Updated links

Restyle self-hosting docs for Docker / Docker Compose

backend/src/controllers/v1/universalAuthController.ts

@@ -129,9 +129,14 @@ export const renewAccessToken = async (req: Request, res: Response) => {
         accessTokenTTL,
         accessTokenLastRenewedAt,
         accessTokenMaxTTL,
-        createdAt: accessTokenCreatedAt
+        createdAt: accessTokenCreatedAt,
+        accessTokenNumUses,
+        accessTokenNumUsesLimit
     } = identityAccessToken;
 
+    if (accessTokenNumUses >= accessTokenNumUsesLimit) {
+        throw BadRequestError({ message: "Unable to renew because access token number of uses limit reached" })
+    }
 
     // ttl check
     if (accessTokenTTL > 0) {

backend/src/ee/controllers/v1/secretApprovalRequestsController.ts

@@ -174,7 +174,7 @@ export const getSecretApprovalRequestDetails = async (req: Request, res: Respons
   // allow to fetch only if its admin or is the committer or approver
   if (
     membership.role !== "admin" &&
-    secretApprovalRequest.committer !== membership.id &&
+    !secretApprovalRequest.committer.equals(membership.id) &&
     !secretApprovalRequest.policy.approvers.find(
       (approverId) => approverId.toString() === membership._id.toString()
     )

backend/src/services/TelemetryService.ts

@@ -8,12 +8,12 @@ import {
   getTelemetryEnabled,
 } from "../config";
 import {
+  Identity,
   ServiceTokenData,
-  User,
+  User
 } from "../models";
 import {
   AccountNotFoundError,
-  BadRequestError,
 } from "../utils/errors";
 
 class Telemetry {
@@ -52,6 +52,7 @@ class Telemetry {
   }: {
     authData: AuthData;
   }) => {
+
     let distinctId = "";
     if (authData.authPayload instanceof User) {
       distinctId = authData.authPayload.email;
@@ -61,12 +62,12 @@ class Telemetry {
         if (!user) throw AccountNotFoundError();
         distinctId = user.email;
       }
+    } else if (authData.authPayload instanceof Identity) {
+      distinctId = `identity-${authData.authPayload._id.toString()}`
+    } else {
+      distinctId = "unknown-auth-data"
     }
 
-    if (distinctId === "") throw BadRequestError({
-      message: "Failed to obtain distinct id for logging telemetry",
-    });
-    
     return distinctId;
   }
 }

backend/src/utils/authn/passport/saml.ts

@@ -154,6 +154,7 @@ export const initializeSamlStrategy = async () => {
               firstName,
               lastName,
               organizationName: organization?.name,
+              organizationId: organization?._id,
               authMethod: req.ssoConfig.authProvider,
               isUserCompleted,
               ...(req.body.RelayState ? {

backend/src/validation/serviceTokenData.ts

@@ -158,7 +158,7 @@ export const CreateServiceTokenV2 = z.object({
     encryptedKey: z.string().trim(),
     iv: z.string().trim(),
     tag: z.string().trim(),
-    expiresIn: z.number(),
+    expiresIn: z.number().nullable().optional(),
     permissions: z.enum(["read", "write"]).array()
   })
 });

cli/packages/cmd/agent.go

@@ -9,6 +9,7 @@ import (
 	"io/ioutil"
 	"os"
 	"os/signal"
+	"path"
 	"strings"
 	"sync"
 	"syscall"
@@ -189,7 +190,9 @@ func ProcessTemplate(templatePath string, data interface{}, accessToken string)
 		"secret": secretFunction,
 	}
 
-	tmpl, err := template.New(templatePath).Funcs(funcs).ParseFiles(templatePath)
+	templateName := path.Base(templatePath)
+
+	tmpl, err := template.New(templateName).Funcs(funcs).ParseFiles(templatePath)
 	if err != nil {
 		return nil, err
 	}

docs/documentation/platform/identities/universal-auth.mdx

@@ -24,11 +24,11 @@ using the Universal Auth authentication method.
   <Step title="Creating an identity">
     To create an identity, head to your Organization Settings > Access Control > Machine Identities and press **Create identity**.
 
-    ![identities organization](../../images/platform/identities/identities-org.png)
+    ![identities organization](/images/platform/identities/identities-org.png)
 
     When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
     
-    ![identities organization create](../../images/platform/identities/identities-org-create.png)
+    ![identities organization create](/images/platform/identities/identities-org-create.png)
 
     Now input a few details for your new identity. Here's some guidance for each field:
 
@@ -37,7 +37,7 @@ using the Universal Auth authentication method.
     
     Once you've created an identity, you'll be prompted to configure the **Universal Auth** authentication method for it.
     
-    ![identities organization create auth method](../../images/platform/identities/identities-org-create-auth-method.png)
+    ![identities organization create auth method](/images/platform/identities/identities-org-create-auth-method.png)
     
     Here's some more guidance on each field:
 
@@ -60,9 +60,9 @@ using the Universal Auth authentication method.
     and password used to authenticate with the Infisical API. With that, press on the key icon on the identity to generate a **Client Secret**
     for it.
     
-    ![identities client secret create](../../images/platform/identities/identities-org-client-secret.png)
-    ![identities client secret create](../../images/platform/identities/identities-org-client-secret-create-1.png)
-    ![identities client secret create](../../images/platform/identities/identities-org-client-secret-create-2.png)
+    ![identities client secret create](/images/platform/identities/identities-org-client-secret.png)
+    ![identities client secret create](/images/platform/identities/identities-org-client-secret-create-1.png)
+    ![identities client secret create](/images/platform/identities/identities-org-client-secret-create-2.png)
     
     Feel free to input any (optional) details for the **Client Secret** configuration:
     
@@ -77,9 +77,9 @@ using the Universal Auth authentication method.
 
     Next, select the identity you want to add to the project and the project level role you want to allow it to assume. The project role assigned will determine what project level resources this identity can have access to.
 
-    ![identities project](../../images/platform/identities/identities-project.png)
+    ![identities project](/images/platform/identities/identities-project.png)
     
-    ![identities project create](../../images/platform/identities/identities-project-create.png)
+    ![identities project create](/images/platform/identities/identities-project-create.png)
   </Step>
   <Step title="Accessing the Infisical API with the identity">
     To access the Infisical API as the identity, you should first perform a login operation

docs/documentation/platform/sso/azure.mdx

@@ -10,31 +10,32 @@ description: "Configure Azure SAML for Infisical SSO"
    then you should contact team@infisical.com to purchase an enterprise license to use it.
 </Info>
 
-1. In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
+<Steps>
+   <Step title="Prepare the SAML SSO configuration in Infisical">
+      In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
+
       Next, copy the **Reply URL (Assertion Consumer Service URL)** and **Identifier (Entity ID)** to use when configuring the Azure SAML application.
 
       ![Azure SAML initial configuration](../../../images/sso/azure/init-config.png)
-
-2. In the Azure Portal, navigate to the Azure Active Directory and select **Enterprise applications**. On this screen, select
-   **+ New application**.
+   </Step>
+   <Step title="Create a SAML application in Azure">
+      In the Azure Portal, navigate to the Azure Active Directory and select **Enterprise applications**. On this screen, select **+ New application**.
 
       ![Azure SAML enterprise applications](../../../images/sso/azure/enterprise-applications.png)
 
       ![Azure SAML new application](../../../images/sso/azure/new-application.png)
       
-2. On the next screen, press the **+ Create your own application** button.
+      On the next screen, press the **+ Create your own application** button.
       Give the application a unique name like Infisical; choose the "Integrate any other application you don't find in the gallery (Non-gallery)"
       option and hit the **Create** button.
 
       ![Azure SAML create own application](../../../images/sso/azure/create-own-application.png)
 
-3. On the application overview screen, select **Single sign-on** from the left sidebar. From there,
-   select the **SAML** single sign-on method.
+      On the application overview screen, select **Single sign-on** from the left sidebar. From there, select the **SAML** single sign-on method.
 
       ![Azure SAML sign on method](../../../images/sso/azure/sso-method.png)
 
-4. Next, select **Edit** in the **Basic SAML Configuration** section and add/set the **Identifier (Entity ID)**
-   to **Entity ID** and add/set the **Reply URL (Assertion Consumer Service URL)** to **ACS URL** from step 1.
+      Next, select **Edit** in the **Basic SAML Configuration** section and add/set the **Identifier (Entity ID)** to **Entity ID** and add/set the **Reply URL (Assertion Consumer Service URL)** to **ACS URL** from step 1.
 
       ![Azure SAML edit basic configuration](../../../images/sso/azure/edit-basic-config.png)
 
@@ -45,7 +46,7 @@ description: "Configure Azure SAML for Infisical SSO"
       `https://app.infisical.com` with your own domain.
       </Note>
 
-5. Back in the **Set up Single Sign-On with SAML** screen, select **Edit** in the **Attributes & Claims** section and configure the following map:
+      Back in the **Set up Single Sign-On with SAML** screen, select **Edit** in the **Attributes & Claims** section and configure the following map:
 
       - `email -> user.userprinciplename`
       - `firstName -> user.firstName`
@@ -55,14 +56,13 @@ description: "Configure Azure SAML for Infisical SSO"
 
       ![Azure SAML edit attributes and claims 2](../../../images/sso/azure/edit-attributes-claims-2.png)
 
-6. Back in the **Set up Single Sign-On with SAML** screen, select **Edit** in the **SAML Certificates** section and set the **Signing Option** field to **Sign SAML response and assertion**.
+      Back in the **Set up Single Sign-On with SAML** screen, select **Edit** in the **SAML Certificates** section and set the **Signing Option** field to **Sign SAML response and assertion**.
 
       ![Azure SAML edit certificate](../../../images/sso/azure/edit-saml-certificate.png)
 
       ![Azure SAML edit certificate signing option](../../../images/sso/azure/edit-saml-certificate-2.png)
-
-7. Get IdP values:
-
+   </Step>
+   <Step title="Retrieve Identity Provider (IdP) Information from Okta">
       In the **Set up Single Sign-On with SAML** screen, copy the **Login URL** and **SAML Certificate** to use when finishing configuring Azure SAML in Infisical.
 
       ![Azure SAML identity provider values 1](../../../images/sso/azure/idp-values.png)
@@ -70,8 +70,9 @@ In the **Set up Single Sign-On with SAML** screen, copy the **Login URL** and **
       In the **Properties** screen, copy the **Application ID** to use when finishing configuring Azure SAML in Infisical.
 
       ![Azure SAML identity provider values 2](../../../images/sso/azure/idp-values-2.png)
-
-Back in Infisical, set **Login URL**, **Azure Application ID**, and **SAML Certificate** from above. Once you've done that, press **Update** to complete the required configuration.
+   </Step>
+   <Step title="Finish configuring SAML in Infisical">
+      Back in Infisical, set **Login URL**, **Azure Application ID**, and **SAML Certificate** from step 3. Once you've done that, press **Update** to complete the required configuration.
 
       ![Azure SAML paste identity provider values](../../../images/sso/azure/idp-values-3.png)
 
@@ -83,24 +84,23 @@ When pasting the certificate into Infisical, you'll want to retain `-----BEGIN
       Having trouble?, try copying the X509 certificate information from the Federation Metadata XML file in Azure.
 
       </Note>
-
-7. Assignments
-
+   </Step>
+   <Step title="Assign users in Azure to the application">
       Back in Azure, navigate to the **Users and groups** tab and select **+ Add user/group** to assign access to the login with SSO application on a user or group-level.
+      
       ![Azure SAML assignment](../../../images/sso/azure/assignment.png)
-
-8. Return to Infisical and enable SAML SSO.
-
+   </Step>   
+   <Step title="Enable SAML SSO in Infisical">
       Enabling SAML SSO enforces all members in your organization to only be able to log into Infisical via Azure.
 
       ![Azure SAML assignment](../../../images/sso/azure/enable-saml.png)
+   </Step>
+</Steps>
 
 <Note>
    If you're configuring SAML SSO on a self-hosted instance of Infisical, make sure to
-   set the `JWT_PROVIDER_AUTH_SECRET` and `SITE_URL` environment variable for it to work:
+   set the `AUTH_SECRET` and `SITE_URL` environment variable for it to work:
    
-   - `JWT_PROVIDER_AUTH_SECRET`: This is secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
+   - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
    - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
 </Note>
-
-

docs/documentation/platform/sso/github.mdx

@@ -5,8 +5,8 @@ description: "Configure GitHub SSO for Infisical"
 
 Using GitHub SSO on a self-hosted instance of Infisical requires configuring an OAuth2 application in GitHub and registering your instance with it.
 
-## Create an OAuth application in GitHub
-
+<Steps>
+  <Step title="Create an OAuth application in GitHub">
     Navigate to your user Settings > Developer settings > OAuth Apps to create a new GitHub OAuth application.
 
     ![GitHub settings](../../../images/sso/github/settings.png)
@@ -22,9 +22,8 @@ and the **Authorization callback URL** to `https://your-domain.com/api/v1/sso/gi
         If you have a GitHub organization, you can create an OAuth application under it
         in your organization Settings > Developer settings > OAuth Apps > New Org OAuth App.
     </Note>
-
-## Add your OAuth application credentials to Infisical
-
+  </Step>
+  <Step title="Add your OAuth application credentials to Infisical">
     Obtain the **Client ID** and generate a new **Client Secret** for your GitHub OAuth application.
 
     ![GCP obtain OAuth2 credentials](../../../images/sso/github/credentials.png)
@@ -33,10 +32,12 @@ Back in your Infisical instance, make sure to set the following environment vari
 
     - `CLIENT_ID_GITHUB_LOGIN`: The **Client ID** of your GitHub OAuth application.
     - `CLIENT_SECRET_GITHUB_LOGIN`: The **Client Secret** of your GitHub OAuth application.
-- `JWT_PROVIDER_AUTH_SECRET`: A secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
+    - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
     - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
       
     Once added, restart your Infisical instance and log in with GitHub.
+  </Step>
+</Steps>
 
 ## FAQ
 
@@ -45,7 +46,7 @@ Once added, restart your Infisical instance and log in with GitHub.
     It is likely that you have misconfigured your self-hosted instance of Infisical. You should:
 
     - Check that you have set the `CLIENT_ID_GITHUB_LOGIN`, `CLIENT_SECRET_GITHUB_LOGIN`, 
-    `JWT_PROVIDER_AUTH_SECRET`, and `SITE_URL` environment variables.
+    `AUTH_SECRET`, and `SITE_URL` environment variables.
     - Check that the **Authorization callback URL** specified in GitHub matches the `SITE_URL` environment variable.
     For example, if the former is `https://app.infisical.com/api/v1/sso/github` then the latter should be `https://app.infisical.com`.
   </Accordion>

docs/documentation/platform/sso/gitlab.mdx

@@ -5,8 +5,8 @@ description: "Configure GitLab SSO for Infisical"
 
 Using GitLab SSO on a self-hosted instance of Infisical requires configuring an OAuth application in GitLab and registering your instance with it.
 
-## Create an OAuth application in GitLab
-
+<Steps>
+  <Step title="Create an OAuth application in GitLab">
     Navigate to your user Settings > Applications to create a new GitLab application.
 
     ![sso gitlab config](/images/sso/gitlab/edit-profile.png) 
@@ -21,9 +21,8 @@ Note that only `read_user` is required as part of the **Scopes** configuration.
         If you have a GitLab group, you can create an OAuth application under it
         in your group Settings > Applications.
     </Note>
-
-## Add your OAuth application credentials to Infisical
-
+  </Step>
+  <Step title="Add your OAuth application credentials to Infisical">
     Obtain the **Application ID** and **Secret** for your GitLab application.
 
     ![sso gitlab config](/images/sso/gitlab/credentials.png) 
@@ -33,10 +32,12 @@ Back in your Infisical instance, make sure to set the following environment vari
     - `CLIENT_ID_GITLAB_LOGIN`: The **Client ID** of your GitLab application.
     - `CLIENT_SECRET_GITLAB_LOGIN`: The **Secret** of your GitLab application.
     - (optional) `URL_GITLAB_LOGIN`: The URL of your self-hosted instance of GitLab where the OAuth application is registered. If no URL is passed in, this will default to `https://gitlab.com`.
-- `JWT_PROVIDER_AUTH_SECRET`: A secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
+    - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
     - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
       
     Once added, restart your Infisical instance and log in with GitLab.
+  </Step>
+</Steps>
 
 ## FAQ
 
@@ -45,7 +46,7 @@ Once added, restart your Infisical instance and log in with GitLab.
     It is likely that you have misconfigured your self-hosted instance of Infisical. You should:
 
     - Check that you have set the `CLIENT_ID_GITLAB_LOGIN`, `CLIENT_SECRET_GITLAB_LOGIN`, 
-    `JWT_PROVIDER_AUTH_SECRET`, and `SITE_URL` environment variables.
+    `AUTH_SECRET`, and `SITE_URL` environment variables.
     - Check that the **Redirect URI** specified in GitLab matches the `SITE_URL` environment variable.
     For example, if the former is `https://app.infisical.com/api/v1/sso/gitlab` then the latter should be `https://app.infisical.com`.
   </Accordion>

docs/documentation/platform/sso/google.mdx

@@ -5,8 +5,8 @@ description: "Configure Google SSO for Infisical"
 
 Using Google SSO on a self-hosted instance of Infisical requires configuring an OAuth2 application in GCP and registering your instance with it.
 
-## Create an OAuth2 application in GCP
-
+<Steps>
+  <Step title="Create an OAuth2 application in GCP">
     Navigate to your project API & Services > Credentials to create a new OAuth2 application.
         
     ![GCP API services](../../../images/sso/google/api-services.png)
@@ -15,9 +15,8 @@ Navigate to your project API & Services > Credentials to create a new OAuth2 app
     Create the application. As part of the form, add to **Authorized redirect URIs**: `https://your-domain.com/api/v1/sso/google`.
 
     ![GCP create new OAuth2 application form](../../../images/sso/google/new-app-form.png)
-
-## Add your OAuth2 application credentials to Infisical
-   
+  </Step>
+  <Step title="Add your OAuth2 application credentials to Infisical">
     Obtain the **Client ID** and **Client Secret** for your GCP OAuth2 application.
 
     ![GCP obtain OAuth2 credentials](../../../images/sso/google/credentials.png)
@@ -26,10 +25,12 @@ Back in your Infisical instance, make sure to set the following environment vari
 
     - `CLIENT_ID_GOOGLE_LOGIN`: The **Client ID** of your GCP OAuth2 application.
     - `CLIENT_SECRET_GOOGLE_LOGIN`: The **Client Secret** of your GCP OAuth2 application.
-- `JWT_PROVIDER_AUTH_SECRET`: A secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
+    - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
     - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
       
     Once added, restart your Infisical instance and log in with Google
+  </Step>
+</Steps>
 
 ## FAQ
 
@@ -38,7 +39,7 @@ Once added, restart your Infisical instance and log in with Google
     It is likely that you have misconfigured your self-hosted instance of Infisical. You should:
 
     - Check that you have set the `CLIENT_ID_GOOGLE_LOGIN`, `CLIENT_SECRET_GOOGLE_LOGIN`, 
-    `JWT_PROVIDER_AUTH_SECRET`, and `SITE_URL` environment variables.
+    `AUTH_SECRET`, and `SITE_URL` environment variables.
     - Check that the **Authorized redirect URI** specified in GCP matches the `SITE_URL` environment variable.
     For example, if the former is `https://app.infisical.com/api/v1/sso/google` then the latter should be `https://app.infisical.com`.
   </Accordion>

docs/documentation/platform/sso/jumpcloud.mdx

@@ -10,34 +10,37 @@ description: "Configure JumpCloud SAML for Infisical SSO"
    then you should contact team@infisical.com to purchase an enterprise license to use it.
 </Info>
 
-1. In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
+<Steps>
+   <Step title="Prepare the SAML SSO configuration in Infisical">
+      In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
+
       Next, copy the **ACS URL** and **SP Entity ID** to use when configuring the JumpCloud SAML application.
 
       ![JumpCloud SAML initial configuration](../../../images/sso/jumpcloud/init-config.png)
-
-2. In the JumpCloud Admin Portal, navigate to User Authentication > SSO and create an application. If this is your first application, select **Get Started**;
-   if not, select **+Add New Application**
+   </Step>
+   <Step title="Create a SAML application in JumpCloud">
+      2.1. In the JumpCloud Admin Portal, navigate to User Authentication > SSO and create an application. If this is your first application, select **Get Started**; if not, select **+Add New Application**
 
       ![JumpCloud SAML new application](../../../images/sso/jumpcloud/new-application.png)
 
-3. Next, select **Custom SAML App** to open up the **New SSO** dialog.
+      2.2. Next, select **Custom SAML App** to open up the **New SSO** dialog.
 
       ![JumpCloud custom SAML app](../../../images/sso/jumpcloud/custom-saml-app.png)
 
-4. In the **General Info** tab, give the application a unique name like Infisical.
+      2.3. In the **General Info** tab, give the application a unique name like Infisical.
 
       ![JumpCloud general info](../../../images/sso/jumpcloud/general-info.png)
 
-5. In the **SSO** tab, set the **SP Entity ID** and **ACS URL** from step 1; set the **IdP Entity ID** to the same value as the **SP Entity ID**.
+      2.4. In the **SSO** tab, set the **SP Entity ID** and **ACS URL** from step 1; set the **IdP Entity ID** to the same value as the **SP Entity ID**.
 
       ![JumpCloud edit basic config](../../../images/sso/jumpcloud/edit-basic-config.png)
 
-6. On the same tab, check the **Sign Assertion** checkbox and fill the **IDP URL** to something unique.
+      2.5. On the same tab, check the **Sign Assertion** checkbox and fill the **IDP URL** to something unique.
          Copy the **IDP URL** to use when finishing configuring the JumpCloud SAML in Infisical.
 
       ![JumpCloud edit basic config 2](../../../images/sso/jumpcloud/edit-basic-config-2.png)
 
-7. On the same tab, in the **Attributes** section, configure the following map:
+      2.6. On the same tab, in the **Attributes** section, configure the following map:
 
       - `email -> email`
       - `firstName -> firstname`
@@ -47,11 +50,12 @@ description: "Configure JumpCloud SAML for Infisical SSO"
 
       Finally press activate to create the SAML application.
 
-8. Next, select the newly created SAML application and select **Download certificate** under the **IDP Certificate Valid** dropdown
+      2.7. Next, select the newly created SAML application and select **Download certificate** under the **IDP Certificate Valid** dropdown
 
       ![JumpCloud download certificate](../../../images/sso/jumpcloud/download-saml-certificate.png)
-
-9. Back in Infisical, set the **IDP URL** from step 6 and the **IdP Entity ID** from step 5. Also, paste the certificate from the previous step.
+   </Step>
+   <Step title="Finish configuring SAML in Infisical">
+      Back in Infisical, set the **IDP URL** from step 2.5 and the **IdP Entity ID** from step 2.4. Also, paste the certificate from the previous step.
 
       ![JumpCloud IdP values](../../../images/sso/jumpcloud/idp-values.png)
 
@@ -60,23 +64,23 @@ Finally press activate to create the SAML application.
          CERTIFICATE-----` and `-----END CERTIFICATE-----` at the first and last line
          of the text area respectively.
       </Note>
-
-10. Assignments
-
+   </Step>
+   <Step title="Assign users in JumpCloud to the application">
       Back in JumpCloud, navigate to the **User Groups** tab and assign users to the newly created application.
 
       ![JumpCloud SAML assignment](../../../images/sso/jumpcloud/assignment.png)
-
-11. Return to Infisical and enable SAML SSO.
-
+   </Step>
+   <Step title="Enable SAML SSO in Infisical">
       Enabling SAML SSO enforces all members in your organization to only be able to log into Infisical via JumpCloud.
 
       ![JumpCloud SAML assignment](../../../images/sso/jumpcloud/enable-saml.png)
+   </Step>
+</Steps>
 
 <Note>
    If you're configuring SAML SSO on a self-hosted instance of Infisical, make sure to
-   set the `JWT_PROVIDER_AUTH_SECRET` and `SITE_URL` environment variable for it to work:
+   set the `AUTH_SECRET` and `SITE_URL` environment variable for it to work:
    
-   - `JWT_PROVIDER_AUTH_SECRET`: This is secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
+   - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
    - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
 </Note>

docs/documentation/platform/sso/okta.mdx

@@ -10,26 +10,28 @@ description: "Configure Okta SAML 2.0 for Infisical SSO"
    then you should contact team@infisical.com to purchase an enterprise license to use it.
 </Info>
 
-1. In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
+<Steps>
+   <Step title="Prepare the SAML SSO configuration in Infisical">
+      In Infisical, head over to your organization Settings > Authentication > SAML SSO Configuration and select **Set up SAML SSO**.
+      
       Next, copy the **Single sign-on URL** and **Audience URI (SP Entity ID)** to use when configuring the Okta SAML 2.0 application.
-
       ![Okta SAML initial configuration](../../../images/sso/okta/init-config.png)
-
-2. In the Okta Admin Portal, select Applications > Applications from the
-   navigation. On the Applications screen, select the **Create App Integration**
+   </Step>
+   <Step title="Create a SAML application in Okta">
+      In the Okta Admin Portal, select Applications > Applications from the navigation. On the Applications screen, select the **Create App Integration**
       button.
 
       ![SAML Okta create app integration](../../../images/sso/okta/create-app-integration.png)
       
-3. In the Create a New Application Integration dialog, select the **SAML 2.0** radio button:
+      In the Create a New Application Integration dialog, select the **SAML 2.0** radio button:
 
       ![SAML Okta create SAML 2.0 integration](../../../images/sso/okta/create-saml-app.png)
       
-4. On the General Settings screen, give the application a unique name like Infisical and select **Next**.
+      On the General Settings screen, give the application a unique name like Infisical and select **Next**.
       
       ![SAML Okta create SAML 2.0 integration](../../../images/sso/okta/general-settings.png)
       
-5. On the Configure SAML screen, set the **Single sign-on URL** and **Audience URI (SP Entity ID)** from step 1.
+      On the Configure SAML screen, set the **Single sign-on URL** and **Audience URI (SP Entity ID)** from step 1.
 
       ![SAML Okta configure IdP fields](../../../images/sso/okta/configure-saml.png)
       
@@ -38,7 +40,7 @@ description: "Configure Okta SAML 2.0 for Infisical SSO"
          `https://app.infisical.com` with your own domain.
       </Note>
       
-6. Also on the Configure SAML screen, configure the **Attribute Statements** to map:
+      Also on the Configure SAML screen, configure the **Attribute Statements** to map:
 
       - `id -> user.id`,
       - `email -> user.email`,
@@ -48,9 +50,8 @@ description: "Configure Okta SAML 2.0 for Infisical SSO"
       ![SAML Okta attribute statements](../../../images/sso/okta/attribute-statements.png)
 
       Once configured, select **Next** to proceed to the Feedback screen and select **Finish**.
-
-7. Get IdP values
-
+   </Step>
+   <Step title="Retrieve Identity Provider (IdP) Information from Okta">
       Once your application is created, select the **Sign On** tab for the app and select the **View Setup Instructions** button located on the right side of the screen:
 
       ![SAML Okta view setup instructions](../../../images/sso/okta/view-setup-instructions.png)
@@ -58,30 +59,31 @@ Once your application is created, select the **Sign On** tab for the app and sel
       Copy the **Identity Provider Single Sign-On URL**, the **Identity Provider Issuer**, and the **X.509 Certificate** to use when finishing configuring Okta SAML in Infisical.
 
       ![SAML Okta IdP values](../../../images/sso/okta/idp-values.png)
-
+   </Step>
+   <Step title="Finish configuring SAML in Infisical">
       Back in Infisical, set **Identity Provider Single Sign-On URL**, **Identity Provider Issuer**,
-and **Certificate** to **X.509 Certificate** from above. Once you've done that, press **Update** to complete the required configuration.
+      and **Certificate** to **X.509 Certificate** from step 3. Once you've done that, press **Update** to complete the required configuration.
 
       ![SAML Okta paste values into Infisical](../../../images/sso/okta/idp-values-2.png)
-
-8. Finally, navigate to the **Assignments** tab and select **Assign**
-
-You can assign access to the application on a user-by-user basis using the Assign to People option, or in-bulk using the Assign to Groups option.
+   </Step>
+   <Step title="Assign users in Okta to the application">
+      Back in Okta, navigate to the **Assignments** tab and select **Assign**. You can assign access to the application on a user-by-user basis using the Assign to People option, or in-bulk using the Assign to Groups option.
 
       ![SAML Okta assignment](../../../images/sso/okta/assignment.png)
 
       At this point, you have configured everything you need within the context of the Okta Admin Portal.
-
-9. Return to Infisical and enable SAML SSO.
-
+   </Step>
+   <Step title="Enable SAML SSO in Infisical">
       Enabling SAML SSO enforces all members in your organization to only be able to log into Infisical via Okta.
 
       ![SAML Okta assignment](../../../images/sso/okta/enable-saml.png)
+   </Step>
+</Steps>
 
 <Note>
    If you're configuring SAML SSO on a self-hosted instance of Infisical, make sure to
-   set the `JWT_PROVIDER_AUTH_SECRET` and `SITE_URL` environment variable for it to work:
+   set the `AUTH_SECRET` and `SITE_URL` environment variable for it to work:
    
-   - `JWT_PROVIDER_AUTH_SECRET`: This is secret key used for signing and verifying JWT. This could be a randomly-generated 256-bit hex string.
+   - `AUTH_SECRET`: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with `openssl rand -base64 32`.
    - `SITE_URL`: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
 </Note>

docs/infisical-agent/overview.mdx

@@ -56,7 +56,7 @@ While specifying an authentication method is mandatory to start the agent, confi
 ## Quick start Infisical Agent
 To install the Infisical agent, you must first install the [Infisical CLI](../cli/overview) in the desired environment where you'd like the agent to run. This is because the Infisical agent is a sub-command of the Infisical CLI.
 
-Once you have the CLI installed, you will need to provision programmatic access for the agent via [Universal Auth](documentation/platform/identities/universal-auth). To obtain a **Client ID** and a **Client Secret**, follow the step by step guide outlined [here](documentation/platform/identities/universal-auth).
+Once you have the CLI installed, you will need to provision programmatic access for the agent via [Universal Auth](/documentation/platform/identities/universal-auth). To obtain a **Client ID** and a **Client Secret**, follow the step by step guide outlined [here](/documentation/platform/identities/universal-auth).
 
 Next, create agent config file as shown below.
 

docs/integrations/cicd/bitbucket.mdx

@@ -7,12 +7,12 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+<Steps>
+  <Step title="Authorize Infisical for Bitbucket">
+    Navigate to your project's integrations tab in Infisical.
 
     ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for Bitbucket
-
     Press on the Bitbucket tile and grant Infisical access to your Bitbucket account.
 
     ![integrations bitbucket authorization](../../images/integrations/bitbucket/integrations-bitbucket-auth.png)
@@ -23,9 +23,10 @@ Press on the Bitbucket tile and grant Infisical access to your Bitbucket account
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which Bitbucket repo and press start integration to start syncing secrets to the repo.
 
     ![integrations bitbucket](../../images/integrations/bitbucket/integrations-bitbucket.png)
+  </Step>
+</Steps>

docs/integrations/cicd/circleci.mdx

@@ -7,16 +7,16 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Authorize Infisical for CircleCI
-
+<Steps>
+  <Step title="Authorize Infisical for CircleCI">
     Obtain an API token in User Settings > Personal API Tokens
 
     ![integrations circleci token](../../images/integrations/circleci/integrations-circleci-token.png)
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the CircleCI tile and input your CircleCI API token to grant Infisical access to your CircleCI account.
 
     ![integrations circleci authorization](../../images/integrations/circleci/integrations-circleci-auth.png)
@@ -27,10 +27,11 @@ Press on the CircleCI tile and input your CircleCI API token to grant Infisical
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which CircleCI project and press create integration to start syncing secrets to CircleCI.
 
     ![create integration circleci](../../images/integrations/circleci/integrations-circleci-create.png)
     ![integrations circleci](../../images/integrations/circleci/integrations-circleci.png)
+  </Step>
+</Steps>

docs/integrations/cicd/codefresh.mdx

@@ -7,17 +7,17 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Authorize Infisical for Codefresh
-
+<Steps>
+  <Step title="Authorize Infisical for Codefresh">
     Obtain an API key in User Settings > API Keys
 
     ![integrations codefresh dashboard](../../images/integrations/codefresh/integrations-codefresh-dashboard.png)
     ![integrations codefresh token](../../images/integrations/codefresh/integrations-codefresh-token.png)
     
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+    
     Press on the Codefresh tile and input your Codefresh API key to grant Infisical access to your Codefresh account.
 
     ![integrations codefresh authorization](../../images/integrations/codefresh/integrations-codefresh-auth.png)
@@ -28,10 +28,11 @@ Press on the Codefresh tile and input your Codefresh API key to grant Infisical
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which Codefresh service and press create integration to start syncing secrets to Codefresh.
 
     ![create integration codefresh](../../images/integrations/codefresh/integrations-codefresh-create.png)
     ![integrations codefresh](../../images/integrations/codefresh/integrations-codefresh.png)
+  </Step>
+</Steps>

docs/integrations/cicd/githubactions.mdx

@@ -14,12 +14,12 @@ Prerequisites:
     - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
     - Ensure you have admin privileges to the repo you want to sync secrets to.
 
-## Navigate to your project's integrations tab
+    <Steps>
+      <Step title="Authorize Infisical for GitHub">
+        Navigate to your project's integrations tab in Infisical.
 
         ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for GitHub
-
         Press on the GitHub tile and grant Infisical access to your GitHub account (repo privileges only).
 
         ![integrations github authorization](../../images/integrations/github/integrations-github-auth.png)
@@ -28,19 +28,19 @@ Press on the GitHub tile and grant Infisical access to your GitHub account (repo
           If this is your project's first cloud integration, then you'll have to grant Infisical access to your project's environment variables.
           Although this step breaks E2EE, it's necessary for Infisical to sync the environment variables to the cloud platform.
         </Info>
-
-## Start integration
-
+      </Step>
+      <Step title="Start integration">
         Select which Infisical environment secrets you want to sync to which GitHub repo and press start integration to start syncing secrets to the repo.
 
         ![integrations github](../../images/integrations/github/integrations-github.png)
+      </Step>
+    </Steps>
   </Tab>
   <Tab title="Self-Hosted Setup">
     Using the GitHub integration on a self-hosted instance of Infisical requires configuring an OAuth application in GitHub
     and registering your instance with it.
-    
-    ## Create an OAuth application in GitHub
-    
+    <Steps>
+      <Step title="Create an OAuth application in GitHub">
         Navigate to your user Settings > Developer settings > OAuth Apps to create a new GitHub OAuth application.
         
         ![integrations github config](../../images/integrations/github/integrations-github-config-settings.png) 
@@ -56,9 +56,8 @@ Select which Infisical environment secrets you want to sync to which GitHub repo
           If you have a GitHub organization, you can create an OAuth application under it
           in your organization Settings > Developer settings > OAuth Apps > New Org OAuth App.
         </Note>
-    
-    ## Add your OAuth application credentials to Infisical
-    
+      </Step>
+      <Step title="Add your OAuth application credentials to Infisical">
         Obtain the **Client ID** and generate a new **Client Secret** for your GitHub OAuth application.
       
         ![integrations github config](../../images/integrations/github/integrations-github-config-credentials.png) 
@@ -69,7 +68,8 @@ Select which Infisical environment secrets you want to sync to which GitHub repo
         - `CLIENT_SECRET_GITHUB`: The **Client Secret** of your GitHub OAuth application.
       
         Once added, restart your Infisical instance and use the GitHub integration.
-   
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cicd/gitlab.mdx

@@ -6,17 +6,16 @@ description: "How to sync secrets from Infisical to GitLab"
 <Tabs>
   <Tab title="Usage">
     Prerequisites:
-
     - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
     <AccordionGroup>
       <Accordion title="Standard">
-  ## Navigate to your project's integrations tab
+        <Steps>
+          <Step title="Authorize Infisical for GitLab">
+            Navigate to your project's integrations tab in Infisical.
 
             ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for GitLab
-
             Press on the GitLab tile and grant Infisical access to your GitLab account.
 
             ![integrations gitlab authorization](../../images/integrations/gitlab/integrations-gitlab-auth.png)
@@ -27,8 +26,8 @@ Press on the GitLab tile and grant Infisical access to your GitLab account.
               breaks E2EE, it's necessary for Infisical to sync the environment variables to
               the cloud platform.
             </Info>
-## Start integration
-
+          </Step>
+          <Step title="Start integration">
             Select which Infisical environment secrets you want to sync to which GitLab repository and press create integration to start syncing secrets to GitLab.
 
             ![integrations gitlab](../../images/integrations/gitlab/integrations-gitlab-create.png)
@@ -38,23 +37,22 @@ Note that the GitLab integration supports a few options in the **Options** tab:
             - Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
             - Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
 
-Setting a secret prefix or suffix ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GitLab without the specified prefix or suffix.
+            Setting a secret prefix or suffix ensures that existing secrets in GitLab are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GitLab without the specified prefix or suffix.
 
             ![integrations gitlab options](../../images/integrations/gitlab/integrations-gitlab-create-options.png)
 
             ![integrations gitlab](../../images/integrations/gitlab/integrations-gitlab.png)
+          </Step>
+        </Steps>
       </Accordion>
       <Accordion title="Pipeline">
-  ## Generate service token
-
+        <Steps>
+          <Step title="Authorize Infisical for GitLab">
             Generate an [Infisical Token](/documentation/platform/token) for the specific project and environment in Infisical.
 
-## Set the Infisical Token in Gitlab
-
-Create a new variable called `INFISICAL_TOKEN` with the value set to the token from the previous step in Settings > CI/CD > Variables of your GitLab repository.
-
-## Configure Infisical in your pipeline
-
+            Next, create a new variable called `INFISICAL_TOKEN` with the value set to the token from the previous step in Settings > CI/CD > Variables of your GitLab repository.
+          </Step>
+          <Step title="Configure Infisical in your pipeline">
             Edit your `.gitlab-ci.yml` to include the Infisical CLI installation. This will allow you to use the CLI for fetching and injecting secrets into any script or command within your Gitlab CI/CD process.
 
             #### Example
@@ -75,6 +73,8 @@ build-job:
                 - apt-get update && apt-get install -y infisical
                 - infisical run -- npm run build
             ```
+          </Step>
+        </Steps>
       </Accordion>
     </AccordionGroup>
   </Tab>
@@ -82,8 +82,8 @@ build-job:
     Using the GitLab integration on a self-hosted instance of Infisical requires configuring an application in GitLab
     and registering your instance with it.
     
-  ## Create an OAuth application in GitLab
-    
+    <Steps>
+      <Step title="Create an OAuth application in GitLab">
         Navigate to your user Settings > Applications to create a new GitLab application.
       
         ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-edit-profile.png) 
@@ -97,9 +97,8 @@ build-job:
           If you have a GitLab group, you can create an OAuth application under it
           in your group Settings > Applications.
         </Note>
-   
-   ## Add your OAuth application credentials to Infisical
-   
+      </Step>
+      <Step title="Add your OAuth application credentials to Infisical">
         Obtain the **Application ID** and **Secret** for your GitLab application.
         
         ![integrations gitlab config](../../images/integrations/gitlab/integrations-gitlab-config-credentials.png) 
@@ -110,7 +109,8 @@ build-job:
         - `CLIENT_SECRET_GITLAB`: The **Secret** of your GitLab application.
         
         Once added, restart your Infisical instance and use the GitLab integration.
-  
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cicd/travisci.mdx

@@ -7,16 +7,16 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Authorize Infisical for Travis CI
-
+<Steps>
+  <Step title="Authorize Infisical for Travis CI">
     Obtain your API token in User Settings > API authentication > Token
 
     ![integrations travis ci token](../../images/integrations/travis-ci/integrations-travisci-token.png)
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Travis CI tile and input your Travis CI API token to grant Infisical access to your Travis CI account.
 
     ![integrations travis ci authorization](../../images/integrations/travis-ci/integrations-travisci-auth.png)
@@ -27,10 +27,11 @@ Press on the Travis CI tile and input your Travis CI API token to grant Infisica
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which Travis CI repository and press create integration to start syncing secrets to Travis CI.
 
     ![create integration travis ci](../../images/integrations/travis-ci/integrations-travisci-create.png)
     ![integrations travis ci](../../images/integrations/travis-ci/integrations-travisci.png)
+  </Step>
+</Steps>

docs/integrations/cloud/aws-parameter-store.mdx

@@ -8,8 +8,8 @@ Prerequisites:
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 - Set up AWS and have/create an IAM user
 
-## Grant the IAM user permissions to access AWS Parameter Store
-
+<Steps>
+  <Step title="Grant the IAM user permissions to access AWS Parameter Store">
     Navigate to your IAM user permissions and add a permission policy to grant access to AWS Parameter Store.
 
     ![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png)
@@ -36,19 +36,18 @@ For enhanced security, here's a custom policy containing the minimum permissions
       ]
     }
     ```
-
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Authorize Infisical for AWS Parameter store
-
+  </Step>
+  <Step title="Authorize Infisical for AWS Parameter store">
     Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys
 
       ![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png)
       ![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
       ![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
       
+      Navigate to your project's integrations tab in Infisical.
+
+      ![integrations](../../images/integrations.png)
+
       Press on the AWS Parameter Store tile and input your AWS access key ID and secret access key from the previous step.
 
       ![integration auth](../../images/integrations/aws/integrations-aws-parameter-store-auth.png)
@@ -59,9 +58,8 @@ Press on the AWS Parameter Store tile and input your AWS access key ID and secre
         breaks E2EE, it's necessary for Infisical to sync the environment variables to
         the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which AWS Parameter Store region and indicate the path for your secrets. Then, press create integration to start syncing secrets to AWS Parameter Store.
 
     ![integration create](../../images/integrations/aws/integrations-aws-parameter-store-create.png)
@@ -73,3 +71,6 @@ Select which Infisical environment secrets you want to sync to which AWS Paramet
       secret like `TEST` to be stored as `/[project_name]/[environment]/TEST` in AWS
       Parameter Store.
     </Tip>
+  </Step>
+</Steps>
+

docs/integrations/cloud/aws-secret-manager.mdx

@@ -8,8 +8,8 @@ Prerequisites:
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 - Set up AWS and have/create an IAM user
 
-## Grant the IAM user permissions to access AWS Secrets Manager
-
+<Steps>
+  <Step title="Grant the IAM user permissions to access AWS Secrets Manager">
     Navigate to your IAM user permissions and add a permission policy to grant access to AWS Secrets Manager.
 
     ![integration IAM 1](../../images/integrations/aws/integrations-aws-iam-1.png)
@@ -35,19 +35,18 @@ For better security, here's a custom policy containing the minimum permissions r
       ]
     }
     ```
-
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Authorize Infisical for AWS Secrets Manager
-
+  </Step>
+  <Step title="Authorize Infisical for AWS Secrets Manager">
     Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys
 
     ![access key 1](../../images/integrations/aws/integrations-aws-access-key-1.png)
     ![access key 2](../../images/integrations/aws/integrations-aws-access-key-2.png)
     ![access key 3](../../images/integrations/aws/integrations-aws-access-key-3.png)
     
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the AWS Secrets Manager tile and input your AWS access key ID and secret access key from the previous step.
 
     ![integration auth](../../images/integrations/aws/integrations-aws-secret-manager-auth.png)
@@ -58,9 +57,8 @@ Press on the AWS Secrets Manager tile and input your AWS access key ID and secre
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which AWS Secrets Manager region and under which secret name. Then, press create integration to start syncing secrets to AWS Secrets Manager.
 
     ![integration create](../../images/integrations/aws/integrations-aws-secret-manager-create.png)
@@ -71,3 +69,5 @@ Select which Infisical environment secrets you want to sync to which AWS Secrets
       group environment variable key-pairs under multiple secrets for greater
       control.
     </Info>
+  </Step>
+</Steps>

docs/integrations/cloud/azure-key-vault.mdx

@@ -10,16 +10,15 @@ description: "How to sync secrets from Infisical to Azure Key Vault"
     - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
     - Set up Azure and have an existing key vault
 
-## Navigate to your project's integrations tab
+    <Steps>
+      <Step title="Authorize Infisical for Azure Key Vault">
+        Navigate to your project's integrations tab
 
         ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for Azure Key Vault
-
         Press on the Azure Key Vault tile and grant Infisical access to Azure Key Vault.
-
-## Start Integration
-
+      </Step>
+      <Step title="Start integration">
         Obtain the Vault URI of your key vault in the Overview tab.
 
         ![integrations](../../images/integrations/azure-key-vault/integrations-azure-key-vault-vault-uri.png)
@@ -36,13 +35,15 @@ Select which Infisical environment secrets you want to sync to your key vault. T
           breaks E2EE, it's necessary for Infisical to sync the environment variables to
           the cloud platform.
         </Info>
+      </Step>
+    </Steps>
   </Tab>
   <Tab title="Self-Hosted Setup">
     Using the Azure KV integration on a self-hosted instance of Infisical requires configuring an application in Azure
     and registering your instance with it.
 
-  ## Create an application in Azure
-  
+    <Steps>
+      <Step title="Create an application in Azure">
         Navigate to Azure Active Directory > App registrations to create a new application.
         
         ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-aad.png) 
@@ -51,9 +52,8 @@ Select which Infisical environment secrets you want to sync to your key vault. T
         Create the application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/azure-key-vault/oauth2/callback`.
         
         ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-new-app-form.png) 
-   
-   ## Add your application credentials to Infisical
-   
+      </Step>
+      <Step title="Add your application credentials to Infisical">
         Obtain the **Application (Client) ID** in Overview and generate a **Client Secret** in Certificate & secrets for your Azure application.
 
         ![integrations Azure KV config](../../images/integrations/azure-key-vault/integrations-azure-key-vault-config-credentials-1.png) 
@@ -66,8 +66,8 @@ Select which Infisical environment secrets you want to sync to your key vault. T
         - `CLIENT_SECRET_AZURE`: The **Client Secret** of your Azure application.
         
         Once added, restart your Infisical instance and use the Azure KV integration.
-
-  
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cloud/checkly.mdx

@@ -7,17 +7,17 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your Checkly API Key
-
+<Steps>
+  <Step title="Authorize Infisical for Checkly">
     Obtain a Checkly API Key in User Settings > API Keys.
 
     ![integrations checkly dashboard](../../images/integrations/checkly/integrations-checkly-dashboard.png)
     ![integrations checkly token](../../images/integrations/checkly/integrations-checkly-token.png)
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Checkly tile and input your Checkly API Key to grant Infisical access to your Checkly account.
 
     ![integrations checkly authorization](../../images/integrations/checkly/integrations-checkly-auth.png)
@@ -28,9 +28,8 @@ Press on the Checkly tile and input your Checkly API Key to grant Infisical acce
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to Checkly and press create integration to start syncing secrets.
 
     ![integrations checkly](../../images/integrations/checkly/integrations-checkly-create.png)
@@ -48,3 +47,5 @@ Select which Infisical environment secrets you want to sync to Checkly and press
       If you choose to do so, you should utilize such suffixes for ALL Checkly integrations – otherwise the integration system 
       might run into issues with deleting secrets from the wrong environments.
     </Info>
+  </Step>
+</Steps>

docs/integrations/cloud/cloudflare-pages.mdx

@@ -7,24 +7,24 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Authorize Infisical for Cloudflare Pages
-
+<Steps>
+  <Step title="Authorize Infisical for Cloudflare Pages">
     Obtain a Cloudflare [API token](https://dash.cloudflare.com/profile/api-tokens) and [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/):
 
-1. Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens
+    Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens
 
     ![integrations cloudflare credentials 1](../../images/integrations/cloudflare/integrations-cloudflare-credentials-1.png)
     ![integrations cloudflare credentials 2](../../images/integrations/cloudflare/integrations-cloudflare-credentials-2.png)
     ![integrations cloudflare credentials 3](../../images/integrations/cloudflare/integrations-cloudflare-credentials-3.png)
 
-2. Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview
+    Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview
 
     ![integrations cloudflare credentials 4](../../images/integrations/cloudflare/integrations-cloudflare-credentials-4.png)
     
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Cloudflare Pages tile and input your Cloudflare API token and account ID to grant Infisical access to your Cloudflare Pages.
 
     ![integrations cloudflare authorization](../../images/integrations/cloudflare/integrations-cloudflare-auth.png)
@@ -35,10 +35,11 @@ Press on the Cloudflare Pages tile and input your Cloudflare API token and accou
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to Cloudflare and press create integration to start syncing secrets.
 
     ![integrations cloudflare](../../images/integrations/cloudflare/integrations-cloudflare-create.png)
     ![integrations cloudflare](../../images/integrations/cloudflare/integrations-cloudflare.png)
+  </Step>
+</Steps>

docs/integrations/cloud/cloudflare-workers.mdx

@@ -7,24 +7,24 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Authorize Infisical for Cloudflare Workers
-
+<Steps>
+  <Step title="Authorize Infisical for Cloudflare Workers">
     Obtain a Cloudflare [API token](https://dash.cloudflare.com/profile/api-tokens) and [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/):
 
-1. Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens
+    Create a new [API token](https://dash.cloudflare.com/profile/api-tokens) in My Profile > API Tokens
 
     ![integrations cloudflare credentials 1](../../images/integrations/cloudflare/integrations-cloudflare-credentials-1.png)
     ![integrations cloudflare credentials 2](../../images/integrations/cloudflare/integrations-cloudflare-credentials-2.png)
     ![integrations cloudflare credentials 3](../../images/integrations/cloudflare/integrations-cloudflare-credentials-3.png)
 
-2. Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview
+    Copy your [Account ID](https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/find-account-and-zone-ids/) from Account > Workers & Pages > Overview
 
     ![integrations cloudflare credentials 4](../../images/integrations/cloudflare/integrations-cloudflare-credentials-4.png)
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Cloudflare Workers tile and input your Cloudflare API token and account ID to grant Infisical access to your Cloudflare Workers.
 
     ![integrations cloudflare authorization](../../images/integrations/cloudflare/integration-cloudflare-workers-connect.png)
@@ -35,9 +35,10 @@ Press on the Cloudflare Workers tile and input your Cloudflare API token and acc
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to Cloudflare Workers and press create integration to start syncing secrets.
 
     ![integrations cloudflare](../../images/integrations/cloudflare/integration-cloudflare-workers-create.png)
+  </Step>
+</Steps>

docs/integrations/cloud/flyio.mdx

@@ -7,17 +7,17 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your Fly.io Access Token
-
+<Steps>
+  <Step title="Authorize Infisical for Fly.io">
     Obtain a Fly.io access token in Access Tokens
 
     ![integrations fly dashboard](../../images/integrations/flyio/integrations-flyio-dashboard.png)
     ![integrations fly token](../../images/integrations/flyio/integrations-flyio-token.png)
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Fly.io tile and input your Fly.io access token to grant Infisical access to your Fly.io account.
 
     ![integrations fly authorization](../../images/integrations/flyio/integrations-flyio-auth.png)
@@ -28,10 +28,11 @@ Press on the Fly.io tile and input your Fly.io access token to grant Infisical a
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which Fly.io app and press create integration to start syncing secrets to Fly.io.
 
     ![integrations fly](../../images/integrations/flyio/integrations-flyio-create.png)
     ![integrations fly](../../images/integrations/flyio/integrations-flyio.png)
+  </Step>
+</Steps>

docs/integrations/cloud/gcp-secret-manager.mdx

@@ -5,19 +5,17 @@ description: "How to sync secrets from Infisical to GCP Secret Manager"
 
 <Tabs>
   <Tab title="Usage">
-
     <AccordionGroup>
       <Accordion title="Connect with OAuth2">
-  
         Prerequisites:
-
         - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
-  ## Navigate to your project's integrations tab
+
+        <Steps>
+          <Step title="Authorize Infisical for GCP">
+            Navigate to your project's integrations tab in Infisical.
 
             ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for GCP
-
             Press on the GCP Secret Manager tile and select **Continue with OAuth**
 
             ![integrations GCP authorization options](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-auth-options.png)
@@ -32,9 +30,8 @@ Grant Infisical access to GCP.
               breaks E2EE, it's necessary for Infisical to sync the environment variables to
               the cloud platform.
             </Info>
-
-## Start integration
-
+          </Step>
+          <Step title="Start integration">
             In the **Connection** tab, select which Infisical environment secrets you want to sync to which GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager.
 
             ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png)
@@ -55,15 +52,16 @@ Setting a secret prefix, suffix, or enabling the labeling option ensures that ex
                 Using Infisical to sync secrets to GCP Secret Manager requires that you enable
                 the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment).
             </Warning>
+          </Step>
+        </Steps>
       </Accordion>
       <Accordion title="Connect with Service Account JSON">
         Prerequisites:
-
         - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
         - Have a GCP project and have/create a [service account](https://cloud.google.com/iam/docs/service-account-overview) in it
 
-## Grant the service account permissions for GCP Secret Manager
-
+        <Steps>
+          <Step title="Authorize Infisical for GCP">
             Navigate to **IAM & Admin** page in GCP and add the **Secret Manager Admin** and **Service Usage Admin** roles to the service account.
 
             ![integrations GCP secret manager IAM](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-iam.png)
@@ -74,12 +72,10 @@ Navigate to **IAM & Admin** page in GCP and add the **Secret Manager Admin** and
               and list which GCP services are enabled/disabled (e.g. **Service Usage Admin** role).
             </Info>
 
-## Navigate to your project's integrations tab
+            Navigate to your project's integrations tab in Infisical.
 
             ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for GCP
-
             Press on the GCP Secret Manager tile and paste in your **GCP Service Account JSON** (you can create and download the JSON for your
             service account in IAM & Admin > Service Accounts > Service Account > Keys).
 
@@ -93,9 +89,8 @@ service account in IAM & Admin > Service Accounts > Service Account > Keys).
               breaks E2EE, it's necessary for Infisical to sync the environment variables to
               the cloud platform.
             </Info>
-
-## Start integration
-
+          </Step>
+          <Step title="Start integration">
             In the **Connection** tab, select which Infisical environment secrets you want to sync to the GCP secret manager project. Lastly, press create integration to start syncing secrets to GCP secret manager.
 
             ![integrations GCP secret manager](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-create.png)
@@ -116,6 +111,8 @@ Setting a secret prefix, suffix, or enabling the labeling option ensures that ex
                 Using Infisical to sync secrets to GCP Secret Manager requires that you enable
                 the Service Usage API and Cloud Resource Manager API in the Google Cloud project you want to sync secrets to. More on that [here](https://cloud.google.com/service-usage/docs/set-up-development-environment).
             </Warning>
+          </Step>
+        </Steps>
       </Accordion>
     </AccordionGroup>
   </Tab>
@@ -123,8 +120,8 @@ Setting a secret prefix, suffix, or enabling the labeling option ensures that ex
     Using the GCP Secret Manager integration (via the OAuth2 method) on a self-hosted instance of Infisical requires configuring an OAuth2 application in GCP
     and registering your instance with it.
 
-  ## Create an OAuth2 application in GCP
-  
+    <Steps>
+      <Step title="Create an OAuth2 application in GCP">
         Navigate to your project API & Services > Credentials to create a new OAuth2 application.
         
         ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-api-services.png) 
@@ -133,9 +130,8 @@ Setting a secret prefix, suffix, or enabling the labeling option ensures that ex
           Create the application. As part of the form, add to **Authorized redirect URIs**: `https://your-domain.com/integrations/gcp-secret-manager/oauth2/callback`.
         
         ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-new-app-form.png) 
-   
-   ## Add your OAuth2 application credentials to Infisical
-   
+      </Step>
+      <Step title="Add your OAuth2 application credentials to Infisical">
         Obtain the **Client ID** and **Client Secret** for your GCP OAuth2 application.
         
         ![integrations GCP secret manager config](../../images/integrations/gcp-secret-manager/integrations-gcp-secret-manager-config-credentials.png) 
@@ -146,7 +142,8 @@ Setting a secret prefix, suffix, or enabling the labeling option ensures that ex
         - `CLIENT_SECRET_GCP_SECRET_MANAGER`: The **Client Secret** of your GCP OAuth2 application.
         
         Once added, restart your Infisical instance and use the GCP Secret Manager integration.
-
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cloud/hasura-cloud.mdx

@@ -7,16 +7,16 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your Hasura Cloud Access Token
-
+<Steps>
+  <Step title="Authorize Infisical for Hasura Cloud">
     Obtain a Hasura Cloud Access Token in My Account > Access Tokens
 
     ![integrations hasura cloud tokens](../../images/integrations/hasura-cloud/integrations-hasura-cloud-tokens.png)
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+    
     Press on the Hasura Cloud tile and input your Hasura Cloud access token to grant Infisical access to your Hasura Cloud account.
 
     ![integrations hasura cloud authorization](../../images/integrations/hasura-cloud/integrations-hasura-cloud-auth.png)
@@ -27,10 +27,11 @@ Press on the Hasura Cloud tile and input your Hasura Cloud access token to grant
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which Hasura Cloud project and press create integration to start syncing secrets to Hasura Cloud.
 
     ![integrations hasura cloud](../../images/integrations/hasura-cloud/integrations-hasura-cloud-create.png)
     ![integrations hasura cloud](../../images/integrations/hasura-cloud/integrations-hasura-cloud.png)
+  </Step>
+</Steps>

docs/integrations/cloud/heroku.mdx

@@ -9,12 +9,12 @@ description: "How to sync secrets from Infisical to Heroku"
 
     - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+    <Steps>
+      <Step title="Authorize Infisical for Heroku">
+        Navigate to your project's integrations tab in Infisical.
 
         ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for Heroku
-
         Press on the Heroku tile and grant Infisical access to your Heroku account.
 
         ![integrations heroku authorization](../../images/integrations/heroku/integrations-heroku-auth.png)
@@ -25,20 +25,20 @@ Press on the Heroku tile and grant Infisical access to your Heroku account.
           breaks E2EE, it's necessary for Infisical to sync the environment variables to
           the cloud platform.
         </Info>
-
-## Start integration
-
+      </Step>
+      <Step title="Start integration">
         Select which Infisical environment secrets you want to sync to which Heroku app and press create integration to start syncing secrets to Heroku.
         
         ![integrations heroku](../../images/integrations/heroku/integrations-heroku-create.png)
         ![integrations heroku](../../images/integrations/heroku/integrations-heroku.png)
+      </Step>
+    </Steps>
   </Tab>
   <Tab title="Self-Hosted Setup">
     Using the Heroku integration on a self-hosted instance of Infisical requires configuring an API client in Heroku
     and registering your instance with it.
-  
-  ## Create an API client in Heroku
-  
+    <Steps>
+      <Step title="Create an API client in Heroku">
         Navigate to your user Account settings > Applications to create a new API client.
 
         ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-settings.png) 
@@ -48,9 +48,8 @@ Select which Infisical environment secrets you want to sync to which Heroku app
           Create the API client. As part of the form, set the **OAuth callback URL** to `https://your-domain.com/integrations/heroku/oauth2/callback`.
 
         ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-new-app-form.png) 
-   
-   ## Add your Heroku API client credentials to Infisical
-   
+      </Step>
+      <Step title="Add your Heroku API client credentials to Infisical">
         Obtain the **Client ID** and **Client Secret** for your Heroku API client.
         
         ![integrations Heroku config](../../images/integrations/heroku/integrations-heroku-config-credentials.png) 
@@ -61,7 +60,8 @@ Select which Infisical environment secrets you want to sync to which Heroku app
         - `CLIENT_SECRET_HEROKU`: The **Client Secret** of your Heroku API client.
         
         Once added, restart your Infisical instance and use the Heroku integration.
-
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cloud/laravel-forge.mdx

@@ -7,12 +7,8 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your Laravel Forge Access Token and Server Id
-
+<Steps>
+  <Step title="Authorize Infisical for Laravel Forge">
     Obtain a Laravel Forge access token in API Tokens
 
     ![integrations laravel forge dashboard](../../images/integrations/laravel-forge/integrations-laravelforge-dashboard.png)
@@ -23,6 +19,10 @@ Obtain your Laravel Forge Server ID in Servers > Server ID
     ![integrations laravel forge server](../../images/integrations/laravel-forge/integrations-laravelforge-servers.png)
     ![integrations laravel forge server id](../../images/integrations/laravel-forge/integrations-laravelforge-serverid.png)
     
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Laravel Forge tile and input your Laravel Forge access token and server ID to grant Infisical access to your Laravel Forge account.
 
     ![integrations laravel forge authorization](../../images/integrations/laravel-forge/integrations-laravelforge-auth.png)
@@ -33,10 +33,12 @@ Press on the Laravel Forge tile and input your Laravel Forge access token and se
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which Laravel Forge site and press create integration to start syncing secrets to Laravel Forge.
 
     ![integrations laravel forge](../../images/integrations/laravel-forge/integrations-laravelforge-create.png)
     ![integrations laravel forge](../../images/integrations/laravel-forge/integrations-laravelforge.png)
+  </Step>
+</Steps>
+

docs/integrations/cloud/netlify.mdx

@@ -15,12 +15,12 @@ Prerequisites:
 
     - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+    <Steps>
+      <Step title="Authorize Infisical for Netlify">
+        Navigate to your project's integrations tab in Infisical.
         
         ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for Netlify
-
         Press on the Netlify tile and grant Infisical access to your Netlify account.
 
         ![integrations netlify authorization](../../images/integrations/netlify/integrations-netlify-auth.png)
@@ -31,21 +31,20 @@ Press on the Netlify tile and grant Infisical access to your Netlify account.
           breaks E2EE, it's necessary for Infisical to sync the environment variables to
           the cloud platform.
         </Info>
-
-## Start integration
-
+      </Step>
+      <Step title="Start integration">
         Select which Infisical environment secrets you want to sync to which Netlify app and context. Lastly, press create integration to start syncing secrets to Netlify.
 
         ![integrations netlify](../../images/integrations/netlify/integrations-netlify-create.png)
         ![integrations netlify](../../images/integrations/netlify/integrations-netlify.png)
-
+      </Step>
+    </Steps>
   </Tab>
   <Tab title="Self-Hosted Setup">
     Using the Netlify integration on a self-hosted instance of Infisical requires configuring an OAuth application in Netlify
   and registering your instance with it.
-  
-  ## Create an OAuth application in Netlify
-  
+    <Steps>
+      <Step title="Create an OAuth application in Netlify">
         Navigate to your User settings > Applications > OAuth to create a new OAuth application.
         
         ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-user-settings.png) 
@@ -54,9 +53,8 @@ Select which Infisical environment secrets you want to sync to which Netlify app
           Create the OAuth application. As part of the form, set the **Redirect URI** to `https://your-domain.com/integrations/netlify/oauth2/callback`.
 
         ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-new-app-form.png) 
-
-   ## Add your Netlify OAuth application credentials to Infisical
-   
+      </Step>
+      <Step title="Add your Netlify OAuth application credentials to Infisical">
         Obtain the **Client ID** and **Secret** for your Netlify OAuth application.
         
         ![integrations Netlify config](../../images/integrations/netlify/integrations-netlify-config-credentials.png) 
@@ -67,6 +65,8 @@ Select which Infisical environment secrets you want to sync to which Netlify app
         - `CLIENT_SECRET_NETLIFY`: The **Secret** of your Netlify OAuth application.
         
         Once added, restart your Infisical instance and use the Netlify integration.
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cloud/northflank.mdx

@@ -8,17 +8,17 @@ Prerequisites:
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 - Have a [Northflank](https://northflank.com) project with a secret group ready
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your Northflank API Token
-
+<Steps>
+  <Step title="Authorize Infisical for Northflank">
     Obtain a Northflank API token in Account settings > API > Tokens
 
     ![integrations northflank dashboard](../../images/integrations/northflank/integrations-northflank-dashboard.png)
     ![integrations northflank token](../../images/integrations/northflank/integrations-northflank-token.png)
     
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Northflank tile and input your Northflank API token to grant Infisical access to your Northflank account.
 
     ![integrations northflank authorization](../../images/integrations/northflank/integrations-northflank-auth.png)
@@ -29,10 +29,11 @@ Press on the Northflank tile and input your Northflank API token to grant Infisi
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which Northflank project and secret group. Finally, press create integration to start syncing secrets to Northflank.
 
     ![integrations northflank](../../images/integrations/northflank/integrations-northflank-create.png)
     ![integrations northflank](../../images/integrations/northflank/integrations-northflank.png)
+  </Step>
+</Steps>

docs/integrations/cloud/qovery.mdx

@@ -7,16 +7,16 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your Qovery API Token
-
+<Steps>
+  <Step title="Authorize Infisical for Qovery">
     Obtain a Qovery API Token in Settings > API Token.
 
     ![integrations qovery api token](../../images/integrations/qovery/integrations-qovery-token.png)
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Qovery tile and input your Qovery API Token to grant Infisical access to your Qovery account.
 
     ![integrations qovery authorization](../../images/integrations/qovery/integrations-qovery-auth.png)
@@ -27,9 +27,8 @@ Press on the Qovery tile and input your Qovery API Token to grant Infisical acce
       breaks E2EE, it is necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to Qovery and press create integration to start syncing secrets.
 
     ![integrations qovery create](../../images/integrations/qovery/integrations-qovery-create-1.png)
@@ -41,3 +40,5 @@ Select which Infisical environment secrets you want to sync to Qovery and press
     </Note>
 
     ![integrations qovery settings](../../images/integrations/qovery/integrations-qovery.png)
+  </Step>
+</Steps>

docs/integrations/cloud/railway.mdx

@@ -7,13 +7,8 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your Railway API Token
-
+<Steps>
+  <Step title="Authorize Infisical for Railway">
     Obtain a Railway API Token in your Railway [Account Settings > Tokens](https://railway.app/account/tokens).
 
     ![integrations railway dashboard](../../images/integrations/railway/integrations-railway-dashboard.png)
@@ -27,6 +22,10 @@ Obtain a Railway API Token in your Railway [Account Settings > Tokens](https://r
         Railway's Public API.
     </Note>
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Railway tile and input your Railway API Key to grant Infisical access to your Railway account.
 
     ![integrations railway authorization](../../images/integrations/railway/integrations-railway-authorization.png)
@@ -37,9 +36,8 @@ Press on the Railway tile and input your Railway API Key to grant Infisical acce
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which Railway project and environment (and optionally service). Lastly, press create integration to start syncing secrets to Railway.
 
     ![integrations create railway](../../images/integrations/railway/integrations-railway-create.png)
@@ -51,4 +49,5 @@ Select which Infisical environment secrets you want to sync to which Railway pro
     </Note>
 
     ![integrations railway](../../images/integrations/railway/integrations-railway.png)
-
+  </Step>
+</Steps>

docs/integrations/cloud/render.mdx

@@ -7,17 +7,17 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your Render API Key
-
+<Steps>
+  <Step title="Authorize Infisical for Render">
     Obtain a Render API Key in your Render Account Settings > API Keys.
 
     ![integrations render dashboard](../../images/integrations/render/integrations-render-dashboard.png)
     ![integrations render token](../../images/integrations/render/integrations-render-token.png)
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Render tile and input your Render API Key to grant Infisical access to your Render account.
 
     ![integrations render authorization](../../images/integrations/render/integrations-render-auth.png)
@@ -28,10 +28,11 @@ Press on the Render tile and input your Render API Key to grant Infisical access
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which Render service and press create integration to start syncing secrets to Render.
 
     ![integrations render](../../images/integrations/render/integrations-render-create.png)
     ![integrations render](../../images/integrations/render/integrations-render.png)
+  </Step>
+</Steps>

docs/integrations/cloud/supabase.mdx

@@ -14,16 +14,16 @@ Prerequisites:
 - Have an account and project set up at [Supabase](https://supabase.com/)
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your Supabase Access Token
-
+<Steps>
+  <Step title="Authorize Infisical for Supabase">
     Obtain a Supabase Access Token in your Supabase [Account > Access Tokens](https://app.supabase.com/account/tokens).
     ![integrations supabase dashboard](../../images/integrations/supabase/integrations-supabase-dashboard.png)
     ![integrations supabase token](../../images/integrations/supabase/integrations-supabase-token.png)
     
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+    
     Press on the Supabase tile and input your Supabase Access Token to grant Infisical access to your Supabase account.
 
     ![integrations supabase authorization](../../images/integrations/supabase/integrations-supabase-authorization.png)
@@ -34,11 +34,12 @@ Press on the Supabase tile and input your Supabase Access Token to grant Infisic
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which Supabase project. Lastly, press create integration to start syncing secrets to Supabase.
 
     ![integrations supabase create](../../images/integrations/supabase/integrations-supabase-create.png)
 
     ![integrations supabase](../../images/integrations/supabase/integrations-supabase.png)
+  </Step>
+</Steps>

docs/integrations/cloud/teamcity.mdx

@@ -7,12 +7,8 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your TeamCity Access Token and Server URL
-
+<Steps>
+  <Step title="Authorize Infisical for TeamCity">
     Obtain a TeamCity Access Token in Profile > Access Tokens
 
     ![integrations teamcity dashboard](../../images/integrations/teamcity/integrations-teamcity-dashboard.png)
@@ -24,19 +20,22 @@ Obtain a TeamCity Access Token in Profile > Access Tokens
       is selected, then it must at minimum have the **View build configuration settings** and **Edit project** permissions enabled.
     </Note>
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
+    Press on the TeamCity tile and input your TeamCity Access Token and Server URL to grant Infisical access to your TeamCity account.
+
+    ![integrations teamcity authorization](../../images/integrations/teamcity/integrations-teamcity-auth.png)
+
     <Info>
       If this is your project's first cloud integration, then you'll have to grant
       Infisical access to your project's environment variables. Although this step
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-Press on the TeamCity tile and input your TeamCity Access Token and Server URL to grant Infisical access to your TeamCity account.
-
-![integrations teamcity authorization](../../images/integrations/teamcity/integrations-teamcity-auth.png)
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which TeamCity project (and optionally build configuration) and press create integration to start syncing secrets to TeamCity.
 
     ![integrations teamcity](../../images/integrations/teamcity/integrations-teamcity-create.png)
@@ -48,3 +47,5 @@ Select which Infisical environment secrets you want to sync to which TeamCity pr
     </Note>
 
     ![integrations teamcity](../../images/integrations/teamcity/integrations-teamcity.png)
+  </Step>
+</Steps>

docs/integrations/cloud/terraform-cloud.mdx

@@ -7,12 +7,8 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your Terraform Cloud API Token and Workspace Id
-
+<Steps>
+  <Step title="Authorize Infisical for Terraform Cloud">
     Obtain a Terraform Cloud API Token in User Settings > Tokens
 
     ![integrations terraform cloud dashboard](../../images/integrations/terraform/integrations-terraformcloud-dashboard.png)
@@ -23,6 +19,10 @@ Obtain your Terraform Cloud Workspace Id in Projects & Workspaces > Workspace >
     ![integrations terraform cloud projects & workspaces](../../images/integrations/terraform/integrations-terraformcloud-workspaces.png)
     ![integrations terraform cloud workspace id](../../images/integrations/terraform/integrations-terraformcloud-workspaceid.png)
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Terraform Cloud tile and input your Terraform Cloud API Token and Workspace Id to grant Infisical access to your Terraform Cloud account.
 
     ![integrations terraform cloud authorization](../../images/integrations/terraform/integrations-terraformcloud-auth.png)
@@ -33,10 +33,11 @@ Press on the Terraform Cloud tile and input your Terraform Cloud API Token and W
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets and Terraform Cloud variable type you want to sync to which Terraform Cloud workspace/project and press create integration to start syncing secrets to Terraform Cloud.
 
     ![integrations terraform cloud](../../images/integrations/terraform/integrations-terraformcloud-create.png)
     ![integrations terraform cloud](../../images/integrations/terraform/integrations-terraformcloud.png)
+  </Step>
+</Steps>

docs/integrations/cloud/vercel.mdx

@@ -6,15 +6,14 @@ description: "How to sync secrets from Infisical to Vercel"
 <Tabs>
   <Tab title="Usage">
     Prerequisites:
-
     - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
+    <Steps>
+      <Step title="Authorize Infisical for Vercel">
+        Navigate to your project's integrations tab in Infisical.
 
         ![integrations](../../images/integrations.png)
 
-## Authorize Infisical for Vercel
-
         Press on the Vercel tile and grant Infisical access to your Vercel account.
 
         ![integrations vercel authorization](../../images/integrations/vercel/integrations-vercel-auth.png)
@@ -25,9 +24,8 @@ Press on the Vercel tile and grant Infisical access to your Vercel account.
           breaks E2EE, it's necessary for Infisical to sync the environment variables to
           the cloud platform.
         </Info>
-
-## Start integration
-
+      </Step>
+      <Step title="Start integration">
         Select which Infisical environment secrets you want to sync to which Vercel app and environment. Lastly, press create integration to start syncing secrets to Vercel.
 
         ![integrations vercel](../../images/integrations/vercel/integrations-vercel-create.png)
@@ -49,13 +47,15 @@ Select which Infisical environment secrets you want to sync to which Vercel app
           `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`,
           `AWS_REGION`, and `AWS_DEFAULT_REGION`.
         </Warning>
+      </Step>
+    </Steps>
   </Tab>
   <Tab title="Self-Hosted Setup">
     Using the Vercel integration on a self-hosted instance of Infisical requires configuring an integration in Vercel.
     and registering your instance with it.
     
-  ## Create an integration in Vercel
-  
+    <Steps>
+      <Step title="Create an integration in Vercel">
         Navigate to Integrations > Integration Console to create a new integration.
   
         ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-integrations-console.png) 
@@ -66,9 +66,8 @@ Select which Infisical environment secrets you want to sync to which Vercel app
       
         ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-new-app-form-1.png) 
         ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-new-app-form-2.png) 
-   
-   ## Add your Vercel integration credentials and information to Infisical
-   
+      </Step>
+      <Step title="Add your Vercel integration credentials and information to Infisical">
         Obtain the **Client (Integration) ID** and **Client (Integration) Secret** as well as the **URL Slug** from earlier for your Vercel integration.
 
         ![integrations Vercel config](../../images/integrations/vercel/integrations-vercel-config-credentials.png) 
@@ -80,7 +79,8 @@ Select which Infisical environment secrets you want to sync to which Vercel app
         - `CLIENT_SLUG_VERCEL`: The **URL Slug** of your Vercel integration.
         
         Once added, restart your Infisical instance and use the Vercel integration.
-
+      </Step>
+    </Steps>
   </Tab>
 </Tabs>
 

docs/integrations/cloud/windmill.mdx

@@ -7,17 +7,17 @@ Prerequisites:
 
 - Set up and add envars to [Infisical Cloud](https://app.infisical.com)
 
-## Navigate to your project's integrations tab
-
-![integrations](../../images/integrations.png)
-
-## Enter your Windmill Access Token
-
+<Steps>
+  <Step title="Authorize Infisical for Windmill">
     Obtain a [Windmill](https://www.windmill.dev/) access token in Access Tokens
 
     ![integrations windmill dashboard](../../images/integrations/windmill/integrations-windmill-dashboard.png)
     ![integrations windmill token](../../images/integrations/windmill/integrations-windmill-token.png)
 
+    Navigate to your project's integrations tab in Infisical.
+
+    ![integrations](../../images/integrations.png)
+
     Press on the Windmill tile and input your Windmill access token to grant Infisical access to your Windmill account.
 
     ![integrations windmill authorization](../../images/integrations/windmill/integrations-windmill-auth.png)
@@ -28,9 +28,8 @@ Press on the Windmill tile and input your Windmill access token to grant Infisic
       breaks E2EE, it's necessary for Infisical to sync the environment variables to
       the cloud platform.
     </Info>
-
-## Start integration
-
+  </Step>
+  <Step title="Start integration">
     Select which Infisical environment secrets you want to sync to which Windmill workspace and press create integration to start syncing secrets to Windmill.
 
     ![integrations windmill](../../images/integrations/windmill/integrations-windmill-create.png)
@@ -44,3 +43,5 @@ Select which Infisical environment secrets you want to sync to which Windmill wo
       secret. Put differently, you must use the full path of the secret as its name
       in Infisical to be considered valid such as `u/user/FOO/BAR`.
     </Warning>
+  </Step>
+</Steps>

docs/mint.json

@@ -159,10 +159,16 @@
           "pages": [
             "self-hosting/overview",
             "self-hosting/deployment-options/standalone-infisical",
+            "self-hosting/deployment-options/docker-compose",
             "self-hosting/deployment-options/kubernetes-helm",
             "self-hosting/deployment-options/aws-ec2",
-            "self-hosting/deployment-options/docker-compose",
-            "self-hosting/deployment-options/digital-ocean-marketplace"
+            "self-hosting/deployment-options/aws-lightsail",
+            "self-hosting/deployment-options/gcp-cloud-run",
+            "self-hosting/deployment-options/azure-app-services",
+            "self-hosting/deployment-options/azure-container-instances",
+            "self-hosting/deployment-options/digital-ocean-marketplace",
+            "self-hosting/deployment-options/fly.io",
+            "self-hosting/deployment-options/railway"
           ]
         },
         "self-hosting/configuration/envars",

docs/sdks/languages/go.mdx

@@ -5,5 +5,4 @@ icon: "golang"
 
 Coming soon.
 
-Follow this GitHub
-[issue](https://github.com/Infisical/infisical/issues/436) to stay updated.
+Star our GitHub repository to stay updated [cross-language SDK](https://github.com/Infisical/sdk) GitHub repository to stay updated.

docs/sdks/languages/java.mdx

@@ -3,7 +3,293 @@ title: "Java"
 icon: "java"
 ---
 
-Coming soon.
+If you're working with Java, the official [Infisical Java SDK](https://github.com/Infisical/sdk/tree/main/languages/java) package is the easiest way to fetch and work with secrets for your application.
 
-Follow this GitHub
-[issue](https://github.com/Infisical/infisical/issues/434) to stay updated.
+## Basic Usage
+
+```java
+package com.example.app;
+
+import com.infisical.sdk.InfisicalClient;
+import com.infisical.sdk.schema.*;
+
+public class Example {
+    public static void main(String[] args) {
+        // Create a new Infisical Client
+        ClientSettings settings = new ClientSettings();
+        settings.setClientID("MACHINE_IDENTITY_CLIENT_ID");
+        settings.setClientSecret("MACHINE_IDENTITY_CLIENT_SECRET");
+
+        InfisicalClient client = new InfisicalClient(settings);
+
+        // Create the options for fetching the secret
+        GetSecretOptions options = new GetSecretOptions();
+        options.setSecretName("TEST");
+        options.setEnvironment("dev");
+        options.setProjectID("PROJECT_ID");
+
+        // Fetch the sercret with the provided options
+        GetSecretResponseSecret secret = client.getSecret(options);
+
+        // Print the value
+        System.out.println(secret.getSecretValue());
+
+        // Important to avoid memory leaks!
+        // If you intend to use the client throughout your entire application, you can omit this line.
+        client.close();
+    }
+}
+```
+
+This example demonstrates how to use the Infisical Java SDK in a Java application. The application retrieves a secret named `TEST` from the `dev` environment of the `PROJECT_ID` project.
+
+<Warning>
+    We do not recommend hardcoding your [Machine Identity Tokens](/platform/identities/overview). Setting it as an environment variable would be best.
+</Warning>
+
+# Installation
+
+The Infisical Java SDK is hosted on the GitHub Packages Apache Maven registry. Because of this you need to configure your environment properly so it's able to pull dependencies from the GitHub registry. Please check [this guide from GitHub](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry) on how to achieve this.
+
+Our package is [located here](https://github.com/Infisical/sdk/packages/2019741). Please follow the installation guide on the page.
+
+# Configuration
+
+Import the SDK and create a client instance with your [Machine Identity](/platform/identities/universal-auth).
+
+```java
+import com.infisical.sdk.InfisicalClient;
+import com.infisical.sdk.schema.*;
+
+public class App {
+    public static void main(String[] args) {
+
+        ClientSettings settings = new ClientSettings();
+        settings.setClientID("MACHINE_IDENTITY_CLIENT_ID");
+        settings.setClientSecret("MACHINE_IDENTITY_CLIENT_SECRET");
+
+        InfisicalClient client = new InfisicalClient(settings); // Your client!
+    }
+}
+```
+
+### ClientSettings methods
+
+<ParamField query="options" type="object">
+    <Expandable title="properties">
+        <ParamField query="setClientID()" type="string" optional>
+            Your machine identity client ID.
+        </ParamField>
+          <ParamField query="setClientSecret()" type="string" optional>
+            Your machine identity client secret.
+        </ParamField>
+
+         <ParamField query="setAccessToken()" type="string" optional>
+            An access token obtained from the machine identity login endpoint.
+        </ParamField>
+
+        <ParamField query="setSiteURL()" type="string" default="https://app.infisical.com" optional>
+            Your self-hosted absolute site URL including the protocol (e.g. `https://app.infisical.com`)
+        </ParamField>
+    </Expandable>
+
+</ParamField>
+
+## Working with Secrets
+
+### client.listSecrets(options)
+
+```java
+ListSecretsOptions options = new ListSecretsOptions();
+options.setEnvironment("dev");
+options.setProjectID("PROJECT_ID");
+options.setPath("/foo/bar");
+options.setIncludeImports(false);
+
+SecretElement[] secrets = client.listSecrets(options);
+```
+
+Retrieve all secrets within the Infisical project and environment that client is connected to
+
+### Methods
+
+<ParamField query="Parameters" type="object">
+    <Expandable title="properties">
+        <ParamField query="setEnvironment()" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+
+        <ParamField query="setProjectID()" type="string">
+            The project ID where the secret lives in.
+        </ParamField>
+
+         <ParamField query="setPath()" type="string" optional>
+            The path from where secrets should be fetched from.
+        </ParamField>
+
+        <ParamField query="setIncludeImports" type="string" default="https://app.infisical.com" optional>
+             Whether or not to include imported secrets from the current path. Read about [secret import](/documentation/platform/secret-reference)
+        </ParamField>
+    </Expandable>
+
+</ParamField>
+
+### client.getSecret(options)
+
+```java
+GetSecretOptions options = new GetSecretOptions();
+options.setSecretName("TEST");
+options.setEnvironment("dev");
+options.setProjectID("PROJECT_ID");
+
+GetSecretResponseSecret secret = client.getSecret(options);
+
+String secretValue = secret.getSecretValue();
+```
+
+Retrieve a secret from Infisical.
+
+By default, `getSecret()` fetches and returns a shared secret.
+
+### Methods
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="setSecretName()" type="string" required>
+            The key of the secret to retrieve.
+        </ParamField>
+        <ParamField query="setProjectID()" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="setEnvironment()" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="setPath()" type="string" optional>
+            The path from where secret should be fetched from.
+        </ParamField>
+        <ParamField query="setType()" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+### client.createSecret(options)
+
+```java
+CreateSecretOptions createOptions = new CreateSecretOptions();
+createOptions.setSecretName("NEW_SECRET");
+createOptions.setEnvironment("dev");
+createOptions.setProjectID("PROJECT_ID");
+createOptions.setSecretValue("SOME SECRET VALUE");
+createOptions.setPath("/"); // Default
+createOptions.setType("shared"); // Default
+
+CreateSecretResponseSecret newSecret = client.createSecret(createOptions);
+```
+
+Create a new secret in Infisical.
+
+### Methods
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="setSecretName()" type="string" required>
+            The key of the secret to create.
+        </ParamField>
+        <ParamField query="setSecretValue()" type="string" required>
+            The value of the secret.
+        </ParamField>
+        <ParamField query="setProjectID()" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="setEnvironment()" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="setPath()" type="string" optional>
+            The path from where secret should be created.
+        </ParamField>
+        <ParamField query="setType()" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+### client.updateSecret(options)
+
+```java
+UpdateSecretOptions options = new UpdateSecretOptions();
+
+options.setSecretName("SECRET_TO_UPDATE");
+options.setSecretValue("NEW SECRET VALUE");
+options.setEnvironment("dev");
+options.setProjectID("PROJECT_ID");
+options.setPath("/"); // Default
+options.setType("shared"); // Default
+
+UpdateSecretResponseSecret updatedSecret = client.updateSecret(options);
+```
+
+Update an existing secret in Infisical.
+
+### Methods
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="setSecretName()" type="string" required>
+            The key of the secret to update.
+        </ParamField>
+        <ParamField query="setSecretValue()" type="string" required>
+            The new value of the secret.
+        </ParamField>
+        <ParamField query="setProjectID()" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="setEnvironment()" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="setPath()" type="string" optional>
+            The path from where secret should be updated.
+        </ParamField>
+        <ParamField query="setType()" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>
+
+### client.deleteSecret(options)
+
+```java
+DeleteSecretOptions options = new DeleteSecretOptions();
+
+options.setSecretName("SECRET_TO_DELETE");
+options.setEnvironment("dev");
+options.setProjectID("PROJECT_ID");
+options.setPath("/"); // Default
+options.setType("shared"); // Default
+
+DeleteSecretResponseSecret deletedSecret = client.deleteSecret(options);
+```
+
+Delete a secret in Infisical.
+
+### Methods
+
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="setSecretName()" type="string">
+            The key of the secret to update.
+        </ParamField>
+        <ParamField query="setProjectID()" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="setEnvironment()" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="setPath()" type="string" optional>
+            The path from where secret should be deleted.
+        </ParamField>
+        <ParamField query="setType()" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
+</ParamField>

docs/sdks/languages/node.mdx

@@ -3,205 +3,301 @@ title: "Node"
 icon: "node"
 ---
 
-If you're working with Node.js, the official [infisical-node](https://github.com/Infisical/infisical-node) package is the easiest way to fetch and work with secrets for your application.
+If you're working with Node.js, the official [infisical-node](https://github.com/Infisical/sdk/tree/main/languages/node) package is the easiest way to fetch and work with secrets for your application.
 
 ## Basic Usage
 
 ```js
 import express from "express";
-import InfisicalClient from "infisical-node";
+
+import { InfisicalClient, LogLevel } from "@infisical/sdk";
+
 const app = express();
+
 const PORT = 3000;
 
 const client = new InfisicalClient({
-  token: "YOUR_INFISICAL_TOKEN"
+    clientId: "YOUR_CLIENT_ID",
+    clientSecret: "YOUR_CLIENT_SECRET",
+    logLevel: LogLevel.Error
 });
 
 app.get("/", async (req, res) => {
     // access value
-  const name = await client.getSecret("NAME");
+
+    const name = await client.getSecret({
+        environment: "dev",
+        projectId: "PROJECT_ID",
+        path: "/",
+        type: "shared",
+        secretName: "NAME"
+    });
+
     res.send(`Hello! My name is: ${name.secretValue}`);
 });
 
 app.listen(PORT, async () => {
-  console.log(`App listening on port ${PORT}`);
+    // initialize client
+
+    console.log(`App listening on port ${port}`);
 });
 ```
 
 This example demonstrates how to use the Infisical Node SDK with an Express application. The application retrieves a secret named "NAME" and responds to requests with a greeting that includes the secret value.
 
 <Warning>
-  We do not recommend hardcoding your [Infisical
-  Token](/documentation/platform/token). Setting it as an environment
-  variable would be best.
+    We do not recommend hardcoding your [Machine Identity Tokens](/documentation/platform/identities/overview). Setting it as an environment variable
+    would be best.
 </Warning>
 
 ## Installation
 
-Run `npm` to add `infisical-node` to your project.
+Run `npm` to add `@infisical/sdk` to your project.
 
 ```console
-$ npm install infisical-node --save
+$ npm install @infisical/sdk
 ```
 
 ## Configuration
 
-Import the SDK and create a client instance with your [Infisical Token](/documentation/platform/token).
+Import the SDK and create a client instance with your [Machine Identity](/documentation/platform/identities/overview).
 
 <Tabs>
   <Tab title="ES6">
     ```js
-    import InfisicalClient from "infisical-node";
+    import { InfisicalClient, LogLevel } from "@infisical/sdk";
 
     const client = new InfisicalClient({
-      token: "your_infisical_token"
+        clientId: "YOUR_CLIENT_ID",
+        clientSecret: "YOUR_CLIENT_SECRET",
+        logLevel: LogLevel.Error
     });
     ```
 
   </Tab>
   <Tab title="ES5">
     ```js
-    const InfisicalClient = require("infisical-node");
+    const { InfisicalClient, LogLevel } = require("@infisical/sdk");
 
     const client = new InfisicalClient({
-      token: "your_infisical_token"
+        clientId: "YOUR_CLIENT_ID",
+        clientSecret: "YOUR_CLIENT_SECRET",
+        logLevel: LogLevel.Error
     });
     ````
-  </Tab>
 
+  </Tab>
 </Tabs>
 
 ### Parameters
 
 <ParamField query="options" type="object">
     <Expandable title="properties">
-    <ParamField query="token" type="string" optional>
-      An [Infisical Token](/documentation/platform/token) scoped to a project
-      and environment
+        <ParamField query="clientId" type="string" optional>
+            Your machine identity client ID.
         </ParamField>
-    <ParamField
-      query="siteURL"
-      type="string"
-      default="https://app.infisical.com"
-      optional
-    >
-      Your self-hosted absolute site URL including the protocol (e.g.
-      `https://app.infisical.com`)
+          <ParamField query="clientSecret" type="string" optional>
+            Your machine identity client secret.
         </ParamField>
-    <ParamField query="cacheTTL" type="number" default="300" optional>
-      Time-to-live (in seconds) for refreshing cached secrets. Default: `300`.
+
+         <ParamField query="accessToken" type="string" optional>
+            An access token obtained from the machine identity login endpoint.
         </ParamField>
-    <ParamField query="debug" type="boolean" default="false" optional>
-      Whether or not debug mode is on
+
+        <ParamField query="siteUrl" type="string" default="https://app.infisical.com" optional>
+            Your self-hosted absolute site URL including the protocol (e.g. `https://app.infisical.com`)
+        </ParamField>
+        <ParamField query="logLevel" type="enum" default="Error" optional>
+            The level of logs you wish to log The logs are derived from Rust, as we have written our base SDK in Rust.
         </ParamField>
     </Expandable>
+
 </ParamField>
-
-## Caching
-
-The SDK caches every secret and updates it periodically based on the provided `cacheTTL`. For example, if `cacheTTL` of `300` is provided, then a secret will be refetched 5 minutes after the first fetch; if the fetch fails, the cached secret is returned.
-
-<Tip>
-  For optimal performance, we recommend creating a single instance of the Infisical client and exporting it to be used across your entire app to take advantage of caching benefits.
-</Tip>
-
 ## Working with Secrets
 
-### client.getAllSecrets()
+### client.listSecrets(options)
 
 ```js
-const secrets = await client.getAllSecrets();
+const secrets = await client.listSecrets({
+    environment: "dev",
+    projectId: "PROJECT_ID",
+    path: "/foo/bar/",
+    includeImports: false
+});
 ```
 
 Retrieve all secrets within the Infisical project and environment that client is connected to
 
-### client.getSecret(secretName, options)
+### Parameters
+
+<ParamField query="Parameters" type="object">
+    <Expandable title="properties">
+        <ParamField query="environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+          <ParamField query="projectId" type="string" required>
+            The project ID where the secret lives in. 
+        </ParamField>
+
+         <ParamField query="path" type="string" optional>
+            The path from where secrets should be fetched from.
+        </ParamField>
+
+        <ParamField query="includeImports" type="string" default="https://app.infisical.com" optional>
+             Whether or not to include imported secrets from the current path. Read about [secret import](/documentation/platform/secret-reference)
+        </ParamField>
+    </Expandable>
+
+</ParamField>
+
+### client.getSecret(options)
 
 ```js
-const secret = await client.getSecret("API_KEY");
-const value = secret.secretValue; // get its value
+const secret = await client.getSecret({
+    environment: "dev",
+    projectId: "PROJECT_ID",
+    secretName: "API_KEY",
+    path: "/",
+    type: "shared"
+});
 ```
 
 Retrieve a secret from Infisical.
 
-By default, `getSecret()` fetches and returns a personal secret. If not found, it returns a shared secret, or tries to retrieve the value from `process.env`. If a secret is fetched, `getSecret()` caches it to reduce excessive calls and re-fetches periodically based on the `cacheTTL` option (default is `300` seconds) when initializing the client — for more information, see the caching section.
+By default, `getSecret()` fetches and returns a shared secret.
 
 ### Parameters
 
-<ParamField query="secretName" type="string" required>
-  The key of the secret to retrieve
-</ParamField>
-<ParamField query="options" type="object" optional>
+<ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
-    <ParamField query="type" type="string" default="personal" optional>
-      The type of the secret. Valid options are "shared" or "personal"
+        <ParamField query="secretName" type="string" required>
+            The key of the secret to retrieve.
+        </ParamField>
+        <ParamField query="projectId" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="path" type="string" optional>
+            The path from where secret should be fetched from.
+        </ParamField>
+        <ParamField query="type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
         </ParamField>
     </Expandable>
 </ParamField>
 
-### client.createSecret(secretName, secretValue, options)
+### client.createSecret(options)
 
 ```js
-const newApiKey = await client.createSecret("API_KEY", "FOO");
+const newApiKey = await client.createSecret({
+    projectId: "PROJECT_ID",
+    environment: "dev",
+    secretName: "API_KEY",
+    secretValue: "SECRET VALUE",
+    path: "/",
+    type: "shared"
+});
 ```
 
 Create a new secret in Infisical.
 
-<ParamField query="secretName" type="string" required>
-  The key of the secret to create
-</ParamField>
-<ParamField query="secretName" type="string" required>
-  The value of the secret to create
-</ParamField>
-<ParamField query="options" type="object" default="object" optional>
+<ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
-    <ParamField query="type" type="string" default="shared" optional>
-      The type of the secret. Valid options are "shared" or "personal". A personal secret can only be created if a shared secret with the same name exists.
+        <ParamField query="secretName" type="string" required>
+            The key of the secret to create.
+        </ParamField>
+        <ParamField query="secretValue" type="string" required>
+            The value of the secret.
+        </ParamField>
+        <ParamField query="projectId" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="path" type="string" optional>
+            The path from where secret should be created.
+        </ParamField>
+        <ParamField query="type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
         </ParamField>
     </Expandable>
 </ParamField>
 
-### client.updateSecret(secretName, secretValue, options)
+### client.updateSecret(options)
 
 ```js
-const updatedApiKey = await client.updateSecret("API_KEY", "BAR");
+const updatedApiKey = await client.updateSecret({
+    secretName: "API_KEY",
+    secretValue: "NEW SECRET VALUE",
+    projectId: "PROJECT_ID",
+    environment: "dev",
+    path: "/",
+    type: "shared"
+});
 ```
 
 Update an existing secret in Infisical.
 
 ### Parameters
 
-<ParamField query="secretName" type="string" required>
-  The key of the secret to update
-</ParamField>
-<ParamField query="secretName" type="string" required>
-  The new value of the secret
-</ParamField>
-<ParamField query="options" type="object" default="object" optional>
+<ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
-    <ParamField query="type" type="string" default="shared" optional>
-      The type of the secret. Valid options are "shared" or "personal"
+        <ParamField query="secretName" type="string" required>
+            The key of the secret to update.
+        </ParamField>
+        <ParamField query="secretValue" type="string" required>
+            The new value of the secret.
+        </ParamField>
+        <ParamField query="projectId" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="path" type="string" optional>
+            The path from where secret should be updated.
+        </ParamField>
+        <ParamField query="type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
         </ParamField>
     </Expandable>
 </ParamField>
 
-### client.deleteSecret(secretName, options)
+### client.deleteSecret(options)
 
 ```js
-const deletedSecret = await client.deleteSecret("API_KEY");
+const deletedSecret = await client.deleteSecret({
+    secretName: "API_KEY",
+
+    environment: "dev",
+    projectId: "PROJECT_ID",
+    path: "/",
+
+    type: "shared"
+});
 ```
 
 Delete a secret in Infisical.
 
-<ParamField query="secretName" type="string" required>
-  The key of the secret to delete
-</ParamField>
-<ParamField query="options" type="object" default="object" optional>
+<ParamField query="Parameters" type="object" optional>
     <Expandable title="properties">
-    <ParamField query="type" type="string" default="shared" optional>
-      The type of the secret. Valid options are "shared" or "personal". Note that deleting a shared secret also deletes all associated personal secrets.
+        <ParamField query="secretName" type="string">
+            The key of the secret to update.
+        </ParamField>
+        <ParamField query="projectId" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="path" type="string" optional>
+            The path from where secret should be deleted.
+        </ParamField>
+        <ParamField query="type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
         </ParamField>
     </Expandable>
 </ParamField>
-
-

docs/sdks/languages/php.mdx

@@ -5,4 +5,4 @@ icon: "php"
 
 Coming soon.
 
-Follow this GitHub [issue](https://github.com/Infisical/infisical/issues/531) to stay updated.
+Star our GitHub repository to stay updated [cross-language SDK](https://github.com/Infisical/sdk) GitHub repository to stay updated.

docs/sdks/languages/python.mdx

@@ -3,31 +3,38 @@ title: "Python"
 icon: "python"
 ---
 
-If you're working with Python, the official [infisical-python](https://github.com/Infisical/infisical-python) package is the easiest way to fetch and work with secrets for your application.
+If you're working with Python, the official [infisical-python](https://github.com/Infisical/sdk/edit/main/crates/infisical-py) package is the easiest way to fetch and work with secrets for your application.
 
 ## Basic Usage
 
 ```py
 from flask import Flask
-from infisical import InfisicalClient
+from infisical_client import ClientSettings, InfisicalClient, GetSecretOptions
 
 app = Flask(__name__)
 
-client = InfisicalClient(token="your_infisical_token")
+client = InfisicalClient(ClientSettings(
+    client_id="MACHINE_IDENTITY_CLIENT_ID",
+    client_secret="MACHINE_IDENTITY_CLIENT_SECRET",
+))
 
 @app.route("/")
 def hello_world():
     # access value
-    name = client.get_secret("NAME")
+
+    name = client.getSecret(options=GetSecretOptions(
+       environment="dev",
+       project_id="PROJECT_ID",
+       secret_name="NAME"
+    ))
+
     return f"Hello! My name is: {name.secret_value}"
 ```
 
 This example demonstrates how to use the Infisical Python SDK with a Flask application. The application retrieves a secret named "NAME" and responds to requests with a greeting that includes the secret value.
 
 <Warning>
-  We do not recommend hardcoding your [Infisical
-  Token](/documentation/platform/token). Setting it as an environment
-  variable would be best.
+    We do not recommend hardcoding your [Machine Identity Tokens](/platform/identities/overview). Setting it as an environment variable would be best.
 </Warning>
 
 ## Installation
@@ -35,26 +42,34 @@ This example demonstrates how to use the Infisical Python SDK with a Flask appli
 Run `pip` to add `infisical-python` to your project
 
 ```console
-$ pip install infisical
+$ pip install infisical-python
 ```
 
 Note: You need Python 3.7+.
 
 ## Configuration
 
-Import the SDK and create a client instance with your [Infisical Token](/documentation/platform/token).
+Import the SDK and create a client instance with your [Machine Identity](/api-reference/overview/authentication).
 
 ```py
-from infisical import InfisicalClient
+from infisical_client import ClientSettings, InfisicalClient
 
-client = InfisicalClient(token="your_infisical_token")
+client = InfisicalClient(ClientSettings(
+    client_id="MACHINE_IDENTITY_CLIENT_ID",
+    client_secret="MACHINE_IDENTITY_CLIENT_SECRET",
+))
 ```
 
 ### Parameters
 
-    <ParamField query="token" type="string" optional>
-      An [Infisical Token](/documentation/platform/token) scoped to a project
-      and environment
+    <ParamField query="client_id" type="string" optional>
+        Your Infisical Client ID.
+    </ParamField>
+     <ParamField query="client_secret" type="string" optional>
+        Your Infisical Client Secret.
+    </ParamField>
+    <ParamField query="access_token" type="string" optional>
+        If you want to directly pass an access token obtained from the authentication endpoints, you can do so.
     </ParamField>
     <ParamField
       query="site_url"
@@ -65,105 +80,186 @@ client = InfisicalClient(token="your_infisical_token")
       Your self-hosted absolute site URL including the protocol (e.g.
       `https://app.infisical.com`)
     </ParamField>
-    <ParamField query="cache_ttl" type="number" default="300" optional>
-      Time-to-live (in seconds) for refreshing cached secrets. Default: `300`.
-    </ParamField>
-    <ParamField query="debug" type="boolean" default="false" optional>
-      Whether or not debug mode is on
-    </ParamField>
-
-## Caching
-
-The SDK caches every secret and updates it periodically based on the provided `cache_ttl`. For example, if `cache_ttl` of `300` is provided, then a secret will be refetched 5 minutes after the first fetch; if the fetch fails, the cached secret is returned.
-
-<Tip>
-  For optimal performance, we recommend creating a single instance of the Infisical client and exporting it to be used across your entire app to take advantage of caching benefits.
-</Tip>
 
 ## Working with Secrets
 
-### client.get_all_secrets()
+### client.listSecrets(options)
 
 ```py
-secrets = client.get_all_secrets()
+client.listSecrets(options=ListSecretsOptions(
+    environment="dev",
+    project_id="PROJECT_ID"
+))
 ```
 
 Retrieve all secrets within the Infisical project and environment that client is connected to
 
-### client.get_secret(secret_name, options)
+### Parameters
+
+<ParamField query="Parameters" type="object">
+    <Expandable title="properties">
+        <ParamField query="environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+          <ParamField query="project_id" type="string" required>
+            The project ID where the secret lives in. 
+        </ParamField>
+
+         <ParamField query="path" type="string" optional>
+            The path from where secrets should be fetched from.
+        </ParamField>
+
+        <ParamField query="include_imports" type="string" default="https://app.infisical.com" optional>
+             Whether or not to include imported secrets from the current path. Read about [secret import](/documentation/platform/secret-reference)
+        </ParamField>
+    </Expandable>
+
+</ParamField>
+
+### client.getSecret(options)
 
 ```py
-secret = client.get_secret("API_KEY")
+secret = client.getSecret(options=GetSecretOptions(
+    environment="dev",
+    project_id="PROJECT_ID",
+    secret_name="API_KEY"
+))
 value = secret.secret_value # get its value
 ```
 
-By default, `get_secret()` fetches and returns a personal secret. If not found, it returns a shared secret, or tries to retrieve the value from `os.environ`. If a secret is fetched, `get_secret()` caches it to reduce excessive calls and re-fetches periodically based on the `cacheTTL` option (default is 300 seconds) when initializing the client — for more information, see the caching section.
+By default, `getSecret()` fetches and returns a shared secret. If not found, it returns a personal secret.
 
 ### Parameters
 
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
         <ParamField query="secret_name" type="string" required>
             The key of the secret to retrieve
         </ParamField>
-<ParamField query="type" type="string" default="personal" optional>
-  The type of the secret. Valid options are "shared" or "personal"
+        <ParamField query="environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="project_id" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="path" type="string" optional>
+            The path from where secret should be fetched from.
+        </ParamField>
+        <ParamField query="type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "personal".
+        </ParamField>
+        <ParamField query="include_imports" type="string" default="https://app.infisical.com" optional>
+            Whether or not to include imported secrets from the current path. Read about [secret import](/documentation/platform/secret-reference)
+        </ParamField>
+    </Expandable>
 </ParamField>
 
-### client.create_secret(secret_name, secret_value, options)
+### client.createSecret(options)
 
 ```py
-new_api_key = client.create_secret("API_KEY", "FOO");
+api_key = client.createSecret(options=CreateSecretOptions(
+    secret_name="API_KEY",
+    secret_value="Some API Key",
+    environment="dev",
+    project_id="PROJECT_ID"
+))
 ```
 
 Create a new secret in Infisical.
 
 ### Parameters
 
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
         <ParamField query="secret_name" type="string" required>
-  The key of the secret to create
+            The key of the secret to create.
         </ParamField>
         <ParamField query="secret_value" type="string" required>
-  The value of the secret to create
+            The value of the secret.
         </ParamField>
-<ParamField query="type" type="string" default="shared" optional>
-  The type of the secret. Valid options are "shared" or "personal". A personal secret can only be created if a shared secret with the same name exists.
+        <ParamField query="project_id" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="path" type="string" optional>
+            The path from where secret should be created.
+        </ParamField>
+        <ParamField query="type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
 </ParamField>
 
-### client.update_secret(secret_name, secret_value, options)
+### client.updateSecret(options)
 
 ```py
-updated_api_key = client.update_secret("API_KEY", "BAR");
+client.updateSecret(options=UpdateSecretOptions(
+    secret_name="API_KEY",
+    secret_value="NEW_VALUE",
+    environment="dev",
+    project_id="PROJECT_ID"
+))
 ```
 
 Update an existing secret in Infisical.
 
 ### Parameters
 
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
         <ParamField query="secret_name" type="string" required>
-  The key of the secret to update
+            The key of the secret to update.
         </ParamField>
         <ParamField query="secret_value" type="string" required>
-  The new value of the secret
+            The new value of the secret.
         </ParamField>
-<ParamField query="type" type="string" default="shared" optional>
-  The type of the secret. Valid options are "shared" or "personal"
+        <ParamField query="project_id" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="path" type="string" optional>
+            The path from where secret should be updated.
+        </ParamField>
+        <ParamField query="type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
 </ParamField>
 
-### client.delete_secret(secret_name, options)
+### client.deleteSecret(options)
 
 ```py
-deleted_secret = client.delete_secret("API_KEY");
+client.deleteSecret(options=DeleteSecretOptions(
+    environment="dev",
+    project_id="PROJECT_ID",
+    secret_name="API_KEY"
+))
 ```
 
 Delete a secret in Infisical.
 
 ### Parameters
 
-<ParamField query="secret_name" type="string" required>
-  The key of the secret to delete
+<ParamField query="Parameters" type="object" optional>
+    <Expandable title="properties">
+        <ParamField query="secret_name" type="string">
+            The key of the secret to update.
         </ParamField>
-<ParamField query="type" type="string" default="shared" optional>
-  The type of the secret. Valid options are "shared" or "personal"
+        <ParamField query="project_id" type="string" required>
+            The project ID where the secret lives in.
+        </ParamField>
+        <ParamField query="environment" type="string" required>
+            The slug name (dev, prod, etc) of the environment from where secrets should be fetched from.
+        </ParamField>
+        <ParamField query="path" type="string" optional>
+            The path from where secret should be deleted.
+        </ParamField>
+        <ParamField query="type" type="string" optional>
+            The type of the secret. Valid options are "shared" or "personal". If not specified, the default value is "shared".
+        </ParamField>
+    </Expandable>
 </ParamField>
-
-Follow this GitHub
-[issue](https://github.com/Infisical/infisical/issues/433) to stay updated.

docs/sdks/languages/ruby.mdx

@@ -5,5 +5,4 @@ icon: "gem"
 
 Coming soon.
 
-Follow this GitHub
-[issue](https://github.com/Infisical/infisical/issues/435) to stay updated.
+Star our GitHub repository to stay updated [cross-language SDK](https://github.com/Infisical/sdk) GitHub repository to stay updated.

docs/sdks/languages/rust.mdx

@@ -5,5 +5,4 @@ icon: "rust"
 
 Coming soon.
 
-Follow this GitHub
-[issue](https://github.com/Infisical/infisical/issues/437) to stay updated.
+Star our GitHub repository to stay updated [cross-language SDK](https://github.com/Infisical/sdk) GitHub repository to stay updated.

docs/sdks/overview.mdx

@@ -9,97 +9,25 @@ From local development to production, Infisical SDKs provide the easiest way for
 -   Fetch secrets on demand
 
 <CardGroup cols={2}>
-  <Card
-    title="Node"
-    href="https://github.com/Infisical/infisical-node"
-    icon="node"
-    color="#68a063"
-  >
+    <Card title="Node" href="/sdks/languages/node" icon="node" color="#68a063">
         Manage secrets for your Node application on demand
     </Card>
-  <Card 
-    href="https://github.com/Infisical/infisical-python" 
-    title="Python" 
-    icon="python" 
-    color="#4c8abe"
-    >
+    <Card href="/sdks/languages/python" title="Python" icon="python" color="#4c8abe">
         Manage secrets for your Python application on demand
     </Card>
-  <Card 
-    href="/sdks/languages/java" 
-    title="Java" 
-    icon="java"
-    color="#e41f23"
->
+    <Card href="/sdks/languages/java" title="Java" icon="java" color="#e41f23">
         Manage secrets for your Java application on demand
     </Card>
-  <Card
-    href="/sdks/languages/ruby"
-    title="Ruby"
-    icon="gem"
-    color="#ac0d01"
-  >
+    <Card href="/sdks/languages/ruby" title="Ruby" icon="gem" color="#ac0d01">
         Manage secrets for your Ruby application on demand
     </Card>
-  <Card
-    href="/sdks/languages/go"
-    title="Golang"
-    icon="golang"
-    color="#00add8"
-  >
+    <Card href="/sdks/languages/go" title="Golang" icon="golang" color="#00add8">
         Manage secrets for your Go application on demand
     </Card>
-  <Card
-    href="/sdks/languages/rust"
-    title="Rust"
-    icon="rust"
-    color="#cd412b"
-  >
+    <Card href="/sdks/languages/rust" title="Rust" icon="rust" color="#cd412b">
         Manage secrets for your Rust application on demand
     </Card>
-  <Card
-    href="/sdks/languages/php"
-    title="PHP"
-    icon="php"
-    color="#787cb4"
-  >
+    <Card href="/sdks/languages/php" title="PHP" icon="php" color="#787cb4">
         Manage secrets for your PHP application on demand
     </Card>
 </CardGroup>
-
-## FAQ
-
-<AccordionGroup>
-    <Accordion title="Are my secrets exposed in transit every time the SDK fetches them?">
-        No. Infisical uses end-to-end encryption which ensures that secrets are always encrypted in transit
-        and decrypted on the client side. In fact, not even the server can decrypt your secrets (unless 
-        that permission is explicitly granted from within the platform).
-
-        Check out the [security guide](/security/overview).
-    </Accordion>
-    <Accordion title="Isn't it inefficient if my app makes a request every time it needs a secret?">
-        The client SDK caches every secret and implements a 5-minute waiting period before
-        re-requesting it. The waiting period can be controlled by setting the `cacheTTL` parameter at
-        the time of initializing the client.
-    </Accordion>
-    <Accordion title="What if a request for a secret fails?">
-        The SDK caches every secret and falls back to the cached value if a request fails. If no cached
-        value ever-existed, the SDK falls back to whatever value is on `process.env`.
-    </Accordion>
-    <Accordion title="Can I still use process.env with the SDK?">
-        Yes. If no `token` parameter is passed in at the time of initializing the client or nothing is found when requesting for a secret,
-        then the SDK falls back to whatever value is on `process.env`.
-    </Accordion>
-    <Accordion title="What's the point if I still have to manage a token for the SDK?">
-        The token enables the SDK to authenticate with Infisical to fetch back your secrets.
-        Although the SDK requires you to pass in a token, it enables greater efficiency and security
-        than if you managed dozens of secrets yourself without it. Here're some benefits:
-
-        - You always pull in the right secrets because they're fetched on demand from a centralize source that is Infisical.
-        - You can use the Infisical which comes with tons of benefits like secret versioning, access controls, audit logs, etc.
-        - You now risk leaking one token that can be revoked instead of dozens of raw secrets.
-        
-        And much more.
-    </Accordion>
-    
-</AccordionGroup>

docs/self-hosting/configuration/envars.mdx

@@ -19,13 +19,12 @@ Other environment variables are listed below to increase the functionality of yo
     </ParamField>
 
     <ParamField query="MONGO_URL" type="string" default="none" required>
-  *TLS based connection string is not yet supported
+      Mongo connection string. *TLS based connection string is not yet supported
     </ParamField>
 
     <ParamField query="REDIS_URL" type="string" default="none" required>
       Redis connection string
     </ParamField>
-
   </Tab>
   <Tab title="Email service">
     <Info>When email service is not configured, Infisical will have limited functionality</Info>

docs/self-hosting/deployment-options/aws-lightsail.mdx

@@ -0,0 +1,66 @@
+---
+title: "AWS Lightsail"
+description: "Deploy Infisical with AWS Lightsail"
+---
+
+Prerequisites:
+- Have an account with [Amazon Web Services (AWS)](https://aws.amazon.com/)
+
+<Steps>
+    <Step title="Create a container service in AWS Lightsail">
+        1.1. In AWS, navigate to the **Lightsail** service and press **Create container service** under the **Containers** tab.
+        ![AWS Lightsail](/images/self-hosting/deployment-options/aws-lightsail/awsl-select-lightsail.png)
+        
+        ![AWS Lightsail create container service](/images/self-hosting/deployment-options/aws-lightsail/awsl-create-container-service.png)
+        
+        1.2. In the **Container service location** section, select the AWS region that's closest to your infrastructure. 
+        
+        Afterwards, in the **Container service capacity** section, set the power level and scale to fit your needs; you may opt for the default setting
+        and adjust accordingly in the future.
+        
+        ![AWS Lightsail container service capacity](/images/self-hosting/deployment-options/aws-lightsail/awsl-create-container-service-capacity.png)
+        
+        1.3. In the **Set up your first deployment** section, select the **Specify a custom deployment** option. Give the container a friendly name like **infisical** and fill in your intended [Infisical public Docker image](https://hub.docker.com/r/infisical/infisical) in the **Image** field; this will pull the image from Docker Hub.
+        
+        For example, in order to opt for Infisical `v0.43.4`, you would input: `infisical/infisical:v0.43.4`.
+        
+        ![AWS Lightsail container service deployment](/images/self-hosting/deployment-options/aws-lightsail/awsl-create-container-service-deployment.png)
+        
+        1.4. Running Infisical requires a few environment variables to be set for the container service.
+        At minimum, Infisical requires that you set the variables `ENCRYPTION_KEY`, `AUTH_SECRET`, `MONGO_URL`, and `REDIS_URL`
+        which you can read more about [here](/self-hosting/configuration/envars).
+        
+        In the **Environment variables** section, fill in the required environment variables.
+        
+        <Note>
+            To use more features like emailing and single sign-on, you can set additional configuration options [here](/self-hosting/configuration/envars).
+        </Note>
+        
+        Also, under the **Open ports** section, add an entry for port `8080` and protocol `HTTP` since Infisical listens on port `8080`.
+
+        ![AWS Lightsail container service environment variables](/images/self-hosting/deployment-options/aws-lightsail/awsl-create-container-service-envars.png)
+        
+        1.5. In the **Public endpoint** section, select the container from the previous steps from the dropdown; this will make the container accessible over the public internet.
+        
+        ![AWS Lightsail container service public endpoint](/images/self-hosting/deployment-options/aws-lightsail/awsl-create-container-service-public-endpoint.png)
+        
+        1.6. Finally, in the **Identify your service** section, give the container service a unique name like infisical and press **Create container service**.
+        
+        ![AWS Lightsail container service summary](/images/self-hosting/deployment-options/aws-lightsail/awsl-create-container-service-summary.png)
+    </Step>
+    <Step title="Navigate to your deployed instance of Infisical">
+        On the newly-created container service page, wait for the **Status** to turn to **Running** and check out the **Public domain** of the container service; you can access your instance of Infisical by this URL.
+        
+        ![AWS Lightsail container service overview](/images/self-hosting/deployment-options/aws-lightsail/awsl-container-service-overview.png)
+    </Step>
+</Steps>
+
+<AccordionGroup>
+  <Accordion title="Do you have any recommendations for deploying Infisical with AWS Lightsail?">
+    Yes, here are a few that come to mind:
+    - In step 1.3, we recommend pinning the Docker image to a specific [version of Infisical](https://hub.docker.com/r/infisical/infisical/tags)
+    instead of referring to the `latest` tag to avoid any unexpected version-to-version migration issues.
+  
+    We're working on putting together a fuller list of deployment best practices as well as minimum resource configuration requirements for running Infisical so stay tuned!
+  </Accordion>
+</AccordionGroup>

docs/self-hosting/deployment-options/azure-app-services.mdx

@@ -0,0 +1,71 @@
+---
+title: "Azure App Services"
+description: "Deploy Infisical with Azure App Service"
+---
+
+Prerequisites:
+    - Have an account with [Microsoft Azure](https://azure.microsoft.com/en-us)
+
+<Steps>
+    <Step title="Create a Web App in Azure App Services">
+        1.1. In Azure, navigate to the **App Services** solution and press **Create > Web App**.
+        
+        ![Azure app services](/images/self-hosting/deployment-options/azure-app-services/aas-select-app-services.png)
+        
+        ![Azure create app service](/images/self-hosting/deployment-options/azure-app-services/aas-create-app-service.png)
+        
+        1.2. In the **Basics** section, specify the **Subscription** and **Resource group** to manage the deployed resource.
+        
+        Also, give the container a friendly name like Infisical and specify a **Region** for it to be deployed to.
+        
+        ![Azure app service basics](/images/self-hosting/deployment-options/azure-app-services/aas-create-app-service-basics.png)
+        
+        1.3. In the **Docker** section, select the **Single Container** option under **Options** and specify **Docker Hub** as the image source
+        
+        Next, under the **Docker hub options** sub-section, select the **Public** option under **Access Type** and fill in your intended [Infisical public Docker image](https://hub.docker.com/r/infisical/infisical) in the **Image and tag** field; this will pull the image from Docker Hub.
+        
+        For example, in order to opt for Infisical `v0.43.4`, you would input: `infisical/infisical:v0.43.4`.
+        
+        ![Azure app service docker](/images/self-hosting/deployment-options/azure-app-services/aas-create-app-service-docker.png)
+        
+        1.4. Finally, in the **Review + create** section, double check the information from the previous steps and press **Create** to create the Azure app service.
+        
+        ![Azure app service review](/images/self-hosting/deployment-options/azure-app-services/aas-create-app-service-review.png)
+        
+        1.5. Next, wait a minute or two on the deployment overview page for the app to be created. Once the deployment is complete, press **Go to resource**
+        to head to the **App Service dashboard** for the newly-created app.
+
+        ![Azure app service deployment complete](/images/self-hosting/deployment-options/azure-app-services/aas-app-service-deployment-complete.png)
+        
+        1.6. Running Infisical requires a few environment variables to be set for the Azure app service.
+        At minimum, Infisical requires that you set the variables `ENCRYPTION_KEY`, `AUTH_SECRET`, `MONGO_URL`, and `REDIS_URL`
+        which you can read more about [here](/self-hosting/configuration/envars).
+
+        <Note>
+            To use more features like emailing and single sign-on, you can set additional configuration options [here](/self-hosting/configuration/envars).
+        </Note>
+        
+        Additionally, you must set the variable `WEBSITES_PORT=8080` since
+        Infisical listens on port `8080`.
+        
+        In the **Settings > Configuration** section of the newly-created app service, fill in the required environment variables.
+        
+        ![Azure app service deployment complete](/images/self-hosting/deployment-options/azure-app-services/aas-app-service-configuration.png)
+    </Step>
+    <Step title="Navigate to your deployed instance of Infisical">
+        In the **Overview** section, check out the **Default domain** for your instance of Infisical; you can visit the instance at this URL.
+
+        ![Azure app service deployment complete](/images/self-hosting/deployment-options/azure-app-services/aas-app-service-overview.png)
+    </Step>
+</Steps>
+
+<AccordionGroup>
+  <Accordion title="Do you have any recommendations for deploying Infisical with Azure App Services?">
+    Yes, here are a few that come to mind:
+    - In step 1.3, we recommend pinning the Docker image to a specific [version of Infisical](https://hub.docker.com/r/infisical/infisical/tags)
+    instead of referring to the `latest` tag to avoid any unexpected version-to-version migration issues.
+    - In step 1.2, we recommend selecting a **Region** option that is closest to your infrastructure/clients to reduce latency.
+  
+    We're working on putting together a fuller list of deployment best practices as well as minimum resource configuration requirements for running Infisical so stay tuned!
+  </Accordion>
+</AccordionGroup>

docs/self-hosting/deployment-options/azure-container-instances.mdx

@@ -0,0 +1,88 @@
+---
+title: "Azure Container Instances"
+description: "Deploy Infisical with Azure Container Instances"
+---
+
+Prerequisites:
+- Have an account with [Microsoft Azure](https://azure.microsoft.com/en-us)
+
+<Note>
+    This brief goes over how to deploy an instance of Infisical with Azure Container Instances without TLS/SSL configuration.
+
+    There are various options for enabling TLS/SSL with Azure Container Instances more suitable for production including:
+    - [Enabling a TLS endpoint in a sidecar container](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-group-ssl).
+    - [Enabling automatic HTTPS with Caddy in a sidecar container](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-group-automatic-ssl).
+    - Using Azure Function Proxies, Application Gateway, etc.
+
+    For a simpler deployment experience with complete TLS/SSL setup, you may try [deploying Infisical with Azure App Services](/self-hosting/deployment-options/azure-app-services).
+</Note>
+
+<Steps>
+    <Step title="Create a container instance in Azure Container Instances">
+        1.1. In Azure, navigate to the **Container Instances** solution and press **Create**.
+        
+        ![Azure container instance](/images/self-hosting/deployment-options/azure-container-instances/aci-select-container-instances.png)
+        
+        ![Azure create container instance](/images/self-hosting/deployment-options/azure-container-instances/aci-create-container-instance.png)
+        
+        1.2. In the **Basics** section, specify the **Subscription** and **Resource group** to manage the deployed resource.
+        
+        Also, give the container a friendly name like Infisical and specify a **Region** for it to be deployed to.
+
+        ![Azure container instance basics](/images/self-hosting/deployment-options/azure-container-instances/aci-create-container-instance-basics-1.png)
+        
+        Next, select the **Public** option under **Image type** and fill in your intended [Infisical public Docker image](https://hub.docker.com/r/infisical/infisical) in the **Image** field; this will pull the image from Docker Hub.
+        
+        For example, in order to opt for Infisical `v0.43.4`, you would input: `infisical/infisical:v0.43.4`.
+        
+        ![Azure container instance basics](/images/self-hosting/deployment-options/azure-container-instances/aci-create-container-instance-basics-2.png)
+        
+        <Note>
+            Depending on your use-case and requirements, you may find it helpful to further configure your Azure container instance.
+
+            For example, you may want to adjust the **Region** option to specify which region to deploy the container for your
+            instance of Infisical to minimize distance and therefore latency between the instance and your infrastructure.
+        </Note>
+        
+        1.3. In the **Networking** section, select the **Public** option under **Networking type**; this will make the container accessible over the public internet.
+        
+        Next, under the **Ports** section, add an entry for port `8080` and protocol `TCP` since Infisical listens on port `8080`.
+        
+        ![Azure container instance networking](/images/self-hosting/deployment-options/azure-container-instances/aci-create-container-instance-networking.png)
+        
+        1.4. Running Infisical requires a few environment variables to be set for the Azure container instance.
+        At minimum, Infisical requires that you set the variables `ENCRYPTION_KEY`, `AUTH_SECRET`, `MONGO_URL`, and `REDIS_URL`
+        which you can read more about [here](/self-hosting/configuration/envars).
+        
+        In the **Advanced** section, fill in the required environment variables.
+        
+        <Note>
+            To use more features like emailing and single sign-on, you can set additional configuration options [here](/self-hosting/configuration/envars).
+        </Note>
+        
+        ![Azure container instance advanced](/images/self-hosting/deployment-options/azure-container-instances/aci-create-container-instance-advanced.png)
+        
+        1.5. Finally, in the **Review + create** section, double check the information from the previous steps and press **Create** to create the Azure container instance.
+
+        ![Azure container instance review](/images/self-hosting/deployment-options/azure-container-instances/aci-create-container-instance-review.png)
+    </Step>
+    <Step title="Navigate to your deployed instance of Infisical">
+        Head to the **Overview** page of the newly-created container instance to view its **IP address (Public)**; you can access your instance of Infisical by this IP address under the port `:8080`. 
+        
+        For example, in the image below, the IP address of the sample deployed container instance is `4.255.87.109`; the instance would be accessible in the browser by heading to `4.255.87.109:8080`.
+
+        ![Azure container instance overview](/images/self-hosting/deployment-options/azure-container-instances/aci-container-instance-overview.png)
+    </Step>
+</Steps>
+
+<AccordionGroup>
+  <Accordion title="Do you have any recommendations for deploying Infisical with Azure Container Instances?">
+    Yes, here are a few that come to mind:
+    - In step 1.2, we recommend pinning the Docker image to a specific [version of Infisical](https://hub.docker.com/r/infisical/infisical/tags)
+    instead of referring to the `latest` tag to avoid any unexpected version-to-version migration issues.
+    - In step 1.2, we recommend selecting a **Region** option that is closest to your infrastructure/clients to reduce latency.
+    - Enable TLS/SSL with Azure Container Instances. There are various options for doing so including [enabling a TLS endpoint in a sidecar container](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-group-ssl), [enabling automatic HTTPS with Caddy in a sidecar container](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-group-automatic-ssl), and using Azure Function Proxies, Application Gateway, etc.
+  
+    We're working on putting together a fuller list of deployment best practices as well as minimum resource configuration requirements for running Infisical so stay tuned!
+  </Accordion>
+</AccordionGroup>

docs/self-hosting/deployment-options/docker-compose.mdx

@@ -1,51 +1,54 @@
 ---
 title: "Docker Compose"
-description: "Learn to install Infisical using our Docker Compose template"
+description: "Run Infisical with Docker Compose template"
 ---
 
-## Install Docker on your VM
-
+<Steps>
+  <Step title="Install Docker on your VM">
     ```bash
     # Example in ubuntu
     apt-get update
     apt-get upgrade
     apt install docker-compose
     ```
-
-## Download the required files
+  </Step>
+  <Step title="Download required files">
+    2.1. Run the command below to download the `.env` file template.
     
     ```bash
-# Download env file template
     wget -O .env https://raw.githubusercontent.com/Infisical/infisical/main/.env.example
+    ```
     
-# Download docker compose template
+    2.2. Run the command below to download the docker compose template.
+    
+    ```bash
     wget -O docker-compose.yml https://raw.githubusercontent.com/Infisical/infisical/main/docker-compose.yml
+    ```
     
-# Download nginx config
+    2.3. Run the command below to download the `nginx` config file.
+    
+    ```bash
     mkdir nginx && wget -O ./nginx/default.conf https://raw.githubusercontent.com/Infisical/infisical/main/nginx/default.dev.conf
     ```
   
-## Update .env file 
-Tweak the `.env` according to your preferences. Refer to the available [environment variables](/self-hosting/configuration/envars)
+  </Step>
+  <Step title="Update the .env file">
+    Running Infisical requires a few environment variables to be set.
+    At minimum, Infisical requires that you set the variables `ENCRYPTION_KEY`, `AUTH_SECRET`, `MONGO_URL`, and `REDIS_URL` which you can read more about [here](/self-hosting/configuration/envars).
+
+    Tweak the `.env` accordingly.
 
     ```bash
-# update environment variables like mongo login
     nano .env
     ```
-
-<Info>
-  Infisical assumes that you have configured HTTPS. If you didn't configure HTTPS, set `HTTPS_ENABLED` to `false` in the .env file to avoid frequent logouts.
-</Info>
-
-## Get the service up and running
+  </Step>
+  <Step title="Start Infisical">
+    Finally, run the command below to get Infisical up and running (in detached mode).
 
     ```bash
-# Start up services in detached mode
     docker-compose -f docker-compose.yml up -d
     ```
 
-Your Infisical installation is complete and should be running on [http://localhost:80](http://localhost:80). Please note that the containers are not exposed to the internet and only bind to the localhost. It's up to you to configure a firewall, SSL certificates, and implement any additional security measures.
-
-<Info>
-Once installation is complete, you will have to create the first account. No default account is provided.
-</Info>
+    Your Infisical installation is complete and should be running on port `80` or `http://localhost:80`.
+  </Step>
+</Steps>

docs/self-hosting/deployment-options/fly.io.mdx

@@ -1,63 +1,108 @@
 ---
 title: "Fly.io"
-description: "Learn to install Infisical on Fly.io"
+description: "Deploy Infisical with Fly.io"
 ---
 
-**Prerequisites**
-- Familiar with Fly.io deployment 
-- Logged in via fly CLI
+Prerequisites:
+- Have an account with [Fly.io](https://fly.io/)
+- Have installed the [Fly.io CLI](https://fly.io/docs/hands-on/install-flyctl/)
 
-#### 1. Make a copy of the deployment config
-To begin, you'll to make a copy of the following file on your local machine
+<Steps>
+  <Step title="Create an app with Fly.io">
+    In your terminal, run the following command from the source directory of your project to create a new Fly.io app
+    with a `fly.toml` configuration file:
     
-```toml fly.toml 
-# fly.toml app configuration file generated for infisical on 2023-05-05T08:57:03-04:00
-#
-# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
-#
-
-app = "infisical"
-primary_region = "iad"
+    ```
+    fly launch
+    ```
+  </Step>
+  <Step title="Edit the fly.toml configuration file">
+    Add a **build** section to the `fly.toml` file to specify the [Infisical public Docker image](https://hub.docker.com/r/infisical/infisical):
 
+    ```
     [build]                                                                         
-  image = "infisical/infisical:latest"
+    image = "infisical/infisical:v0.43.4"
+    ```
 
-[env]
-  ENCRYPTION_KEY = <>
-  JWT_AUTH_SECRET = <>
-  JWT_REFRESH_SECRET = <>
-  JWT_SERVICE_SECRET = <>
-  JWT_SIGNUP_SECRET = <>
-  MONGO_URL = <>
+    Afterwards, your `fly.toml` file should look similar to:
+
+    ```
+    app = "infisical"
+    primary_region = "lax"
 
     [http_service]
     internal_port = 8080
+    force_https = true
+    auto_stop_machines = true
+    auto_start_machines = true
+    min_machines_running = 0
+    processes = ["app"]
 
+    [[vm]]
+    cpu_kind = "shared"
+    cpus = 1
+    memory_mb = 1024
+
+    [build]
+    image = "infisical/infisical:v0.43.4"
     ```
     
-#### 2. Add environment variables
+    <Note>
+      Depending on your use-case and requirements, you may find it helpful to further configure your `fly.toml` file
+      with options [here](https://fly.io/docs/reference/configuration/).
 
-Before we can deploy Infisical, we'll need to provide values for the keys under `[env]` config block. For each of the following keys
+      For example, you may want to adjust the `primary-region` option to specify which [region](https://fly.io/docs/reference/regions/) to create the new machine for your
+      instance of Infisical to minimize distance and therefore latency between the instance and your infrastructure.
+    </Note>
     
-- `ENCRYPTION_KEY`
-- `JWT_AUTH_SECRET`
-- `JWT_REFRESH_SECRET`
-- `JWT_SERVICE_SECRET`
-- `JWT_SIGNUP_SECRET`
+  </Step>
+  <Step title="Set secrets for your Fly.io app">
+    Running Infisical requires a few environment variables to be set on the Fly.io machine.
+    At minimum, Infisical requires that you set the variables `ENCRYPTION_KEY`, `AUTH_SECRET`, `MONGO_URL`, and `REDIS_URL`
+    which you can read more about [here](/self-hosting/configuration/envars).
     
-you will need to generate a random 16 byte hex string. This can can be generated with `openssl rand -hex 16`. 
+    For this step, we recommend setting the variables as Fly.io [app secrets](https://fly.io/docs/reference/secrets/) which 
+    are made available to the app as environment variables. You can set the variables either via the Fly.io CLI or project [dashboard](https://fly.io/dashboard).
     
+    <Tabs>
+      <Tab title="CLI">
+        Run the following command (with each `VALUE` replaced) in the source directory of your project to set the required variables:
 
-Lastly, the `MONGO_URL` environment variable requires a document database connection URL. 
-You can obtain this URL by creating a document database using services such as [MongoDB](https://www.mongodb.com/), [AWS DocumentDB](https://aws.amazon.com/documentdb/), and others.
+        ```
+        flyctl secrets set ENCRYPTION_KEY=VALUE AUTH_SECRET=VALUE MONGO_URL=VALUE REDIS_URL=VALUE...
+        ```
+      </Tab>
+      <Tab title="Dashboard">
+        In Fly.io, head to your Project > Secrets and add the required variables.
 
-#### 3. Deploy
+        ![Fly.io deployment secrets](/images/self-hosting/deployment-options/flyio/flyio-secrets.png)
+      </Tab>
+    </Tabs>
     
-Run `fly launch` in the directory where you have the local version of config from step 1 and follow the instructions. 
-Once done, your very own instance of Infisical should be up and running on Fly.io.
+    <Note>
+      To use more features like emailing and single sign-on, you can set additional configuration options [here](/self-hosting/configuration/envars).
+    </Note>
+  </Step>
+  <Step title="Deploy the Fly.io app">
+    Finally, run the following command in the source directory of your project to deploy your Infisical instance on Fly.io
+    with the updated `fly.toml` configuration file from step 2 and secrets from step 3:
 
-Please note that this version of Infisical requires at least 250MB of memory to operate smoothly.
+    ```
+    fly deploy
+    ```
+  </Step>
+</Steps>
 
-<Info>
-Once installation is complete, you will have to create the first account. No default account is provided.
-</Info>
+<AccordionGroup>
+  <Accordion title="Do you have any recommendations for deploying Infisical with Fly.io?">
+    Yes, here are a few that come to mind:
+    - In step 2, we recommend pinning the Docker image to a specific [version of Infisical](https://hub.docker.com/r/infisical/infisical/tags)
+    instead of referring to the `latest` tag to avoid any unexpected version-to-version migration issues.
+    - In step 2, we recommend selecting a `primary_region` option that is closest to your infrastructure/clients to reduce latency; a full list of regions supported by Fly.io can be found [here](https://fly.io/docs/reference/regions/).
+  
+    We're working on putting together a fuller list of deployment best practices as well as minimum resource configuration requirements for running Infisical so stay tuned!
+  </Accordion>
+</AccordionGroup>
+
+Resources:
+- [Fly.io documentation](https://fly.io/docs/)

docs/self-hosting/deployment-options/gcp-cloud-run.mdx

@@ -0,0 +1,67 @@
+---
+title: "GCP Cloud Run"
+description: "Deploy Infisical with GCP Cloud Run"
+---
+
+Prerequisites:
+- Have an account with [Google Cloud Platform (GCP)](https://cloud.google.com/)
+
+<Steps>
+    <Step title="Create a project in GCP">
+        In GCP, create a new project and give it a friendly name like Infisical.
+
+        ![GCP create project](/images/self-hosting/deployment-options/gcp-cloud-run/gcp-cloud-run-create-project.png)
+
+        ![GCP create project](/images/self-hosting/deployment-options/gcp-cloud-run/gcp-cloud-run-create-project-2.png)
+    </Step>
+    <Step title="Create a service in GCP Cloud Run">
+        2.1. Inside the GCP project, navigate to the **Cloud Run** product and create a new service.
+        
+        ![GCP Cloud Run](/images/self-hosting/deployment-options/gcp-cloud-run/gcp-cloud-run-select-cloud-run.png)
+
+        ![GCP Cloud Run create service](/images/self-hosting/deployment-options/gcp-cloud-run/gcp-cloud-run-create-service.png)
+        
+        2.2. In the service creation form, select the **Deploy one revision from an existing container image** option and fill in your intended [Infisical public Docker image](https://hub.docker.com/r/infisical/infisical) in the container image URL.
+
+        For example, in order to opt for Infisical `v0.43.4`, you would input: `docker.io/infisical/infisical:v0.43.4`.
+        
+        ![GCP Cloud Run create service docker image specification](/images/self-hosting/deployment-options/gcp-cloud-run/gcp-cloud-run-create-service-docker-image.png)
+
+        2.3. Running Infisical requires a few environment variables to be set for the GCP Cloud Run service.
+        At minimum, Infisical requires that you set the variables `ENCRYPTION_KEY`, `AUTH_SECRET`, `MONGO_URL`, and `REDIS_URL`
+        which you can read more about [here](/self-hosting/configuration/envars).
+        
+        For this step, fill in the required environment variables in the Edit Container > Variables & Secrets > Environment variables section.
+        
+        <Note>
+            To use more features like emailing and single sign-on, you can set additional configuration options [here](/self-hosting/configuration/envars).
+        </Note>
+
+        ![GCP Cloud Run create service environment variable specification](/images/self-hosting/deployment-options/gcp-cloud-run/gcp-cloud-run-create-service-envars.png)
+
+        <Note>
+            Depending on your use-case and requirements, you may find it helpful to further configure your GCP Cloud Run service.
+
+            For example, you may want to adjust the **Region** option to specify which region to deploy the underlying container for your
+            instance of Infisical to minimize distance and therefore latency between the instance and your infrastructure.
+        </Note>
+
+        Finally, press **Create** to finish setting up the GCP Cloud Run service.
+    </Step>
+    <Step title="Navigate to your deployed instance of Infisical">
+        Head to the **Service details** of the newly-created service to view its URL; you can access your instance of Infisical by clicking on the URL.
+        
+        ![GCP Cloud Run service details](/images/self-hosting/deployment-options/gcp-cloud-run/gcp-cloud-run-service-details.png)
+    </Step>
+</Steps>
+
+<AccordionGroup>
+  <Accordion title="Do you have any recommendations for deploying Infisical with GCP Cloud Run?">
+    Yes, here are a few that come to mind:
+    - In step 2, we recommend pinning the Docker image to a specific [version of Infisical](https://hub.docker.com/r/infisical/infisical/tags)
+    instead of referring to the `latest` tag to avoid any unexpected version-to-version migration issues.
+    - In step 2, we recommend selecting a **Region** option that is closest to your infrastructure/clients to reduce latency.
+  
+    We're working on putting together a fuller list of deployment best practices as well as minimum resource configuration requirements for running Infisical so stay tuned!
+  </Accordion>
+</AccordionGroup>

docs/self-hosting/deployment-options/kubernetes-helm.mdx

@@ -161,4 +161,3 @@ Once installation is complete, you will have to create the first account. No def
 
 ## Related blogs
 - [Set up Infisical in a development cluster](https://iamunnip.hashnode.dev/infisical-open-source-secretops-kubernetes-setup)
-- [Set up Infisical in AKS using ArgoCD + Helm and integrate with an application using kustomize](https://mrdevops.medium.com/infisical-open-source-secretops-apply-it-using-gitops-approach-245f57fcd67e)

docs/self-hosting/deployment-options/railway.mdx

@@ -0,0 +1,61 @@
+---
+title: "Railway"
+description: "Deploy Infisical with Railway"
+---
+
+Prerequisites:
+- Have an account with [Railway](https://railway.app/)
+
+<Steps>
+    <Step title="Deploy the Infisical template with Railway">
+        1.1. In Railway, create a new project and select **Deploy a template > Infisical**.
+        
+        ![Railway create project](/images/self-hosting/deployment-options/railway/railway-create-project.png)
+
+        ![Railway deploy template](/images/self-hosting/deployment-options/railway/railway-deploy-template.png)
+
+        ![Railway deploy template infisical](/images/self-hosting/deployment-options/railway/railway-deploy-template-infisical.png)
+        
+        ![Railway template overview](/images/self-hosting/deployment-options/railway/railway-template-overview.png)
+
+        1.2. At minimum, Infisical requires that you set the variables `ENCRYPTION_KEY`, `AUTH_SECRET`, `MONGO_URL`, and `REDIS_URL`
+        which you can read more about [here](/self-hosting/configuration/envars).
+        
+        By default, the Infisical template on Railway pre-configures environment variables on each service in the deployment but requires you to supply two for the Redis and MongoDB services.
+        
+        On the MongoDB service, supply a value for the `MONGO_INITDB_ROOT_PASSWORD` variable.
+        
+        ![Railway template MongoDB configuration](/images/self-hosting/deployment-options/railway/railway-template-mongodb.png)
+        
+        On the Redis service, supply a value for the `REDIS_PASSWORD` variable.
+        
+        ![Railway template Redis configuration](/images/self-hosting/deployment-options/railway/railway-template-redis.png)
+        
+        ![Railway template Redis configuration](/images/self-hosting/deployment-options/railway/railway-template-redis.png)
+        
+        <Note>
+            To use more features like emailing and single sign-on, you can set additional configuration options on the Infisical service [here](/self-hosting/configuration/envars).
+        </Note>
+        
+        Finally, press **Deploy** to create the project and deploy the services within it.
+        
+        ![Railway template Infisical configuration](/images/self-hosting/deployment-options/railway/railway-template-infisical.png)
+        
+        ![Railway Infisical architecture](/images/self-hosting/deployment-options/railway/railway-infisical-architecture.png)
+    </Step>
+    <Step title="Navigate to your deployed instance of Infisical">
+        Head to the newly-created Infisical service to view its URL under Networking > Public Networking; you can access your instance of Infisical by clicking on the URL.
+        
+        ![Railway Infisical service](/images/self-hosting/deployment-options/railway/railway-infisical-service.png)
+    </Step>
+</Steps>
+
+<AccordionGroup>
+  <Accordion title="Do you have any recommendations for deploying Infisical with Railway?">
+    Yes, here are a few that come to mind:
+    - While the Infisical template on Railway uses the `latest` tag to get the latest version of Infisical, we recommend creating a Railway deployment that pins the Docker image to a specific [version of Infisical](https://hub.docker.com/r/infisical/infisical/tags) to avoid any unexpected version-to-version migration issues.
+    - We recommend selecting **Deployment region** options for your Railway service deployments to be closest to your infrastructure/clients to reduce latency.
+  
+    We're working on putting together a fuller list of deployment best practices as well as minimum resource configuration requirements for running Infisical so stay tuned!
+  </Accordion>
+</AccordionGroup>