml.png)
+      ![SAML Okta IdP values](../../../images/sso/okta/idp-values.png)
+   </Step>
+   <Step title="Finish configuring SAML in Infisical">
+      Back in Infisical, set **Identity Provider Single Sign-On URL**, **Identity Provider Issuer**,
+      and **Certificate** to **X.509 Certificate** from step 3. Once you've done that, press **Update** to complete the required configuration.
 
-<Note>
-  If you're self-hosting Infisical, then you will want to replace
-  `https://app.infisical.com` with your own domain.
-</Note>
+      ![SAML Okta paste values into Infisical](../../../images/sso/okta/idp-values-2.png)
+   </Step>
+   <Step title="Assign users in Okta to the application">
+      Back in Okta, navigate to the **Assignments** tab and select **Assign**. You can assign access to the application on a user-by-user basis using the Assign to People option, or in-bulk using the Assign to Groups option.
 
-6. Also on the Configure SAML screen, configure the **Attribute Statements** to map:
+      ![SAML Okta assignment](../../../images/sso/okta/assignment.png)
 
-- `id -> user.id`,
-- `email -> user.email`,
-- `firstName -> user.firstName`
-- `lastName -> user.lastName`
+      At this point, you have configured everything you need within the context of the Okta Admin Portal.
+   </Step>
+   <Step title="Enable SAML SSO in Infisical">
+      Enabling SAML SSO enforces all members in your organization to only be able to log into Infisical via Okta.
 
-![SAML Okta attribute statements](../../../images/sso/okta/attribute-statements.png)
-
-Once configured, select **Next** to proceed to the Feedback screen and select **Finish**.
-
-7. Get IdP values
-
-Once your application is created, select the **Sign On** tab for the app and select the **View Setup Instructions** button located on the right side of the screen:
-
-![SAML Okta view setup instructions](../../../images/sso/okta/view-setup-instructions.png)
-
-Copy the **Identity Provider Single Sign-On URL**, the **Identity Provider Issuer**, and the **X.509 Certificate** to use when finishing configuring Okta SAML in Infisical.
-
-![SAML Okta IdP values](../../../images/sso/okta/idp-values.png)
-
-Back in Infisical, set **Identity Provider Single Sign-On URL**, **Identity Provider Issuer**,
-and **Certificate** to **X.509 Certificate** from above. Once you've done that, press **Update** to complete the required configuration.
-
-![SAML Okta paste values into Infisical](../../../images/sso/okta/idp-values-2.png)
-
-8. Finally, navigate to the **Assignments** tab and select **Assign**
-
-You can assign access to the application on a user-by-user basis using the Assign to People option, or in-bulk using the Assign to Groups option.
-
-![SAML Okta assignment](../../../images/sso/okta/assignment.png)
-
-At this point, you have configured everything you need within the context of the Okta Admin Portal.
-
-9. Return to Infisical and enable SAML SSO.
-
-Enabling SAML SSO enforces all members in your organization to only be able to log into Infisical via Okta.
-
-![SAML Okta assignment](../../../images/sso/okta/enable-saml.png)
+      ![SAML Okta assignment](../../../images/sso/okta/enable-saml.png)
+   </Step>
+</Steps>
 
 <Note>
    If you're configuring SAML SSO on a self-hosted instance of Infisical, make sure to
-   set the `JWT_PROVIDER_AUTH_SECRET` and `SITE_URL` environment variable for it to work:
+   set the `AUTH_SECRET` and `SITE_URL` environment variable for it to work:
    
-   - `JWT_PROVIDER_AUTH_SECRET`: This is secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
+   - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
    - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
 </Note>

docs/infisical-agent/overview.mdx

@@ -56,7 +56,7 @@ While specifying an authentication method is mandatory to start the agent, confi
 ## Quick start Infisical Agent
 To install the Infisical agent, you must first install the [Infisical CLI](../cli/overview) in the desired environment where you'd like the agent to run. This is because the Infisical agent is a sub-command of the Infisical CLI.
 
-Once you have the CLI installed, you will need to provision programmatic access for the agent via [Universal Auth](documentation/platform/identities/universal-auth). To obtain a **Client ID** and a **Client Secret**, follow the step by step guide outlined [here](documentation/platform/identities/universal-auth).
+Once you have the CLI installed, you will need to provision programmatic access for the agent via [Universal Auth](/documentation/platform/identities/universal-auth). To obtain a **Client ID** and a **Client Secret**, follow the step by step guide outlined [here](/documentation/platform/identities/universal-auth).
 
 Next, create agent config file as shown below.
 

docs/integrations/cicd/bitbucket.mdx

@@ -7,25 +7,26 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Bitbucket">
+    Navigate to your project's integrations tab in Infisical.
 
-![integrations](../../images/integrations.png)
+    ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for Bitbucket
+    Press on the Bitbucket tile and grant Infisical access to your Bitbucket account.
 
-Press on the Bitbucket tile and grant Infisical access to your Bitbucket account.
+    ![integrations bitbucket authorization](../../images/integrations/bitbucket/integrations-bitbucket-auth.png)
 
-![integrations bitbucket authorization](../../images/integrations/bitbucket/integrations-bitbucket-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Bitbucket repo and press start integration to start syncing secrets to the repo.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Bitbucket repo and press start integration to start syncing secrets to the repo.
-
-![integrations bitbucket](../../images/integrations/bitbucket/integrations-bitbucket.png)
+    ![integrations bitbucket](../../images/integrations/bitbucket/integrations-bitbucket.png)
+  </Step>
+</Steps>

docs/integrations/cicd/circleci.mdx

@@ -7,30 +7,31 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for CircleCI">
+    Obtain an API token in User Settings > Personal API Tokens
 
-![integrations](../../images/integrations.png)
+    ![integrations circleci token](../../images/integrations/circleci/integrations-circleci-token.png)
 
-## Authorize Infisical for CircleCI
+    Navigate to your project's integrations tab in Infisical.
 
-Obtain an API token in User Settings > Personal API Tokens
+    ![integrations](../../images/integrations.png)
 
-![integrations circleci token](../../images/integrations/circleci/integrations-circleci-token.png)
+    Press on the CircleCI tile and input your CircleCI API token to grant Infisical access to your CircleCI account.
 
-Press on the CircleCI tile and input your CircleCI API token to grant Infisical access to your CircleCI account.
+    ![integrations circleci authorization](../../images/integrations/circleci/integrations-circleci-auth.png)
 
-![integrations circleci authorization](../../images/integrations/circleci/integrations-circleci-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which CircleCI project and press create integration to start syncing secrets to CircleCI.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which CircleCI project and press create integration to start syncing secrets to CircleCI.
-
-![create integration circleci](../../images/integrations/circleci/integrations-circleci-create.png)
-![integrations circleci](../../images/integrations/circleci/integrations-circleci.png)
+    ![create integration circleci](../../images/integrations/circleci/integrations-circleci-create.png)
+    ![integrations circleci](../../images/integrations/circleci/integrations-circleci.png)
+  </Step>
+</Steps>

docs/integrations/cicd/codefresh.mdx

@@ -7,31 +7,32 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Codefresh">
+    Obtain an API key in User Settings > API Keys
 
-![integrations](../../images/integrations.png)
+    ![integrations codefresh dashboard](../../images/integrations/codefresh/integrations-codefresh-dashboard.png)
+    ![integrations codefresh token](../../images/integrations/codefresh/integrations-codefresh-token.png)
+    
+    Navigate to your project's integrations tab in Infisical.
 
-## Authorize Infisical for Codefresh
+    ![integrations](../../images/integrations.png)
+    
+    Press on the Codefresh tile and input your Codefresh API key to grant Infisical access to your Codefresh account.
 
-Obtain an API key in User Settings > API Keys
+    ![integrations codefresh authorization](../../images/integrations/codefresh/integrations-codefresh-auth.png)
 
-![integrations codefresh dashboard](../../images/integrations/codefresh/integrations-codefresh-dashboard.png)
-![integrations codefresh token](../../images/integrations/codefresh/integrations-codefresh-token.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Codefresh service and press create integration to start syncing secrets to Codefresh.
 
-Press on the Codefresh tile and input your Codefresh API key to grant Infisical access to your Codefresh account.
-
-![integrations codefresh authorization](../../images/integrations/codefresh/integrations-codefresh-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Codefresh service and press create integration to start syncing secrets to Codefresh.
-
-![create integration codefresh](../../images/integrations/codefresh/integrations-codefresh-create.png)
-![integrations codefresh](../../images/integrations/codefresh/integrations-codefresh.png)
+    ![create integration codefresh](../../images/integrations/codefresh/integrations-codefresh-create.png)
+    ![integrations codefresh](../../images/integrations/codefresh/integrations-codefresh.png)
+  </Step>
+</Steps>

docs/integrations/cicd/githubactions.mdx

@@ -5,71 +5,71 @@ description: "How to sync secrets from Infisical to GitHub Actions"
 
 <Tabs>
   <Tab title="Usage">
-  <Warning>
-    Infisical can sync secrets to GitHub repo secrets only. If your repo uses environment secrets, then stay tuned with this [issue](https://github.com/Infisical/infisical/issues/54).
-</Warning>
+    <Warning>
+        Infisical can sync secrets to GitHub repo secrets only. If your repo uses environment secrets, then stay tuned with this [issue](https://github.com/Infisical/infisical/issues/54).
+    </Warning>
 
-Prerequisites:
+    Prerequisites:
 
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
-- Ensure you have admin privileges to the repo you want to sync secrets to.
+    - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+    - Ensure you have admin privileges to the repo you want to sync secrets to.
 
-## Navigate to your project's integrations tab
+    <Steps>
+      <Step title="Authorize Infisical for GitHub">
+        Navigate to your project's integrations tab in Infisical.
 
-![integrations](../../images/integrations.png)
+        ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for GitHub
+        Press on the GitHub tile and grant Infisical access to your GitHub account (repo privileges only).
 
-Press on the GitHub tile and grant Infisical access to your GitHub account (repo privileges only).
+        ![integrations github authorization](../../images/integrations/github/integrations-github-auth.png)
 
-![integrations github authorization](../../images/integrations/github/integrations-github-auth.png)
+        <Info>
+          If this is your project's first cloud integration, then you'll have to grant Infisical access to your project's environment variables.
+          Although this step breaks E2EE, it's necessary for Infisical to sync the environment variables to the cloud platform.
+        </Info>
+      </Step>
+      <Step title="Start integration">
+        Select which Infisical environment secrets you want to sync to which GitHub repo and press start integration to start syncing secrets to the repo.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant Infisical access to your project's environment variables.
-  Although this step breaks E2EE, it's necessary for Infisical to sync the environment variables to the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which GitHub repo and press start integration to start syncing secrets to the repo.
-
-![integrations github](../../images/integrations/github/integrations-github.png)
+        ![integrations github](../../images/integrations/github/integrations-github.png)
+      </Step>
+    </Steps>
   </Tab>
   <Tab title="Self-Hosted Setup">
     Using the GitHub integration on a self-hosted instance of Infisical requires configuring an OAuth application in GitHub
     and registering your instance with it.
-    
-    ## Create an OAuth application in GitHub
-    
-    Navigate to your user Settings > Developer settings > OAuth Apps to create a new GitHub OAuth application.
-    
-   ![integrations github config](../../images/integrations/github/integrations-github-config-settings.png) 
-   ![integrations github config](../../images/integrations/github/integrations-github-config-dev-settings.png) 
-   ![integrations github config](../../images/integrations/github/integrations-github-config-new-app.png) 
+    <Steps>
+      <Step title="Create an OAuth application in GitHub">
+        Navigate to your user Settings > Developer settings > OAuth Apps to create a new GitHub OAuth application.
+        
+        ![integrations github config](../../images/integrations/github/integrations-github-config-settings.png) 
+        ![integrations github config](../../images/integrations/github/integrations-github-config-dev-settings.png) 
+        ![integrations github config](../../images/integrations/github/integrations-github-config-new-app.png) 
 
-    Create the OAuth application. As part of the form, set the **Homepage URL** to your self-hosted domain `https://your-domain.com`
-    and the **Authorization callback URL** to `https://your-domain.com/integrations/github/oauth2/callback`.
+        Create the OAuth application. As part of the form, set the **Homepage URL** to your self-hosted domain `https://your-domain.com`
+        and the **Authorization callback URL** to `https://your-domain.com/integrations/github/oauth2/callback`.
 
-   ![integrations github config](../../images/integrations/github/integrations-github-config-new-app-form.png) 
-    
-    <Note>
-      If you have a GitHub organization, you can create an OAuth application under it
-      in your organization Settings > Developer settings > OAuth Apps > New Org OAuth App.
-    </Note>
-    
-    ## Add your OAuth application credentials to Infisical
-    
-    Obtain the **Client ID** and generate a new **Client Secret** for your GitHub OAuth application.
-   
-   ![integrations github config](../../images/integrations/github/integrations-github-config-credentials.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your GitHub OAuth application:
+        ![integrations github config](../../images/integrations/github/integrations-github-config-new-app-form.png) 
+        
+        <Note>
+          If you have a GitHub organization, you can create an OAuth application under it
+          in your organization Settings > Developer settings > OAuth Apps > New Org OAuth App.
+        </Note>
+      </Step>
+      <Step title="Add your OAuth application credentials to Infisical">
+        Obtain the **Client ID** and generate a new **Client Secret** for your GitHub OAuth application.
+      
+        ![integrations github config](../../images/integrations/github/integrations-github-config-credentials.png) 
+      
+        Back in your Infisical instance, add two new environment variables for the credentials of your GitHub OAuth application:
 
-   - `CLIENT_ID_GITHUB`: The **Client ID** of your GitHub OAuth application.
-   - `CLIENT_SECRET_GITHUB`: The **Client Secret** of your GitHub OAuth application.
-   
-  Once added, restart your Infisical instance and use the GitHub integration.
-   
+        - `CLIENT_ID_GITHUB`: The **Client ID** of your GitHub OAuth application.
+        - `CLIENT_SECRET_GITHUB`: The **Client Secret** of your GitHub OAuth application.
+      
+        Once added, restart your Infisical instance and use the GitHub integration.
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cicd/gitlab.mdx

@@ -5,112 +5,112 @@ description: "How to sync secrets from Infisical to GitLab"
 
 <Tabs>
   <Tab title="Usage">
-  Prerequisites:
+    Prerequisites:
+    - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+    <AccordionGroup>
+      <Accordion title="Standard">
+        <Steps>
+          <Step title="Authorize Infisical for GitLab">
+            Navigate to your project's integrations tab in Infisical.
 
-<AccordionGroup>
-  <Accordion title="Standard">
-  ## Navigate to your project's integrations tab
+            ![integrations](../../images/integrations.png)
 
-![integrations](../../images/integrations.png)
+            Press on the GitLab tile and grant Infisical access to your GitLab account.
 
-## Authorize Infisical for GitLab
+            ![integrations gitlab authorization](../../images/integrations/gitlab/integrations-gitlab-auth.png)
 
-Press on the GitLab tile and grant Infisical access to your GitLab account.
+            <Info>
+              If this is your project's first cloud integration, then you'll have to grant
+              Infisical access to your project's environment variables. Although this step
+              breaks E2EE, it's necessary for Infisical to sync the environment variables to
+              the cloud platform.
+            </Info>
+          </Step>
+          <Step title="Start integration">
+            Select which Infisical environment secrets you want to sync to which GitLab repository and press create integration to start syncing secrets to GitLab.
 
-![integrations gitlab authorization](../../images/integrations/gitlab/integrations-gitlab-auth.png)
+            ![integrations gitlab](../../images/integrations/gitlab/integrations-gitlab-create.png)
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-## Start integration
+            Note that the GitLab integration supports a few options in the **Options** tab:
 
-Select which Infisical environment secrets you want to sync to which GitLab repository and press create integration to start syncing secrets to GitLab.
+            - Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
+            - Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
 
-![integrations gitlab](../../images/integrations/gitlab/integrations-gitlab-create.png)
+            Setting a secret prefix or suffix ensures that existing secrets in GitLab are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GitLab without the specified prefix or suffix.
 
-Note that the GitLab integration supports a few options in the **Options** tab:
+            ![integrations gitlab options](../../images/integrations/gitlab/integrations-gitlab-create-options.png)
 
-- Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
-- Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
+            ![integrations gitlab](../../images/integrations/gitlab/integrations-gitlab.png)
+          </Step>
+        </Steps>
+      </Accordion>
+      <Accordion title="Pipeline">
+        <Steps>
+          <Step title="Authorize Infisical for GitLab">
+            Generate an [Infisical Token](/documentation/platform/token) for the specific project and environment in Infisical.
 
-Setting a secret prefix or suffix ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GitLab without the specified prefix or suffix.
+            Next, create a new variable called `INFISICAL_TOKEN` with the value set to the token from the previous step in Settings > CI/CD > Variables of your GitLab repository.
+          </Step>
+          <Step title="Configure Infisical in your pipeline">
+            Edit your `.gitlab-ci.yml` to include the Infisical CLI installation. This will allow you to use the CLI for fetching and injecting secrets into any script or command within your Gitlab CI/CD process.
 
-![integrations gitlab options](../../images/integrations/gitlab/integrations-gitlab-create-options.png)
+            #### Example
 
-![integrations gitlab](../../images/integrations/gitlab/integrations-gitlab.png)
-  </Accordion>
-  <Accordion title="Pipeline">
-  ## Generate service token
+            ```yaml
+            image: ubuntu
 
-Generate an [Infisical Token](/documentation/platform/token) for the specific project and environment in Infisical.
+            stages:
+              - build
+              - test
+              - deploy
 
-## Set the Infisical Token in Gitlab
-
-Create a new variable called `INFISICAL_TOKEN` with the value set to the token from the previous step in Settings > CI/CD > Variables of your GitLab repository.
-
-## Configure Infisical in your pipeline
-
-Edit your `.gitlab-ci.yml` to include the Infisical CLI installation. This will allow you to use the CLI for fetching and injecting secrets into any script or command within your Gitlab CI/CD process.
-
-#### Example
-
-```yaml
-image: ubuntu
-
-stages:
-  - build
-  - test
-  - deploy
-
-build-job:
-  stage: build
-  script:
-    - apt update && apt install -y curl
-    - curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash
-    - apt-get update && apt-get install -y infisical
-    - infisical run -- npm run build
-```
-  </Accordion>
-</AccordionGroup>
+            build-job:
+              stage: build
+              script:
+                - apt update && apt install -y curl
+                - curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash
+                - apt-get update && apt-get install -y infisical
+                - infisical run -- npm run build
+            ```
+          </Step>
+        </Steps>
+      </Accordion>
+    </AccordionGroup>
   </Tab>
   <Tab title="Self-Hosted Setup">
-  Using the GitLab integration on a self-hosted instance of Infisical requires configuring an application in GitLab
-  and registering your instance with it.
-
-  ## Create an OAuth application in GitLab
+    Using the GitLab integration on a self-hosted instance of Infisical requires configuring an application in GitLab
+    and registering your instance with it.
     
-    Navigate to your user Settings > Applications to create a new GitLab application.
-   
-   ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-edit-profile.png) 
-   ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-new-app.png) 
-    
-    Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/gitlab/oauth2/callback`.
+    <Steps>
+      <Step title="Create an OAuth application in GitLab">
+        Navigate to your user Settings > Applications to create a new GitLab application.
+      
+        ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-edit-profile.png) 
+        ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-new-app.png) 
+        
+        Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/gitlab/oauth2/callback`.
 
-   ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-new-app-form.png) 
-   
-    <Note>
-      If you have a GitLab group, you can create an OAuth application under it
-      in your group Settings > Applications.
-    </Note>
-   
-   ## Add your OAuth application credentials to Infisical
-   
-   Obtain the **Application ID** and **Secret** for your GitLab application.
-   
-   ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-credentials.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your GitLab application:
+        ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-new-app-form.png) 
+      
+        <Note>
+          If you have a GitLab group, you can create an OAuth application under it
+          in your group Settings > Applications.
+        </Note>
+      </Step>
+      <Step title="Add your OAuth application credentials to Infisical">
+        Obtain the **Application ID** and **Secret** for your GitLab application.
+        
+        ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-credentials.png) 
+        
+        Back in your Infisical instance, add two new environment variables for the credentials of your GitLab application:
 
-   - `CLIENT_ID_GITLAB`: The **Client ID** of your GitLab application.
-   - `CLIENT_SECRET_GITLAB`: The **Secret** of your GitLab application.
-   
-  Once added, restart your Infisical instance and use the GitLab integration.
-  
+        - `CLIENT_ID_GITLAB`: The **Client ID** of your GitLab application.
+        - `CLIENT_SECRET_GITLAB`: The **Secret** of your GitLab application.
+        
+        Once added, restart your Infisical instance and use the GitLab integration.
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cicd/travisci.mdx

@@ -7,30 +7,31 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Travis CI">
+    Obtain your API token in User Settings > API authentication > Token
 
-![integrations](../../images/integrations.png)
+    ![integrations travis ci token](../../images/integrations/travis-ci/integrations-travisci-token.png)
 
-## Authorize Infisical for Travis CI
+    Navigate to your project's integrations tab in Infisical.
 
-Obtain your API token in User Settings > API authentication > Token
+    ![integrations](../../images/integrations.png)
 
-![integrations travis ci token](../../images/integrations/travis-ci/integrations-travisci-token.png)
+    Press on the Travis CI tile and input your Travis CI API token to grant Infisical access to your Travis CI account.
 
-Press on the Travis CI tile and input your Travis CI API token to grant Infisical access to your Travis CI account.
+    ![integrations travis ci authorization](../../images/integrations/travis-ci/integrations-travisci-auth.png)
 
-![integrations travis ci authorization](../../images/integrations/travis-ci/integrations-travisci-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Travis CI repository and press create integration to start syncing secrets to Travis CI.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Travis CI repository and press create integration to start syncing secrets to Travis CI.
-
-![create integration travis ci](../../images/integrations/travis-ci/integrations-travisci-create.png)
-![integrations travis ci](../../images/integrations/travis-ci/integrations-travisci.png)
+    ![create integration travis ci](../../images/integrations/travis-ci/integrations-travisci-create.png)
+    ![integrations travis ci](../../images/integrations/travis-ci/integrations-travisci.png)
+  </Step>
+</Steps>

docs/integrations/cloud/aws-parameter-store.mdx

@@ -8,68 +8,69 @@ Prerequisites:
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 - Set up AWS and have/create an IAM user
 
-## Grant the IAM user permissions to access AWS Parameter Store
+<Steps>
+  <Step title="Grant the IAM user permissions to access AWS Parameter Store">
+    Navigate to your IAM user permissions and add a permission policy to grant access to AWS Parameter Store.
 
-Navigate to your IAM user permissions and add a permission policy to grant access to AWS Parameter Store.
+    ![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png)
+    ![integration IAM 2](../../images/integrations/aws/integrations-aws-parameter-store-iam-2.png)
+    ![integrations IAM 3](../../images/integrations/aws/integrations-aws-parameter-store-iam-3.png)
 
-![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png)
-![integration IAM 2](../../images/integrations/aws/integrations-aws-parameter-store-iam-2.png)
-![integrations IAM 3](../../images/integrations/aws/integrations-aws-parameter-store-iam-3.png)
+    For enhanced security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Parameter Store for the IAM user that you can use:
 
-For enhanced security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Parameter Store for the IAM user that you can use:
-
-```json
-{
-  "Version": "2012-10-17",
-  "Statement": [
+    ```json
     {
-      "Sid": "AllowSSMAccess",
-      "Effect": "Allow",
-      "Action": [
-        "ssm:PutParameter",
-        "ssm:DeleteParameter",
-        "ssm:GetParametersByPath",
-        "ssm:DeleteParameters"
-      ],
-      "Resource": "*"
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Sid": "AllowSSMAccess",
+          "Effect": "Allow",
+          "Action": [
+            "ssm:PutParameter",
+            "ssm:DeleteParameter",
+            "ssm:GetParametersByPath",
+            "ssm:DeleteParameters"
+          ],
+          "Resource": "*"
+        }
+      ]
     }
-  ]
-}
-```
+    ```
+  </Step>
+  <Step title="Authorize Infisical for AWS Parameter store">
+    Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys
 
-## Navigate to your project's integrations tab
+      ![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png)
+      ![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
+      ![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
+      
+      Navigate to your project's integrations tab in Infisical.
 
-![integrations](../../images/integrations.png)
+      ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for AWS Parameter store
+      Press on the AWS Parameter Store tile and input your AWS access key ID and secret access key from the previous step.
 
-Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys
+      ![integration auth](../../images/integrations/aws/integrations-aws-parameter-store-auth.png)
 
-![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png)
-![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
-![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
+      <Info>
+        If this is your project's first cloud integration, then you'll have to grant
+        Infisical access to your project's environment variables. Although this step
+        breaks E2EE, it's necessary for Infisical to sync the environment variables to
+        the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which AWS Parameter Store region and indicate the path for your secrets. Then, press create integration to start syncing secrets to AWS Parameter Store.
 
-Press on the AWS Parameter Store tile and input your AWS access key ID and secret access key from the previous step.
+    ![integration create](../../images/integrations/aws/integrations-aws-parameter-store-create.png)
 
-![integration auth](../../images/integrations/aws/integrations-aws-parameter-store-auth.png)
+    <Tip>
+      Infisical requires you to add a path for your secrets to be stored in AWS
+      Parameter Store and recommends setting the path structure to
+      `/[project_name]/[environment]/` according to best practices. This enables a
+      secret like `TEST` to be stored as `/[project_name]/[environment]/TEST` in AWS
+      Parameter Store.
+    </Tip>
+  </Step>
+</Steps>
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which AWS Parameter Store region and indicate the path for your secrets. Then, press create integration to start syncing secrets to AWS Parameter Store.
-
-![integration create](../../images/integrations/aws/integrations-aws-parameter-store-create.png)
-
-<Tip>
-  Infisical requires you to add a path for your secrets to be stored in AWS
-  Parameter Store and recommends setting the path structure to
-  `/[project_name]/[environment]/` according to best practices. This enables a
-  secret like `TEST` to be stored as `/[project_name]/[environment]/TEST` in AWS
-  Parameter Store.
-</Tip>

docs/integrations/cloud/aws-secret-manager.mdx

@@ -8,66 +8,66 @@ Prerequisites:
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 - Set up AWS and have/create an IAM user
 
-## Grant the IAM user permissions to access AWS Secrets Manager
+<Steps>
+  <Step title="Grant the IAM user permissions to access AWS Secrets Manager">
+    Navigate to your IAM user permissions and add a permission policy to grant access to AWS Secrets Manager.
 
-Navigate to your IAM user permissions and add a permission policy to grant access to AWS Secrets Manager.
+    ![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png)
+    ![integration IAM 2](../../images/integrations/aws/integrations-aws-secret-manager-iam-2.png)
+    ![integrations IAM 3](../../images/integrations/aws/integrations-aws-secret-manager-iam-3.png)
 
-![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png)
-![integration IAM 2](../../images/integrations/aws/integrations-aws-secret-manager-iam-2.png)
-![integrations IAM 3](../../images/integrations/aws/integrations-aws-secret-manager-iam-3.png)
+    For better security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Secrets Manager for the IAM user that you can use:
 
-For better security, here's a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Secrets Manager for the IAM user that you can use:
-
-```json
-{
-  "Version": "2012-10-17",
-  "Statement": [
+    ```json
     {
-      "Sid": "AllowSecretsManagerAccess",
-      "Effect": "Allow",
-      "Action": [
-        "secretsmanager:GetSecretValue",
-        "secretsmanager:CreateSecret",
-        "secretsmanager:UpdateSecret"
-      ],
-      "Resource": "*"
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Sid": "AllowSecretsManagerAccess",
+          "Effect": "Allow",
+          "Action": [
+            "secretsmanager:GetSecretValue",
+            "secretsmanager:CreateSecret",
+            "secretsmanager:UpdateSecret"
+          ],
+          "Resource": "*"
+        }
+      ]
     }
-  ]
-}
-```
+    ```
+  </Step>
+  <Step title="Authorize Infisical for AWS Secrets Manager">
+    Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys
 
-## Navigate to your project's integrations tab
+    ![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png)
+    ![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
+    ![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
+    
+    Navigate to your project's integrations tab in Infisical.
 
-![integrations](../../images/integrations.png)
+    ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for AWS Secrets Manager
+    Press on the AWS Secrets Manager tile and input your AWS access key ID and secret access key from the previous step.
 
-Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys
+    ![integration auth](../../images/integrations/aws/integrations-aws-secret-manager-auth.png)
 
-![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png)
-![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
-![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which AWS Secrets Manager region and under which secret name. Then, press create integration to start syncing secrets to AWS Secrets Manager.
 
-Press on the AWS Secrets Manager tile and input your AWS access key ID and secret access key from the previous step.
+    ![integration create](../../images/integrations/aws/integrations-aws-secret-manager-create.png)
 
-![integration auth](../../images/integrations/aws/integrations-aws-secret-manager-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which AWS Secrets Manager region and under which secret name. Then, press create integration to start syncing secrets to AWS Secrets Manager.
-
-![integration create](../../images/integrations/aws/integrations-aws-secret-manager-create.png)
-
-<Info>
-  Infisical currently syncs environment variables to AWS Secrets Manager as
-  key-value pairs under one secret. We're actively exploring ways to help users
-  group environment variable key-pairs under multiple secrets for greater
-  control.
-</Info>
+    <Info>
+      Infisical currently syncs environment variables to AWS Secrets Manager as
+      key-value pairs under one secret. We're actively exploring ways to help users
+      group environment variable key-pairs under multiple secrets for greater
+      control.
+    </Info>
+  </Step>
+</Steps>

docs/integrations/cloud/azure-key-vault.mdx

@@ -5,69 +5,69 @@ description: "How to sync secrets from Infisical to Azure Key Vault"
 
 <Tabs>
   <Tab title="Usage">
-  Prerequisites:
+    Prerequisites:
 
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
-- Set up Azure and have an existing key vault
+    - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+    - Set up Azure and have an existing key vault
 
-## Navigate to your project's integrations tab
+    <Steps>
+      <Step title="Authorize Infisical for Azure Key Vault">
+        Navigate to your project's integrations tab
 
-![integrations](../../images/integrations.png)
+        ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for Azure Key Vault
+        Press on the Azure Key Vault tile and grant Infisical access to Azure Key Vault.
+      </Step>
+      <Step title="Start integration">
+        Obtain the Vault URI of your key vault in the Overview tab.
 
-Press on the Azure Key Vault tile and grant Infisical access to Azure Key Vault.
+        ![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault-vault-uri.png)
 
-## Start Integration
+        Select which Infisical environment secrets you want to sync to your key vault. Then, input your Vault URI from the previous step. Finally, press create integration to start syncing secrets to Azure Key Vault.
 
-Obtain the Vault URI of your key vault in the Overview tab.
+        ![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault-create.png)
 
-![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault-vault-uri.png)
+        ![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault.png)
 
-Select which Infisical environment secrets you want to sync to your key vault. Then, input your Vault URI from the previous step. Finally, press create integration to start syncing secrets to Azure Key Vault.
-
-![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault-create.png)
-
-![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+        <Info>
+          If this is your project's first cloud integration, then you'll have to grant
+          Infisical access to your project's environment variables. Although this step
+          breaks E2EE, it's necessary for Infisical to sync the environment variables to
+          the cloud platform.
+        </Info>
+      </Step>
+    </Steps>
   </Tab>
   <Tab title="Self-Hosted Setup">
-  Using the Azure KV integration on a self-hosted instance of Infisical requires configuring an application in Azure
-  and registering your instance with it.
-  
-  ## Create an application in Azure
-  
-  Navigate to Azure Active Directory > App registrations to create a new application.
-  
-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-aad.png) 
-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-new-app.png) 
+    Using the Azure KV integration on a self-hosted instance of Infisical requires configuring an application in Azure
+    and registering your instance with it.
 
-    Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/azure-key-vault/oauth2/callback`.
-   
-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-new-app-form.png) 
-   
-   ## Add your application credentials to Infisical
-   
-   Obtain the **Application (Client) ID** in Overview and generate a **Client Secret** in Certificate & secrets for your Azure application.
+    <Steps>
+      <Step title="Create an application in Azure">
+        Navigate to Azure Active Directory > App registrations to create a new application.
+        
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-aad.png) 
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-new-app.png) 
 
-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-1.png) 
-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-2.png) 
-   ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-3.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your Azure application.
+        Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/azure-key-vault/oauth2/callback`.
+        
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-new-app-form.png) 
+      </Step>
+      <Step title="Add your application credentials to Infisical">
+        Obtain the **Application (Client) ID** in Overview and generate a **Client Secret** in Certificate & secrets for your Azure application.
 
-   - `CLIENT_ID_AZURE`: The **Application (Client) ID** of your Azure application.
-   - `CLIENT_SECRET_AZURE`: The **Client Secret** of your Azure application.
-   
-  Once added, restart your Infisical instance and use the Azure KV integration.
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-1.png) 
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-2.png) 
+        ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-3.png) 
+        
+        Back in your Infisical instance, add two new environment variables for the credentials of your Azure application.
 
-  
+        - `CLIENT_ID_AZURE`: The **Application (Client) ID** of your Azure application.
+        - `CLIENT_SECRET_AZURE`: The **Client Secret** of your Azure application.
+        
+        Once added, restart your Infisical instance and use the Azure KV integration.
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cloud/checkly.mdx

@@ -7,44 +7,45 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Checkly">
+    Obtain a Checkly API Key in User Settings > API Keys.
 
-![integrations](../../images/integrations.png)
+    ![integrations checkly dashboard](../../images/integrations/checkly/integrations-checkly-dashboard.png)
+    ![integrations checkly token](../../images/integrations/checkly/integrations-checkly-token.png)
 
-## Enter your Checkly API Key
+    Navigate to your project's integrations tab in Infisical.
 
-Obtain a Checkly API Key in User Settings > API Keys.
+    ![integrations](../../images/integrations.png)
 
-![integrations checkly dashboard](../../images/integrations/checkly/integrations-checkly-dashboard.png)
-![integrations checkly token](../../images/integrations/checkly/integrations-checkly-token.png)
+    Press on the Checkly tile and input your Checkly API Key to grant Infisical access to your Checkly account.
 
-Press on the Checkly tile and input your Checkly API Key to grant Infisical access to your Checkly account.
+    ![integrations checkly authorization](../../images/integrations/checkly/integrations-checkly-auth.png)
 
-![integrations checkly authorization](../../images/integrations/checkly/integrations-checkly-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to Checkly and press create integration to start syncing secrets.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+    ![integrations checkly](../../images/integrations/checkly/integrations-checkly-create.png)
 
-## Start integration
+    <Note>
+      Infisical integrates with Checkly's environment variables at the **global** and **group** levels.
+      
+      To sync secrets to a specific group, you can select a group from the Checkly Group dropdown; otherwise, leaving it empty will sync secrets globally.
+    </Note>
 
-Select which Infisical environment secrets you want to sync to Checkly and press create integration to start syncing secrets.
+    ![integrations checkly](../../images/integrations/checkly/integrations-checkly.png)
 
-![integrations checkly](../../images/integrations/checkly/integrations-checkly-create.png)
-
-<Note>
-  Infisical integrates with Checkly's environment variables at the **global** and **group** levels.
-  
-  To sync secrets to a specific group, you can select a group from the Checkly Group dropdown; otherwise, leaving it empty will sync secrets globally.
-</Note>
-
-![integrations checkly](../../images/integrations/checkly/integrations-checkly.png)
-
-<Info>
-  In the new version of the Checkly integration, you are able to specify suffixes that depend on the secrets' environment and path. 
-  If you choose to do so, you should utilize such suffixes for ALL Checkly integrations – otherwise the integration system 
-  might run into issues with deleting secrets from the wrong environments.
-</Info>
+    <Info>
+      In the new version of the Checkly integration, you are able to specify suffixes that depend on the secrets' environment and path. 
+      If you choose to do so, you should utilize such suffixes for ALL Checkly integrations – otherwise the integration system 
+      might run into issues with deleting secrets from the wrong environments.
+    </Info>
+  </Step>
+</Steps>

docs/integrations/cloud/cloudflare-pages.mdx

@@ -7,38 +7,39 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Cloudflare Pages">
+    Obtain a Cloudflare [API token](https://dash.cloudflare.com/profile/api-tokens) and [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/):
 
-![integrations](../../images/integrations.png)
+    Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens
 
-## Authorize Infisical for Cloudflare Pages
+    ![integrations cloudflare credentials 1](../../images/integrations/cloudflare/integrations-cloudflare-credentials-1.png)
+    ![integrations cloudflare credentials 2](../../images/integrations/cloudflare/integrations-cloudflare-credentials-2.png)
+    ![integrations cloudflare credentials 3](../../images/integrations/cloudflare/integrations-cloudflare-credentials-3.png)
 
-Obtain a Cloudflare [API token](https://dash.cloudflare.com/profile/api-tokens) and [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/):
+    Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview
 
-1. Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens
+    ![integrations cloudflare credentials 4](../../images/integrations/cloudflare/integrations-cloudflare-credentials-4.png)
+    
+    Navigate to your project's integrations tab in Infisical.
 
-![integrations cloudflare credentials 1](../../images/integrations/cloudflare/integrations-cloudflare-credentials-1.png)
-![integrations cloudflare credentials 2](../../images/integrations/cloudflare/integrations-cloudflare-credentials-2.png)
-![integrations cloudflare credentials 3](../../images/integrations/cloudflare/integrations-cloudflare-credentials-3.png)
+    ![integrations](../../images/integrations.png)
 
-2. Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview
+    Press on the Cloudflare Pages tile and input your Cloudflare API token and account ID to grant Infisical access to your Cloudflare Pages.
 
-![integrations cloudflare credentials 4](../../images/integrations/cloudflare/integrations-cloudflare-credentials-4.png)
+    ![integrations cloudflare authorization](../../images/integrations/cloudflare/integrations-cloudflare-auth.png)
 
-Press on the Cloudflare Pages tile and input your Cloudflare API token and account ID to grant Infisical access to your Cloudflare Pages.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to Cloudflare and press create integration to start syncing secrets.
 
-![integrations cloudflare authorization](../../images/integrations/cloudflare/integrations-cloudflare-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to Cloudflare and press create integration to start syncing secrets.
-
-![integrations cloudflare](../../images/integrations/cloudflare/integrations-cloudflare-create.png)
-![integrations cloudflare](../../images/integrations/cloudflare/integrations-cloudflare.png)
+    ![integrations cloudflare](../../images/integrations/cloudflare/integrations-cloudflare-create.png)
+    ![integrations cloudflare](../../images/integrations/cloudflare/integrations-cloudflare.png)
+  </Step>
+</Steps>

docs/integrations/cloud/cloudflare-workers.mdx

@@ -7,37 +7,38 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Cloudflare Workers">
+    Obtain a Cloudflare [API token](https://dash.cloudflare.com/profile/api-tokens) and [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/):
 
-![integrations](../../images/integrations.png)
+    Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens
 
-## Authorize Infisical for Cloudflare Workers
+    ![integrations cloudflare credentials 1](../../images/integrations/cloudflare/integrations-cloudflare-credentials-1.png)
+    ![integrations cloudflare credentials 2](../../images/integrations/cloudflare/integrations-cloudflare-credentials-2.png)
+    ![integrations cloudflare credentials 3](../../images/integrations/cloudflare/integrations-cloudflare-credentials-3.png)
 
-Obtain a Cloudflare [API token](https://dash.cloudflare.com/profile/api-tokens) and [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/):
+    Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview
 
-1. Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens
+    ![integrations cloudflare credentials 4](../../images/integrations/cloudflare/integrations-cloudflare-credentials-4.png)
 
-![integrations cloudflare credentials 1](../../images/integrations/cloudflare/integrations-cloudflare-credentials-1.png)
-![integrations cloudflare credentials 2](../../images/integrations/cloudflare/integrations-cloudflare-credentials-2.png)
-![integrations cloudflare credentials 3](../../images/integrations/cloudflare/integrations-cloudflare-credentials-3.png)
+    Navigate to your project's integrations tab in Infisical.
 
-2. Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview
+    ![integrations](../../images/integrations.png)
 
-![integrations cloudflare credentials 4](../../images/integrations/cloudflare/integrations-cloudflare-credentials-4.png)
+    Press on the Cloudflare Workers tile and input your Cloudflare API token and account ID to grant Infisical access to your Cloudflare Workers.
 
-Press on the Cloudflare Workers tile and input your Cloudflare API token and account ID to grant Infisical access to your Cloudflare Workers.
+    ![integrations cloudflare authorization](../../images/integrations/cloudflare/integration-cloudflare-workers-connect.png)
 
-![integrations cloudflare authorization](../../images/integrations/cloudflare/integration-cloudflare-workers-connect.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to Cloudflare Workers and press create integration to start syncing secrets.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to Cloudflare Workers and press create integration to start syncing secrets.
-
-![integrations cloudflare](../../images/integrations/cloudflare/integration-cloudflare-workers-create.png)
+    ![integrations cloudflare](../../images/integrations/cloudflare/integration-cloudflare-workers-create.png)
+  </Step>
+</Steps>

docs/integrations/cloud/flyio.mdx

@@ -7,31 +7,32 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Fly.io">
+    Obtain a Fly.io access token in Access Tokens
 
-![integrations](../../images/integrations.png)
+    ![integrations fly dashboard](../../images/integrations/flyio/integrations-flyio-dashboard.png)
+    ![integrations fly token](../../images/integrations/flyio/integrations-flyio-token.png)
 
-## Enter your Fly.io Access Token
+    Navigate to your project's integrations tab in Infisical.
 
-Obtain a Fly.io access token in Access Tokens
+    ![integrations](../../images/integrations.png)
 
-![integrations fly dashboard](../../images/integrations/flyio/integrations-flyio-dashboard.png)
-![integrations fly token](../../images/integrations/flyio/integrations-flyio-token.png)
+    Press on the Fly.io tile and input your Fly.io access token to grant Infisical access to your Fly.io account.
 
-Press on the Fly.io tile and input your Fly.io access token to grant Infisical access to your Fly.io account.
+    ![integrations fly authorization](../../images/integrations/flyio/integrations-flyio-auth.png)
 
-![integrations fly authorization](../../images/integrations/flyio/integrations-flyio-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Fly.io app and press create integration to start syncing secrets to Fly.io.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Fly.io app and press create integration to start syncing secrets to Fly.io.
-
-![integrations fly](../../images/integrations/flyio/integrations-flyio-create.png)
-![integrations fly](../../images/integrations/flyio/integrations-flyio.png)
+    ![integrations fly](../../images/integrations/flyio/integrations-flyio-create.png)
+    ![integrations fly](../../images/integrations/flyio/integrations-flyio.png)
+  </Step>
+</Steps>

docs/integrations/cloud/gcp-secret-manager.mdx

@@ -5,148 +5,145 @@ description: "How to sync secrets from Infisical to GCP Secret Manager"
 
 <Tabs>
   <Tab title="Usage">
+    <AccordionGroup>
+      <Accordion title="Connect with OAuth2">
+        Prerequisites:
+        - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-<AccordionGroup>
-  <Accordion title="Connect with OAuth2">
-  
-  Prerequisites:
+        <Steps>
+          <Step title="Authorize Infisical for GCP">
+            Navigate to your project's integrations tab in Infisical.
 
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
-  ## Navigate to your project's integrations tab
+            ![integrations](../../images/integrations.png)
 
-![integrations](../../images/integrations.png)
+            Press on the GCP Secret Manager tile and select **Continue with OAuth**
 
-## Authorize Infisical for GCP
+            ![integrations GCP authorization options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth-options.png)
 
-Press on the GCP Secret Manager tile and select **Continue with OAuth**
+            Grant Infisical access to GCP.
 
-![integrations GCP authorization options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth-options.png)
+            ![integrations GCP authorization](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth.png)
 
-Grant Infisical access to GCP.
+            <Info>
+              If this is your project's first cloud integration, then you'll have to grant
+              Infisical access to your project's environment variables. Although this step
+              breaks E2EE, it's necessary for Infisical to sync the environment variables to
+              the cloud platform.
+            </Info>
+          </Step>
+          <Step title="Start integration">
+            In the **Connection** tab, select which Infisical environment secrets you want to sync to which GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager.
 
-![integrations GCP authorization](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth.png)
+            ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png)
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+            Note that the GCP Secret Manager integration supports a few options in the **Options** tab:
 
-## Start integration
+            - Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
+            - Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
+            - Label in GCP Secret Manager: If selected, every secret will be labeled in GCP Secret Manager (e.g. as `managed-by:infisical`); labels can be customized.
 
-In the **Connection** tab, select which Infisical environment secrets you want to sync to which GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager.
+            Setting a secret prefix, suffix, or enabling the labeling option ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GCP Secret Manager without the specified prefix, suffix, or attached label.
 
-![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png)
+            ![integrations GCP secret manager options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create-options.png)
 
-Note that the GCP Secret Manager integration supports a few options in the **Options** tab:
+            ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager.png)
 
-- Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
-- Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
-- Label in GCP Secret Manager: If selected, every secret will be labeled in GCP Secret Manager (e.g. as `managed-by:infisical`); labels can be customized.
+            <Warning>
+                Using Infisical to sync secrets to GCP Secret Manager requires that you enable
+                the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment).
+            </Warning>
+          </Step>
+        </Steps>
+      </Accordion>
+      <Accordion title="Connect with Service Account JSON">
+        Prerequisites:
+        - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+        - Have a GCP project and have/create a [service account](https://cloud.google.com/iam/docs/service-account-overview) in it
 
-Setting a secret prefix, suffix, or enabling the labeling option ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GCP Secret Manager without the specified prefix, suffix, or attached label.
+        <Steps>
+          <Step title="Authorize Infisical for GCP">
+            Navigate to **IAM & Admin** page in GCP and add the **Secret Manager Admin** and **Service Usage Admin** roles to the service account.
 
-![integrations GCP secret manager options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create-options.png)
+            ![integrations GCP secret manager IAM](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-iam.png)
 
-![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager.png)
+            <Info>
+              For enhanced security, you may want to assign more granular permissions to the service account. At minimum,
+              the service account should be able to read/write secrets from/to GCP Secret Manager (e.g. **Secret Manager Admin** role)
+              and list which GCP services are enabled/disabled (e.g. **Service Usage Admin** role).
+            </Info>
 
-<Warning>
-    Using Infisical to sync secrets to GCP Secret Manager requires that you enable
-    the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment).
-</Warning>
-  </Accordion>
-  <Accordion title="Connect with Service Account JSON">
-  Prerequisites:
+            Navigate to your project's integrations tab in Infisical.
 
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
-- Have a GCP project and have/create a [service account](https://cloud.google.com/iam/docs/service-account-overview) in it
+            ![integrations](../../images/integrations.png)
 
-## Grant the service account permissions for GCP Secret Manager
+            Press on the GCP Secret Manager tile and paste in your **GCP Service Account JSON** (you can create and download the JSON for your
+            service account in IAM & Admin > Service Accounts > Service Account > Keys).
 
-Navigate to **IAM & Admin** page in GCP and add the **Secret Manager Admin** and **Service Usage Admin** roles to the service account.
+            ![integrations GCP authorization IAM key](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-iam-key.png)
 
-![integrations GCP secret manager IAM](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-iam.png)
+            ![integrations GCP authorization options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth-options.png)
 
-<Info>
-  For enhanced security, you may want to assign more granular permissions to the service account. At minimum,
-  the service account should be able to read/write secrets from/to GCP Secret Manager (e.g. **Secret Manager Admin** role)
-  and list which GCP services are enabled/disabled (e.g. **Service Usage Admin** role).
-</Info>
+            <Info>
+              If this is your project's first cloud integration, then you'll have to grant
+              Infisical access to your project's environment variables. Although this step
+              breaks E2EE, it's necessary for Infisical to sync the environment variables to
+              the cloud platform.
+            </Info>
+          </Step>
+          <Step title="Start integration">
+            In the **Connection** tab, select which Infisical environment secrets you want to sync to the GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager.
 
-## Navigate to your project's integrations tab
+            ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png)
 
-![integrations](../../images/integrations.png)
+            Note that the GCP Secret Manager integration supports a few options in the **Options** tab:
 
-## Authorize Infisical for GCP
+            - Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
+            - Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
+            - Label in GCP Secret Manager: If selected, every secret will be labeled in GCP Secret Manager (e.g. as `managed-by:infisical`); labels can be customized.
 
-Press on the GCP Secret Manager tile and paste in your **GCP Service Account JSON** (you can create and download the JSON for your
-service account in IAM & Admin > Service Accounts > Service Account > Keys).
+            Setting a secret prefix, suffix, or enabling the labeling option ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GCP Secret Manager without the specified prefix, suffix, or attached label.
 
-![integrations GCP authorization IAM key](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-iam-key.png)
+            ![integrations GCP secret manager options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create-options.png)
 
-![integrations GCP authorization options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth-options.png)
+            ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager.png)
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-In the **Connection** tab, select which Infisical environment secrets you want to sync to the GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager.
-
-![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png)
-
-Note that the GCP Secret Manager integration supports a few options in the **Options** tab:
-
-- Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
-- Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
-- Label in GCP Secret Manager: If selected, every secret will be labeled in GCP Secret Manager (e.g. as `managed-by:infisical`); labels can be customized.
-
-Setting a secret prefix, suffix, or enabling the labeling option ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GCP Secret Manager without the specified prefix, suffix, or attached label.
-
-![integrations GCP secret manager options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create-options.png)
-
-![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager.png)
-
-<Warning>
-    Using Infisical to sync secrets to GCP Secret Manager requires that you enable
-    the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment).
-</Warning>
-  </Accordion>
-</AccordionGroup>
+            <Warning>
+                Using Infisical to sync secrets to GCP Secret Manager requires that you enable
+                the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment).
+            </Warning>
+          </Step>
+        </Steps>
+      </Accordion>
+    </AccordionGroup>
   </Tab>
   <Tab title="Self-Hosted Setup">
-  Using the GCP Secret Manager integration (via the OAuth2 method) on a self-hosted instance of Infisical requires configuring an OAuth2 application in GCP
-  and registering your instance with it.
-  
-  ## Create an OAuth2 application in GCP
-  
-  Navigate to your project API & Services > Credentials to create a new OAuth2 application.
-   
-   ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-api-services.png) 
-   ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-new-app.png) 
-    
-    Create the application. As part of the form, add to **Authorized redirect URIs**: `https://your-domain.com/integrations/gcp-secret-manager/oauth2/callback`.
-   
-   ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-new-app-form.png) 
-   
-   ## Add your OAuth2 application credentials to Infisical
-   
-   Obtain the **Client ID** and **Client Secret** for your GCP OAuth2 application.
-   
-   ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-credentials.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your GCP OAuth2 application:
+    Using the GCP Secret Manager integration (via the OAuth2 method) on a self-hosted instance of Infisical requires configuring an OAuth2 application in GCP
+    and registering your instance with it.
 
-   - `CLIENT_ID_GCP_SECRET_MANAGER`: The **Client ID** of your GCP OAuth2 application.
-   - `CLIENT_SECRET_GCP_SECRET_MANAGER`: The **Client Secret** of your GCP OAuth2 application.
-   
-  Once added, restart your Infisical instance and use the GCP Secret Manager integration.
+    <Steps>
+      <Step title="Create an OAuth2 application in GCP">
+        Navigate to your project API & Services > Credentials to create a new OAuth2 application.
+        
+        ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-api-services.png) 
+        ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-new-app.png) 
+          
+          Create the application. As part of the form, add to **Authorized redirect URIs**: `https://your-domain.com/integrations/gcp-secret-manager/oauth2/callback`.
+        
+        ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-new-app-form.png) 
+      </Step>
+      <Step title="Add your OAuth2 application credentials to Infisical">
+        Obtain the **Client ID** and **Client Secret** for your GCP OAuth2 application.
+        
+        ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-credentials.png) 
+        
+        Back in your Infisical instance, add two new environment variables for the credentials of your GCP OAuth2 application:
 
+        - `CLIENT_ID_GCP_SECRET_MANAGER`: The **Client ID** of your GCP OAuth2 application.
+        - `CLIENT_SECRET_GCP_SECRET_MANAGER`: The **Client Secret** of your GCP OAuth2 application.
+        
+        Once added, restart your Infisical instance and use the GCP Secret Manager integration.
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cloud/hasura-cloud.mdx

@@ -7,30 +7,31 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Hasura Cloud">
+    Obtain a Hasura Cloud Access Token in My Account > Access Tokens
 
-![integrations](../../images/integrations.png)
+    ![integrations hasura cloud tokens](../../images/integrations/hasura-cloud/integrations-hasura-cloud-tokens.png)
 
-## Enter your Hasura Cloud Access Token
+    Navigate to your project's integrations tab in Infisical.
 
-Obtain a Hasura Cloud Access Token in My Account > Access Tokens
+    ![integrations](../../images/integrations.png)
+    
+    Press on the Hasura Cloud tile and input your Hasura Cloud access token to grant Infisical access to your Hasura Cloud account.
 
-![integrations hasura cloud tokens](../../images/integrations/hasura-cloud/integrations-hasura-cloud-tokens.png)
+    ![integrations hasura cloud authorization](../../images/integrations/hasura-cloud/integrations-hasura-cloud-auth.png)
 
-Press on the Hasura Cloud tile and input your Hasura Cloud access token to grant Infisical access to your Hasura Cloud account.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Hasura Cloud project and press create integration to start syncing secrets to Hasura Cloud.
 
-![integrations hasura cloud authorization](../../images/integrations/hasura-cloud/integrations-hasura-cloud-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Hasura Cloud project and press create integration to start syncing secrets to Hasura Cloud.
-
-![integrations hasura cloud](../../images/integrations/hasura-cloud/integrations-hasura-cloud-create.png)
-![integrations hasura cloud](../../images/integrations/hasura-cloud/integrations-hasura-cloud.png)
+    ![integrations hasura cloud](../../images/integrations/hasura-cloud/integrations-hasura-cloud-create.png)
+    ![integrations hasura cloud](../../images/integrations/hasura-cloud/integrations-hasura-cloud.png)
+  </Step>
+</Steps>

docs/integrations/cloud/heroku.mdx

@@ -5,63 +5,63 @@ description: "How to sync secrets from Infisical to Heroku"
 
 <Tabs>
   <Tab title="Usage">
-  Prerequisites:
+    Prerequisites:
 
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+    - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+    <Steps>
+      <Step title="Authorize Infisical for Heroku">
+        Navigate to your project's integrations tab in Infisical.
 
-![integrations](../../images/integrations.png)
+        ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for Heroku
+        Press on the Heroku tile and grant Infisical access to your Heroku account.
 
-Press on the Heroku tile and grant Infisical access to your Heroku account.
+        ![integrations heroku authorization](../../images/integrations/heroku/integrations-heroku-auth.png)
 
-![integrations heroku authorization](../../images/integrations/heroku/integrations-heroku-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Heroku app and press create integration to start syncing secrets to Heroku.
-
-![integrations heroku](../../images/integrations/heroku/integrations-heroku-create.png)
-![integrations heroku](../../images/integrations/heroku/integrations-heroku.png)
+        <Info>
+          If this is your project's first cloud integration, then you'll have to grant
+          Infisical access to your project's environment variables. Although this step
+          breaks E2EE, it's necessary for Infisical to sync the environment variables to
+          the cloud platform.
+        </Info>
+      </Step>
+      <Step title="Start integration">
+        Select which Infisical environment secrets you want to sync to which Heroku app and press create integration to start syncing secrets to Heroku.
+        
+        ![integrations heroku](../../images/integrations/heroku/integrations-heroku-create.png)
+        ![integrations heroku](../../images/integrations/heroku/integrations-heroku.png)
+      </Step>
+    </Steps>
   </Tab>
   <Tab title="Self-Hosted Setup">
-  Using the Heroku integration on a self-hosted instance of Infisical requires configuring an API client in Heroku
-  and registering your instance with it.
-  
-  ## Create an API client in Heroku
-  
-  Navigate to your user Account settings > Applications to create a new API client.
+    Using the Heroku integration on a self-hosted instance of Infisical requires configuring an API client in Heroku
+    and registering your instance with it.
+    <Steps>
+      <Step title="Create an API client in Heroku">
+        Navigate to your user Account settings > Applications to create a new API client.
 
-   ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-settings.png) 
-   ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-applications.png) 
-   ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-new-app.png) 
-   
-    Create the API client. As part of the form, set the **OAuth callback URL** to `https://your-domain.com/integrations/heroku/oauth2/callback`.
+        ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-settings.png) 
+        ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-applications.png) 
+        ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-new-app.png) 
+        
+          Create the API client. As part of the form, set the **OAuth callback URL** to `https://your-domain.com/integrations/heroku/oauth2/callback`.
 
-   ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-new-app-form.png) 
-   
-   ## Add your Heroku API client credentials to Infisical
-   
-   Obtain the **Client ID** and **Client Secret** for your Heroku API client.
-   
-   ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-credentials.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your Heroku API client.
-
-   - `CLIENT_ID_HEROKU`: The **Client ID** of your Heroku API client.
-   - `CLIENT_SECRET_HEROKU`: The **Client Secret** of your Heroku API client.
-   
-  Once added, restart your Infisical instance and use the Heroku integration.
+        ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-new-app-form.png) 
+      </Step>
+      <Step title="Add your Heroku API client credentials to Infisical">
+        Obtain the **Client ID** and **Client Secret** for your Heroku API client.
+        
+        ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-credentials.png) 
+        
+        Back in your Infisical instance, add two new environment variables for the credentials of your Heroku API client.
 
+        - `CLIENT_ID_HEROKU`: The **Client ID** of your Heroku API client.
+        - `CLIENT_SECRET_HEROKU`: The **Client Secret** of your Heroku API client.
+        
+        Once added, restart your Infisical instance and use the Heroku integration.
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cloud/laravel-forge.mdx

@@ -7,36 +7,38 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Laravel Forge">
+    Obtain a Laravel Forge access token in API Tokens
 
-![integrations](../../images/integrations.png)
+    ![integrations laravel forge dashboard](../../images/integrations/laravel-forge/integrations-laravelforge-dashboard.png)
+    ![integrations laravel forge api tokens](../../images/integrations/laravel-forge/integrations-laravelforge-api.png)
 
-## Enter your Laravel Forge Access Token and Server Id
+    Obtain your Laravel Forge Server ID in Servers > Server ID
 
-Obtain a Laravel Forge access token in API Tokens
+    ![integrations laravel forge server](../../images/integrations/laravel-forge/integrations-laravelforge-servers.png)
+    ![integrations laravel forge server id](../../images/integrations/laravel-forge/integrations-laravelforge-serverid.png)
+    
+    Navigate to your project's integrations tab in Infisical.
 
-![integrations laravel forge dashboard](../../images/integrations/laravel-forge/integrations-laravelforge-dashboard.png)
-![integrations laravel forge api tokens](../../images/integrations/laravel-forge/integrations-laravelforge-api.png)
+    ![integrations](../../images/integrations.png)
 
-Obtain your Laravel Forge Server ID in Servers > Server ID
+    Press on the Laravel Forge tile and input your Laravel Forge access token and server ID to grant Infisical access to your Laravel Forge account.
 
-![integrations laravel forge server](../../images/integrations/laravel-forge/integrations-laravelforge-servers.png)
-![integrations laravel forge server id](../../images/integrations/laravel-forge/integrations-laravelforge-serverid.png)
+    ![integrations laravel forge authorization](../../images/integrations/laravel-forge/integrations-laravelforge-auth.png)
 
-Press on the Laravel Forge tile and input your Laravel Forge access token and server ID to grant Infisical access to your Laravel Forge account.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Laravel Forge site and press create integration to start syncing secrets to Laravel Forge.
 
-![integrations laravel forge authorization](../../images/integrations/laravel-forge/integrations-laravelforge-auth.png)
+    ![integrations laravel forge](../../images/integrations/laravel-forge/integrations-laravelforge-create.png)
+    ![integrations laravel forge](../../images/integrations/laravel-forge/integrations-laravelforge.png)
+  </Step>
+</Steps>
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Laravel Forge site and press create integration to start syncing secrets to Laravel Forge.
-
-![integrations laravel forge](../../images/integrations/laravel-forge/integrations-laravelforge-create.png)
-![integrations laravel forge](../../images/integrations/laravel-forge/integrations-laravelforge.png)

docs/integrations/cloud/netlify.mdx

@@ -5,68 +5,68 @@ description: "How to sync secrets from Infisical to Netlify"
 
 <Tabs>
   <Tab title="Usage">
-  <Warning>
-  Infisical integrates with Netlify's new environment variable experience. If
-  your site uses Netlify's old environment variable experience, you'll have to
-  upgrade it to the new one to use this integration.
-</Warning>
+    <Warning>
+      Infisical integrates with Netlify's new environment variable experience. If
+      your site uses Netlify's old environment variable experience, you'll have to
+      upgrade it to the new one to use this integration.
+    </Warning>
+    
+    Prerequisites:
 
-Prerequisites:
+    - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+    <Steps>
+      <Step title="Authorize Infisical for Netlify">
+        Navigate to your project's integrations tab in Infisical.
+        
+        ![integrations](../../images/integrations.png)
 
-## Navigate to your project's integrations tab
+        Press on the Netlify tile and grant Infisical access to your Netlify account.
 
-![integrations](../../images/integrations.png)
+        ![integrations netlify authorization](../../images/integrations/netlify/integrations-netlify-auth.png)
 
-## Authorize Infisical for Netlify
-
-Press on the Netlify tile and grant Infisical access to your Netlify account.
-
-![integrations netlify authorization](../../images/integrations/netlify/integrations-netlify-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Netlify app and context. Lastly, press create integration to start syncing secrets to Netlify.
-
-![integrations netlify](../../images/integrations/netlify/integrations-netlify-create.png)
-![integrations netlify](../../images/integrations/netlify/integrations-netlify.png)
+        <Info>
+          If this is your project's first cloud integration, then you'll have to grant
+          Infisical access to your project's environment variables. Although this step
+          breaks E2EE, it's necessary for Infisical to sync the environment variables to
+          the cloud platform.
+        </Info>
+      </Step>
+      <Step title="Start integration">
+        Select which Infisical environment secrets you want to sync to which Netlify app and context. Lastly, press create integration to start syncing secrets to Netlify.
 
+        ![integrations netlify](../../images/integrations/netlify/integrations-netlify-create.png)
+        ![integrations netlify](../../images/integrations/netlify/integrations-netlify.png)
+      </Step>
+    </Steps>
   </Tab>
   <Tab title="Self-Hosted Setup">
     Using the Netlify integration on a self-hosted instance of Infisical requires configuring an OAuth application in Netlify
   and registering your instance with it.
-  
-  ## Create an OAuth application in Netlify
-  
-  Navigate to your User settings > Applications > OAuth to create a new OAuth application.
-  
-   ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-user-settings.png) 
-   ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-new-app.png) 
-    
-    Create the OAuth application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/netlify/oauth2/callback`.
+    <Steps>
+      <Step title="Create an OAuth application in Netlify">
+        Navigate to your User settings > Applications > OAuth to create a new OAuth application.
+        
+        ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-user-settings.png) 
+        ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-new-app.png) 
+          
+          Create the OAuth application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/netlify/oauth2/callback`.
 
-   ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-new-app-form.png) 
+        ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-new-app-form.png) 
+      </Step>
+      <Step title="Add your Netlify OAuth application credentials to Infisical">
+        Obtain the **Client ID** and **Secret** for your Netlify OAuth application.
+        
+        ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-credentials.png) 
+        
+        Back in your Infisical instance, add two new environment variables for the credentials of your Netlify OAuth application.
 
-   ## Add your Netlify OAuth application credentials to Infisical
-   
-   Obtain the **Client ID** and **Secret** for your Netlify OAuth application.
-   
-   ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-credentials.png) 
-   
-   Back in your Infisical instance, add two new environment variables for the credentials of your Netlify OAuth application.
-
-   - `CLIENT_ID_NETLIFY`: The **Client ID** of your Netlify OAuth application.
-   - `CLIENT_SECRET_NETLIFY`: The **Secret** of your Netlify OAuth application.
-   
-  Once added, restart your Infisical instance and use the Netlify integration.
+        - `CLIENT_ID_NETLIFY`: The **Client ID** of your Netlify OAuth application.
+        - `CLIENT_SECRET_NETLIFY`: The **Secret** of your Netlify OAuth application.
+        
+        Once added, restart your Infisical instance and use the Netlify integration.
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cloud/northflank.mdx

@@ -8,31 +8,32 @@ Prerequisites:
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 - Have a [Northflank](https://northflank.com) project with a secret group ready
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Northflank">
+    Obtain a Northflank API token in Account settings > API > Tokens
 
-![integrations](../../images/integrations.png)
+    ![integrations northflank dashboard](../../images/integrations/northflank/integrations-northflank-dashboard.png)
+    ![integrations northflank token](../../images/integrations/northflank/integrations-northflank-token.png)
+    
+    Navigate to your project's integrations tab in Infisical.
 
-## Enter your Northflank API Token
+    ![integrations](../../images/integrations.png)
 
-Obtain a Northflank API token in Account settings > API > Tokens
+    Press on the Northflank tile and input your Northflank API token to grant Infisical access to your Northflank account.
 
-![integrations northflank dashboard](../../images/integrations/northflank/integrations-northflank-dashboard.png)
-![integrations northflank token](../../images/integrations/northflank/integrations-northflank-token.png)
+    ![integrations northflank authorization](../../images/integrations/northflank/integrations-northflank-auth.png)
 
-Press on the Northflank tile and input your Northflank API token to grant Infisical access to your Northflank account.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Northflank project and secret group. Finally, press create integration to start syncing secrets to Northflank.
 
-![integrations northflank authorization](../../images/integrations/northflank/integrations-northflank-auth.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Northflank project and secret group. Finally, press create integration to start syncing secrets to Northflank.
-
-![integrations northflank](../../images/integrations/northflank/integrations-northflank-create.png)
-![integrations northflank](../../images/integrations/northflank/integrations-northflank.png)
+    ![integrations northflank](../../images/integrations/northflank/integrations-northflank-create.png)
+    ![integrations northflank](../../images/integrations/northflank/integrations-northflank.png)
+  </Step>
+</Steps>

docs/integrations/cloud/qovery.mdx

@@ -7,37 +7,38 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Qovery">
+    Obtain a Qovery API Token in Settings > API Token.
 
-![integrations](../../images/integrations.png)
+    ![integrations qovery api token](../../images/integrations/qovery/integrations-qovery-token.png)
 
-## Enter your Qovery API Token
+    Navigate to your project's integrations tab in Infisical.
 
-Obtain a Qovery API Token in Settings > API Token.
+    ![integrations](../../images/integrations.png)
 
-![integrations qovery api token](../../images/integrations/qovery/integrations-qovery-token.png)
+    Press on the Qovery tile and input your Qovery API Token to grant Infisical access to your Qovery account.
 
-Press on the Qovery tile and input your Qovery API Token to grant Infisical access to your Qovery account.
+    ![integrations qovery authorization](../../images/integrations/qovery/integrations-qovery-auth.png)
 
-![integrations qovery authorization](../../images/integrations/qovery/integrations-qovery-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it is necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to Qovery and press create integration to start syncing secrets.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it is necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+    ![integrations qovery create](../../images/integrations/qovery/integrations-qovery-create-1.png)
 
-## Start integration
+    ![integrations qovery create](../../images/integrations/qovery/integrations-qovery-create-2.png)
 
-Select which Infisical environment secrets you want to sync to Qovery and press create integration to start syncing secrets.
+    <Note>
+      Infisical supports syncing secrets to various Qovery scopes including applications, jobs, or containers.
+    </Note>
 
-![integrations qovery create](../../images/integrations/qovery/integrations-qovery-create-1.png)
-
-![integrations qovery create](../../images/integrations/qovery/integrations-qovery-create-2.png)
-
-<Note>
-  Infisical supports syncing secrets to various Qovery scopes including applications, jobs, or containers.
-</Note>
-
-![integrations qovery settings](../../images/integrations/qovery/integrations-qovery.png)
+    ![integrations qovery settings](../../images/integrations/qovery/integrations-qovery.png)
+  </Step>
+</Steps>

docs/integrations/cloud/railway.mdx

@@ -7,48 +7,47 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
+<Steps>
+  <Step title="Authorize Infisical for Railway">
+    Obtain a Railway API Token in your Railway [Account Settings > Tokens](https://railway.app/account/tokens).
 
-## Navigate to your project's integrations tab
+    ![integrations railway dashboard](../../images/integrations/railway/integrations-railway-dashboard.png)
+    ![integrations railway token](../../images/integrations/railway/integrations-railway-token.png)
 
-![integrations](../../images/integrations.png)
+    <Note>
+        If this is your first time creating a Railway API token, then you'll be prompted to join
+        Railway's Private Boarding Beta program on the Railway Account Settings > Tokens page. 
+        
+        Note that Railway project tokens will not work for this integration since they don't work with
+        Railway's Public API.
+    </Note>
 
-## Enter your Railway API Token
+    Navigate to your project's integrations tab in Infisical.
 
-Obtain a Railway API Token in your Railway [Account Settings > Tokens](https://railway.app/account/tokens).
+    ![integrations](../../images/integrations.png)
 
-![integrations railway dashboard](../../images/integrations/railway/integrations-railway-dashboard.png)
-![integrations railway token](../../images/integrations/railway/integrations-railway-token.png)
+    Press on the Railway tile and input your Railway API Key to grant Infisical access to your Railway account.
 
-<Note>
-    If this is your first time creating a Railway API token, then you'll be prompted to join
-    Railway's Private Boarding Beta program on the Railway Account Settings > Tokens page. 
-    
-    Note that Railway project tokens will not work for this integration since they don't work with
-    Railway's Public API.
-</Note>
+    ![integrations railway authorization](../../images/integrations/railway/integrations-railway-authorization.png)
 
-Press on the Railway tile and input your Railway API Key to grant Infisical access to your Railway account.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Railway project and environment (and optionally service). Lastly, press create integration to start syncing secrets to Railway.
 
-![integrations railway authorization](../../images/integrations/railway/integrations-railway-authorization.png)
+    ![integrations create railway](../../images/integrations/railway/integrations-railway-create.png)
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Railway project and environment (and optionally service). Lastly, press create integration to start syncing secrets to Railway.
-
-![integrations create railway](../../images/integrations/railway/integrations-railway-create.png)
-
-<Note>
-  Infisical integrates with both Railway's [shared variables](https://blog.railway.app/p/shared-variables-release) at the project environment level as well as service variables at the service level.
-  
-  To sync secrets to a specific service in a project, you can select a service from the Railway Service dropdown; otherwise, leaving it empty will sync secrets to the shared variables of that project.
-</Note>
-
-![integrations railway](../../images/integrations/railway/integrations-railway.png)
+    <Note>
+      Infisical integrates with both Railway's [shared variables](https://blog.railway.app/p/shared-variables-release) at the project environment level as well as service variables at the service level.
+      
+      To sync secrets to a specific service in a project, you can select a service from the Railway Service dropdown; otherwise, leaving it empty will sync secrets to the shared variables of that project.
+    </Note>
 
+    ![integrations railway](../../images/integrations/railway/integrations-railway.png)
+  </Step>
+</Steps>

docs/integrations/cloud/render.mdx

@@ -7,31 +7,32 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Render">
+    Obtain a Render API Key in your Render Account Settings > API Keys.
 
-![integrations](../../images/integrations.png)
+    ![integrations render dashboard](../../images/integrations/render/integrations-render-dashboard.png)
+    ![integrations render token](../../images/integrations/render/integrations-render-token.png)
 
-## Enter your Render API Key
+    Navigate to your project's integrations tab in Infisical.
 
-Obtain a Render API Key in your Render Account Settings > API Keys.
+    ![integrations](../../images/integrations.png)
 
-![integrations render dashboard](../../images/integrations/render/integrations-render-dashboard.png)
-![integrations render token](../../images/integrations/render/integrations-render-token.png)
+    Press on the Render tile and input your Render API Key to grant Infisical access to your Render account.
 
-Press on the Render tile and input your Render API Key to grant Infisical access to your Render account.
+    ![integrations render authorization](../../images/integrations/render/integrations-render-auth.png)
 
-![integrations render authorization](../../images/integrations/render/integrations-render-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Render service and press create integration to start syncing secrets to Render.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Render service and press create integration to start syncing secrets to Render.
-
-![integrations render](../../images/integrations/render/integrations-render-create.png)
-![integrations render](../../images/integrations/render/integrations-render.png)
+    ![integrations render](../../images/integrations/render/integrations-render-create.png)
+    ![integrations render](../../images/integrations/render/integrations-render.png)
+  </Step>
+</Steps>

docs/integrations/cloud/supabase.mdx

@@ -14,31 +14,32 @@ Prerequisites:
 - Have an account and project set up at [Supabase](https://supabase.com/)
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Supabase">
+    Obtain a Supabase Access Token in your Supabase [Account > Access Tokens](https://app.supabase.com/account/tokens).
+    ![integrations supabase dashboard](../../images/integrations/supabase/integrations-supabase-dashboard.png)
+    ![integrations supabase token](../../images/integrations/supabase/integrations-supabase-token.png)
+    
+    Navigate to your project's integrations tab in Infisical.
 
-![integrations](../../images/integrations.png)
+    ![integrations](../../images/integrations.png)
+    
+    Press on the Supabase tile and input your Supabase Access Token to grant Infisical access to your Supabase account.
 
-## Enter your Supabase Access Token
+    ![integrations supabase authorization](../../images/integrations/supabase/integrations-supabase-authorization.png)
 
-Obtain a Supabase Access Token in your Supabase [Account > Access Tokens](https://app.supabase.com/account/tokens).
-![integrations supabase dashboard](../../images/integrations/supabase/integrations-supabase-dashboard.png)
-![integrations supabase token](../../images/integrations/supabase/integrations-supabase-token.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Supabase project. Lastly, press create integration to start syncing secrets to Supabase.
 
-Press on the Supabase tile and input your Supabase Access Token to grant Infisical access to your Supabase account.
+    ![integrations supabase create](../../images/integrations/supabase/integrations-supabase-create.png)
 
-![integrations supabase authorization](../../images/integrations/supabase/integrations-supabase-authorization.png)
-
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Supabase project. Lastly, press create integration to start syncing secrets to Supabase.
-
-![integrations supabase create](../../images/integrations/supabase/integrations-supabase-create.png)
-
-![integrations supabase](../../images/integrations/supabase/integrations-supabase.png)
+    ![integrations supabase](../../images/integrations/supabase/integrations-supabase.png)
+  </Step>
+</Steps>

docs/integrations/cloud/teamcity.mdx

@@ -7,44 +7,45 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for TeamCity">
+    Obtain a TeamCity Access Token in Profile > Access Tokens
 
-![integrations](../../images/integrations.png)
+    ![integrations teamcity dashboard](../../images/integrations/teamcity/integrations-teamcity-dashboard.png)
+    ![integrations teamcity token](../../images/integrations/teamcity/integrations-teamcity-token.png)
 
-## Enter your TeamCity Access Token and Server URL
+    <Note>
+      For this integration to work, the TeamCity Access Token must either have the
+      **Same as current user** account-wide permission enabled or, if **Limit per project**
+      is selected, then it must at minimum have the **View build configuration settings** and **Edit project** permissions enabled.
+    </Note>
 
-Obtain a TeamCity Access Token in Profile > Access Tokens
+    Navigate to your project's integrations tab in Infisical.
 
-![integrations teamcity dashboard](../../images/integrations/teamcity/integrations-teamcity-dashboard.png)
-![integrations teamcity token](../../images/integrations/teamcity/integrations-teamcity-token.png)
+    ![integrations](../../images/integrations.png)
 
-<Note>
-  For this integration to work, the TeamCity Access Token must either have the
-  **Same as current user** account-wide permission enabled or, if **Limit per project**
-  is selected, then it must at minimum have the **View build configuration settings** and **Edit project** permissions enabled.
-</Note>
+    Press on the TeamCity tile and input your TeamCity Access Token and Server URL to grant Infisical access to your TeamCity account.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+    ![integrations teamcity authorization](../../images/integrations/teamcity/integrations-teamcity-auth.png)
 
-Press on the TeamCity tile and input your TeamCity Access Token and Server URL to grant Infisical access to your TeamCity account.
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which TeamCity project (and optionally build configuration) and press create integration to start syncing secrets to TeamCity.
 
-![integrations teamcity authorization](../../images/integrations/teamcity/integrations-teamcity-auth.png)
+    ![integrations teamcity](../../images/integrations/teamcity/integrations-teamcity-create.png)
 
-## Start integration
+    <Note>
+      Infisical integrates with both TeamCity's project-level and build configuration-level environment variables.
+      
+      To sync secrets to a specific build configuration in a TeamCity project, you can select a build configuration from the **TeamCity Build Config** dropdown; otherwise, leaving it empty will sync secrets to TeamCity at the project-level.
+    </Note>
 
-Select which Infisical environment secrets you want to sync to which TeamCity project (and optionally build configuration) and press create integration to start syncing secrets to TeamCity.
-
-![integrations teamcity](../../images/integrations/teamcity/integrations-teamcity-create.png)
-
-<Note>
-  Infisical integrates with both TeamCity's project-level and build configuration-level environment variables.
-  
-  To sync secrets to a specific build configuration in a TeamCity project, you can select a build configuration from the **TeamCity Build Config** dropdown; otherwise, leaving it empty will sync secrets to TeamCity at the project-level.
-</Note>
-
-![integrations teamcity](../../images/integrations/teamcity/integrations-teamcity.png)
+    ![integrations teamcity](../../images/integrations/teamcity/integrations-teamcity.png)
+  </Step>
+</Steps>

docs/integrations/cloud/terraform-cloud.mdx

@@ -7,36 +7,37 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Terraform Cloud">
+    Obtain a Terraform Cloud API Token in User Settings > Tokens
 
-![integrations](../../images/integrations.png)
+    ![integrations terraform cloud dashboard](../../images/integrations/terraform/integrations-terraformcloud-dashboard.png)
+    ![integrations terraform cloud tokens](../../images/integrations/terraform/integrations-terraformcloud-tokens.png)
 
-## Enter your Terraform Cloud API Token and Workspace Id
+    Obtain your Terraform Cloud Workspace Id in Projects & Workspaces > Workspace > ID
 
-Obtain a Terraform Cloud API Token in User Settings > Tokens
+    ![integrations terraform cloud projects & workspaces](../../images/integrations/terraform/integrations-terraformcloud-workspaces.png)
+    ![integrations terraform cloud workspace id](../../images/integrations/terraform/integrations-terraformcloud-workspaceid.png)
 
-![integrations terraform cloud dashboard](../../images/integrations/terraform/integrations-terraformcloud-dashboard.png)
-![integrations terraform cloud tokens](../../images/integrations/terraform/integrations-terraformcloud-tokens.png)
+    Navigate to your project's integrations tab in Infisical.
 
-Obtain your Terraform Cloud Workspace Id in Projects & Workspaces > Workspace > ID
+    ![integrations](../../images/integrations.png)
 
-![integrations terraform cloud projects & workspaces](../../images/integrations/terraform/integrations-terraformcloud-workspaces.png)
-![integrations terraform cloud workspace id](../../images/integrations/terraform/integrations-terraformcloud-workspaceid.png)
+    Press on the Terraform Cloud tile and input your Terraform Cloud API Token and Workspace Id to grant Infisical access to your Terraform Cloud account.
 
-Press on the Terraform Cloud tile and input your Terraform Cloud API Token and Workspace Id to grant Infisical access to your Terraform Cloud account.
+    ![integrations terraform cloud authorization](../../images/integrations/terraform/integrations-terraformcloud-auth.png)
 
-![integrations terraform cloud authorization](../../images/integrations/terraform/integrations-terraformcloud-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets and Terraform Cloud variable type you want to sync to which Terraform Cloud workspace/project and press create integration to start syncing secrets to Terraform Cloud.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
-
-## Start integration
-
-Select which Infisical environment secrets and Terraform Cloud variable type you want to sync to which Terraform Cloud workspace/project and press create integration to start syncing secrets to Terraform Cloud.
-
-![integrations terraform cloud](../../images/integrations/terraform/integrations-terraformcloud-create.png)
-![integrations terraform cloud](../../images/integrations/terraform/integrations-terraformcloud.png)
+    ![integrations terraform cloud](../../images/integrations/terraform/integrations-terraformcloud-create.png)
+    ![integrations terraform cloud](../../images/integrations/terraform/integrations-terraformcloud.png)
+  </Step>
+</Steps>

docs/integrations/cloud/vercel.mdx

@@ -5,82 +5,82 @@ description: "How to sync secrets from Infisical to Vercel"
 
 <Tabs>
   <Tab title="Usage">
-  Prerequisites:
+    Prerequisites:
+    - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+    <Steps>
+      <Step title="Authorize Infisical for Vercel">
+        Navigate to your project's integrations tab in Infisical.
 
-## Navigate to your project's integrations tab
+        ![integrations](../../images/integrations.png)
 
-![integrations](../../images/integrations.png)
+        Press on the Vercel tile and grant Infisical access to your Vercel account.
 
-## Authorize Infisical for Vercel
+        ![integrations vercel authorization](../../images/integrations/vercel/integrations-vercel-auth.png)
 
-Press on the Vercel tile and grant Infisical access to your Vercel account.
+        <Info>
+          If this is your project's first cloud integration, then you'll have to grant
+          Infisical access to your project's environment variables. Although this step
+          breaks E2EE, it's necessary for Infisical to sync the environment variables to
+          the cloud platform.
+        </Info>
+      </Step>
+      <Step title="Start integration">
+        Select which Infisical environment secrets you want to sync to which Vercel app and environment. Lastly, press create integration to start syncing secrets to Vercel.
 
-![integrations vercel authorization](../../images/integrations/vercel/integrations-vercel-auth.png)
+        ![integrations vercel](../../images/integrations/vercel/integrations-vercel-create.png)
+        ![integrations vercel](../../images/integrations/vercel/integrations-vercel.png)
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+        <Info>
+          Infisical syncs every envar to Vercel with type `encrypted` unless an existing
+          envar with the same name in Vercel exists with a different type. Note that
+          Infisical will not be able to update Vercel envars with type `sensitive` since
+          they can only be decrypted and modified by Vercel's deployment systems.
+        </Info>
 
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Vercel app and environment. Lastly, press create integration to start syncing secrets to Vercel.
-
-![integrations vercel](../../images/integrations/vercel/integrations-vercel-create.png)
-![integrations vercel](../../images/integrations/vercel/integrations-vercel.png)
-
-<Info>
-  Infisical syncs every envar to Vercel with type `encrypted` unless an existing
-  envar with the same name in Vercel exists with a different type. Note that
-  Infisical will not be able to update Vercel envars with type `sensitive` since
-  they can only be decrypted and modified by Vercel's deployment systems.
-</Info>
-
-<Warning>
-  The following environment variable names are reserved by Vercel and cannot be
-  synced: `AWS_SECRET_KEY`, `AWS_EXECUTION_ENV`, `AWS_LAMBDA_LOG_GROUP_NAME`,
-  `AWS_LAMBDA_LOG_STREAM_NAME`, `AWS_LAMBDA_FUNCTION_NAME`,
-  `AWS_LAMBDA_FUNCTION_MEMORY_SIZE`, `AWS_LAMBDA_FUNCTION_VERSION`,
-  `NOW_REGION`, `TZ`, `LAMBDA_TASK_ROOT`, `LAMBDA_RUNTIME_DIR`,
-  `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`,
-  `AWS_REGION`, and `AWS_DEFAULT_REGION`.
-</Warning>
+        <Warning>
+          The following environment variable names are reserved by Vercel and cannot be
+          synced: `AWS_SECRET_KEY`, `AWS_EXECUTION_ENV`, `AWS_LAMBDA_LOG_GROUP_NAME`,
+          `AWS_LAMBDA_LOG_STREAM_NAME`, `AWS_LAMBDA_FUNCTION_NAME`,
+          `AWS_LAMBDA_FUNCTION_MEMORY_SIZE`, `AWS_LAMBDA_FUNCTION_VERSION`,
+          `NOW_REGION`, `TZ`, `LAMBDA_TASK_ROOT`, `LAMBDA_RUNTIME_DIR`,
+          `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`,
+          `AWS_REGION`, and `AWS_DEFAULT_REGION`.
+        </Warning>
+      </Step>
+    </Steps>
   </Tab>
   <Tab title="Self-Hosted Setup">
-  Using the Vercel integration on a self-hosted instance of Infisical requires configuring an integration in Vercel.
-  and registering your instance with it.
-  
-  ## Create an integration in Vercel
-  
-  Navigate to Integrations > Integration Console to create a new integration.
-  
-   ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-integrations-console.png) 
-   ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-new-app.png) 
+    Using the Vercel integration on a self-hosted instance of Infisical requires configuring an integration in Vercel.
+    and registering your instance with it.
     
-    Create the application. As part of the form, set a **URL Slug** to a unique slug like `infisical-your-domain` and keep it handy. Also, set **Redirect URL** to `https://your-domain.com/integrations/vercel/oauth2/callback`. Lastly,
-    be sure to set the API Scopes according to the second screenshot below.
-   
-   ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-new-app-form-1.png) 
-   ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-new-app-form-2.png) 
-   
-   ## Add your Vercel integration credentials and information to Infisical
-   
-   Obtain the **Client (Integration) ID** and **Client (Integration) Secret** as well as the **URL Slug** from earlier for your Vercel integration.
+    <Steps>
+      <Step title="Create an integration in Vercel">
+        Navigate to Integrations > Integration Console to create a new integration.
+  
+        ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-integrations-console.png) 
+        ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-new-app.png) 
+        
+        Create the application. As part of the form, set a **URL Slug** to a unique slug like `infisical-your-domain` and keep it handy. Also, set **Redirect URL** to `https://your-domain.com/integrations/vercel/oauth2/callback`. Lastly,
+        be sure to set the API Scopes according to the second screenshot below.
+      
+        ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-new-app-form-1.png) 
+        ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-new-app-form-2.png) 
+      </Step>
+      <Step title="Add your Vercel integration credentials and information to Infisical">
+        Obtain the **Client (Integration) ID** and **Client (Integration) Secret** as well as the **URL Slug** from earlier for your Vercel integration.
 
-   ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-credentials.png) 
-   
-   Back in your Infisical instance, add three new environment variables for the credentials of your Vercel integration.
-
-   - `CLIENT_ID_VERCEL`: The **Client (Integration) ID** of your Vercel integration.
-   - `CLIENT_SECRET_VERCEL`: The **Client (Integration) Secret** of your Vercel integration.
-   - `CLIENT_SLUG_VERCEL`: The **URL Slug** of your Vercel integration.
-   
-  Once added, restart your Infisical instance and use the Vercel integration.
+        ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-credentials.png) 
+      
+        Back in your Infisical instance, add three new environment variables for the credentials of your Vercel integration.
 
+        - `CLIENT_ID_VERCEL`: The **Client (Integration) ID** of your Vercel integration.
+        - `CLIENT_SECRET_VERCEL`: The **Client (Integration) Secret** of your Vercel integration.
+        - `CLIENT_SLUG_VERCEL`: The **URL Slug** of your Vercel integration.
+        
+        Once added, restart your Infisical instance and use the Vercel integration.
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cloud/windmill.mdx

@@ -7,40 +7,41 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Windmill">
+    Obtain a [Windmill](https://www.windmill.dev/) access token in Access Tokens
 
-![integrations](../../images/integrations.png)
+    ![integrations windmill dashboard](../../images/integrations/windmill/integrations-windmill-dashboard.png)
+    ![integrations windmill token](../../images/integrations/windmill/integrations-windmill-token.png)
 
-## Enter your Windmill Access Token
+    Navigate to your project's integrations tab in Infisical.
 
-Obtain a [Windmill](https://www.windmill.dev/) access token in Access Tokens
+    ![integrations](../../images/integrations.png)
 
-![integrations windmill dashboard](../../images/integrations/windmill/integrations-windmill-dashboard.png)
-![integrations windmill token](../../images/integrations/windmill/integrations-windmill-token.png)
+    Press on the Windmill tile and input your Windmill access token to grant Infisical access to your Windmill account.
 
-Press on the Windmill tile and input your Windmill access token to grant Infisical access to your Windmill account.
+    ![integrations windmill authorization](../../images/integrations/windmill/integrations-windmill-auth.png)
 
-![integrations windmill authorization](../../images/integrations/windmill/integrations-windmill-auth.png)
+    <Info>
+      If this is your project's first cloud integration, then you'll have to grant
+      Infisical access to your project's environment variables. Although this step
+      breaks E2EE, it's necessary for Infisical to sync the environment variables to
+      the cloud platform.
+    </Info>
+  </Step>
+  <Step title="Start integration">
+    Select which Infisical environment secrets you want to sync to which Windmill workspace and press create integration to start syncing secrets to Windmill.
 
-<Info>
-  If this is your project's first cloud integration, then you'll have to grant
-  Infisical access to your project's environment variables. Although this step
-  breaks E2EE, it's necessary for Infisical to sync the environment variables to
-  the cloud platform.
-</Info>
+    ![integrations windmill](../../images/integrations/windmill/integrations-windmill-create.png)
+    ![integrations windmill](../../images/integrations/windmill/integrations-windmill.png)
 
-## Start integration
-
-Select which Infisical environment secrets you want to sync to which Windmill workspace and press create integration to start syncing secrets to Windmill.
-
-![integrations windmill](../../images/integrations/windmill/integrations-windmill-create.png)
-![integrations windmill](../../images/integrations/windmill/integrations-windmill.png)
-
-<Warning>
-  Secrets synced to Windmill are subject to the [ownership path
-  prefix](https://www.windmill.dev/docs/core_concepts/roles_and_permissions)
-  convention of Windmill. Accordingly, all secrets must be prefixed with either
-  `u/` or `f/` for user-based and folder-based secret along with the name of the
-  secret. Put differently, you must use the full path of the secret as its name
-  in Infisical to be considered valid such as `u/user/FOO/BAR`.
-</Warning>
+    <Warning>
+      Secrets synced to Windmill are subject to the [ownership path
+      prefix](https://www.windmill.dev/docs/core_concepts/roles_and_permissions)
+      convention of Windmill. Accordingly, all secrets must be prefixed with either
+      `u/` or `f/` for user-based and folder-based secret along with the name of the
+      secret. Put differently, you must use the full path of the secret as its name
+      in Infisical to be considered valid such as `u/user/FOO/BAR`.
+    </Warning>
+  </Step>
+</Steps>

docs/internals/components.mdx

@@ -25,6 +25,6 @@ The Web UI is the browser-based portal that connects to the Infisical API.
 
 Clients are any application or infrastructure that connecting to the Infisical API using one of the below methods:
 - Public API: Making API requests directly to the Infisical API.
-- Client SDK: A platform-specific library with method abstractions for working with secrets. Currently, there are two official SDKs: [Node SDK](https://github.com/Infisical/infisical-node) and [Python SDK](https://github.com/Infisical/infisical-python).
+- Client SDK: A platform-specific library with method abstractions for working with secrets. Currently, there are three official SDKs: [Node SDK](https://infisical.com/docs/sdks/languages/node), [Python SDK](https://infisical.com/docs/sdks/languages/python), and [Java SDK](https://infisical.com/docs/sdks/languages/java).
 - CLI: A terminal-based interface for interacting with the Infisical API.
 - Kubernetes Operator: This operator retrieves secrets from Infisical and securely store

docs/mint.json

@@ -159,10 +159,16 @@
           "pages": [
             "self-hosting/overview",
             "self-hosting/deployment-options/standalone-infisical",
+            "self-hosting/deployment-options/docker-compose",
             "self-hosting/deployment-options/kubernetes-helm",
             "self-hosting/deployment-options/aws-ec2",
-            "self-hosting/deployment-options/docker-compose",
-            "self-hosting/deployment-options/digital-ocean-marketplace"
+            "self-hosting/deployment-options/aws-lightsail",
+            "self-hosting/deployment-options/gcp-cloud-run",
+            "self-hosting/deployment-options/azure-app-services",
+            "self-hosting/deployment-options/azure-container-instances",
+            "self-hosting/deployment-options/digital-ocean-marketplace",
+            "self-hosting/deployment-options/fly.io",
+            "self-hosting/deployment-options/railway"
           ]
         },
         "self-hosting/configuration/envars",

docs/sdks/languages/go.mdx

@@ -5,5 +5,4 @@ icon: "golang"
 
 Coming soon.
 
-Follow this GitHub
-[issue](https://github.com/Infisical/infisical/issues/436) to stay updated.
+Star our GitHub repository to stay updated [cross-language SDK](https://github.com/Infisical/sdk) GitHub repository to stay updated.

docs/sdks/languages/java.mdx

@@ -3,7 +3,307 @@ title: "Java"
 icon: "java"
 ---
 
-Coming soon.
+If you're working with Java, the official [Infisical Java SDK](https://github.com/Infisical/sdk/tree/main/languages/java) package is the easiest way to fetch and work with secrets for your application.
 
-Follow this GitHub
-[issue](https://github.com/Infisical/infisical/issues/434) to stay updated.
+## Basic Usage
+
+```java
+package com.example.app;
+
+import com.infisical.sdk.InfisicalClient;
+import com.infisical.sdk.schema.*;
+
+public class Example {
+    public static void main(String[] args) {
+        // Create a new Infisical Client
+        ClientSettings settings = new ClientSettings();
+        settings.setClientID("MACHINE_IDENTITY_CLIENT_ID");
+        settings.setClientSecret("MACHINE_IDENTITY_CLIENT_SECRET");
+        settings.setCacheTTL(Long.valueOf(300)); // 300 seconds, 5 minutes
+
+        InfisicalClient client = new InfisicalClient(settings);
+
+        // Create the options for fetching the secret
+        GetSecretOptions options = new GetSecretOptions();
+        options.setSecretName("TEST");
+        options.setEnvironment("dev");
+        options.setProjectID("PROJECT_ID");
+
+        // Fetch the sercret with the provided options
+        GetSecretResponseSecret secret = client.getSecret(options);
+
+        // Print the value
+        System.out.println(secret.getSecretValue());
+
+        // Important to avoid memory leaks!
+        // If you intend to use the client throughout your entire application, you can omit this line.
+        client.close();
+    }
+}
+```
+
+This example demonstrates how to use the Infisical Java SDK in a Java application. The application retrieves a secret named `TEST` from the `dev` environment of the `PROJECT_ID` project.
+
+<Warning>
+    We do not recommend hardcoding your [Machine Identity Tokens](/platform/identities/overview). Setting it as an environment variable would be best.
+</Warning>
+
+# Installation
+
+The Infisical Java SDK is hosted on the GitHub Packages Apache Maven registry. Because of this you need to configure your environment properly so it's able to pull dependencies from the GitHub registry. Please check [this guide from GitHub](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry) on how to achieve this.
+
+Our package is [located here](https://github.com/Infisical/sdk/packages/2019741). Please follow the installation guide on the page.
+
+# Configuration
+
+Import the SDK and create a client instance with your [Machine Identity](/platform/identities/universal-auth).
+
+```java
+import com.infisical.sdk.InfisicalClient;
+import com.infisical.sdk.schema.*;
+
+public class App {
+    public static void main(String[] args) {
+
+        ClientSettings settings = new ClientSettings();
+        settings.setClientID("MACHINE_IDENTITY_CLIENT_ID");
+        settings.setClientSecret("MACHINE_IDENTITY_CLIENT_SECRET");
+
+        InfisicalClient client = new InfisicalClient(settings); // Your client!
+    }
+}
+```
+
+### ClientSettings methods
+
+<ParamField query="options" type="object">
+    <Expandable title="properties">
+        <ParamField query="setClientID()" type="string" optional>
+            Your machine identity client ID.
+        </ParamField>
+          <ParamField query="setClientSecret()" type="string" optional>
+            Your machine identity client secret.
+        </ParamField>
+
+         <ParamField query="setAccessToken()" type="string" optional>
+            An access token obtained from the machine identity login endpoint.
+        </ParamField>
+
+        <ParamField query="setCacheTTL()" type="number" default="300" optional>
+            Time-to-live (in seconds) for refreshing cached secrets.
+            If manually set to 0, caching will be disabled, this is not recommended.
+        </ParamField>
+
+        <ParamField query="setSiteURL()" type="string" default="https://app.infisical.com" optional>
+            Your self-hosted absolute site URL including the protocol (e.g. `https://app.infisical.com`)
+        </ParamField>
+    </Expandable>
+
+</ParamField>
+
+### Caching
+
+To reduce the number of API requests, the SDK temporarily stores secrets it retrieves. By default, a secret remains cached for 5 minutes after it's first fetched. Each time it's fetched again, this 5-minute timer resets. You can adjust this caching duration by setting the "cacheTTL" option when creating the client.
+
+## Working with Secrets
+
+### client.listSecrets(options)
+
+```java
+ListSecretsOptions options = new ListSecretsOptions();
+options.setEnvironment("dev");
+options.setProjectID("PROJECT_ID");
+options.setPath("/foo/bar");
+options.setIncludeImports(false);
+
+SecretElement[] secrets = client.listSecrets(options);
+```
+
+Retrieve all secrets within the Infisical project and environment that client is connected to
+
+### Methods
+
+<ParamField query="Parameters" type="object">
+    <Expandable title="properties">
+        <ParamField query="setEnvironment()" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+
+        <ParamField query="setProjectID()" type="string">
+            The project ID where the secret lives in.
+        </ParamField>
+
+         <ParamField query="setPath()" type="string" optional>
+            The path from where secrets should be fetched from.
+        </ParamField>
+
+        <ParamField query="setAttachToProcessEnv()" type="boolean" default="false" optional>
+             Whether or not to set the fetched secrets to the process environment. If true, you can access the secrets like so `System.getenv("SECRET_NAME")`.
+        </ParamField>
+
+        <ParamField query="setIncludeImports()" type="boolean" default="false" optional>
+             Whether or not to include imported secrets from the current path. Read about [secret import](/documentation/platform/secret-reference)
+        </ParamField>
+    </Expandable>
+
+</ParamField>
+
+### client.getSecret(options)
+
+```java
+GetSecretOptions options = new GetSecretOptions();
+options.setSecretName("TEST");
+options.setEnvironment("dev");
+options.setProjectID("PROJECT_ID");
+
+GetSecretResponseSecret secret = client.getSecret(options);
+
+String secretValue = secret.getSecretValue();
+```
+
+Retrieve a secret from Infisical.
+
+By default, `getSecret()` fetches and returns a shared secret.
+
+### Methods
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="setSecretName()" type="string" required>
+            The key of the secret to retrieve.
+        </ParamField>
+        <ParamField query="setProjectID()" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="setEnvironment()" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="setPath()" type="string" optional>
+            The path from where secret should be fetched from.
+        </ParamField>
+        <ParamField query="setType()" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+### client.createSecret(options)
+
+```java
+CreateSecretOptions createOptions = new CreateSecretOptions();
+createOptions.setSecretName("NEW_SECRET");
+createOptions.setEnvironment("dev");
+createOptions.setProjectID("PROJECT_ID");
+createOptions.setSecretValue("SOME SECRET VALUE");
+createOptions.setPath("/"); // Default
+createOptions.setType("shared"); // Default
+
+CreateSecretResponseSecret newSecret = client.createSecret(createOptions);
+```
+
+Create a new secret in Infisical.
+
+### Methods
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="setSecretName()" type="string" required>
+            The key of the secret to create.
+        </ParamField>
+        <ParamField query="setSecretValue()" type="string" required>
+            The value of the secret.
+        </ParamField>
+        <ParamField query="setProjectID()" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="setEnvironment()" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="setPath()" type="string" optional>
+            The path from where secret should be created.
+        </ParamField>
+        <ParamField query="setType()" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+### client.updateSecret(options)
+
+```java
+UpdateSecretOptions options = new UpdateSecretOptions();
+
+options.setSecretName("SECRET_TO_UPDATE");
+options.setSecretValue("NEW SECRET VALUE");
+options.setEnvironment("dev");
+options.setProjectID("PROJECT_ID");
+options.setPath("/"); // Default
+options.setType("shared"); // Default
+
+UpdateSecretResponseSecret updatedSecret = client.updateSecret(options);
+```
+
+Update an existing secret in Infisical.
+
+### Methods
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="setSecretName()" type="string" required>
+            The key of the secret to update.
+        </ParamField>
+        <ParamField query="setSecretValue()" type="string" required>
+            The new value of the secret.
+        </ParamField>
+        <ParamField query="setProjectID()" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="setEnvironment()" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="setPath()" type="string" optional>
+            The path from where secret should be updated.
+        </ParamField>
+        <ParamField query="setType()" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+### client.deleteSecret(options)
+
+```java
+DeleteSecretOptions options = new DeleteSecretOptions();
+
+options.setSecretName("SECRET_TO_DELETE");
+options.setEnvironment("dev");
+options.setProjectID("PROJECT_ID");
+options.setPath("/"); // Default
+options.setType("shared"); // Default
+
+DeleteSecretResponseSecret deletedSecret = client.deleteSecret(options);
+```
+
+Delete a secret in Infisical.
+
+### Methods
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="setSecretName()" type="string">
+            The key of the secret to update.
+        </ParamField>
+        <ParamField query="setProjectID()" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="setEnvironment()" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="setPath()" type="string" optional>
+            The path from where secret should be deleted.
+        </ParamField>
+        <ParamField query="setType()" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>