update old local dev docs

2025-07-05 04:29:09 +00:00 · 2024-02-27 01:01:17 -05:00
119 changed files with 299 additions and 931 deletions
--- a/.github/values.yaml
+++ b/.github/values.yaml
@ -13,10 +13,11 @@ fullnameOverride: ""
 ##
 infisical:
-  autoDatabaseSchemaMigration: false
+  ## @param backend.enabled Enable backend
-  
+  ##
  enabled: false
-
+  ## @param backend.name Backend name
  ##
  name: infisical
  replicaCount: 3
  image:
@ -49,9 +50,3 @@ ingress:
    - secretName: letsencrypt-prod
      hosts:
        - gamma.infisical.com
 postgresql:
  enabled: false
 redis:
  enabled: false
--- a/2
+++ b/2
@ -11,4 +11,4 @@ up-prod:
 	docker-compose -f docker-compose.prod.yml up --build
 down:
-	docker compose -f docker-compose.dev.yml down
+	docker-compose down
--- a/backend/e2e-test/mocks/keystore.ts
+++ b/backend/e2e-test/mocks/keystore.ts
@ -1,30 +0,0 @@
 import { TKeyStoreFactory } from "@app/keystore/keystore";
 export const mockKeyStore = (): TKeyStoreFactory => {
  const store: Record<string, string | number | Buffer> = {};
  return {
    setItem: async (key, value) => {
      store[key] = value;
      return "OK";
    },
    setItemWithExpiry: async (key, value) => {
      store[key] = value;
      return "OK";
    },
    deleteItem: async (key) => {
      delete store[key];
      return 1;
    },
    getItem: async (key) => {
      const value = store[key];
      if (typeof value === "string") {
        return value;
      }
      return null;
    },
    incrementBy: async () => {
      return 1;
    }
  };
 };
--- a/backend/e2e-test/vitest-environment-knex.ts
+++ b/backend/e2e-test/vitest-environment-knex.ts
@ -14,7 +14,6 @@ import { AuthTokenType } from "@app/services/auth/auth-type";
 import { mockQueue } from "./mocks/queue";
 import { mockSmtpServer } from "./mocks/smtp";
 import { mockKeyStore } from "./mocks/keystore";
 dotenv.config({ path: path.join(__dirname, "../../.env.test"), debug: true });
 export default {
@ -42,8 +41,7 @@ export default {
      await db.seed.run();
      const smtp = mockSmtpServer();
      const queue = mockQueue();
-      const keyStore = mockKeyStore();
+      const server = await main({ db, smtp, logger, queue });
      const server = await main({ db, smtp, logger, queue, keyStore });
      // @ts-expect-error type
      globalThis.testServer = server;
      // @ts-expect-error type
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@ -11,7 +11,7 @@
      "dependencies": {
        "@aws-sdk/client-secrets-manager": "^3.504.0",
        "@casl/ability": "^6.5.0",
-        "@fastify/cookie": "^9.3.1",
+        "@fastify/cookie": "^9.2.0",
        "@fastify/cors": "^8.5.0",
        "@fastify/etag": "^5.1.0",
        "@fastify/formbody": "^7.4.0",
@ -29,11 +29,11 @@
        "@ucast/mongo2js": "^1.3.4",
        "ajv": "^8.12.0",
        "argon2": "^0.31.2",
-        "aws-sdk": "^2.1553.0",
+        "aws-sdk": "^2.1549.0",
        "axios": "^1.6.7",
        "axios-retry": "^4.0.0",
        "bcrypt": "^5.1.1",
-        "bullmq": "^5.3.3",
+        "bullmq": "^5.1.6",
        "dotenv": "^16.4.1",
        "fastify": "^4.26.0",
        "fastify-plugin": "^4.5.1",
@ -1687,9 +1687,9 @@
      }
    },
    "node_modules/@fastify/cookie": {
-      "version": "9.3.1",
+      "version": "9.2.0",
-      "resolved": "https://registry.npmjs.org/@fastify/cookie/-/cookie-9.3.1.tgz",
+      "resolved": "https://registry.npmjs.org/@fastify/cookie/-/cookie-9.2.0.tgz",
-      "integrity": "sha512-h1NAEhB266+ZbZ0e9qUE6NnNR07i7DnNXWG9VbbZ8uC6O/hxHpl+Zoe5sw1yfdZ2U6XhToUGDnzQtWJdCaPwfg==",
+      "integrity": "sha512-fkg1yjjQRHPFAxSHeLC8CqYuNzvR6Lwlj/KjrzQcGjNBK+K82nW+UfCjfN71g1GkoVoc1GTOgIWkFJpcMfMkHQ==",
      "dependencies": {
        "cookie-signature": "^1.1.0",
        "fastify-plugin": "^4.0.0"
@ -2193,6 +2193,7 @@
      "version": "2.1.5",
      "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
      "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
      "dev": true,
      "dependencies": {
        "@nodelib/fs.stat": "2.0.5",
        "run-parallel": "^1.1.9"
@ -2205,6 +2206,7 @@
      "version": "2.0.5",
      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
      "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
      "dev": true,
      "engines": {
        "node": ">= 8"
      }
@ -2213,6 +2215,7 @@
      "version": "1.2.8",
      "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
      "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
      "dev": true,
      "dependencies": {
        "@nodelib/fs.scandir": "2.1.5",
        "fastq": "^1.6.0"
@ -5186,9 +5189,9 @@
      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
    },
    "node_modules/aws-sdk": {
-      "version": "2.1553.0",
+      "version": "2.1549.0",
-      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1553.0.tgz",
+      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1549.0.tgz",
-      "integrity": "sha512-CfZaw8dR9e642aBOeFhkFL7KoQApeLR15uH2IQqfL/12snWYayAAesYh0tEaU+XbhrH0CUsf2Zro5IraEXEZMg==",
+      "integrity": "sha512-SoVfrrV3A2mxH+NV2tA0eMtG301glhewvhL3Ob4107qLWjvwjy/CoWLclMLmfXniTGxbI8tsgN0r5mLZUKey3Q==",
      "dependencies": {
        "buffer": "4.9.2",
        "events": "1.1.1",
@ -5439,6 +5442,7 @@
      "version": "3.0.2",
      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
      "dev": true,
      "dependencies": {
        "fill-range": "^7.0.1"
      },
@ -5488,15 +5492,14 @@
      }
    },
    "node_modules/bullmq": {
-      "version": "5.3.3",
+      "version": "5.1.6",
-      "resolved": "https://registry.npmjs.org/bullmq/-/bullmq-5.3.3.tgz",
+      "resolved": "https://registry.npmjs.org/bullmq/-/bullmq-5.1.6.tgz",
-      "integrity": "sha512-Gc/68HxiCHLMPBiGIqtINxcf8HER/5wvBYMY/6x3tFejlvldUBFaAErMTLDv4TnPsTyzNPrfBKmFCEM58uVnJg==",
+      "integrity": "sha512-VkLfig+xm4U3hc4QChzuuAy0NGQ9dfPB8o54hmcZHCX9ofp0Zn6bEY+W3Ytkk76eYwPAgXfywDBlAb2Unjl1Rg==",
      "dependencies": {
        "cron-parser": "^4.6.0",
-        "fast-glob": "^3.3.2",
+        "glob": "^8.0.3",
        "ioredis": "^5.3.2",
        "lodash": "^4.17.21",
        "minimatch": "^9.0.3",
        "msgpackr": "^1.10.1",
        "node-abort-controller": "^3.1.1",
        "semver": "^7.5.4",
@ -5504,28 +5507,6 @@
        "uuid": "^9.0.0"
      }
    },
    "node_modules/bullmq/node_modules/brace-expansion": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
      "dependencies": {
        "balanced-match": "^1.0.0"
      }
    },
    "node_modules/bullmq/node_modules/minimatch": {
      "version": "9.0.3",
      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz",
      "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==",
      "dependencies": {
        "brace-expansion": "^2.0.1"
      },
      "engines": {
        "node": ">=16 || 14 >=14.17"
      },
      "funding": {
        "url": "https://github.com/sponsors/isaacs"
      }
    },
    "node_modules/bundle-require": {
      "version": "4.0.2",
      "resolved": "https://registry.npmjs.org/bundle-require/-/bundle-require-4.0.2.tgz",
@ -6925,6 +6906,7 @@
      "version": "3.3.2",
      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz",
      "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==",
      "dev": true,
      "dependencies": {
        "@nodelib/fs.stat": "^2.0.2",
        "@nodelib/fs.walk": "^1.2.3",
@ -7076,6 +7058,7 @@
      "version": "7.0.1",
      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
      "dev": true,
      "dependencies": {
        "to-regex-range": "^5.0.1"
      },
@ -7527,6 +7510,7 @@
      "version": "5.1.2",
      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
      "dev": true,
      "dependencies": {
        "is-glob": "^4.0.1"
      },
@ -8127,6 +8111,7 @@
      "version": "2.1.1",
      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
      "dev": true,
      "engines": {
        "node": ">=0.10.0"
      }
@ -8157,6 +8142,7 @@
      "version": "4.0.3",
      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
      "dev": true,
      "dependencies": {
        "is-extglob": "^2.1.1"
      },
@ -8191,6 +8177,7 @@
      "version": "7.0.0",
      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
      "dev": true,
      "engines": {
        "node": ">=0.12.0"
      }
@ -8947,6 +8934,7 @@
      "version": "1.4.1",
      "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz",
      "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==",
      "dev": true,
      "engines": {
        "node": ">= 8"
      }
@ -8963,6 +8951,7 @@
      "version": "4.0.5",
      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz",
      "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==",
      "dev": true,
      "dependencies": {
        "braces": "^3.0.2",
        "picomatch": "^2.3.1"
@ -8975,6 +8964,7 @@
      "version": "2.3.1",
      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
      "dev": true,
      "engines": {
        "node": ">=8.6"
      },
@ -10567,6 +10557,7 @@
      "version": "1.2.3",
      "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
      "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==",
      "dev": true,
      "funding": [
        {
          "type": "github",
@ -10913,6 +10904,7 @@
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz",
      "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==",
      "dev": true,
      "funding": [
        {
          "type": "github",
@ -11713,6 +11705,7 @@
      "version": "5.0.1",
      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
      "dev": true,
      "dependencies": {
        "is-number": "^7.0.0"
      },
--- a/backend/package.json
+++ b/backend/package.json
@ -72,7 +72,7 @@
  "dependencies": {
    "@aws-sdk/client-secrets-manager": "^3.504.0",
    "@casl/ability": "^6.5.0",
-    "@fastify/cookie": "^9.3.1",
+    "@fastify/cookie": "^9.2.0",
    "@fastify/cors": "^8.5.0",
    "@fastify/etag": "^5.1.0",
    "@fastify/formbody": "^7.4.0",
@ -90,11 +90,11 @@
    "@ucast/mongo2js": "^1.3.4",
    "ajv": "^8.12.0",
    "argon2": "^0.31.2",
-    "aws-sdk": "^2.1553.0",
+    "aws-sdk": "^2.1549.0",
    "axios": "^1.6.7",
    "axios-retry": "^4.0.0",
    "bcrypt": "^5.1.1",
-    "bullmq": "^5.3.3",
+    "bullmq": "^5.1.6",
    "dotenv": "^16.4.1",
    "fastify": "^4.26.0",
    "fastify-plugin": "^4.5.1",
--- a/backend/scripts/generate-schema-types.ts
+++ b/backend/scripts/generate-schema-types.ts
@ -44,7 +44,7 @@ const getZodDefaultValue = (type: unknown, value: string | number | boolean | Ob
  if (!value || value === "null") return;
  switch (type) {
    case "uuid":
-      return `.default("00000000-0000-0000-0000-000000000000")`;
+      return;
    case "character varying": {
      if (value === "gen_random_uuid()") return;
      if (typeof value === "string" && value.includes("::")) {
@ -100,8 +100,7 @@ const main = async () => {
      const columnName = columnNames[colNum];
      const colInfo = columns[columnName];
      let ztype = getZodPrimitiveType(colInfo.type);
-      // don't put optional on id
+      if (colInfo.defaultValue) {
      if (colInfo.defaultValue && columnName !== "id") {
        const { defaultValue } = colInfo;
        const zSchema = getZodDefaultValue(colInfo.type, defaultValue);
        if (zSchema) {
@ -121,7 +120,6 @@ const main = async () => {
      .split("_")
      .reduce((prev, curr) => prev + `${curr.at(0)?.toUpperCase()}${curr.slice(1).toLowerCase()}`, "");
    // the insert and update are changed to zod input type to use default cases
    writeFileSync(
      path.join(__dirname, "../src/db/schemas", `${dashcase}.ts`),
      `// Code generated by automation script, DO NOT EDIT.
@ -136,8 +134,8 @@ import { TImmutableDBKeys } from "./models";
 export const ${pascalCase}Schema = z.object({${schema}});
 export type T${pascalCase} = z.infer<typeof ${pascalCase}Schema>;
-export type T${pascalCase}Insert = Omit<z.input<typeof ${pascalCase}Schema>, TImmutableDBKeys>;
+export type T${pascalCase}Insert = Omit<T${pascalCase}, TImmutableDBKeys>;
-export type T${pascalCase}Update = Partial<Omit<z.input<typeof ${pascalCase}Schema>, TImmutableDBKeys>>;
+export type T${pascalCase}Update = Partial<Omit<T${pascalCase}, TImmutableDBKeys>>;
 `
    );
  }
--- a/backend/src/cache/redis.ts
+++ b/backend/src/cache/redis.ts
@ -0,0 +1,6 @@
 import Redis from "ioredis";
 export const initRedisConnection = (redisUrl: string) => {
  const redis = new Redis(redisUrl);
  return redis;
 };
--- a/backend/src/db/migrations/20240226094411_instance-id.ts
+++ b/backend/src/db/migrations/20240226094411_instance-id.ts
@ -1,31 +0,0 @@
 // eslint-disable-next-line @typescript-eslint/ban-ts-comment
 // @ts-nocheck
 import { Knex } from "knex";
 import { TableName } from "../schemas";
 const ADMIN_CONFIG_UUID = "00000000-0000-0000-0000-000000000000";
 export async function up(knex: Knex): Promise<void> {
  await knex.schema.alterTable(TableName.SuperAdmin, (t) => {
    t.uuid("instanceId").notNullable().defaultTo(knex.fn.uuid());
  });
  // eslint-disable-next-line
  await knex(TableName.SuperAdmin)
    .update({ id: ADMIN_CONFIG_UUID })
    .whereNotNull("id")
    .andWhere("id", "<>", ADMIN_CONFIG_UUID)
    .limit(1);
  const superUserConfigExists = await knex(TableName.SuperAdmin).where("id", ADMIN_CONFIG_UUID).first();
  if (!superUserConfigExists) {
    await knex(TableName.SuperAdmin).update({ id: ADMIN_CONFIG_UUID }).whereNotNull("id").limit(1);
  }
 }
 export async function down(knex: Knex): Promise<void> {
  await knex.schema.alterTable(TableName.SuperAdmin, (t) => {
    t.dropColumn("instanceId");
  });
 }
--- a/backend/src/db/schemas/api-keys.ts
+++ b/backend/src/db/schemas/api-keys.ts
@ -19,5 +19,5 @@ export const ApiKeysSchema = z.object({
 });
 export type TApiKeys = z.infer<typeof ApiKeysSchema>;
-export type TApiKeysInsert = Omit<z.input<typeof ApiKeysSchema>, TImmutableDBKeys>;
+export type TApiKeysInsert = Omit<TApiKeys, TImmutableDBKeys>;
-export type TApiKeysUpdate = Partial<Omit<z.input<typeof ApiKeysSchema>, TImmutableDBKeys>>;
+export type TApiKeysUpdate = Partial<Omit<TApiKeys, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/audit-logs.ts
+++ b/backend/src/db/schemas/audit-logs.ts
@ -24,5 +24,5 @@ export const AuditLogsSchema = z.object({
 });
 export type TAuditLogs = z.infer<typeof AuditLogsSchema>;
-export type TAuditLogsInsert = Omit<z.input<typeof AuditLogsSchema>, TImmutableDBKeys>;
+export type TAuditLogsInsert = Omit<TAuditLogs, TImmutableDBKeys>;
-export type TAuditLogsUpdate = Partial<Omit<z.input<typeof AuditLogsSchema>, TImmutableDBKeys>>;
+export type TAuditLogsUpdate = Partial<Omit<TAuditLogs, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/auth-token-sessions.ts
+++ b/backend/src/db/schemas/auth-token-sessions.ts
@ -20,5 +20,5 @@ export const AuthTokenSessionsSchema = z.object({
 });
 export type TAuthTokenSessions = z.infer<typeof AuthTokenSessionsSchema>;
-export type TAuthTokenSessionsInsert = Omit<z.input<typeof AuthTokenSessionsSchema>, TImmutableDBKeys>;
+export type TAuthTokenSessionsInsert = Omit<TAuthTokenSessions, TImmutableDBKeys>;
-export type TAuthTokenSessionsUpdate = Partial<Omit<z.input<typeof AuthTokenSessionsSchema>, TImmutableDBKeys>>;
+export type TAuthTokenSessionsUpdate = Partial<Omit<TAuthTokenSessions, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/auth-tokens.ts
+++ b/backend/src/db/schemas/auth-tokens.ts
@ -21,5 +21,5 @@ export const AuthTokensSchema = z.object({
 });
 export type TAuthTokens = z.infer<typeof AuthTokensSchema>;
-export type TAuthTokensInsert = Omit<z.input<typeof AuthTokensSchema>, TImmutableDBKeys>;
+export type TAuthTokensInsert = Omit<TAuthTokens, TImmutableDBKeys>;
-export type TAuthTokensUpdate = Partial<Omit<z.input<typeof AuthTokensSchema>, TImmutableDBKeys>>;
+export type TAuthTokensUpdate = Partial<Omit<TAuthTokens, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/backup-private-key.ts
+++ b/backend/src/db/schemas/backup-private-key.ts
@ -22,5 +22,5 @@ export const BackupPrivateKeySchema = z.object({
 });
 export type TBackupPrivateKey = z.infer<typeof BackupPrivateKeySchema>;
-export type TBackupPrivateKeyInsert = Omit<z.input<typeof BackupPrivateKeySchema>, TImmutableDBKeys>;
+export type TBackupPrivateKeyInsert = Omit<TBackupPrivateKey, TImmutableDBKeys>;
-export type TBackupPrivateKeyUpdate = Partial<Omit<z.input<typeof BackupPrivateKeySchema>, TImmutableDBKeys>>;
+export type TBackupPrivateKeyUpdate = Partial<Omit<TBackupPrivateKey, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/git-app-install-sessions.ts
+++ b/backend/src/db/schemas/git-app-install-sessions.ts
@ -17,5 +17,5 @@ export const GitAppInstallSessionsSchema = z.object({
 });
 export type TGitAppInstallSessions = z.infer<typeof GitAppInstallSessionsSchema>;
-export type TGitAppInstallSessionsInsert = Omit<z.input<typeof GitAppInstallSessionsSchema>, TImmutableDBKeys>;
+export type TGitAppInstallSessionsInsert = Omit<TGitAppInstallSessions, TImmutableDBKeys>;
-export type TGitAppInstallSessionsUpdate = Partial<Omit<z.input<typeof GitAppInstallSessionsSchema>, TImmutableDBKeys>>;
+export type TGitAppInstallSessionsUpdate = Partial<Omit<TGitAppInstallSessions, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/git-app-org.ts
+++ b/backend/src/db/schemas/git-app-org.ts
@ -17,5 +17,5 @@ export const GitAppOrgSchema = z.object({
 });
 export type TGitAppOrg = z.infer<typeof GitAppOrgSchema>;
-export type TGitAppOrgInsert = Omit<z.input<typeof GitAppOrgSchema>, TImmutableDBKeys>;
+export type TGitAppOrgInsert = Omit<TGitAppOrg, TImmutableDBKeys>;
-export type TGitAppOrgUpdate = Partial<Omit<z.input<typeof GitAppOrgSchema>, TImmutableDBKeys>>;
+export type TGitAppOrgUpdate = Partial<Omit<TGitAppOrg, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/identities.ts
+++ b/backend/src/db/schemas/identities.ts
@ -16,5 +16,5 @@ export const IdentitiesSchema = z.object({
 });
 export type TIdentities = z.infer<typeof IdentitiesSchema>;
-export type TIdentitiesInsert = Omit<z.input<typeof IdentitiesSchema>, TImmutableDBKeys>;
+export type TIdentitiesInsert = Omit<TIdentities, TImmutableDBKeys>;
-export type TIdentitiesUpdate = Partial<Omit<z.input<typeof IdentitiesSchema>, TImmutableDBKeys>>;
+export type TIdentitiesUpdate = Partial<Omit<TIdentities, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/identity-access-tokens.ts
+++ b/backend/src/db/schemas/identity-access-tokens.ts
@ -23,5 +23,5 @@ export const IdentityAccessTokensSchema = z.object({
 });
 export type TIdentityAccessTokens = z.infer<typeof IdentityAccessTokensSchema>;
-export type TIdentityAccessTokensInsert = Omit<z.input<typeof IdentityAccessTokensSchema>, TImmutableDBKeys>;
+export type TIdentityAccessTokensInsert = Omit<TIdentityAccessTokens, TImmutableDBKeys>;
-export type TIdentityAccessTokensUpdate = Partial<Omit<z.input<typeof IdentityAccessTokensSchema>, TImmutableDBKeys>>;
+export type TIdentityAccessTokensUpdate = Partial<Omit<TIdentityAccessTokens, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/identity-org-memberships.ts
+++ b/backend/src/db/schemas/identity-org-memberships.ts
@ -18,7 +18,5 @@ export const IdentityOrgMembershipsSchema = z.object({
 });
 export type TIdentityOrgMemberships = z.infer<typeof IdentityOrgMembershipsSchema>;
-export type TIdentityOrgMembershipsInsert = Omit<z.input<typeof IdentityOrgMembershipsSchema>, TImmutableDBKeys>;
+export type TIdentityOrgMembershipsInsert = Omit<TIdentityOrgMemberships, TImmutableDBKeys>;
-export type TIdentityOrgMembershipsUpdate = Partial<
+export type TIdentityOrgMembershipsUpdate = Partial<Omit<TIdentityOrgMemberships, TImmutableDBKeys>>;
  Omit<z.input<typeof IdentityOrgMembershipsSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/identity-project-memberships.ts
+++ b/backend/src/db/schemas/identity-project-memberships.ts
@ -18,10 +18,5 @@ export const IdentityProjectMembershipsSchema = z.object({
 });
 export type TIdentityProjectMemberships = z.infer<typeof IdentityProjectMembershipsSchema>;
-export type TIdentityProjectMembershipsInsert = Omit<
+export type TIdentityProjectMembershipsInsert = Omit<TIdentityProjectMemberships, TImmutableDBKeys>;
-  z.input<typeof IdentityProjectMembershipsSchema>,
+export type TIdentityProjectMembershipsUpdate = Partial<Omit<TIdentityProjectMemberships, TImmutableDBKeys>>;
  TImmutableDBKeys
 >;
 export type TIdentityProjectMembershipsUpdate = Partial<
  Omit<z.input<typeof IdentityProjectMembershipsSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/identity-ua-client-secrets.ts
+++ b/backend/src/db/schemas/identity-ua-client-secrets.ts
@ -23,7 +23,5 @@ export const IdentityUaClientSecretsSchema = z.object({
 });
 export type TIdentityUaClientSecrets = z.infer<typeof IdentityUaClientSecretsSchema>;
-export type TIdentityUaClientSecretsInsert = Omit<z.input<typeof IdentityUaClientSecretsSchema>, TImmutableDBKeys>;
+export type TIdentityUaClientSecretsInsert = Omit<TIdentityUaClientSecrets, TImmutableDBKeys>;
-export type TIdentityUaClientSecretsUpdate = Partial<
+export type TIdentityUaClientSecretsUpdate = Partial<Omit<TIdentityUaClientSecrets, TImmutableDBKeys>>;
  Omit<z.input<typeof IdentityUaClientSecretsSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/identity-universal-auths.ts
+++ b/backend/src/db/schemas/identity-universal-auths.ts
@ -21,7 +21,5 @@ export const IdentityUniversalAuthsSchema = z.object({
 });
 export type TIdentityUniversalAuths = z.infer<typeof IdentityUniversalAuthsSchema>;
-export type TIdentityUniversalAuthsInsert = Omit<z.input<typeof IdentityUniversalAuthsSchema>, TImmutableDBKeys>;
+export type TIdentityUniversalAuthsInsert = Omit<TIdentityUniversalAuths, TImmutableDBKeys>;
-export type TIdentityUniversalAuthsUpdate = Partial<
+export type TIdentityUniversalAuthsUpdate = Partial<Omit<TIdentityUniversalAuths, TImmutableDBKeys>>;
  Omit<z.input<typeof IdentityUniversalAuthsSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/incident-contacts.ts
+++ b/backend/src/db/schemas/incident-contacts.ts
@ -16,5 +16,5 @@ export const IncidentContactsSchema = z.object({
 });
 export type TIncidentContacts = z.infer<typeof IncidentContactsSchema>;
-export type TIncidentContactsInsert = Omit<z.input<typeof IncidentContactsSchema>, TImmutableDBKeys>;
+export type TIncidentContactsInsert = Omit<TIncidentContacts, TImmutableDBKeys>;
-export type TIncidentContactsUpdate = Partial<Omit<z.input<typeof IncidentContactsSchema>, TImmutableDBKeys>>;
+export type TIncidentContactsUpdate = Partial<Omit<TIncidentContacts, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/integration-auths.ts
+++ b/backend/src/db/schemas/integration-auths.ts
@ -33,5 +33,5 @@ export const IntegrationAuthsSchema = z.object({
 });
 export type TIntegrationAuths = z.infer<typeof IntegrationAuthsSchema>;
-export type TIntegrationAuthsInsert = Omit<z.input<typeof IntegrationAuthsSchema>, TImmutableDBKeys>;
+export type TIntegrationAuthsInsert = Omit<TIntegrationAuths, TImmutableDBKeys>;
-export type TIntegrationAuthsUpdate = Partial<Omit<z.input<typeof IntegrationAuthsSchema>, TImmutableDBKeys>>;
+export type TIntegrationAuthsUpdate = Partial<Omit<TIntegrationAuths, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/integrations.ts
+++ b/backend/src/db/schemas/integrations.ts
@ -31,5 +31,5 @@ export const IntegrationsSchema = z.object({
 });
 export type TIntegrations = z.infer<typeof IntegrationsSchema>;
-export type TIntegrationsInsert = Omit<z.input<typeof IntegrationsSchema>, TImmutableDBKeys>;
+export type TIntegrationsInsert = Omit<TIntegrations, TImmutableDBKeys>;
-export type TIntegrationsUpdate = Partial<Omit<z.input<typeof IntegrationsSchema>, TImmutableDBKeys>>;
+export type TIntegrationsUpdate = Partial<Omit<TIntegrations, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/org-bots.ts
+++ b/backend/src/db/schemas/org-bots.ts
@ -27,5 +27,5 @@ export const OrgBotsSchema = z.object({
 });
 export type TOrgBots = z.infer<typeof OrgBotsSchema>;
-export type TOrgBotsInsert = Omit<z.input<typeof OrgBotsSchema>, TImmutableDBKeys>;
+export type TOrgBotsInsert = Omit<TOrgBots, TImmutableDBKeys>;
-export type TOrgBotsUpdate = Partial<Omit<z.input<typeof OrgBotsSchema>, TImmutableDBKeys>>;
+export type TOrgBotsUpdate = Partial<Omit<TOrgBots, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/org-memberships.ts
+++ b/backend/src/db/schemas/org-memberships.ts
@ -20,5 +20,5 @@ export const OrgMembershipsSchema = z.object({
 });
 export type TOrgMemberships = z.infer<typeof OrgMembershipsSchema>;
-export type TOrgMembershipsInsert = Omit<z.input<typeof OrgMembershipsSchema>, TImmutableDBKeys>;
+export type TOrgMembershipsInsert = Omit<TOrgMemberships, TImmutableDBKeys>;
-export type TOrgMembershipsUpdate = Partial<Omit<z.input<typeof OrgMembershipsSchema>, TImmutableDBKeys>>;
+export type TOrgMembershipsUpdate = Partial<Omit<TOrgMemberships, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/org-roles.ts
+++ b/backend/src/db/schemas/org-roles.ts
@ -19,5 +19,5 @@ export const OrgRolesSchema = z.object({
 });
 export type TOrgRoles = z.infer<typeof OrgRolesSchema>;
-export type TOrgRolesInsert = Omit<z.input<typeof OrgRolesSchema>, TImmutableDBKeys>;
+export type TOrgRolesInsert = Omit<TOrgRoles, TImmutableDBKeys>;
-export type TOrgRolesUpdate = Partial<Omit<z.input<typeof OrgRolesSchema>, TImmutableDBKeys>>;
+export type TOrgRolesUpdate = Partial<Omit<TOrgRoles, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/organizations.ts
+++ b/backend/src/db/schemas/organizations.ts
@ -19,5 +19,5 @@ export const OrganizationsSchema = z.object({
 });
 export type TOrganizations = z.infer<typeof OrganizationsSchema>;
-export type TOrganizationsInsert = Omit<z.input<typeof OrganizationsSchema>, TImmutableDBKeys>;
+export type TOrganizationsInsert = Omit<TOrganizations, TImmutableDBKeys>;
-export type TOrganizationsUpdate = Partial<Omit<z.input<typeof OrganizationsSchema>, TImmutableDBKeys>>;
+export type TOrganizationsUpdate = Partial<Omit<TOrganizations, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/project-bots.ts
+++ b/backend/src/db/schemas/project-bots.ts
@ -26,5 +26,5 @@ export const ProjectBotsSchema = z.object({
 });
 export type TProjectBots = z.infer<typeof ProjectBotsSchema>;
-export type TProjectBotsInsert = Omit<z.input<typeof ProjectBotsSchema>, TImmutableDBKeys>;
+export type TProjectBotsInsert = Omit<TProjectBots, TImmutableDBKeys>;
-export type TProjectBotsUpdate = Partial<Omit<z.input<typeof ProjectBotsSchema>, TImmutableDBKeys>>;
+export type TProjectBotsUpdate = Partial<Omit<TProjectBots, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/project-environments.ts
+++ b/backend/src/db/schemas/project-environments.ts
@ -18,5 +18,5 @@ export const ProjectEnvironmentsSchema = z.object({
 });
 export type TProjectEnvironments = z.infer<typeof ProjectEnvironmentsSchema>;
-export type TProjectEnvironmentsInsert = Omit<z.input<typeof ProjectEnvironmentsSchema>, TImmutableDBKeys>;
+export type TProjectEnvironmentsInsert = Omit<TProjectEnvironments, TImmutableDBKeys>;
-export type TProjectEnvironmentsUpdate = Partial<Omit<z.input<typeof ProjectEnvironmentsSchema>, TImmutableDBKeys>>;
+export type TProjectEnvironmentsUpdate = Partial<Omit<TProjectEnvironments, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/project-keys.ts
+++ b/backend/src/db/schemas/project-keys.ts
@ -19,5 +19,5 @@ export const ProjectKeysSchema = z.object({
 });
 export type TProjectKeys = z.infer<typeof ProjectKeysSchema>;
-export type TProjectKeysInsert = Omit<z.input<typeof ProjectKeysSchema>, TImmutableDBKeys>;
+export type TProjectKeysInsert = Omit<TProjectKeys, TImmutableDBKeys>;
-export type TProjectKeysUpdate = Partial<Omit<z.input<typeof ProjectKeysSchema>, TImmutableDBKeys>>;
+export type TProjectKeysUpdate = Partial<Omit<TProjectKeys, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/project-memberships.ts
+++ b/backend/src/db/schemas/project-memberships.ts
@ -18,5 +18,5 @@ export const ProjectMembershipsSchema = z.object({
 });
 export type TProjectMemberships = z.infer<typeof ProjectMembershipsSchema>;
-export type TProjectMembershipsInsert = Omit<z.input<typeof ProjectMembershipsSchema>, TImmutableDBKeys>;
+export type TProjectMembershipsInsert = Omit<TProjectMemberships, TImmutableDBKeys>;
-export type TProjectMembershipsUpdate = Partial<Omit<z.input<typeof ProjectMembershipsSchema>, TImmutableDBKeys>>;
+export type TProjectMembershipsUpdate = Partial<Omit<TProjectMemberships, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/project-roles.ts
+++ b/backend/src/db/schemas/project-roles.ts
@ -19,5 +19,5 @@ export const ProjectRolesSchema = z.object({
 });
 export type TProjectRoles = z.infer<typeof ProjectRolesSchema>;
-export type TProjectRolesInsert = Omit<z.input<typeof ProjectRolesSchema>, TImmutableDBKeys>;
+export type TProjectRolesInsert = Omit<TProjectRoles, TImmutableDBKeys>;
-export type TProjectRolesUpdate = Partial<Omit<z.input<typeof ProjectRolesSchema>, TImmutableDBKeys>>;
+export type TProjectRolesUpdate = Partial<Omit<TProjectRoles, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/projects.ts
+++ b/backend/src/db/schemas/projects.ts
@ -20,5 +20,5 @@ export const ProjectsSchema = z.object({
 });
 export type TProjects = z.infer<typeof ProjectsSchema>;
-export type TProjectsInsert = Omit<z.input<typeof ProjectsSchema>, TImmutableDBKeys>;
+export type TProjectsInsert = Omit<TProjects, TImmutableDBKeys>;
-export type TProjectsUpdate = Partial<Omit<z.input<typeof ProjectsSchema>, TImmutableDBKeys>>;
+export type TProjectsUpdate = Partial<Omit<TProjects, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/saml-configs.ts
+++ b/backend/src/db/schemas/saml-configs.ts
@ -27,5 +27,5 @@ export const SamlConfigsSchema = z.object({
 });
 export type TSamlConfigs = z.infer<typeof SamlConfigsSchema>;
-export type TSamlConfigsInsert = Omit<z.input<typeof SamlConfigsSchema>, TImmutableDBKeys>;
+export type TSamlConfigsInsert = Omit<TSamlConfigs, TImmutableDBKeys>;
-export type TSamlConfigsUpdate = Partial<Omit<z.input<typeof SamlConfigsSchema>, TImmutableDBKeys>>;
+export type TSamlConfigsUpdate = Partial<Omit<TSamlConfigs, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/scim-tokens.ts
+++ b/backend/src/db/schemas/scim-tokens.ts
@ -17,5 +17,5 @@ export const ScimTokensSchema = z.object({
 });
 export type TScimTokens = z.infer<typeof ScimTokensSchema>;
-export type TScimTokensInsert = Omit<z.input<typeof ScimTokensSchema>, TImmutableDBKeys>;
+export type TScimTokensInsert = Omit<TScimTokens, TImmutableDBKeys>;
-export type TScimTokensUpdate = Partial<Omit<z.input<typeof ScimTokensSchema>, TImmutableDBKeys>>;
+export type TScimTokensUpdate = Partial<Omit<TScimTokens, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-approval-policies-approvers.ts
+++ b/backend/src/db/schemas/secret-approval-policies-approvers.ts
@ -16,10 +16,5 @@ export const SecretApprovalPoliciesApproversSchema = z.object({
 });
 export type TSecretApprovalPoliciesApprovers = z.infer<typeof SecretApprovalPoliciesApproversSchema>;
-export type TSecretApprovalPoliciesApproversInsert = Omit<
+export type TSecretApprovalPoliciesApproversInsert = Omit<TSecretApprovalPoliciesApprovers, TImmutableDBKeys>;
-  z.input<typeof SecretApprovalPoliciesApproversSchema>,
+export type TSecretApprovalPoliciesApproversUpdate = Partial<Omit<TSecretApprovalPoliciesApprovers, TImmutableDBKeys>>;
  TImmutableDBKeys
 >;
 export type TSecretApprovalPoliciesApproversUpdate = Partial<
  Omit<z.input<typeof SecretApprovalPoliciesApproversSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/secret-approval-policies.ts
+++ b/backend/src/db/schemas/secret-approval-policies.ts
@ -18,7 +18,5 @@ export const SecretApprovalPoliciesSchema = z.object({
 });
 export type TSecretApprovalPolicies = z.infer<typeof SecretApprovalPoliciesSchema>;
-export type TSecretApprovalPoliciesInsert = Omit<z.input<typeof SecretApprovalPoliciesSchema>, TImmutableDBKeys>;
+export type TSecretApprovalPoliciesInsert = Omit<TSecretApprovalPolicies, TImmutableDBKeys>;
-export type TSecretApprovalPoliciesUpdate = Partial<
+export type TSecretApprovalPoliciesUpdate = Partial<Omit<TSecretApprovalPolicies, TImmutableDBKeys>>;
  Omit<z.input<typeof SecretApprovalPoliciesSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/secret-approval-request-secret-tags.ts
+++ b/backend/src/db/schemas/secret-approval-request-secret-tags.ts
@ -16,10 +16,5 @@ export const SecretApprovalRequestSecretTagsSchema = z.object({
 });
 export type TSecretApprovalRequestSecretTags = z.infer<typeof SecretApprovalRequestSecretTagsSchema>;
-export type TSecretApprovalRequestSecretTagsInsert = Omit<
+export type TSecretApprovalRequestSecretTagsInsert = Omit<TSecretApprovalRequestSecretTags, TImmutableDBKeys>;
-  z.input<typeof SecretApprovalRequestSecretTagsSchema>,
+export type TSecretApprovalRequestSecretTagsUpdate = Partial<Omit<TSecretApprovalRequestSecretTags, TImmutableDBKeys>>;
  TImmutableDBKeys
 >;
 export type TSecretApprovalRequestSecretTagsUpdate = Partial<
  Omit<z.input<typeof SecretApprovalRequestSecretTagsSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/secret-approval-requests-reviewers.ts
+++ b/backend/src/db/schemas/secret-approval-requests-reviewers.ts
@ -17,10 +17,5 @@ export const SecretApprovalRequestsReviewersSchema = z.object({
 });
 export type TSecretApprovalRequestsReviewers = z.infer<typeof SecretApprovalRequestsReviewersSchema>;
-export type TSecretApprovalRequestsReviewersInsert = Omit<
+export type TSecretApprovalRequestsReviewersInsert = Omit<TSecretApprovalRequestsReviewers, TImmutableDBKeys>;
-  z.input<typeof SecretApprovalRequestsReviewersSchema>,
+export type TSecretApprovalRequestsReviewersUpdate = Partial<Omit<TSecretApprovalRequestsReviewers, TImmutableDBKeys>>;
  TImmutableDBKeys
 >;
 export type TSecretApprovalRequestsReviewersUpdate = Partial<
  Omit<z.input<typeof SecretApprovalRequestsReviewersSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/secret-approval-requests-secrets.ts
+++ b/backend/src/db/schemas/secret-approval-requests-secrets.ts
@ -35,10 +35,5 @@ export const SecretApprovalRequestsSecretsSchema = z.object({
 });
 export type TSecretApprovalRequestsSecrets = z.infer<typeof SecretApprovalRequestsSecretsSchema>;
-export type TSecretApprovalRequestsSecretsInsert = Omit<
+export type TSecretApprovalRequestsSecretsInsert = Omit<TSecretApprovalRequestsSecrets, TImmutableDBKeys>;
-  z.input<typeof SecretApprovalRequestsSecretsSchema>,
+export type TSecretApprovalRequestsSecretsUpdate = Partial<Omit<TSecretApprovalRequestsSecrets, TImmutableDBKeys>>;
  TImmutableDBKeys
 >;
 export type TSecretApprovalRequestsSecretsUpdate = Partial<
  Omit<z.input<typeof SecretApprovalRequestsSecretsSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/secret-approval-requests.ts
+++ b/backend/src/db/schemas/secret-approval-requests.ts
@ -22,7 +22,5 @@ export const SecretApprovalRequestsSchema = z.object({
 });
 export type TSecretApprovalRequests = z.infer<typeof SecretApprovalRequestsSchema>;
-export type TSecretApprovalRequestsInsert = Omit<z.input<typeof SecretApprovalRequestsSchema>, TImmutableDBKeys>;
+export type TSecretApprovalRequestsInsert = Omit<TSecretApprovalRequests, TImmutableDBKeys>;
-export type TSecretApprovalRequestsUpdate = Partial<
+export type TSecretApprovalRequestsUpdate = Partial<Omit<TSecretApprovalRequests, TImmutableDBKeys>>;
  Omit<z.input<typeof SecretApprovalRequestsSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/secret-blind-indexes.ts
+++ b/backend/src/db/schemas/secret-blind-indexes.ts
@ -20,5 +20,5 @@ export const SecretBlindIndexesSchema = z.object({
 });
 export type TSecretBlindIndexes = z.infer<typeof SecretBlindIndexesSchema>;
-export type TSecretBlindIndexesInsert = Omit<z.input<typeof SecretBlindIndexesSchema>, TImmutableDBKeys>;
+export type TSecretBlindIndexesInsert = Omit<TSecretBlindIndexes, TImmutableDBKeys>;
-export type TSecretBlindIndexesUpdate = Partial<Omit<z.input<typeof SecretBlindIndexesSchema>, TImmutableDBKeys>>;
+export type TSecretBlindIndexesUpdate = Partial<Omit<TSecretBlindIndexes, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-folder-versions.ts
+++ b/backend/src/db/schemas/secret-folder-versions.ts
@ -18,5 +18,5 @@ export const SecretFolderVersionsSchema = z.object({
 });
 export type TSecretFolderVersions = z.infer<typeof SecretFolderVersionsSchema>;
-export type TSecretFolderVersionsInsert = Omit<z.input<typeof SecretFolderVersionsSchema>, TImmutableDBKeys>;
+export type TSecretFolderVersionsInsert = Omit<TSecretFolderVersions, TImmutableDBKeys>;
-export type TSecretFolderVersionsUpdate = Partial<Omit<z.input<typeof SecretFolderVersionsSchema>, TImmutableDBKeys>>;
+export type TSecretFolderVersionsUpdate = Partial<Omit<TSecretFolderVersions, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-folders.ts
+++ b/backend/src/db/schemas/secret-folders.ts
@ -18,5 +18,5 @@ export const SecretFoldersSchema = z.object({
 });
 export type TSecretFolders = z.infer<typeof SecretFoldersSchema>;
-export type TSecretFoldersInsert = Omit<z.input<typeof SecretFoldersSchema>, TImmutableDBKeys>;
+export type TSecretFoldersInsert = Omit<TSecretFolders, TImmutableDBKeys>;
-export type TSecretFoldersUpdate = Partial<Omit<z.input<typeof SecretFoldersSchema>, TImmutableDBKeys>>;
+export type TSecretFoldersUpdate = Partial<Omit<TSecretFolders, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-imports.ts
+++ b/backend/src/db/schemas/secret-imports.ts
@ -19,5 +19,5 @@ export const SecretImportsSchema = z.object({
 });
 export type TSecretImports = z.infer<typeof SecretImportsSchema>;
-export type TSecretImportsInsert = Omit<z.input<typeof SecretImportsSchema>, TImmutableDBKeys>;
+export type TSecretImportsInsert = Omit<TSecretImports, TImmutableDBKeys>;
-export type TSecretImportsUpdate = Partial<Omit<z.input<typeof SecretImportsSchema>, TImmutableDBKeys>>;
+export type TSecretImportsUpdate = Partial<Omit<TSecretImports, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-rotation-outputs.ts
+++ b/backend/src/db/schemas/secret-rotation-outputs.ts
@ -15,5 +15,5 @@ export const SecretRotationOutputsSchema = z.object({
 });
 export type TSecretRotationOutputs = z.infer<typeof SecretRotationOutputsSchema>;
-export type TSecretRotationOutputsInsert = Omit<z.input<typeof SecretRotationOutputsSchema>, TImmutableDBKeys>;
+export type TSecretRotationOutputsInsert = Omit<TSecretRotationOutputs, TImmutableDBKeys>;
-export type TSecretRotationOutputsUpdate = Partial<Omit<z.input<typeof SecretRotationOutputsSchema>, TImmutableDBKeys>>;
+export type TSecretRotationOutputsUpdate = Partial<Omit<TSecretRotationOutputs, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-rotations.ts
+++ b/backend/src/db/schemas/secret-rotations.ts
@ -26,5 +26,5 @@ export const SecretRotationsSchema = z.object({
 });
 export type TSecretRotations = z.infer<typeof SecretRotationsSchema>;
-export type TSecretRotationsInsert = Omit<z.input<typeof SecretRotationsSchema>, TImmutableDBKeys>;
+export type TSecretRotationsInsert = Omit<TSecretRotations, TImmutableDBKeys>;
-export type TSecretRotationsUpdate = Partial<Omit<z.input<typeof SecretRotationsSchema>, TImmutableDBKeys>>;
+export type TSecretRotationsUpdate = Partial<Omit<TSecretRotations, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-scanning-git-risks.ts
+++ b/backend/src/db/schemas/secret-scanning-git-risks.ts
@ -42,7 +42,5 @@ export const SecretScanningGitRisksSchema = z.object({
 });
 export type TSecretScanningGitRisks = z.infer<typeof SecretScanningGitRisksSchema>;
-export type TSecretScanningGitRisksInsert = Omit<z.input<typeof SecretScanningGitRisksSchema>, TImmutableDBKeys>;
+export type TSecretScanningGitRisksInsert = Omit<TSecretScanningGitRisks, TImmutableDBKeys>;
-export type TSecretScanningGitRisksUpdate = Partial<
+export type TSecretScanningGitRisksUpdate = Partial<Omit<TSecretScanningGitRisks, TImmutableDBKeys>>;
  Omit<z.input<typeof SecretScanningGitRisksSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/secret-snapshot-folders.ts
+++ b/backend/src/db/schemas/secret-snapshot-folders.ts
@ -17,5 +17,5 @@ export const SecretSnapshotFoldersSchema = z.object({
 });
 export type TSecretSnapshotFolders = z.infer<typeof SecretSnapshotFoldersSchema>;
-export type TSecretSnapshotFoldersInsert = Omit<z.input<typeof SecretSnapshotFoldersSchema>, TImmutableDBKeys>;
+export type TSecretSnapshotFoldersInsert = Omit<TSecretSnapshotFolders, TImmutableDBKeys>;
-export type TSecretSnapshotFoldersUpdate = Partial<Omit<z.input<typeof SecretSnapshotFoldersSchema>, TImmutableDBKeys>>;
+export type TSecretSnapshotFoldersUpdate = Partial<Omit<TSecretSnapshotFolders, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-snapshot-secrets.ts
+++ b/backend/src/db/schemas/secret-snapshot-secrets.ts
@ -17,5 +17,5 @@ export const SecretSnapshotSecretsSchema = z.object({
 });
 export type TSecretSnapshotSecrets = z.infer<typeof SecretSnapshotSecretsSchema>;
-export type TSecretSnapshotSecretsInsert = Omit<z.input<typeof SecretSnapshotSecretsSchema>, TImmutableDBKeys>;
+export type TSecretSnapshotSecretsInsert = Omit<TSecretSnapshotSecrets, TImmutableDBKeys>;
-export type TSecretSnapshotSecretsUpdate = Partial<Omit<z.input<typeof SecretSnapshotSecretsSchema>, TImmutableDBKeys>>;
+export type TSecretSnapshotSecretsUpdate = Partial<Omit<TSecretSnapshotSecrets, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-snapshots.ts
+++ b/backend/src/db/schemas/secret-snapshots.ts
@ -17,5 +17,5 @@ export const SecretSnapshotsSchema = z.object({
 });
 export type TSecretSnapshots = z.infer<typeof SecretSnapshotsSchema>;
-export type TSecretSnapshotsInsert = Omit<z.input<typeof SecretSnapshotsSchema>, TImmutableDBKeys>;
+export type TSecretSnapshotsInsert = Omit<TSecretSnapshots, TImmutableDBKeys>;
-export type TSecretSnapshotsUpdate = Partial<Omit<z.input<typeof SecretSnapshotsSchema>, TImmutableDBKeys>>;
+export type TSecretSnapshotsUpdate = Partial<Omit<TSecretSnapshots, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-tag-junction.ts
+++ b/backend/src/db/schemas/secret-tag-junction.ts
@ -14,5 +14,5 @@ export const SecretTagJunctionSchema = z.object({
 });
 export type TSecretTagJunction = z.infer<typeof SecretTagJunctionSchema>;
-export type TSecretTagJunctionInsert = Omit<z.input<typeof SecretTagJunctionSchema>, TImmutableDBKeys>;
+export type TSecretTagJunctionInsert = Omit<TSecretTagJunction, TImmutableDBKeys>;
-export type TSecretTagJunctionUpdate = Partial<Omit<z.input<typeof SecretTagJunctionSchema>, TImmutableDBKeys>>;
+export type TSecretTagJunctionUpdate = Partial<Omit<TSecretTagJunction, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-tags.ts
+++ b/backend/src/db/schemas/secret-tags.ts
@ -19,5 +19,5 @@ export const SecretTagsSchema = z.object({
 });
 export type TSecretTags = z.infer<typeof SecretTagsSchema>;
-export type TSecretTagsInsert = Omit<z.input<typeof SecretTagsSchema>, TImmutableDBKeys>;
+export type TSecretTagsInsert = Omit<TSecretTags, TImmutableDBKeys>;
-export type TSecretTagsUpdate = Partial<Omit<z.input<typeof SecretTagsSchema>, TImmutableDBKeys>>;
+export type TSecretTagsUpdate = Partial<Omit<TSecretTags, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secret-version-tag-junction.ts
+++ b/backend/src/db/schemas/secret-version-tag-junction.ts
@ -14,7 +14,5 @@ export const SecretVersionTagJunctionSchema = z.object({
 });
 export type TSecretVersionTagJunction = z.infer<typeof SecretVersionTagJunctionSchema>;
-export type TSecretVersionTagJunctionInsert = Omit<z.input<typeof SecretVersionTagJunctionSchema>, TImmutableDBKeys>;
+export type TSecretVersionTagJunctionInsert = Omit<TSecretVersionTagJunction, TImmutableDBKeys>;
-export type TSecretVersionTagJunctionUpdate = Partial<
+export type TSecretVersionTagJunctionUpdate = Partial<Omit<TSecretVersionTagJunction, TImmutableDBKeys>>;
  Omit<z.input<typeof SecretVersionTagJunctionSchema>, TImmutableDBKeys>
 >;
--- a/backend/src/db/schemas/secret-versions.ts
+++ b/backend/src/db/schemas/secret-versions.ts
@ -36,5 +36,5 @@ export const SecretVersionsSchema = z.object({
 });
 export type TSecretVersions = z.infer<typeof SecretVersionsSchema>;
-export type TSecretVersionsInsert = Omit<z.input<typeof SecretVersionsSchema>, TImmutableDBKeys>;
+export type TSecretVersionsInsert = Omit<TSecretVersions, TImmutableDBKeys>;
-export type TSecretVersionsUpdate = Partial<Omit<z.input<typeof SecretVersionsSchema>, TImmutableDBKeys>>;
+export type TSecretVersionsUpdate = Partial<Omit<TSecretVersions, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/secrets.ts
+++ b/backend/src/db/schemas/secrets.ts
@ -34,5 +34,5 @@ export const SecretsSchema = z.object({
 });
 export type TSecrets = z.infer<typeof SecretsSchema>;
-export type TSecretsInsert = Omit<z.input<typeof SecretsSchema>, TImmutableDBKeys>;
+export type TSecretsInsert = Omit<TSecrets, TImmutableDBKeys>;
-export type TSecretsUpdate = Partial<Omit<z.input<typeof SecretsSchema>, TImmutableDBKeys>>;
+export type TSecretsUpdate = Partial<Omit<TSecrets, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/service-tokens.ts
+++ b/backend/src/db/schemas/service-tokens.ts
@ -25,5 +25,5 @@ export const ServiceTokensSchema = z.object({
 });
 export type TServiceTokens = z.infer<typeof ServiceTokensSchema>;
-export type TServiceTokensInsert = Omit<z.input<typeof ServiceTokensSchema>, TImmutableDBKeys>;
+export type TServiceTokensInsert = Omit<TServiceTokens, TImmutableDBKeys>;
-export type TServiceTokensUpdate = Partial<Omit<z.input<typeof ServiceTokensSchema>, TImmutableDBKeys>>;
+export type TServiceTokensUpdate = Partial<Omit<TServiceTokens, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/super-admin.ts
+++ b/backend/src/db/schemas/super-admin.ts
@ -13,10 +13,9 @@ export const SuperAdminSchema = z.object({
  allowSignUp: z.boolean().default(true).nullable().optional(),
  createdAt: z.date(),
  updatedAt: z.date(),
-  allowedSignUpDomain: z.string().nullable().optional(),
+  allowedSignUpDomain: z.string().nullable().optional()
  instanceId: z.string().uuid().default("00000000-0000-0000-0000-000000000000")
 });
 export type TSuperAdmin = z.infer<typeof SuperAdminSchema>;
-export type TSuperAdminInsert = Omit<z.input<typeof SuperAdminSchema>, TImmutableDBKeys>;
+export type TSuperAdminInsert = Omit<TSuperAdmin, TImmutableDBKeys>;
-export type TSuperAdminUpdate = Partial<Omit<z.input<typeof SuperAdminSchema>, TImmutableDBKeys>>;
+export type TSuperAdminUpdate = Partial<Omit<TSuperAdmin, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/trusted-ips.ts
+++ b/backend/src/db/schemas/trusted-ips.ts
@ -20,5 +20,5 @@ export const TrustedIpsSchema = z.object({
 });
 export type TTrustedIps = z.infer<typeof TrustedIpsSchema>;
-export type TTrustedIpsInsert = Omit<z.input<typeof TrustedIpsSchema>, TImmutableDBKeys>;
+export type TTrustedIpsInsert = Omit<TTrustedIps, TImmutableDBKeys>;
-export type TTrustedIpsUpdate = Partial<Omit<z.input<typeof TrustedIpsSchema>, TImmutableDBKeys>>;
+export type TTrustedIpsUpdate = Partial<Omit<TTrustedIps, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/user-actions.ts
+++ b/backend/src/db/schemas/user-actions.ts
@ -16,5 +16,5 @@ export const UserActionsSchema = z.object({
 });
 export type TUserActions = z.infer<typeof UserActionsSchema>;
-export type TUserActionsInsert = Omit<z.input<typeof UserActionsSchema>, TImmutableDBKeys>;
+export type TUserActionsInsert = Omit<TUserActions, TImmutableDBKeys>;
-export type TUserActionsUpdate = Partial<Omit<z.input<typeof UserActionsSchema>, TImmutableDBKeys>>;
+export type TUserActionsUpdate = Partial<Omit<TUserActions, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/user-encryption-keys.ts
+++ b/backend/src/db/schemas/user-encryption-keys.ts
@ -25,5 +25,5 @@ export const UserEncryptionKeysSchema = z.object({
 });
 export type TUserEncryptionKeys = z.infer<typeof UserEncryptionKeysSchema>;
-export type TUserEncryptionKeysInsert = Omit<z.input<typeof UserEncryptionKeysSchema>, TImmutableDBKeys>;
+export type TUserEncryptionKeysInsert = Omit<TUserEncryptionKeys, TImmutableDBKeys>;
-export type TUserEncryptionKeysUpdate = Partial<Omit<z.input<typeof UserEncryptionKeysSchema>, TImmutableDBKeys>>;
+export type TUserEncryptionKeysUpdate = Partial<Omit<TUserEncryptionKeys, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/users.ts
+++ b/backend/src/db/schemas/users.ts
@ -24,5 +24,5 @@ export const UsersSchema = z.object({
 });
 export type TUsers = z.infer<typeof UsersSchema>;
-export type TUsersInsert = Omit<z.input<typeof UsersSchema>, TImmutableDBKeys>;
+export type TUsersInsert = Omit<TUsers, TImmutableDBKeys>;
-export type TUsersUpdate = Partial<Omit<z.input<typeof UsersSchema>, TImmutableDBKeys>>;
+export type TUsersUpdate = Partial<Omit<TUsers, TImmutableDBKeys>>;
--- a/backend/src/db/schemas/webhooks.ts
+++ b/backend/src/db/schemas/webhooks.ts
@ -25,5 +25,5 @@ export const WebhooksSchema = z.object({
 });
 export type TWebhooks = z.infer<typeof WebhooksSchema>;
-export type TWebhooksInsert = Omit<z.input<typeof WebhooksSchema>, TImmutableDBKeys>;
+export type TWebhooksInsert = Omit<TWebhooks, TImmutableDBKeys>;
-export type TWebhooksUpdate = Partial<Omit<z.input<typeof WebhooksSchema>, TImmutableDBKeys>>;
+export type TWebhooksUpdate = Partial<Omit<TWebhooks, TImmutableDBKeys>>;
--- a/backend/src/ee/services/license/license-service.ts
+++ b/backend/src/ee/services/license/license-service.ts
@ -505,9 +505,6 @@ export const licenseServiceFactory = ({ orgDAL, permissionService, licenseDAL }:
    get isValidLicense() {
      return isValidLicense;
    },
    getInstanceType() {
      return instanceType;
    },
    getPlan,
    updateSubscriptionOrgMemberCount,
    refreshPlan,
--- a/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts
+++ b/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts
@ -240,7 +240,7 @@ export const secretRotationQueueFactory = ({
        );
      });
-      await telemetryService.sendPostHogEvents({
+      telemetryService.sendPostHogEvents({
        event: PostHogEventTypes.SecretRotated,
        distinctId: "",
        properties: {
--- a/backend/src/ee/services/secret-scanning/secret-scanning-queue/secret-scanning-queue.ts
+++ b/backend/src/ee/services/secret-scanning/secret-scanning-queue/secret-scanning-queue.ts
@ -158,7 +158,7 @@ export const secretScanningQueueFactory = ({
      });
    }
-    await telemetryService.sendPostHogEvents({
+    telemetryService.sendPostHogEvents({
      event: PostHogEventTypes.SecretScannerPush,
      distinctId: repository.fullName,
      properties: {
@ -228,7 +228,7 @@ export const secretScanningQueueFactory = ({
      });
    }
-    await telemetryService.sendPostHogEvents({
+    telemetryService.sendPostHogEvents({
      event: PostHogEventTypes.SecretScannerFull,
      distinctId: repository.fullName,
      properties: {
--- a/backend/src/keystore/keystore.ts
+++ b/backend/src/keystore/keystore.ts
@ -1,20 +0,0 @@
 import { Redis } from "ioredis";
 export type TKeyStoreFactory = ReturnType<typeof keyStoreFactory>;
 export const keyStoreFactory = (redisUrl: string) => {
  const redis = new Redis(redisUrl);
  const setItem = async (key: string, value: string | number | Buffer) => redis.set(key, value);
  const getItem = async (key: string) => redis.get(key);
  const setItemWithExpiry = async (key: string, exp: number | string, value: string | number | Buffer) =>
    redis.setex(key, exp, value);
  const deleteItem = async (key: string) => redis.del(key);
  const incrementBy = async (key: string, value: number) => redis.incrby(key, value);
  return { setItem, getItem, setItemWithExpiry, deleteItem, incrementBy };
 };
--- a/backend/src/lib/config/env.ts
+++ b/backend/src/lib/config/env.ts
@ -94,17 +94,14 @@ const envSchema = z
    SECRET_SCANNING_WEBHOOK_SECRET: zpStr(z.string().optional()),
    SECRET_SCANNING_GIT_APP_ID: zpStr(z.string().optional()),
    SECRET_SCANNING_PRIVATE_KEY: zpStr(z.string().optional()),
-    // LICENSE
+    // LICENCE
    LICENSE_SERVER_URL: zpStr(z.string().optional().default("https://portal.infisical.com")),
    LICENSE_SERVER_KEY: zpStr(z.string().optional()),
    LICENSE_KEY: zpStr(z.string().optional()),
    // GENERIC
    STANDALONE_MODE: z
      .enum(["true", "false"])
      .transform((val) => val === "true")
-      .optional(),
+      .optional()
    INFISICAL_CLOUD: zodStrBool.default("false")
  })
  .transform((data) => ({
    ...data,
--- a/backend/src/main.ts
+++ b/backend/src/main.ts
@ -1,7 +1,6 @@
 import dotenv from "dotenv";
 import { initDbConnection } from "./db";
 import { keyStoreFactory } from "./keystore/keystore";
 import { formatSmtpConfig, initEnvConfig } from "./lib/config/env";
 import { initLogger } from "./lib/logger";
 import { queueServiceFactory } from "./queue";
@ -20,9 +19,8 @@ const run = async () => {
  const smtp = smtpServiceFactory(formatSmtpConfig());
  const queue = queueServiceFactory(appCfg.REDIS_URL);
  const keyStore = keyStoreFactory(appCfg.REDIS_URL);
-  const server = await main({ db, smtp, logger, queue, keyStore });
+  const server = await main({ db, smtp, logger, queue });
  const bootstrap = await bootstrapCheck({ db });
  // eslint-disable-next-line
  process.on("SIGINT", async () => {
--- a/backend/src/queue/queue-service.ts
+++ b/backend/src/queue/queue-service.ts
@ -13,7 +13,6 @@ export enum QueueName {
  SecretReminder = "secret-reminder",
  AuditLog = "audit-log",
  AuditLogPrune = "audit-log-prune",
  TelemetryInstanceStats = "telemtry-self-hosted-stats",
  IntegrationSync = "sync-integrations",
  SecretWebhook = "secret-webhook",
  SecretFullRepoScan = "secret-full-repo-scan",
@ -27,7 +26,6 @@ export enum QueueJobs {
  AuditLog = "audit-log-job",
  AuditLogPrune = "audit-log-prune-job",
  SecWebhook = "secret-webhook-trigger",
  TelemetryInstanceStats = "telemetry-self-hosted-stats",
  IntegrationSync = "secret-integration-pull",
  SecretScan = "secret-scan",
  UpgradeProjectToGhost = "upgrade-project-to-ghost-job"
@ -69,6 +67,7 @@ export type TQueueJobTypes = {
    payload: TScanFullRepoEventPayload;
  };
  [QueueName.SecretPushEventScan]: { name: QueueJobs.SecretScan; payload: TScanPushEventPayload };
  [QueueName.UpgradeProjectToGhost]: {
    name: QueueJobs.UpgradeProjectToGhost;
    payload: {
@ -82,10 +81,6 @@ export type TQueueJobTypes = {
      };
    };
  };
  [QueueName.TelemetryInstanceStats]: {
    name: QueueJobs.TelemetryInstanceStats;
    payload: undefined;
  };
 };
 export type TQueueServiceFactory = ReturnType<typeof queueServiceFactory>;
--- a/backend/src/server/app.ts
+++ b/backend/src/server/app.ts
@ -14,7 +14,6 @@ import fasitfy from "fastify";
 import { Knex } from "knex";
 import { Logger } from "pino";
 import { TKeyStoreFactory } from "@app/keystore/keystore";
 import { getConfig } from "@app/lib/config/env";
 import { TQueueServiceFactory } from "@app/queue";
 import { TSmtpService } from "@app/services/smtp/smtp-service";
@ -32,11 +31,10 @@ type TMain = {
  smtp: TSmtpService;
  logger?: Logger;
  queue: TQueueServiceFactory;
  keyStore: TKeyStoreFactory;
 };
 // Run the server!
-export const main = async ({ db, smtp, logger, queue, keyStore }: TMain) => {
+export const main = async ({ db, smtp, logger, queue }: TMain) => {
  const appCfg = getConfig();
  const server = fasitfy({
    logger: appCfg.NODE_ENV === "test" ? false : logger,
@ -72,7 +70,7 @@ export const main = async ({ db, smtp, logger, queue, keyStore }: TMain) => {
    }
    await server.register(helmet, { contentSecurityPolicy: false });
-    await server.register(registerRoutes, { smtp, queue, db, keyStore });
+    await server.register(registerRoutes, { smtp, queue, db });
    if (appCfg.isProductionMode) {
      await server.register(registerExternalNextjs, {
--- a/backend/src/server/routes/index.ts
+++ b/backend/src/server/routes/index.ts
@ -34,7 +34,6 @@ import { snapshotFolderDALFactory } from "@app/ee/services/secret-snapshot/snaps
 import { snapshotSecretDALFactory } from "@app/ee/services/secret-snapshot/snapshot-secret-dal";
 import { trustedIpDALFactory } from "@app/ee/services/trusted-ip/trusted-ip-dal";
 import { trustedIpServiceFactory } from "@app/ee/services/trusted-ip/trusted-ip-service";
 import { TKeyStoreFactory } from "@app/keystore/keystore";
 import { getConfig } from "@app/lib/config/env";
 import { TQueueServiceFactory } from "@app/queue";
 import { apiKeyDALFactory } from "@app/services/api-key/api-key-dal";
@ -97,8 +96,6 @@ import { serviceTokenServiceFactory } from "@app/services/service-token/service-
 import { TSmtpService } from "@app/services/smtp/smtp-service";
 import { superAdminDALFactory } from "@app/services/super-admin/super-admin-dal";
 import { getServerCfg, superAdminServiceFactory } from "@app/services/super-admin/super-admin-service";
 import { telemetryDALFactory } from "@app/services/telemetry/telemetry-dal";
 import { telemetryQueueServiceFactory } from "@app/services/telemetry/telemetry-queue";
 import { telemetryServiceFactory } from "@app/services/telemetry/telemetry-service";
 import { userDALFactory } from "@app/services/user/user-dal";
 import { userServiceFactory } from "@app/services/user/user-service";
@ -115,12 +112,7 @@ import { registerV3Routes } from "./v3";
 export const registerRoutes = async (
  server: FastifyZodProvider,
-  {
+  { db, smtp: smtpService, queue: queueService }: { db: Knex; smtp: TSmtpService; queue: TQueueServiceFactory }
    db,
    smtp: smtpService,
    queue: queueService,
    keyStore
  }: { db: Knex; smtp: TSmtpService; queue: TQueueServiceFactory; keyStore: TKeyStoreFactory }
 ) => {
  await server.register(registerSecretScannerGhApp, { prefix: "/ss-webhook" });
@ -167,7 +159,6 @@ export const registerRoutes = async (
  const auditLogDAL = auditLogDALFactory(db);
  const trustedIpDAL = trustedIpDALFactory(db);
  const scimDAL = scimDALFactory(db);
  const telemetryDAL = telemetryDALFactory(db);
  // ee db layer ops
  const permissionDAL = permissionDALFactory(db);
@ -235,16 +226,7 @@ export const registerRoutes = async (
    smtpService
  });
-  const telemetryService = telemetryServiceFactory({
+  const telemetryService = telemetryServiceFactory();
    keyStore,
    licenseService
  });
  const telemetryQueue = telemetryQueueServiceFactory({
    keyStore,
    telemetryDAL,
    queueService
  });
  const tokenService = tokenServiceFactory({ tokenDAL: authTokenDAL, userDAL });
  const userService = userServiceFactory({ userDAL });
  const loginService = authLoginServiceFactory({ userDAL, smtpService, tokenService });
@ -281,8 +263,7 @@ export const registerRoutes = async (
    userDAL,
    authService: loginService,
    serverCfgDAL: superAdminDAL,
-    orgService,
+    orgService
    keyStore
  });
  const apiKeyService = apiKeyServiceFactory({ apiKeyDAL, userDAL });
@ -510,13 +491,9 @@ export const registerRoutes = async (
  });
  await superAdminService.initServerCfg();
-  //
+  await auditLogQueue.startAuditLogPruneJob();
  // setup the communication with license key server
  await licenseService.init();
  await auditLogQueue.startAuditLogPruneJob();
  await telemetryQueue.startTelemetryCheck();
  // inject all services
  server.decorate<FastifyZodProvider["services"]>("services", {
    login: loginService,
--- a/backend/src/server/routes/v1/admin-router.ts
+++ b/backend/src/server/routes/v1/admin-router.ts
@ -16,7 +16,7 @@ export const registerAdminRouter = async (server: FastifyZodProvider) => {
    schema: {
      response: {
        200: z.object({
-          config: SuperAdminSchema.omit({ createdAt: true, updatedAt: true })
+          config: SuperAdminSchema
        })
      }
    },
@ -90,7 +90,7 @@ export const registerAdminRouter = async (server: FastifyZodProvider) => {
        userAgent: req.headers["user-agent"] || ""
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.AdminInit,
        distinctId: user.user.email,
        properties: {
--- a/backend/src/server/routes/v1/identity-router.ts
+++ b/backend/src/server/routes/v1/identity-router.ts
@ -51,7 +51,7 @@ export const registerIdentityRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.MachineIdentityCreated,
        distinctId: getTelemetryDistinctId(req),
        properties: {
--- a/backend/src/server/routes/v1/integration-router.ts
+++ b/backend/src/server/routes/v1/integration-router.ts
@ -82,7 +82,7 @@ export const registerIntegrationRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.IntegrationCreated,
        distinctId: getTelemetryDistinctId(req),
        properties: {
--- a/backend/src/server/routes/v1/invite-org-router.ts
+++ b/backend/src/server/routes/v1/invite-org-router.ts
@ -32,7 +32,7 @@ export const registerInviteOrgRouter = async (server: FastifyZodProvider) => {
        actorOrgId: req.permission.orgId
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.UserOrgInvitation,
        distinctId: getTelemetryDistinctId(req),
        properties: {
--- a/backend/src/server/routes/v2/project-router.ts
+++ b/backend/src/server/routes/v2/project-router.ts
@ -154,7 +154,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
        slug: req.body.slug
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.ProjectCreated,
        distinctId: getTelemetryDistinctId(req),
        properties: {
--- a/backend/src/server/routes/v3/secret-router.ts
+++ b/backend/src/server/routes/v3/secret-router.ts
@ -95,7 +95,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretPulled,
        distinctId: getTelemetryDistinctId(req),
        properties: {
@ -185,7 +185,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretPulled,
        distinctId: getTelemetryDistinctId(req),
        properties: {
@ -261,7 +261,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretCreated,
        distinctId: getTelemetryDistinctId(req),
        properties: {
@ -336,7 +336,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretUpdated,
        distinctId: getTelemetryDistinctId(req),
        properties: {
@ -406,7 +406,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretDeleted,
        distinctId: getTelemetryDistinctId(req),
        properties: {
@ -512,7 +512,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        (req.headers["user-agent"] !== "k8-operator" || shouldRecordK8Event);
      const approximateNumberTotalSecrets = secrets.length * 20;
      if (shouldCapture) {
-        await server.services.telemetry.sendPostHogEvents({
+        server.services.telemetry.sendPostHogEvents({
          event: PostHogEventTypes.SecretPulled,
          distinctId: getTelemetryDistinctId(req),
          properties: {
@ -589,7 +589,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretPulled,
        distinctId: getTelemetryDistinctId(req),
        properties: {
@ -752,7 +752,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretCreated,
        distinctId: getTelemetryDistinctId(req),
        properties: {
@ -934,7 +934,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretUpdated,
        distinctId: getTelemetryDistinctId(req),
        properties: {
@ -1052,7 +1052,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretDeleted,
        distinctId: getTelemetryDistinctId(req),
        properties: {
@ -1172,7 +1172,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretCreated,
        distinctId: getTelemetryDistinctId(req),
        properties: {
@ -1292,7 +1292,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretUpdated,
        distinctId: getTelemetryDistinctId(req),
        properties: {
@ -1400,7 +1400,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        }
      });
-      await server.services.telemetry.sendPostHogEvents({
+      server.services.telemetry.sendPostHogEvents({
        event: PostHogEventTypes.SecretDeleted,
        distinctId: getTelemetryDistinctId(req),
        properties: {
--- a/backend/src/services/project-membership/project-membership-service.ts
+++ b/backend/src/services/project-membership/project-membership-service.ts
@ -238,8 +238,6 @@ export const projectMembershipServiceFactory = ({
    if (orgMembers.length !== emails.length) throw new BadRequestError({ message: "Some users are not part of org" });
    if (!orgMembers.length) return [];
    const existingMembers = await projectMembershipDAL.find({
      projectId,
      $in: { userId: orgMembers.map(({ user }) => user.id).filter(Boolean) }
--- a/backend/src/services/secret-tag/secret-tag-service.ts
+++ b/backend/src/services/secret-tag/secret-tag-service.ts
@ -19,7 +19,7 @@ export const secretTagServiceFactory = ({ secretTagDAL, permissionService }: TSe
    const { permission } = await permissionService.getProjectPermission(actor, actorId, projectId, actorOrgId);
    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Create, ProjectPermissionSub.Tags);
-    const existingTag = await secretTagDAL.findOne({ slug, projectId });
+    const existingTag = await secretTagDAL.findOne({ slug });
    if (existingTag) throw new BadRequestError({ message: "Tag already exist" });
    const newTag = await secretTagDAL.create({
--- a/backend/src/services/secret/secret-service.ts
+++ b/backend/src/services/secret/secret-service.ts
@ -7,7 +7,7 @@ import { TSecretSnapshotServiceFactory } from "@app/ee/services/secret-snapshot/
 import { getConfig } from "@app/lib/config/env";
 import { buildSecretBlindIndexFromName, encryptSymmetric128BitHexKeyUTF8 } from "@app/lib/crypto";
 import { BadRequestError } from "@app/lib/errors";
-import { groupBy, pick, unique } from "@app/lib/fn";
+import { groupBy, pick } from "@app/lib/fn";
 import { logger } from "@app/lib/logger";
 import { ActorType } from "../auth/auth-type";
@ -202,13 +202,12 @@ export const secretServiceFactory = ({
    return deletedSecrets;
  };
-  /**
+  // this is a utility function for secret modification
-   * Checks and handles secrets using a blind index method.
+  // this will check given secret name blind index exist or not
-   * The function generates mappings between secret names and their blind indexes, validates user IDs for personal secrets, and retrieves secrets from the database based on their blind indexes.
+  // if its a created secret set isNew to true
-   * For new secrets (isNew = true), it ensures they don't already exist in the database.
+  // thus if these blindindex exist it will throw an error
-   * For existing secrets, it verifies their presence in the database.
+  // vice versa when u need to check for updated secret
-   * If discrepancies are found, errors are thrown. The function returns mappings and the fetched secrets.
+  // this will also return the blind index grouped by secretName
   */
  const fnSecretBlindIndexCheck = async ({
    inputSecrets,
    folderId,
@ -243,18 +242,10 @@ export const secretServiceFactory = ({
    if (isNew) {
      if (secrets.length) throw new BadRequestError({ message: "Secret already exist" });
-    } else {
+    } else if (secrets.length !== inputSecrets.length)
      const secretKeysInDB = unique(secrets, (el) => el.secretBlindIndex as string).map(
        (el) => blindIndex2KeyName[el.secretBlindIndex as string]
      );
      const hasUnknownSecretsProvided = secretKeysInDB.length !== inputSecrets.length;
      if (hasUnknownSecretsProvided) {
        const keysMissingInDB = Object.keys(keyName2BlindIndex).filter((key) => !secretKeysInDB.includes(key));
      throw new BadRequestError({
-          message: `Secret not found: blind index ${keysMissingInDB.join(",")}`
+        message: `Secret not found: blind index ${JSON.stringify(keyName2BlindIndex)}`
      });
      }
    }
    return { blindIndex2KeyName, keyName2BlindIndex, secrets };
  };
--- a/backend/src/services/super-admin/super-admin-service.ts
+++ b/backend/src/services/super-admin/super-admin-service.ts
@ -1,5 +1,4 @@
 import { TSuperAdmin, TSuperAdminUpdate } from "@app/db/schemas";
 import { TKeyStoreFactory } from "@app/keystore/keystore";
 import { getConfig } from "@app/lib/config/env";
 import { BadRequestError } from "@app/lib/errors";
@ -15,7 +14,6 @@ type TSuperAdminServiceFactoryDep = {
  userDAL: TUserDALFactory;
  authService: Pick<TAuthLoginFactory, "generateUserTokens">;
  orgService: Pick<TOrgServiceFactory, "createOrganization">;
  keyStore: Pick<TKeyStoreFactory, "getItem" | "setItemWithExpiry" | "deleteItem">;
 };
 export type TSuperAdminServiceFactory = ReturnType<typeof superAdminServiceFactory>;
@ -23,53 +21,26 @@ export type TSuperAdminServiceFactory = ReturnType<typeof superAdminServiceFacto
 // eslint-disable-next-line
 export let getServerCfg: () => Promise<TSuperAdmin>;
 const ADMIN_CONFIG_KEY = "infisical-admin-cfg";
 const ADMIN_CONFIG_KEY_EXP = 60; // 60s
 const ADMIN_CONFIG_DB_UUID = "00000000-0000-0000-0000-000000000000";
 export const superAdminServiceFactory = ({
  serverCfgDAL,
  userDAL,
  authService,
-  orgService,
+  orgService
  keyStore
 }: TSuperAdminServiceFactoryDep) => {
  const initServerCfg = async () => {
    // TODO(akhilmhdh): bad  pattern time less change this later to me itself
-    getServerCfg = async () => {
+    getServerCfg = () => serverCfgDAL.findOne({});
      const config = await keyStore.getItem(ADMIN_CONFIG_KEY);
      // missing in keystore means fetch from db
      if (!config) {
        const serverCfg = await serverCfgDAL.findById(ADMIN_CONFIG_DB_UUID);
        if (serverCfg) {
          await keyStore.setItemWithExpiry(ADMIN_CONFIG_KEY, ADMIN_CONFIG_KEY_EXP, JSON.stringify(serverCfg)); // insert it back to keystore
        }
        return serverCfg;
      }
-      const keyStoreServerCfg = JSON.parse(config) as TSuperAdmin;
+    const serverCfg = await serverCfgDAL.findOne({});
      return {
        ...keyStoreServerCfg,
        // this is to allow admin router to work
        createdAt: new Date(keyStoreServerCfg.createdAt),
        updatedAt: new Date(keyStoreServerCfg.updatedAt)
      };
    };
    // reset on initialized
    await keyStore.deleteItem(ADMIN_CONFIG_KEY);
    const serverCfg = await serverCfgDAL.findById(ADMIN_CONFIG_DB_UUID);
    if (serverCfg) return;
-
+    const newCfg = await serverCfgDAL.create({ initialized: false, allowSignUp: true });
    // @ts-expect-error id is kept as fixed for idempotence and to avoid race condition
    const newCfg = await serverCfgDAL.create({ initialized: false, allowSignUp: true, id: ADMIN_CONFIG_DB_UUID });
    return newCfg;
  };
  const updateServerCfg = async (data: TSuperAdminUpdate) => {
-    const updatedServerCfg = await serverCfgDAL.updateById(ADMIN_CONFIG_DB_UUID, data);
+    const serverCfg = await getServerCfg();
-    await keyStore.setItemWithExpiry(ADMIN_CONFIG_KEY, ADMIN_CONFIG_KEY_EXP, JSON.stringify(updatedServerCfg));
+    const cfg = await serverCfgDAL.updateById(serverCfg.id, data);
-    return updatedServerCfg;
+    return cfg;
  };
  const adminSignUp = async ({
--- a/backend/src/services/telemetry/telemetry-dal.ts
+++ b/backend/src/services/telemetry/telemetry-dal.ts
@ -1,39 +0,0 @@
 import { TDbClient } from "@app/db";
 import { TableName } from "@app/db/schemas";
 import { DatabaseError } from "@app/lib/errors";
 export type TTelemetryDALFactory = ReturnType<typeof telemetryDALFactory>;
 export const telemetryDALFactory = (db: TDbClient) => {
  const getTelemetryInstanceStats = async () => {
    try {
      const userCount = (await db(TableName.Users).where({ isGhost: false }).count().first())?.count as string;
      const users = parseInt(userCount || "0", 10);
      const identityCount = (await db(TableName.Identity).count().first())?.count as string;
      const identities = parseInt(identityCount || "0", 10);
      const projectCount = (await db(TableName.Project).count().first())?.count as string;
      const projects = parseInt(projectCount || "0", 10);
      const secretCount = (await db(TableName.Secret).count().first())?.count as string;
      const secrets = parseInt(secretCount || "0", 10);
      const organizationNames = await db(TableName.Organization).select("name");
      const organizations = organizationNames.length;
      return {
        users,
        identities,
        projects,
        secrets,
        organizations,
        organizationNames: organizationNames.map(({ name }) => name)
      };
    } catch (error) {
      throw new DatabaseError({ error, name: "TelemtryInstanceStats" });
    }
  };
  return { getTelemetryInstanceStats };
 };
--- a/backend/src/services/telemetry/telemetry-queue.ts
+++ b/backend/src/services/telemetry/telemetry-queue.ts
@ -1,78 +0,0 @@
 import { PostHog } from "posthog-node";
 import { TKeyStoreFactory } from "@app/keystore/keystore";
 import { getConfig } from "@app/lib/config/env";
 import { logger } from "@app/lib/logger";
 import { QueueJobs, QueueName, TQueueServiceFactory } from "@app/queue";
 import { getServerCfg } from "../super-admin/super-admin-service";
 import { TTelemetryDALFactory } from "./telemetry-dal";
 import { TELEMETRY_SECRET_OPERATIONS_KEY, TELEMETRY_SECRET_PROCESSED_KEY } from "./telemetry-service";
 import { PostHogEventTypes } from "./telemetry-types";
 type TTelemetryQueueServiceFactoryDep = {
  queueService: TQueueServiceFactory;
  keyStore: Pick<TKeyStoreFactory, "getItem" | "deleteItem">;
  telemetryDAL: TTelemetryDALFactory;
 };
 export type TTelemetryQueueServiceFactory = ReturnType<typeof telemetryQueueServiceFactory>;
 export const telemetryQueueServiceFactory = ({
  queueService,
  keyStore,
  telemetryDAL
 }: TTelemetryQueueServiceFactoryDep) => {
  const appCfg = getConfig();
  const postHog =
    appCfg.isProductionMode && appCfg.TELEMETRY_ENABLED
      ? new PostHog(appCfg.POSTHOG_PROJECT_API_KEY, { host: appCfg.POSTHOG_HOST, flushAt: 1, flushInterval: 0 })
      : undefined;
  queueService.start(QueueName.TelemetryInstanceStats, async () => {
    const { instanceId } = await getServerCfg();
    const telemtryStats = await telemetryDAL.getTelemetryInstanceStats();
    // parse the redis values into integer
    const numberOfSecretOperationsMade = parseInt((await keyStore.getItem(TELEMETRY_SECRET_OPERATIONS_KEY)) || "0", 10);
    const numberOfSecretProcessed = parseInt((await keyStore.getItem(TELEMETRY_SECRET_PROCESSED_KEY)) || "0", 10);
    const stats = { ...telemtryStats, numberOfSecretProcessed, numberOfSecretOperationsMade };
    // send to postHog
    postHog?.capture({
      event: PostHogEventTypes.TelemetryInstanceStats,
      distinctId: instanceId,
      properties: stats
    });
    // reset the stats
    await keyStore.deleteItem(TELEMETRY_SECRET_PROCESSED_KEY);
    await keyStore.deleteItem(TELEMETRY_SECRET_OPERATIONS_KEY);
  });
  // every day at midnight a telemetry job executes on self hosted
  // this sends some telemetry information like instance id secrets operated etc
  const startTelemetryCheck = async () => {
    // this is a fast way to check its cloud or not
    if (appCfg.INFISICAL_CLOUD) return;
    // clear previous job
    await queueService.stopRepeatableJob(
      QueueName.TelemetryInstanceStats,
      QueueJobs.TelemetryInstanceStats,
      { pattern: "0 0 * * *", utc: true },
      QueueName.TelemetryInstanceStats // just a job id
    );
    if (postHog) {
      await queueService.queue(QueueName.TelemetryInstanceStats, QueueJobs.TelemetryInstanceStats, undefined, {
        jobId: QueueName.TelemetryInstanceStats,
        repeat: { pattern: "0 0 * * *", utc: true }
      });
    }
  };
  queueService.listen(QueueName.TelemetryInstanceStats, "failed", (err) => {
    logger.error(err?.failedReason, `${QueueName.TelemetryInstanceStats}: failed`);
  });
  return {
    startTelemetryCheck
  };
 };
--- a/backend/src/services/telemetry/telemetry-service.ts
+++ b/backend/src/services/telemetry/telemetry-service.ts
@ -1,24 +1,15 @@
 import { PostHog } from "posthog-node";
 import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
 import { InstanceType } from "@app/ee/services/license/license-types";
 import { TKeyStoreFactory } from "@app/keystore/keystore";
 import { getConfig } from "@app/lib/config/env";
 import { request } from "@app/lib/config/request";
 import { logger } from "@app/lib/logger";
-import { PostHogEventTypes, TPostHogEvent, TSecretModifiedEvent } from "./telemetry-types";
+import { TPostHogEvent } from "./telemetry-types";
 export const TELEMETRY_SECRET_PROCESSED_KEY = "telemetry-secret-processed";
 export const TELEMETRY_SECRET_OPERATIONS_KEY = "telemetry-secret-operations";
 export type TTelemetryServiceFactory = ReturnType<typeof telemetryServiceFactory>;
 export type TTelemetryServiceFactoryDep = {
  keyStore: Pick<TKeyStoreFactory, "getItem" | "incrementBy">;
  licenseService: Pick<TLicenseServiceFactory, "getInstanceType">;
 };
-export const telemetryServiceFactory = ({ keyStore, licenseService }: TTelemetryServiceFactoryDep) => {
+// type TTelemetryServiceFactoryDep = {};
 export const telemetryServiceFactory = () => {
  const appCfg = getConfig();
  if (appCfg.isProductionMode && !appCfg.TELEMETRY_ENABLED) {
@ -30,7 +21,8 @@ To opt into telemetry, you can set "TELEMETRY_ENABLED=true" within the environme
 `);
  }
-  const postHog = appCfg.TELEMETRY_ENABLED
+  const postHog =
    appCfg.isProductionMode && appCfg.TELEMETRY_ENABLED
      ? new PostHog(appCfg.POSTHOG_PROJECT_API_KEY, { host: appCfg.POSTHOG_HOST })
      : undefined;
@ -59,33 +51,13 @@ To opt into telemetry, you can set "TELEMETRY_ENABLED=true" within the environme
    }
  };
-  const sendPostHogEvents = async (event: TPostHogEvent) => {
+  const sendPostHogEvents = (event: TPostHogEvent) => {
    if (postHog) {
      const instanceType = licenseService.getInstanceType();
      // capture posthog only when its cloud or signup event happens in self hosted
      if (instanceType === InstanceType.Cloud || event.event === PostHogEventTypes.UserSignedUp) {
      postHog.capture({
        event: event.event,
        distinctId: event.distinctId,
        properties: event.properties
      });
        return;
      }
      if (
        [
          PostHogEventTypes.SecretPulled,
          PostHogEventTypes.SecretCreated,
          PostHogEventTypes.SecretDeleted,
          PostHogEventTypes.SecretUpdated
        ].includes(event.event)
      ) {
        await keyStore.incrementBy(
          TELEMETRY_SECRET_PROCESSED_KEY,
          (event as TSecretModifiedEvent).properties.numberOfSecrets
        );
        await keyStore.incrementBy(TELEMETRY_SECRET_OPERATIONS_KEY, 1);
      }
    }
  };
--- a/backend/src/services/telemetry/telemetry-types.ts
+++ b/backend/src/services/telemetry/telemetry-types.ts
@ -12,8 +12,7 @@ export enum PostHogEventTypes {
  ProjectCreated = "Project Created",
  IntegrationCreated = "Integration Created",
  MachineIdentityCreated = "Machine Identity Created",
-  UserOrgInvitation = "User Org Invitation",
+  UserOrgInvitation = "User Org Invitation"
  TelemetryInstanceStats = "Self Hosted Instance Stats"
 }
 export type TSecretModifiedEvent = {
@ -102,20 +101,6 @@ export type TUserOrgInvitedEvent = {
  };
 };
 export type TTelemetryInstanceStatsEvent = {
  event: PostHogEventTypes.TelemetryInstanceStats;
  properties: {
    users: number;
    identities: number;
    projects: number;
    secrets: number;
    organizations: number;
    organizationNames: number;
    numberOfSecretOperationsMade: number;
    numberOfSecretProcessed: number;
  };
 };
 export type TPostHogEvent = { distinctId: string } & (
  | TSecretModifiedEvent
  | TAdminInitEvent
@ -125,5 +110,4 @@ export type TPostHogEvent = { distinctId: string } & (
  | TMachineIdentityCreatedEvent
  | TIntegrationCreatedEvent
  | TProjectCreateEvent
  | TTelemetryInstanceStatsEvent
 );
--- a/cli/packages/cmd/export.go
+++ b/cli/packages/cmd/export.go
@ -87,13 +87,17 @@ var exportCmd = &cobra.Command{
 		var output string
 		if shouldExpandSecrets {
-			secrets = util.ExpandSecrets(secrets, infisicalToken, "")
+			substitutions := util.ExpandSecrets(secrets, infisicalToken, "")
 			output, err = formatEnvs(substitutions, format)
 			if err != nil {
 				util.HandleError(err)
 			}
-		secrets = util.FilterSecretsByTag(secrets, tagSlugs)
+		} else {
 			output, err = formatEnvs(secrets, format)
 			if err != nil {
 				util.HandleError(err)
 			}
 		}
 		fmt.Print(output)
--- a/cli/packages/util/secrets.go
+++ b/cli/packages/util/secrets.go
@ -220,30 +220,6 @@ func InjectImportedSecret(plainTextWorkspaceKey []byte, secrets []models.SingleE
 	return secrets, nil
 }
 func FilterSecretsByTag(plainTextSecrets []models.SingleEnvironmentVariable, tagSlugs string) []models.SingleEnvironmentVariable {
 	if tagSlugs == "" {
 		return plainTextSecrets
 	}
 	tagSlugsMap := make(map[string]bool)
 	tagSlugsList := strings.Split(tagSlugs, ",")
 	for _, slug := range tagSlugsList {
 		tagSlugsMap[slug] = true
 	}
 	filteredSecrets := []models.SingleEnvironmentVariable{}
 	for _, secret := range plainTextSecrets {
 		for _, tag := range secret.Tags {
 			if tagSlugsMap[tag.Slug] {
 				filteredSecrets = append(filteredSecrets, secret)
 				break
 			}
 		}
 	}
 	return filteredSecrets
 }
 func GetAllEnvironmentVariables(params models.GetAllSecretsParameters, projectConfigFilePath string) ([]models.SingleEnvironmentVariable, error) {
 	var infisicalToken string
 	if params.InfisicalToken == "" {
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@ -86,7 +86,6 @@ services:
    environment:
      - NODE_ENV=development
      - DB_CONNECTION_URI=postgres://infisical:infisical@db/infisical?sslmode=disable
      - TELEMETRY_ENABLED=false
    volumes:
      - ./backend/src:/app/src
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@ -52,7 +52,7 @@ services:
    restart: always
    env_file: .env
    volumes:
-      - pg_data:/var/lib/postgresql/data
+      - pg_data:/data/db
    networks:
      - infisical
    healthcheck:
--- a/docs/documentation/getting-started/introduction.mdx
+++ b/docs/documentation/getting-started/introduction.mdx
@ -2,7 +2,7 @@
 title: "Introduction"
 ---
-Infisical is an [open-source](https://opensource.com/resources/what-open-source), [end-to-end encrypted](https://en.wikipedia.org/wiki/End-to-end_encryption) secrets management platform for storing, managing, and syncing
+Infisical is an [open-source](https://opensource.com/resources/what-open-source), [end-to-end encrypted](https://en.wikipedia.org/wiki/End-to-end_encryption) secret management platform for storing, managing, and syncing
 application configuration and secrets like API keys, database credentials, and environment variables across applications and infrastructure. 
 Start syncing environment variables with [Infisical Cloud](https://app.infisical.com) or learn how to [host Infisical](/self-hosting/overview) yourself.
--- a/docs/documentation/platform/ldap.mdx
+++ b/docs/documentation/platform/ldap.mdx
@ -1,36 +0,0 @@
 ---
 title: "LDAP"
 description: "Log in to Infisical with LDAP"
 ---
 <Info>
    LDAP is a paid feature.
   If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
   then you should contact team@infisical.com to purchase an enterprise license to use it.
 </Info>
 You can configure your organization in Infisical to have members authenticate with the platform via [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol); this includes support for Active Directory.
 <Steps>
   <Step title="Prepare the LDAP configuration in Infisical">
        In Infisical, head to your Organization Settings > Authentication > LDAP Configuration and select **Set up LDAP**.
        Next, input your LDAP server settings.
        ![LDAP configuration](/images/platform/ldap/ldap-config.png)
        Here's some guidance for each field:
        - URL: The LDAP server to connect to such as `ldap://ldap.your-org.com`, `ldaps://ldap.myorg.com:636` (for connection over SSL/TLS), etc.
        - Bind DN: The distinguished name of object to bind when performing the user search such as `cn=infisical,ou=Users,dc=acme,dc=com`.
        - Bind Pass: The password to use along with `Bind DN` when performing the user search.
        - Search Base / User DN: Base DN under which to perform user search such as `ou=Users,dc=example,dc=com`
        - CA Certificate: The CA certificate to use when verifying the LDAP server certificate.
   </Step>
   <Step title="Enable LDAP in Infisical">
        Enabling LDAP allows members in your organization to log into Infisical via LDAP.
        ![LDAP toggle](/images/platform/ldap/ldap-toggle.png)
   </Step>
 </Steps>
--- a/docs/documentation/platform/ldap/general.mdx
+++ b/docs/documentation/platform/ldap/general.mdx
@ -1,36 +0,0 @@
 ---
 title: "General LDAP"
 description: "Log in to Infisical with LDAP"
 ---
 <Info>
    LDAP is a paid feature.
   If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
   then you should contact team@infisical.com to purchase an enterprise license to use it.
 </Info>
 You can configure your organization in Infisical to have members authenticate with the platform via [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol)
 <Steps>
   <Step title="Prepare the LDAP configuration in Infisical">
        In Infisical, head to your Organization Settings > Authentication > LDAP Configuration and select **Set up LDAP**.
        Next, input your LDAP server settings.
        ![LDAP configuration](/images/platform/ldap/ldap-config.png)
        Here's some guidance for each field:
        - URL: The LDAP server to connect to such as `ldap://ldap.your-org.com`, `ldaps://ldap.myorg.com:636` (for connection over SSL/TLS), etc.
        - Bind DN: The distinguished name of object to bind when performing the user search such as `cn=infisical,ou=Users,dc=acme,dc=com`.
        - Bind Pass: The password to use along with `Bind DN` when performing the user search.
        - Search Base / User DN: Base DN under which to perform user search such as `ou=Users,dc=example,dc=com`
        - CA Certificate: The CA certificate to use when verifying the LDAP server certificate.
   </Step>
   <Step title="Enable LDAP in Infisical">
        Enabling LDAP allows members in your organization to log into Infisical via LDAP.
        ![LDAP toggle](/images/platform/ldap/ldap-toggle.png)
   </Step>
 </Steps>
--- a/docs/documentation/platform/ldap/jumpcloud.mdx
+++ b/docs/documentation/platform/ldap/jumpcloud.mdx
@ -1,56 +0,0 @@
 ---
 title: "JumpCloud LDAP"
 description: "Configure JumpCloud LDAP for Logging into Infisical"
 ---
 <Info>
    LDAP is a paid feature.
    If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
    then you should contact team@infisical.com to purchase an enterprise license to use it.
 </Info>
 <Steps>
    <Step title="Prepare LDAP in JumpCloud">
        In JumpCloud, head to USER MANAGEMENT > Users and create a new user via the **Manual user entry** option. This user
        will be used as a privileged service account to facilitate Infisical's ability to bind/search the LDAP directory.
        When creating the user, input their **First Name**, **Last Name**, **Username** (required), **Company Email** (required), and **Description**.
        Also, create a password for the user.
        Next, under User Security Settings and Permissions > Permission Settings, check the box next to **Enable as LDAP Bind DN**. 
        ![LDAP JumpCloud](/images/platform/ldap/jumpcloud/ldap-jumpcloud-enable-bind-dn.png)
    </Step>
    <Step title="Prepare the LDAP configuration in Infisical">
            In Infisical, head to your Organization Settings > Authentication > LDAP Configuration and select **Set up LDAP**.
            Next, input your JumpCloud LDAP server settings.
            ![LDAP configuration](/images/platform/ldap/ldap-config.png)
            Here's some guidance for each field:
            - URL: The LDAP server to connect to (`ldaps://ldap.jumpcloud.com:636`).
            - Bind DN: The distinguished name of object to bind when performing the user search (`uid=<ldap-user-username>,ou=Users,o=<your-org-id>,dc=jumpcloud,dc=com`).
            - Bind Pass: The password to use along with `Bind DN` when performing the user search.
            - Search Base / User DN: Base DN under which to perform user search (`ou=Users,o=<your-org-id>,dc=jumpcloud,dc=com`).
            - CA Certificate: The CA certificate to use when verifying the LDAP server certificate (instructions to obtain the certificate for JumpCloud [here](https://jumpcloud.com/support/connect-to-ldap-with-tls-ssl)).
            <Tip>
                When filling out the **Bind DN** and **Bind Pass** fields, refer to the username and password of the user created in Step 1.
                Also, for the **Bind DN** and **Search Base / User DN** fields, you'll want to use the organization ID that appears 
                in your LDAP instance **ORG DN**.
            </Tip>
    </Step>
    <Step title="Enable LDAP in Infisical">
            Enabling LDAP allows members in your organization to log into Infisical via LDAP.
            ![LDAP toggle](/images/platform/ldap/ldap-toggle.png)
    </Step>
 </Steps>
 Resources:
 - [JumpCloud Cloud LDAP Guide](https://jumpcloud.com/support/use-cloud-ldap)
--- a/docs/documentation/platform/ldap/overview.mdx
+++ b/docs/documentation/platform/ldap/overview.mdx
@ -1,23 +0,0 @@
 ---
 title: "LDAP Overview"
 description: "Log in to Infisical with LDAP"
 ---
 <Info>
    LDAP is a paid feature.
   If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
   then you should contact sales@infisical.com to purchase an enterprise license to use it.
 </Info>
 You can configure your organization in Infisical to have members authenticate with the platform via [LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol)
 To note, configuring LDAP retains the end-to-end encrypted architecture of Infisical because we decouple the authentication and decryption steps; the LDAP server cannot and will not have access to the decryption key needed to decrypt your secrets.
 LDAP providers:
 - Active Directory
 - [JumpCloud LDAP](/documentation/platform/ldap/jumpcloud)
 - AWS Directory Service
 - Foxpass
 Check out the general instructions for configuring LDAP [here](/documentation/platform/ldap/general).
--- a/docs/documentation/platform/project-upgrade.mdx
+++ b/docs/documentation/platform/project-upgrade.mdx
@ -1,21 +0,0 @@
 ---
 title: "Enhancing Security and Usability: Project Upgrades"
 ---
 At Infisical, we're constantly striving to elevate the security and usability standards of our platform to better serve our users.
 With this commitment in mind, we're excited to introduce our latest addition, non-E2EE projects, aimed at addressing two significant issues while enhancing how clients interact with Infisical programmatically.
 Previously, users encountered a challenge where projects risked becoming inaccessible if the project creator deleted their account.
 Additionally, our API lacked the capability to interact with projects without dealing with complex cryptographic operations.
 These obstacles made API driven automation and collaboration a painful experience for a majority of our users.
 To overcome these limitations, our upgrade focuses on disabling end-to-end encryption (E2EE) for projects.
 While this may raise eyebrows, it's important to understand that this decision is a strategic move to make Infisical easer to use and interact with.
 But what does this mean for our users? Essentially nothing, there are no changes required on your end. 
 Rest assured, all sensitive data remains encrypted at rest according to the latest industry standards.
 Our commitment to security remains unwavering, and this upgrade is a testament to our dedication to delivering on our promises in both security and usability when it comes to secrets management.
 To increase consistency with existing and future integrations, all projects created on Infisical from now on will have end-to-end encryption (E2EE) disabled by default. 
 This will not only reduce confusion for end users, but will also make the Infisical API seamless to use.
--- a/docs/documentation/platform/secret-rotation/postgres.mdx
+++ b/docs/documentation/platform/secret-rotation/postgres.mdx
@ -1,17 +1,21 @@
 ---
 title: "PostgreSQL/CockroachDB"
-description: "Rotated database user password of a PostgreSQL or Cockroach DB"
+description: "Rotated database user password of a postgreSQL or cockroach db"
 ---
 Infisical will update periodically the provided database user's password.
 <Warning>
 	At present Infisical do require access to your database. We will soon be released Infisical agent based rotation which would help you rotate without direct database access from Infisical cloud.
 </Warning>
 ## Working
-1. User's has to create the two user's for Infisical to rotate and provide them required database access.
+1. User's has to create the two user's for Infisical to rotate and provide them required database access
-2. Infisical will connect with your database with admin access.
+2. Infisical will connect with your database with admin access
-3. If last rotated one was username1, then username2 is chosen to be rotated.
+3. If last rotated one was username1, then username2 is chosen to be rotated
-5. Update it's password with random value.
+5. Update it's password with random value
-6. After testing it gets saved to the provided secret mapping.
+6. After testing it gets saved to the provided secret mapping
 ## Rotation Configuration
@ -30,4 +34,4 @@ Infisical will update periodically the provided database user's password.
 	- Finally select the secrets in your provided board to replace with new secret after each rotation
 	- Your done and good to go.
-Congratulations. You have improved your PostgreSQL/CockroachDB access security. 
+Congrats. You have 10x your PostgreSQL/CockroachDB access security. 
--- a/docs/images/platform/ldap/jumpcloud/ldap-jumpcloud-enable-bind-dn.png
+++ b/docs/images/platform/ldap/jumpcloud/ldap-jumpcloud-enable-bind-dn.png
--- a/Show More
+++ b/Show More