fix typos

fix links
small nits
2025-08-13 07:12:51 +00:00 · 2025-08-04 14:52:47 -07:00 · 2025-08-04 14:51:02 -07:00 · 2025-08-04 14:11:13 -07:00 · 2025-08-04 18:48:46 +07:00 · 2025-08-04 16:58:00 +07:00
33 changed files with 880 additions and 656 deletions
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -14,93 +14,49 @@
  "navigation": {
    "tabs": [
      {
-        "tab": "Documentation",
+        "tab": "Platform",
        "groups": [
          {
            "group": "Getting Started",
            "pages": [
+              "documentation/getting-started/overview",
              "documentation/getting-started/introduction",
              {
-                "group": "Quickstart",
-                "pages": ["documentation/guides/local-development"]
-              },
-              {
-                "group": "Guides",
+                "group": "Concepts",
                "pages": [
-                  "documentation/guides/introduction",
-                  "documentation/guides/node",
-                  "documentation/guides/python",
-                  "documentation/guides/nextjs-vercel",
-                  "documentation/guides/microsoft-power-apps",
-                  "documentation/guides/organization-structure"
+                  "documentation/getting-started/concepts/deployment-models",
+                  "documentation/getting-started/concepts/platform-hierarchy",
+                  "documentation/getting-started/concepts/platform-iam",
+                  "documentation/getting-started/concepts/client-integrations",
+                  "documentation/getting-started/concepts/audit-logs"
                ]
              },
              {
-                "group": "Setup",
-                "pages": ["documentation/setup/networking"]
+                "group": "Guides",
+                "pages": ["documentation/guides/organization-structure"]
              }
            ]
          },
          {
-            "group": "Platform",
+            "group": "Platform Reference",
            "pages": [
              "documentation/platform/organization",
-              "documentation/platform/project",
-              "documentation/platform/folder",
              {
-                "group": "Secrets",
+                "group": "Projects",
                "pages": [
-                  "documentation/platform/secret-versioning",
-                  "documentation/platform/pit-recovery",
-                  "documentation/platform/secret-reference",
-                  "documentation/platform/webhooks"
-                ]
-              },
-              {
-                "group": "Internal PKI",
-                "pages": [
-                  "documentation/platform/pki/overview",
-                  "documentation/platform/pki/private-ca",
-                  "documentation/platform/pki/external-ca",
-                  "documentation/platform/pki/subscribers",
-                  "documentation/platform/pki/certificates",
-                  "documentation/platform/pki/acme-ca",
-                  "documentation/platform/pki/est",
-                  "documentation/platform/pki/alerting",
+                  "documentation/platform/project",
+                  "documentation/platform/project-templates",
                  {
-                    "group": "Integrations",
+                    "group": "KMS Configuration",
                    "pages": [
-                      "documentation/platform/pki/pki-issuer",
-                      "documentation/platform/pki/integration-guides/gloo-mesh"
+                      "documentation/platform/kms-configuration/overview",
+                      "documentation/platform/kms-configuration/aws-kms",
+                      "documentation/platform/kms-configuration/aws-hsm",
+                      "documentation/platform/kms-configuration/gcp-kms"
                    ]
                  }
                ]
              },
-              {
-                "group": "Infisical SSH",
-                "pages": [
-                  "documentation/platform/ssh/overview",
-                  "documentation/platform/ssh/host-groups"
-                ]
-              },
-              {
-                "group": "Key Management (KMS)",
-                "pages": [
-                  "documentation/platform/kms/overview",
-                  "documentation/platform/kms/hsm-integration",
-                  "documentation/platform/kms/kubernetes-encryption",
-                  "documentation/platform/kms/kmip"
-                ]
-              },
-              {
-                "group": "KMS Configuration",
-                "pages": [
-                  "documentation/platform/kms-configuration/overview",
-                  "documentation/platform/kms-configuration/aws-kms",
-                  "documentation/platform/kms-configuration/aws-hsm",
-                  "documentation/platform/kms-configuration/gcp-kms"
-                ]
-              },
              {
                "group": "Identities",
                "pages": [
@@ -140,57 +96,53 @@
                ]
              },
              {
-                "group": "Secret Rotation",
+                "group": "App Connections",
                "pages": [
-                  "documentation/platform/secret-rotation/overview",
-                  "documentation/platform/secret-rotation/auth0-client-secret",
-                  "documentation/platform/secret-rotation/aws-iam-user-secret",
-                  "documentation/platform/secret-rotation/azure-client-secret",
-                  "documentation/platform/secret-rotation/ldap-password",
-                  "documentation/platform/secret-rotation/mssql-credentials",
-                  "documentation/platform/secret-rotation/mysql-credentials",
-                  "documentation/platform/secret-rotation/okta-client-secret",
-                  "documentation/platform/secret-rotation/oracledb-credentials",
-                  "documentation/platform/secret-rotation/postgres-credentials"
+                  "integrations/app-connections/overview",
+                  {
+                    "group": "Connections",
+                    "pages": [
+                      "integrations/app-connections/1password",
+                      "integrations/app-connections/auth0",
+                      "integrations/app-connections/aws",
+                      "integrations/app-connections/azure-app-configuration",
+                      "integrations/app-connections/azure-client-secrets",
+                      "integrations/app-connections/azure-devops",
+                      "integrations/app-connections/azure-key-vault",
+                      "integrations/app-connections/bitbucket",
+                      "integrations/app-connections/camunda",
+                      "integrations/app-connections/checkly",
+                      "integrations/app-connections/cloudflare",
+                      "integrations/app-connections/databricks",
+                      "integrations/app-connections/digital-ocean",
+                      "integrations/app-connections/flyio",
+                      "integrations/app-connections/gcp",
+                      "integrations/app-connections/github",
+                      "integrations/app-connections/github-radar",
+                      "integrations/app-connections/gitlab",
+                      "integrations/app-connections/hashicorp-vault",
+                      "integrations/app-connections/heroku",
+                      "integrations/app-connections/humanitec",
+                      "integrations/app-connections/ldap",
+                      "integrations/app-connections/mssql",
+                      "integrations/app-connections/mysql",
+                      "integrations/app-connections/netlify",
+                      "integrations/app-connections/oci",
+                      "integrations/app-connections/okta",
+                      "integrations/app-connections/oracledb",
+                      "integrations/app-connections/postgres",
+                      "integrations/app-connections/railway",
+                      "integrations/app-connections/render",
+                      "integrations/app-connections/supabase",
+                      "integrations/app-connections/teamcity",
+                      "integrations/app-connections/terraform-cloud",
+                      "integrations/app-connections/vercel",
+                      "integrations/app-connections/windmill",
+                      "integrations/app-connections/zabbix"
+                    ]
+                  }
                ]
              },
-              {
-                "group": "Dynamic Secrets",
-                "pages": [
-                  "documentation/platform/dynamic-secrets/overview",
-                  "documentation/platform/dynamic-secrets/aws-elasticache",
-                  "documentation/platform/dynamic-secrets/aws-iam",
-                  "documentation/platform/dynamic-secrets/azure-entra-id",
-                  "documentation/platform/dynamic-secrets/cassandra",
-                  "documentation/platform/dynamic-secrets/elastic-search",
-                  "documentation/platform/dynamic-secrets/gcp-iam",
-                  "documentation/platform/dynamic-secrets/github",
-                  "documentation/platform/dynamic-secrets/ldap",
-                  "documentation/platform/dynamic-secrets/mongo-atlas",
-                  "documentation/platform/dynamic-secrets/mongo-db",
-                  "documentation/platform/dynamic-secrets/mssql",
-                  "documentation/platform/dynamic-secrets/mysql",
-                  "documentation/platform/dynamic-secrets/oracle",
-                  "documentation/platform/dynamic-secrets/postgresql",
-                  "documentation/platform/dynamic-secrets/rabbit-mq",
-                  "documentation/platform/dynamic-secrets/redis",
-                  "documentation/platform/dynamic-secrets/sap-ase",
-                  "documentation/platform/dynamic-secrets/sap-hana",
-                  "documentation/platform/dynamic-secrets/snowflake",
-                  "documentation/platform/dynamic-secrets/totp",
-                  "documentation/platform/dynamic-secrets/kubernetes",
-                  "documentation/platform/dynamic-secrets/vertica"
-                ]
-              },
-              {
-                "group": "Gateway",
-                "pages": [
-                  "documentation/platform/gateways/overview",
-                  "documentation/platform/gateways/gateway-security",
-                  "documentation/platform/gateways/networking"
-                ]
-              },
-              "documentation/platform/project-templates",
              {
                "group": "Workflow Integrations",
                "pages": [
@@ -206,22 +158,20 @@
                  "documentation/platform/external-migrations/vault"
                ]
              },
+              "documentation/platform/admin-panel/server-admin",
+              "documentation/platform/secret-sharing"
+            ]
+          },
+          {
+            "group": "Connectivity",
+            "pages": [
+              "documentation/setup/networking",
              {
-                "group": "Admin Consoles",
+                "group": "Gateway",
                "pages": [
-                  "documentation/platform/admin-panel/overview",
-                  "documentation/platform/admin-panel/server-admin",
-                  "documentation/platform/admin-panel/org-admin-console"
-                ]
-              },
-              "documentation/platform/secret-sharing",
-              {
-                "group": "Secret Scanning",
-                "pages": [
-                  "documentation/platform/secret-scanning/overview",
-                  "documentation/platform/secret-scanning/bitbucket",
-                  "documentation/platform/secret-scanning/github",
-                  "documentation/platform/secret-scanning/gitlab"
+                  "documentation/platform/gateways/overview",
+                  "documentation/platform/gateways/gateway-security",
+                  "documentation/platform/gateways/networking"
                ]
              }
            ]
@@ -426,18 +376,80 @@
        ]
      },
      {
-        "tab": "Integrations",
-        "groups": [
+        "tab": "Products",
+        "menu": [
          {
-            "group": "Infrastructure Integrations",
-            "pages": [
-              "integrations/platforms/ansible",
-              "integrations/platforms/apache-airflow",
+            "item": "Secrets Management",
+            "groups": [
              {
-                "group": "Container orchestrators",
+                "group": "Secrets Management",
                "pages": [
+                  "documentation/platform/secrets-mgmt/overview",
+                  "documentation/platform/secrets-mgmt/project",
+                  "documentation/platform/folder",
                  {
-                    "group": "Kubernetes",
+                    "group": "Secret Rotation",
+                    "pages": [
+                      "documentation/platform/secret-rotation/overview",
+                      "documentation/platform/secret-rotation/auth0-client-secret",
+                      "documentation/platform/secret-rotation/aws-iam-user-secret",
+                      "documentation/platform/secret-rotation/azure-client-secret",
+                      "documentation/platform/secret-rotation/ldap-password",
+                      "documentation/platform/secret-rotation/mssql-credentials",
+                      "documentation/platform/secret-rotation/mysql-credentials",
+                      "documentation/platform/secret-rotation/okta-client-secret",
+                      "documentation/platform/secret-rotation/oracledb-credentials",
+                      "documentation/platform/secret-rotation/postgres-credentials"
+                    ]
+                  },
+                  {
+                    "group": "Dynamic Secrets",
+                    "pages": [
+                      "documentation/platform/dynamic-secrets/overview",
+                      "documentation/platform/dynamic-secrets/aws-elasticache",
+                      "documentation/platform/dynamic-secrets/aws-iam",
+                      "documentation/platform/dynamic-secrets/azure-entra-id",
+                      "documentation/platform/dynamic-secrets/cassandra",
+                      "documentation/platform/dynamic-secrets/elastic-search",
+                      "documentation/platform/dynamic-secrets/gcp-iam",
+                      "documentation/platform/dynamic-secrets/github",
+                      "documentation/platform/dynamic-secrets/ldap",
+                      "documentation/platform/dynamic-secrets/mongo-atlas",
+                      "documentation/platform/dynamic-secrets/mongo-db",
+                      "documentation/platform/dynamic-secrets/mssql",
+                      "documentation/platform/dynamic-secrets/mysql",
+                      "documentation/platform/dynamic-secrets/oracle",
+                      "documentation/platform/dynamic-secrets/postgresql",
+                      "documentation/platform/dynamic-secrets/rabbit-mq",
+                      "documentation/platform/dynamic-secrets/redis",
+                      "documentation/platform/dynamic-secrets/sap-ase",
+                      "documentation/platform/dynamic-secrets/sap-hana",
+                      "documentation/platform/dynamic-secrets/snowflake",
+                      "documentation/platform/dynamic-secrets/totp",
+                      "documentation/platform/dynamic-secrets/kubernetes",
+                      "documentation/platform/dynamic-secrets/vertica"
+                    ]
+                  },
+                  {
+                    "group": "Guides",
+                    "pages": [
+                      "documentation/guides/introduction",
+                      "documentation/guides/local-development",
+                      "documentation/guides/node",
+                      "documentation/guides/python",
+                      "documentation/guides/nextjs-vercel",
+                      "documentation/guides/microsoft-power-apps"
+                    ]
+                  }
+                ]
+              },
+              {
+                "group": "Infrastructure Integrations",
+                "pages": [
+                  "integrations/platforms/ansible",
+                  "integrations/platforms/apache-airflow",
+                  {
+                    "group": "Kubernetes Operator",
                    "pages": [
                      "integrations/platforms/kubernetes/overview",
                      "integrations/platforms/kubernetes/infisical-secret-crd",
@@ -447,222 +459,249 @@
                  },
                  "integrations/platforms/kubernetes-injector",
                  "integrations/platforms/kubernetes-csi",
-                  "integrations/platforms/docker-swarm-with-agent",
-                  "integrations/platforms/ecs-with-agent"
+                  {
+                    "group": "Agent",
+                    "pages": [
+                      "integrations/platforms/infisical-agent",
+                       "integrations/platforms/docker-swarm-with-agent",
+                      "integrations/platforms/ecs-with-agent"
+                    ]
+                  },
+                  {
+                    "group": "Docker",
+                    "pages": [
+                      "integrations/platforms/docker-intro",
+                      "integrations/platforms/docker",
+                      "integrations/platforms/docker-pass-envs",
+                      "integrations/platforms/docker-compose"
+                    ]
+                  },
+                  "integrations/frameworks/packer",
+                  "integrations/frameworks/pulumi",
+                  "integrations/frameworks/terraform"
                ]
              },
              {
-                "group": "Docker",
+                "group": "Secret Syncs",
                "pages": [
-                  "integrations/platforms/docker-intro",
-                  "integrations/platforms/docker",
-                  "integrations/platforms/docker-pass-envs",
-                  "integrations/platforms/docker-compose"
+                  "integrations/secret-syncs/overview",
+                  {
+                    "group": "Syncs",
+                    "pages": [
+                      "integrations/secret-syncs/1password",
+                      "integrations/secret-syncs/aws-parameter-store",
+                      "integrations/secret-syncs/aws-secrets-manager",
+                      "integrations/secret-syncs/azure-app-configuration",
+                      "integrations/secret-syncs/azure-devops",
+                      "integrations/secret-syncs/azure-key-vault",
+                      "integrations/secret-syncs/bitbucket",
+                      "integrations/secret-syncs/camunda",
+                      "integrations/secret-syncs/checkly",
+                      "integrations/secret-syncs/cloudflare-pages",
+                      "integrations/secret-syncs/cloudflare-workers",
+                      "integrations/secret-syncs/databricks",
+                      "integrations/secret-syncs/digital-ocean-app-platform",
+                      "integrations/secret-syncs/flyio",
+                      "integrations/secret-syncs/gcp-secret-manager",
+                      "integrations/secret-syncs/github",
+                      "integrations/secret-syncs/gitlab",
+                      "integrations/secret-syncs/hashicorp-vault",
+                      "integrations/secret-syncs/heroku",
+                      "integrations/secret-syncs/humanitec",
+                      "integrations/secret-syncs/netlify",
+                      "integrations/secret-syncs/oci-vault",
+                      "integrations/secret-syncs/railway",
+                      "integrations/secret-syncs/render",
+                      "integrations/secret-syncs/supabase",
+                      "integrations/secret-syncs/teamcity",
+                      "integrations/secret-syncs/terraform-cloud",
+                      "integrations/secret-syncs/vercel",
+                      "integrations/secret-syncs/windmill",
+                      "integrations/secret-syncs/zabbix"
+                    ]
+                  }
                ]
              },
-              "integrations/platforms/infisical-agent",
-              "integrations/frameworks/packer",
-              "integrations/frameworks/pulumi",
-              "integrations/frameworks/terraform"
-            ]
-          },
-          {
-            "group": "App Connections",
-            "pages": [
-              "integrations/app-connections/overview",
              {
-                "group": "Connections",
+                "group": "Native Integrations",
                "pages": [
-                  "integrations/app-connections/1password",
-                  "integrations/app-connections/auth0",
-                  "integrations/app-connections/aws",
-                  "integrations/app-connections/azure-app-configuration",
-                  "integrations/app-connections/azure-client-secrets",
-                  "integrations/app-connections/azure-devops",
-                  "integrations/app-connections/azure-key-vault",
-                  "integrations/app-connections/bitbucket",
-                  "integrations/app-connections/camunda",
-                  "integrations/app-connections/checkly",
-                  "integrations/app-connections/cloudflare",
-                  "integrations/app-connections/databricks",
-                  "integrations/app-connections/digital-ocean",
-                  "integrations/app-connections/flyio",
-                  "integrations/app-connections/gcp",
-                  "integrations/app-connections/github",
-                  "integrations/app-connections/github-radar",
-                  "integrations/app-connections/gitlab",
-                  "integrations/app-connections/hashicorp-vault",
-                  "integrations/app-connections/heroku",
-                  "integrations/app-connections/humanitec",
-                  "integrations/app-connections/ldap",
-                  "integrations/app-connections/mssql",
-                  "integrations/app-connections/mysql",
-                  "integrations/app-connections/netlify",
-                  "integrations/app-connections/oci",
-                  "integrations/app-connections/okta",
-                  "integrations/app-connections/oracledb",
-                  "integrations/app-connections/postgres",
-                  "integrations/app-connections/railway",
-                  "integrations/app-connections/render",
-                  "integrations/app-connections/supabase",
-                  "integrations/app-connections/teamcity",
-                  "integrations/app-connections/terraform-cloud",
-                  "integrations/app-connections/vercel",
-                  "integrations/app-connections/windmill",
-                  "integrations/app-connections/zabbix"
-                ]
-              }
-            ]
-          },
-          {
-            "group": "Secret Syncs",
-            "pages": [
-              "integrations/secret-syncs/overview",
-              {
-                "group": "Syncs",
-                "pages": [
-                  "integrations/secret-syncs/1password",
-                  "integrations/secret-syncs/aws-parameter-store",
-                  "integrations/secret-syncs/aws-secrets-manager",
-                  "integrations/secret-syncs/azure-app-configuration",
-                  "integrations/secret-syncs/azure-devops",
-                  "integrations/secret-syncs/azure-key-vault",
-                  "integrations/secret-syncs/bitbucket",
-                  "integrations/secret-syncs/camunda",
-                  "integrations/secret-syncs/checkly",
-                  "integrations/secret-syncs/cloudflare-pages",
-                  "integrations/secret-syncs/cloudflare-workers",
-                  "integrations/secret-syncs/databricks",
-                  "integrations/secret-syncs/digital-ocean-app-platform",
-                  "integrations/secret-syncs/flyio",
-                  "integrations/secret-syncs/gcp-secret-manager",
-                  "integrations/secret-syncs/github",
-                  "integrations/secret-syncs/gitlab",
-                  "integrations/secret-syncs/hashicorp-vault",
-                  "integrations/secret-syncs/heroku",
-                  "integrations/secret-syncs/humanitec",
-                  "integrations/secret-syncs/netlify",
-                  "integrations/secret-syncs/oci-vault",
-                  "integrations/secret-syncs/railway",
-                  "integrations/secret-syncs/render",
-                  "integrations/secret-syncs/supabase",
-                  "integrations/secret-syncs/teamcity",
-                  "integrations/secret-syncs/terraform-cloud",
-                  "integrations/secret-syncs/vercel",
-                  "integrations/secret-syncs/windmill",
-                  "integrations/secret-syncs/zabbix"
-                ]
-              }
-            ]
-          },
-          {
-            "group": "Native Integrations",
-            "pages": [
-              {
-                "group": "AWS",
-                "pages": [
-                  "integrations/cloud/aws-parameter-store",
-                  "integrations/cloud/aws-secret-manager",
-                  "integrations/cloud/aws-amplify"
+                  {
+                    "group": "AWS",
+                    "pages": [
+                      "integrations/cloud/aws-parameter-store",
+                      "integrations/cloud/aws-secret-manager",
+                      "integrations/cloud/aws-amplify"
+                    ]
+                  },
+                  "integrations/cloud/vercel",
+                  "integrations/cloud/azure-key-vault",
+                  "integrations/cloud/azure-app-configuration",
+                  "integrations/cloud/azure-devops",
+                  "integrations/cloud/gcp-secret-manager",
+                  {
+                    "group": "Cloudflare",
+                    "pages": [
+                      "integrations/cloud/cloudflare-pages",
+                      "integrations/cloud/cloudflare-workers"
+                    ]
+                  },
+                  "integrations/cloud/terraform-cloud",
+                  "integrations/cloud/databricks",
+                  {
+                    "group": "View more",
+                    "pages": [
+                      "integrations/cloud/digital-ocean-app-platform",
+                      "integrations/cloud/heroku",
+                      "integrations/cloud/netlify",
+                      "integrations/cloud/flyio",
+                      "integrations/cloud/railway",
+                      "integrations/cloud/render",
+                      "integrations/cloud/laravel-forge",
+                      "integrations/cloud/supabase",
+                      "integrations/cloud/northflank",
+                      "integrations/cloud/hasura-cloud",
+                      "integrations/cloud/qovery",
+                      "integrations/cloud/hashicorp-vault",
+                      "integrations/cloud/cloud-66",
+                      "integrations/cloud/windmill"
+                    ]
+                  }
                ]
              },
-              "integrations/cloud/vercel",
-              "integrations/cloud/azure-key-vault",
-              "integrations/cloud/azure-app-configuration",
-              "integrations/cloud/azure-devops",
-              "integrations/cloud/gcp-secret-manager",
              {
-                "group": "Cloudflare",
+                "group": "CI/CD Integrations",
                "pages": [
-                  "integrations/cloud/cloudflare-pages",
-                  "integrations/cloud/cloudflare-workers"
+                  "integrations/cicd/jenkins",
+                  "integrations/cicd/githubactions",
+                  "integrations/cicd/gitlab",
+                  "integrations/cicd/bitbucket",
+                  "integrations/cloud/teamcity",
+                  {
+                    "group": "View more",
+                    "pages": [
+                      "integrations/cicd/circleci",
+                      "integrations/cicd/travisci",
+                      "integrations/cicd/rundeck",
+                      "integrations/cicd/codefresh",
+                      "integrations/cloud/checkly",
+                      "integrations/cicd/octopus-deploy"
+                    ]
+                  }
                ]
              },
-              "integrations/cloud/terraform-cloud",
-              "integrations/cloud/databricks",
              {
-                "group": "View more",
+                "group": "Framework Integrations",
                "pages": [
-                  "integrations/cloud/digital-ocean-app-platform",
-                  "integrations/cloud/heroku",
-                  "integrations/cloud/netlify",
-                  "integrations/cloud/flyio",
-                  "integrations/cloud/railway",
-                  "integrations/cloud/render",
-                  "integrations/cloud/laravel-forge",
-                  "integrations/cloud/supabase",
-                  "integrations/cloud/northflank",
-                  "integrations/cloud/hasura-cloud",
-                  "integrations/cloud/qovery",
-                  "integrations/cloud/hashicorp-vault",
-                  "integrations/cloud/cloud-66",
-                  "integrations/cloud/windmill"
+                  "integrations/frameworks/spring-boot-maven",
+                  "integrations/frameworks/react",
+                  "integrations/frameworks/vue",
+                  "integrations/frameworks/express",
+                  {
+                    "group": "View more",
+                    "pages": [
+                      "integrations/frameworks/nextjs",
+                      "integrations/frameworks/nestjs",
+                      "integrations/frameworks/sveltekit",
+                      "integrations/frameworks/nuxt",
+                      "integrations/frameworks/gatsby",
+                      "integrations/frameworks/remix",
+                      "integrations/frameworks/vite",
+                      "integrations/frameworks/fiber",
+                      "integrations/frameworks/django",
+                      "integrations/frameworks/flask",
+                      "integrations/frameworks/laravel",
+                      "integrations/frameworks/rails",
+                      "integrations/frameworks/dotnet",
+                      "integrations/platforms/pm2",
+                      "integrations/frameworks/ab-initio"
+                    ]
+                  }
+                ]
+              },
+              {
+                "group": "Build Tool Integrations",
+                "pages": ["integrations/build-tools/gradle"]
+              },
+              {
+                "group": "Others",
+                "pages": ["integrations/external/backstage"]
+              }
+            ]
+          },
+          {
+            "item": "Secrets Scanning",
+            "groups": [
+              {
+                "group": "Secret Scanning",
+                "pages": [
+                  "documentation/platform/secret-scanning/overview"
+                ]
+              },
+              {
+                "group": "Datasources",
+                "pages": [
+                  "documentation/platform/secret-scanning/bitbucket",
+                  "documentation/platform/secret-scanning/github",
+                  "documentation/platform/secret-scanning/gitlab"
                ]
              }
            ]
          },
          {
-            "group": "CI/CD Integrations",
-            "pages": [
-              "integrations/cicd/jenkins",
-              "integrations/cicd/githubactions",
-              "integrations/cicd/gitlab",
-              "integrations/cicd/bitbucket",
-              "integrations/cloud/teamcity",
+            "item": "Infisical PKI",
+            "groups": [
              {
-                "group": "View more",
+                "group": "Infisical PKI",
                "pages": [
-                  "integrations/cicd/circleci",
-                  "integrations/cicd/travisci",
-                  "integrations/cicd/rundeck",
-                  "integrations/cicd/codefresh",
-                  "integrations/cloud/checkly",
-                  "integrations/cicd/octopus-deploy"
+                  "documentation/platform/pki/overview",
+                  "documentation/platform/pki/private-ca",
+                  "documentation/platform/pki/external-ca",
+                  "documentation/platform/pki/subscribers",
+                  "documentation/platform/pki/certificates",
+                  "documentation/platform/pki/acme-ca",
+                  "documentation/platform/pki/est",
+                  "documentation/platform/pki/alerting",
+                  {
+                    "group": "Integrations",
+                    "pages": [
+                      "documentation/platform/pki/pki-issuer",
+                      "documentation/platform/pki/integration-guides/gloo-mesh"
+                    ]
+                  }
                ]
              }
            ]
          },
          {
-            "group": "Framework Integrations",
-            "pages": [
-              "integrations/frameworks/spring-boot-maven",
-              "integrations/frameworks/react",
-              "integrations/frameworks/vue",
-              "integrations/frameworks/express",
+            "item": "Infisical SSH",
+            "groups": [
              {
-                "group": "View more",
+                "group": "Infisical SSH",
                "pages": [
-                  "integrations/frameworks/nextjs",
-                  "integrations/frameworks/nestjs",
-                  "integrations/frameworks/sveltekit",
-                  "integrations/frameworks/nuxt",
-                  "integrations/frameworks/gatsby",
-                  "integrations/frameworks/remix",
-                  "integrations/frameworks/vite",
-                  "integrations/frameworks/fiber",
-                  "integrations/frameworks/django",
-                  "integrations/frameworks/flask",
-                  "integrations/frameworks/laravel",
-                  "integrations/frameworks/rails",
-                  "integrations/frameworks/dotnet",
-                  "integrations/platforms/pm2",
-                  "integrations/frameworks/ab-initio"
+                  "documentation/platform/ssh/overview",
+                  "documentation/platform/ssh/host-groups"
                ]
              }
            ]
          },
          {
-            "group": "Build Tool Integrations",
-            "pages": ["integrations/build-tools/gradle"]
-          },
-          {
-            "group": "Others",
-            "pages": ["integrations/external/backstage"]
+            "item": "Infisical KMS",
+            "groups": [
+              {
+                "group": "Infisical KMS",
+                "pages": [
+                  "documentation/platform/kms/overview",
+                  "documentation/platform/kms/hsm-integration",
+                  "documentation/platform/kms/kubernetes-encryption",
+                  "documentation/platform/kms/kmip"
+                ]
+              }
+            ]
          }
        ]
      },
      {
-        "tab": "CLI",
+        "tab": "CLI Reference",
        "groups": [
          {
            "group": "Command line",
@@ -1560,7 +1599,7 @@
                      "api-reference/endpoints/app-connections/mysql/delete"
                    ]
                  },
-                   {
+                  {
                    "group": "Netlify",
                    "pages": [
                      "api-reference/endpoints/app-connections/netlify/list",
--- a/docs/documentation/getting-started/concepts/audit-logs.mdx
+++ b/docs/documentation/getting-started/concepts/audit-logs.mdx
@@ -0,0 +1,40 @@
+---
+title: "Audit Logs"
+sidebarTitle: "Audit Logs"
+description: "Understand how Infisical logs activity and supports external audit streaming."
+---
+
+Infisical records a detailed audit trail of actions across the platform — providing deep visibility into access, changes, and usage for security and compliance purposes.
+
+Every interaction with Infisical resources generates an audit event. These events are immutable and include metadata such as the actor, event type, affected resources, timestamp, IP address, and client source.
+
+Audit logs enable teams to:
+
+- Monitor access and changes to secrets, certificates, and infrastructure.
+- Investigate incidents with full context around who did what, when, and how.
+- Meet compliance and governance requirements with structured activity records.
+
+To learn more, refer to the [audit logs documentation](/documentation/platform/audit-logs).
+
+## Log Coverage
+
+Infisical tracks dozens of event types across the platform — including secret access, permission changes, certificate issuance, SSH session activity, and identity management.
+
+Each audit entry includes structured fields that make it easy to search, filter, and correlate across systems. For example:
+
+- Event Type: Action that occurred (e.g., `create-secret`, `issue-ssh-cert`).
+- Actor: Who performed the action (user or machine identity).
+- Resource: What was affected (e.g., project, secret, certificate).
+- Context: IP address, user agent, permissions, and more.
+
+## External Log Streaming
+
+For centralized monitoring and long-term retention, Infisical supports [audit log streaming](/documentation/platform/audit-log-streams/audit-log-streams) to external systems.
+
+You can forward logs to SIEM platforms, storage buckets, or observability stacks using JSON-based collectors. Infisical integrates well with tools like [Fluent Bit](/documentation/platform/audit-log-streams/audit-log-streams-with-fluentbit#deploy-fluent-bit), enabling teams to route logs to destinations such as:
+
+- AWS S3
+- Elasticsearch
+- Splunk
+- Datadog
+- Cloud-native log pipelines
--- a/docs/documentation/getting-started/concepts/client-integrations.mdx
+++ b/docs/documentation/getting-started/concepts/client-integrations.mdx
@@ -0,0 +1,31 @@
+---
+title: "Client Ecosystem"
+sidebarTitle: "Client Ecosystem"
+description: "Get an overview of the CLI, SDKs, agents, APIs, and integrations that interact with Infisical."
+---
+
+Infisical provides a flexible interface for integrating into development workflows and infrastructure. Around it is a rich ecosystem of clients and integrations that allow users and systems to interact with Infisical across any environment.
+
+These clients enable access to secrets, certificates, and other resources from wherever they’re needed—whether that’s a developer’s terminal, a CI/CD pipeline, or a running Kubernetes workload.
+
+## Available Clients and Interfaces
+
+Infisical offers a non-exhaustive set of clients and interfaces to support a wide range of use cases:
+
+- [CLI](/cli/overview): A powerful command-line interface for developers and operators to interact with Infisical from local or automated environments. Commonly used for secret access, SSH credential issuance, and more.
+
+- [SDKs](/sdks/overview): Official client libraries for languages like Go, Node.js, and Python make it easy to integrate Infisical directly into applications and internal tooling.
+
+- [HTTP API](/api-reference/overview/introduction): A fully documented RESTful API powers all core functionality and enables advanced or custom integrations.
+
+- [Agents](/integrations/platforms/infisical-agent): Lightweight background processes that can fetch and sync secrets or credentials into local environments, containers, or file systems.
+
+- [Kubernetes Operator](/integrations/platforms/kubernetes/overview): A native controller that syncs Infisical secrets into Kubernetes as native Secrets, and supports secure workload integration.
+
+- [External Secrets Operator (ESO)](https://external-secrets.io/latest/provider/infisical): Allows Infisical to act as a backend provider for syncing secrets into Kubernetes `Secret` objects using the widely adopted External Secrets Operator.
+
+- [Kubernetes PKI Issuer](/documentation/platform/pki/pki-issuer): A controller that issues X.509 certificates from Infisical PKI using the cert-manager Issuer and Certificate CRDs.
+
+- [Secret Syncs](/integrations/secret-syncs/overview): Native integrations to forward secrets to services like GitHub, GitLab, AWS Secrets Manager, Vercel, and more.
+
+This modular ecosystem lets teams use Infisical alongside their existing stack—without requiring opinionated workflows or lock-in.
--- a/docs/documentation/getting-started/concepts/deployment-models.mdx
+++ b/docs/documentation/getting-started/concepts/deployment-models.mdx
@@ -0,0 +1,52 @@
+---
+title: "Using Infisical: Cloud or Self-Hosted"
+sidebarTitle: "Cloud vs. Self-Host"
+description: "Choose between Infisical Cloud or a self-managed deployment"
+---
+
+Infisical can be used in two ways: via [Infisical Cloud](https://app.infisical.com), a managed offering, or through a self-hosted deployment within your own infrastructure.
+
+Both options provide the same core platform capabilities. The decision depends on your operational model, trust boundaries, and compliance requirements. While Infisical Cloud comes with built-in security and operational guarantees, a self-hosted deployment gives you full control—but also full responsibility for securing and maintaining the system.
+
+## Infisical Cloud
+
+Infisical Cloud is our managed service found at [app.infisical.com](https://app.infisical.com). It includes automated updates, availability guarantees, and secure infrastructure operations.
+
+For most teams, Infisical Cloud is the recommended way to get started. It simplifies adoption by removing the need to manage deployment, scaling, or maintenance internally.
+
+Use this if:
+
+- You prefer not to operate infrastructure or handle upgrades
+- You require a secure, production-grade hosted service
+- You want to adopt Infisical with minimal operational overhead
+
+<Info>
+  <p>
+    By default, Infisical Cloud is a secure, multi-tenant service. For
+    enterprises with stricter isolation or regulatory needs, dedicated cloud
+    instances are available.
+  </p>
+  <p>Contact sales@infisical.com to learn more.</p>
+</Info>
+
+## Self-Hosted Infisical
+
+Infisical can also be deployed and managed within your own infrastructure. This approach provides full control over platform configuration, data storage, and operational security. In this model, your team is responsible for maintaining uptime, monitoring, patching, and integrations.
+
+Use this if:
+
+- You require complete control over data, deployment, and security posture
+- Your compliance model mandates self-managed or on-premise systems
+- You need to tightly integrate with internal tooling and infrastructure
+
+Infisical supports multiple deployment methods, including [Docker](/self-hosting/deployment-options/standalone-infisical), [Docker Compose](/self-hosting/deployment-options/docker-compose), [Kubernetes](/self-hosting/deployment-options/kubernetes-helm), and [Linux package](/self-hosting/deployment-options/native/linux-package/installation).
+
+To learn more, refer to the [self-hosting documentation](/self-hosting/overview).
+
+<Info>
+  <p>
+    The open-source core is available under the MIT license. Additional
+    enterprise features and support are available with a commercial license.
+  </p>
+  <p>Contact sales@infisical.com to learn more.</p>
+</Info>
--- a/docs/documentation/getting-started/concepts/platform-hierarchy.mdx
+++ b/docs/documentation/getting-started/concepts/platform-hierarchy.mdx
@@ -0,0 +1,41 @@
+---
+title: "Platform Hierarchy"
+sidebarTitle: "Platform Hierarchy"
+description: "Understand how organizations and projects are structured in Infisical."
+---
+
+Infisical is structured around organizations and projects, allowing teams to manage multiple products, access scopes, and use cases within a single account while keeping boundaries and responsibilities clearly defined.
+
+## Organizations
+
+An [organization](/documentation/platform/organization) typically represents a company or high-level entity (e.g. Acme Corp). It acts as the umbrella for all projects, members, and billing settings.
+
+[Users](/documentation/platform/identities/user-identities) are invited to an organization and assigned [organization-level roles](/documentation/platform/access-controls/role-based-access-controls#organization-level-access-controls) that determine what they can manage—such as members, machine identities, and billing details.
+
+![organization](/images/platform/organization/organization.png)
+
+## Projects
+
+A [project](/documentation/platform/project) belongs to an organization and defines a specific scope of work. Each project has a product type such as Secrets Management, SSH, or PKI that determines what features are available in that project.
+
+For example:
+
+- A Secrets Management project manages application secrets across environments.
+
+- An SSH project enables certificate-based access to infrastructure.
+
+- A PKI project manages certificate authorities and X.509 certificate workflows.
+
+Users are added to a project and assigned [project-level roles](/documentation/platform/access-controls/role-based-access-controls#project-level-access-controls) that determine what they can manage—such as secrets, access policies, or certificate authorities. A user can have different roles across projects, allowing for flexible and fine-grained access control that reflects how teams operate in practice.
+
+![organization projects](/images/platform/organization/organization-projects.png)
+
+## Key Characteristics
+
+- Projects are isolated in terms of configuration, permissions, and product workflows.
+
+- Access is managed independently at both the organization and project level.
+
+- All projects within an organization share the same billing and user directory.
+
+Teams can adopt Infisical incrementally—starting with one product and expanding as needed.
--- a/docs/documentation/getting-started/concepts/platform-iam.mdx
+++ b/docs/documentation/getting-started/concepts/platform-iam.mdx
@@ -0,0 +1,29 @@
+---
+title: "Platform Identity and Access Management"
+sidebarTitle: "Platform IAM"
+description: "Understand how users, machine identities, roles, and permissions are managed."
+---
+
+Infisical uses identity-based access control to govern how users and systems interact with secrets, certificates, infrastructure, and other resources on the platform.
+
+There are two types of identities:
+
+- [User identities](/documentation/platform/identities/user-identities): Represent individuals such as developers or administrators that typically access the platform via browser.
+
+- [Machine identities](/documentation/platform/identities/machine-identities): Represent systems such as CI pipelines or applications that programmatically interact with the platform.
+
+Each identity is granted access based on its assigned roles and permissions and must authenticate with the platform in order to access any resources.
+
+To learn more, refer to the [identities documentation](/documentation/platform/identities/overview).
+
+## Roles and Access
+
+Infisical provides a robust and flexible access control system. The primary authorization mechanism is [role-based access control (RBAC)](/documentation/platform/access-controls/role-based-access-controls), where identities are assigned roles at two access control levels:
+
+- [Organization-level access control](/documentation/platform/access-controls/role-based-access-controls#organization-level-access-controls): Control billing, member management, and platform-wide settings
+
+- [Project-level access control](/documentation/platform/access-controls/role-based-access-controls#project-level-access-controls): Control access to specific product resources like secrets, SSH hosts, or certificates
+
+Beyond RBAC, Infisical also supports additional project-level permissioning features, [including attribute-based access control (ABAC)](/documentation/platform/access-controls/abac/overview), [temporary access grants](/documentation/platform/access-controls/temporary-access), and [additional privileges](/documentation/platform/access-controls/additional-privileges) for select project types.
+
+To learn more, refer to the [access control documentation](/documentation/platform/access-controls/overview).
--- a/docs/documentation/getting-started/introduction-new.mdx
+++ b/docs/documentation/getting-started/introduction-new.mdx
@@ -1,107 +0,0 @@
---
-mode: 'custom'
---
-
-export function openSearch() {
-  document.getElementById('search-bar-entry').click();
-}
-
-<div
-  className="relative w-full flex items-center justify-center"
-  style={{ height: '24rem', backgroundColor: '#1F1F33', overflow: 'hidden' }}
->
-  <div style={{ flex: 'none' }}>
-    <img
-      src="/images/background.png"
-      style={{ height: '68rem', width: '68rem' }}
-    />
-  </div>
-  <div style={{ position: 'absolute', textAlign: 'center' }}>
-    <div
-      style={{
-        color: 'white',
-        fontWeight: '400',
-        fontSize: '48px',
-        margin: '0',
-      }}
-    >
-      Infisical Documentation
-    </div>
-    <p
-      style={{
-        color: 'white',
-        fontWeight: '400',
-        fontSize: '20px',
-        opacity: '0.7',
-      }}
-    >
-      What can we help you build?
-    </p>
-    <button
-      type="button"
-      className="mx-auto w-full flex items-center text-sm leading-6 shadow-sm text-gray-400 bg-white ring-1 ring-gray-400/20 focus:outline-primary"
-      id="home-search-entry"
-      style={{
-        maxWidth: '24rem',
-        borderRadius: '4px',
-        marginTop: '3rem',
-        paddingLeft: '0.75rem',
-        paddingRight: '0.75rem',
-        paddingTop: '0.75rem',
-        paddingBottom: '0.75rem',
-      }}
-      onClick={openSearch}
-    >
-      <svg
-        className="h-4 w-4 ml-1.5 mr-3 flex-none bg-gray-500 hover:bg-gray-600 dark:bg-white/50 dark:hover:bg-white/70"
-        style={{
-          maskImage:
-            'url("https://mintlify.b-cdn.net/v6.5.1/solid/magnifying-glass.svg")',
-          maskRepeat: 'no-repeat',
-          maskPosition: 'center center',
-        }}
-      />
-      Start a chat with us...
-    </button>
-  </div>
-</div>
-
-<div style={{marginTop: '6rem', marginBottom: '8rem', maxWidth: '70rem', marginLeft: 'auto',
-    marginRight: 'auto', paddingLeft: '1.25rem',
-    paddingRight: '1.25rem' }}>
-
-<div
-  style={{
-    textAlign: 'center',
-    fontSize: '24px',
-    fontWeight: '600',
-    color: '#121142',
-    marginBottom: '3rem',
-  }}
->
-  Choose a topic below or simply{' '}
-  <span className="text-primary">get started</span>
-</div>
-
-<CardGroup cols={3}>
-  <Card title="Getting Started" icon="book-open" href="/guides">
-    Practical guides and best practices to get you up and running quickly.
-  </Card>
-  <Card title="API Reference" icon="code-simple" href="/reference">
-    Comprehensive details about the Infisical API.
-  </Card>
-  <Card title="Security" icon="code-simple" href="/reference">
-    Learn more about Infisical's architecture and underlying security.
-  </Card>
-  <Card title="Self-hosting" icon="link-simple" href="/integrations">
-    Read self-hosting instruction for Infisical.
-  </Card>
-  <Card title="Integrations" icon="link-simple" href="/integrations">
-    Infisical's growing number of third-party integrations.
-  </Card>
-  <Card title="Releases" icon="party-horn" href="/release-notes">
-    News about features and changes in Pinecone and related tools.
-  </Card>
-</CardGroup>
-
-</div>
--- a/docs/documentation/getting-started/introduction.mdx
+++ b/docs/documentation/getting-started/introduction.mdx
@@ -1,106 +1,40 @@
 ---
 title: "What is Infisical?"
 sidebarTitle: "What is Infisical?"
-description: "An Introduction to the Infisical secret management platform."
+description: "The open source platform for managing secrets, certificates, and secure infrastructure access."
 ---

-**[Infisical](https://infisical.com)** is the open source secret management platform that developers use to centralize their application configuration and secrets like API keys and database credentials as well as manage their internal PKI. Additionally, developers use Infisical to prevent secrets leaks to git and securely share secrets amongst engineers.
+## What is Infisical?
+
+[Infisical](https://infisical.com) is the [open source](https://github.com/Infisical/infisical), all-in-one platform for secrets, certificates, and privileged access management.
+
+It provides modern security workflows — including secrets rotation, dynamic credentials, access approvals, and SSH certificate-based access — all within one platform designed for developers, infrastructure, and security teams.

 Start managing secrets securely with [Infisical Cloud](https://app.infisical.com) or learn how to [host Infisical](/self-hosting/overview) yourself.

-<CardGroup cols={2}>
-  <Card
-    title="Infisical Cloud"
-    href="https://app.infisical.com/signup"
-    icon="cloud"
-    color="#000000"
-  >
-    Get started with Infisical Cloud in just a few minutes.
-  </Card>
-  <Card
-    href="/self-hosting/overview"
-    title="Self-hosting"
-    icon="server"
-    color="#000000"
-  >
-    Self-host Infisical on your own infrastructure.
-  </Card>
-</CardGroup>
+## Why use Infisical?

-## Why Infisical?
+Managing secrets, credentials, and infrastructure access is a critical concern for engineering teams. As infrastructure scales and environments become more complex, [secrets start to sprawl](https://infisical.com/blog/what-is-secret-sprawl) — across codebases, CI/CD pipelines, configuration files, and cloud services. This makes them difficult to track, rotate, and secure.

-Infisical helps developers achieve secure centralized secret management and provides all the tools to easily manage secrets in various environments and infrastructure components. In particular, here are some of the most common points that developers mention after adopting Infisical:
+Without proper management, secret sprawl turns into risk: hardcoded credentials, unrotated keys, fragmented access controls that attackers can exploit amongst other things.

- Streamlined **local development** processes (switching .env files to [Infisical CLI](/cli/commands/run) and removing secrets from developer machines).
- **Best-in-class developer experience** with an easy-to-use [Web Dashboard](/documentation/platform/project).
- Simple secret management inside **[CI/CD pipelines](/integrations/cicd/githubactions)** and staging environments.
- Secure and compliant secret management practices in **[production environments](/sdks/overview)**.
- **Facilitated workflows** around [secret change management](/documentation/platform/pr-workflows), [access requests](/documentation/platform/access-controls/access-requests), [temporary access provisioning](/documentation/platform/access-controls/temporary-access), and more.
- **Improved security posture** thanks to [secret scanning](/cli/scanning-overview), [granular access control policies](/documentation/platform/access-controls/overview), [automated secret rotation](https://infisical.com/docs/documentation/platform/secret-rotation/overview), and [dynamic secrets](/documentation/platform/dynamic-secrets/overview) capabilities.
+Infisical addresses this challenge by providing an all-in-one platform and workflows to:

-## How does Infisical work?
+- Securely store and manage application secrets from development to production.
+- Scan code and pipelines for exposed credentials.
+- Automate X.509 certificate issuance and renewal.
+- Manage SSH access using short-lived, policy-driven certificates.
+- Encrypt and decrypt sensitive data with centralized key control.
+- Audit every access, credential use, and change.

-To make secret management effortless and secure, Infisical follows a certain structure for enabling secret management workflows as defined below.
+Infisical is designed to integrate cleanly into your stack—improving security without adding complexity.

-**Identities** in Infisical are users or machine which have a certain set of roles and permissions assigned to them. Such identities are able to manage secrets in various **Clients** throughout the entire infrastructure. To do that, identities have to verify themselves through one of the available **Authentication Methods**.
+## What does Infisical include?

-As a result, the 3 main concepts that are important to understand are:
+Infisical consists of several tightly integrated products, each designed to solve a specific part of the infrastructure security surface:

- **[Identities](/documentation/platform/identities/overview)**: users or machines with a set permissions assigned to them.
- **[Clients](/integrations/platforms/kubernetes)**: Infisical-developed tools for managing secrets in various infrastructure components (e.g., [Kubernetes Operator](/integrations/platforms/kubernetes), [Infisical Agent](/integrations/platforms/infisical-agent), [CLI](/cli/usage), [SDKs](/sdks/overview), [API](/api-reference/overview/introduction), [Web Dashboard](/documentation/platform/organization)).
- **[Authentication Methods](/documentation/platform/identities/universal-auth)**: ways for Identities to authenticate inside different clients (e.g., SAML SSO for Web Dashboard, Universal Auth for Infisical Agent, AWS Auth etc.).
-
-## How to get started with Infisical?
-
-Depending on your use case, it might be helpful to look into some of the resources and guides provided below.
-
-<CardGroup cols={2}>
-  <Card
-    href="../../cli/overview"
-    title="Command Line Interface (CLI)"
-    icon="square-terminal"
-    color="#000000"
-  >
-    Inject secrets into any application process/environment.
-  </Card>
-  <Card
-    title="SDKs"
-    href="/documentation/getting-started/sdks"
-    icon="boxes-stacked"
-    color="#000000"
-  >
-    Fetch secrets with any programming language on demand.
-  </Card>
-  <Card
-    href="../../integrations/platforms/docker-intro"
-    title="Docker"
-    icon="docker"
-    color="#000000"
-  >
-    Inject secrets into Docker containers.
-  </Card>
-  <Card
-    href="../../integrations/platforms/kubernetes"
-    title="Kubernetes"
-    icon="server"
-    color="#000000"
-  >
-    Fetch and save secrets as native Kubernetes secrets.
-  </Card>
-  <Card
-    href="/documentation/getting-started/api"
-    title="REST API"
-    icon="cloud"
-    color="#000000"
-  >
-    Fetch secrets via HTTP request.
-  </Card>
-  <Card
-    href="/integrations/overview"
-    title="Native Integrations"
-    icon="clouds"
-    color="#000000"
-  >
-    Explore integrations for GitHub, Vercel, AWS, and more.
-  </Card>
-</CardGroup>
+- [Secrets Management](/documentation/platform/secrets-mgmt/overview): Securely store, access, and distribute secrets across environments with fine-grained controls, automatic rotation, and audit logging.
+- [Secrets Scanning](/documentation/platform/secret-scanning/overview): Detect hardcoded secrets in code, CI pipelines, and infrastructure—integrated with GitHub, GitLab, Bitbucket, and more.
+- [Infisical PKI](/documentation/platform/pki/overview): Issue and manage X.509 certificates using protocols like EST, with support for internal and external CAs.
+- [Infisical SSH](/documentation/platform/ssh/overview): Provide short-lived SSH access to servers using certificate-based authentication, replacing static keys with policy-driven, time-bound control.
+- [Infisical KMS](/documentation/platform/kms/overview): Encrypt and decrypt data using centrally managed keys with enforced access policies and full audit visibility.
--- a/docs/documentation/getting-started/overview.mdx
+++ b/docs/documentation/getting-started/overview.mdx
@@ -0,0 +1,77 @@
+---
+title: "Overview"
+sidebarTitle: "Overview"
+description: "The open source platform for managing secrets, certificates, and secure infrastructure access."
+---
+
+<Card
+  title="What is Infisical?"
+  href="/documentation/getting-started/introduction"
+>
+  Learn what Infisical is and how it can help you manage secrets, certificates,
+  and secure access across your infrastructure.
+</Card>
+
+## Products
+
+<Columns cols="2">
+  <Card
+    title="Secrets Management"
+    href="/documentation/platform/secrets-mgmt/overview"
+  >
+  Securely store, manage, and control access to sensitive application secrets across your environments.
+
+  </Card>
+  <Card
+    title="Secrets Scanning"
+    href="/documentation/platform/secret-scanning/overview"
+  >
+  Automatically detect and alert on hardcoded secrets in source code, CI pipelines, and infrastructure.
+  </Card>
+  <Card
+    title="Infisical PKI"
+    href="/documentation/platform/pki/overview"
+  >
+  Automate the issuance and management of X.509 certificates across your infrastructure using modern protocols like EST.
+  </Card>
+  <Card
+    title="Infisical SSH"
+    href="/documentation/platform/ssh/overview"
+  >
+  Replace static SSH keys with short-lived SSH certificates to simplify access and improve security.
+  </Card>
+</Columns>
+
+<Columns cols="1">
+  <Card
+    title="Infisical KMS"
+    href="/documentation/platform/kms/overview"
+  >
+  Encrypt and decrypt sensitive data using a centralized key management system.
+  </Card>
+</Columns>
+
+## Resources
+
+<Columns cols="2">
+  <Card
+    title="CLI Reference"
+    href="/cli/overview"
+  >
+    Explore Infisical’s command-line interface for managing secrets,
+    certificates, and system operations via terminal.
+  </Card>
+  <Card
+    title="API Reference"
+    href="/api-reference/overview/introduction"
+  >
+    Browse Infisical’s API documentation to programmatically interact with
+    secrets, access controls, and certificate workflows.
+  </Card>
+</Columns>
+<Columns cols="1">
+<Card title="Self-Hosting" href="/self-hosting/overview">
+  Learn how to deploy and operate Infisical on your own infrastructure with full
+  control and data ownership.
+</Card>
+</Columns>
--- a/docs/documentation/platform/identities/user-identities.mdx
+++ b/docs/documentation/platform/identities/user-identities.mdx
@@ -5,18 +5,19 @@ description: "Read more about the concept of user identities in Infisical."

 ## Concept

-A **user identity** (also known as **user**) represents a developer, admin, or any other human entity interacting with resources in Infisical. 
+A **user identity** (also known as **user**) represents a developer, admin, or any other human entity interacting with resources in Infisical.

-Users can be added manually (through Web UI) or programmatically (e.g., API) to [organizations](../organization) and [projects](../projects). 
+Users can be added manually (through Web UI) or programmatically (e.g., API) to [organizations](../organization) and [projects](../projects).

-Upon being added to an organization and projects, users assume a certain set of roles and permissions that represents their identity. 
+Upon being added to an organization and projects, users assume a certain set of roles and permissions that represents their identity.

-![organization members](../../../images/platform/organization/organization-members.png)
+![organization users](/images/platform/organization/organization-users.png)

 ## Authentication methods

-To interact with various resources in Infisical, users are able to utilize a number of authentication methods: 
- **Email & Password**: the most common authentication method that is used for authentication into Web Dashboard and Infisical CLI. It is recommended to utilize [Multi-factor Authentication](/documentation/platform/mfa) in addition to it.  
- **SSO**: Infisical natively integrates with a number of SSO identity providers like [Google](/documentation/platform/sso/google), [GitHub](/documentation/platform/sso/github), and [GitLab](/documentation/platform/sso/gitlab). 
- **SAML SSO**: It is also possible to set up SAML SSO integration with identity providers like [Okta](/documentation/platform/sso/okta), [Microsoft Entra ID](/documentation/platform/sso/azure) (formerly known as Azure AD), [JumpCloud](/documentation/platform/sso/jumpcloud), [Google](/documentation/platform/sso/google-saml), and more. 
+To interact with various resources in Infisical, users are able to utilize a number of authentication methods:
+
+- **Email & Password**: the most common authentication method that is used for authentication into Web Dashboard and Infisical CLI. It is recommended to utilize [Multi-factor Authentication](/documentation/platform/mfa) in addition to it.
+- **SSO**: Infisical natively integrates with a number of SSO identity providers like [Google](/documentation/platform/sso/google), [GitHub](/documentation/platform/sso/github), and [GitLab](/documentation/platform/sso/gitlab).
+- **SAML SSO**: It is also possible to set up SAML SSO integration with identity providers like [Okta](/documentation/platform/sso/okta), [Microsoft Entra ID](/documentation/platform/sso/azure) (formerly known as Azure AD), [JumpCloud](/documentation/platform/sso/jumpcloud), [Google](/documentation/platform/sso/google-saml), and more.
 - **LDAP**: For organizations with more advanced needs, Infisical also provides user authentication with [LDAP](/documentation/platform/ldap/overview) that includes a number of LDAP providers.
--- a/docs/documentation/platform/organization.mdx
+++ b/docs/documentation/platform/organization.mdx
@@ -3,74 +3,94 @@ title: "Organizations"
 description: "Learn more and understand the concept of Infisical organizations."
 ---

-An Infisical organization is a set of [projects](./project) that use the same billing. Organizations allow one or more users to control billing and project permissions for all of the projects belonging to the organization. Each project belongs to an organization.
+Infisical is structured around organizations and [projects](/documentation/platform/project).
+
+## Organizations
+
+An organization represents a company or high-level entity (e.g. Acme Corp) and acts as the root scope for managing members and machine identities, projects, usage and billing, global integrations and configuration (such as single sign-on, provisioning, etc), and more.
+
+Within an organization, you can create any number of projects—each tied to a specific product type such as Secrets Management or PKI that determines the functionality available.
+
+![organization](/images/platform/organization/organization.png)

 ## Projects

-The **Projects** page is where you can view the projects that you have access to within your organization
-as well as create a new project.
+The _Projects_ tab shows a list of projects that you have access to.

-![organization](../../images/platform/organization/organization-projects.png)
+If you're an organization admin, you also have the option to view _All Projects_—a complete view of every project within the organization, including those you are not currently a member of— and gain access to any project.

-## Settings
+Admins can gain access to any project in the organization by opening the options menu (⋮) next to a project and selecting Access. This will add you to the project as an admin and allow full visibility and control.

-The **Settings** page lets you manage information about your organization including:
+![organization projects](/images/platform/organization/organization-projects.png)

- **Name**: The name of your organization.
- **Slug**: The slug of your organization.
- **Default Organization Member Role**: The role assigned to users when joining your organization unless otherwise specified.
- **Incident Contacts**: Emails that should be alerted if anything abnormal is detected within the organization.
- **Enabled Products**: Products which are enabled for your organization. This setting strictly affects the sidebar UI; disabling a product does not disable its API or routes.
+## Roles and Access Control

-![organization settings general](../../images/platform/organization/organization-settings-general.png)
+The _Access Control_ tab lets you view and manage roles and permissions for users, machine identities, and groups across your organization.

- Security and Authentication: A set of setting to enforce or manage [SAML](/documentation/platform/sso/overview), [OIDC](/documentation/platform/sso/overview), [SCIM](/documentation/platform/scim/overview), [LDAP](/documentation/platform/ldap/overview), and other authentication configurations.
+Users are invited to an organization and assigned organization-level roles such as `Admin` or `Member`. You can also define [custom roles](/documentation/platform/access-controls/role-based-access-controls#creating-custom-roles) at the organization level to fit your permission model.

-![organization settings auth](../../images/platform/organization/organization-settings-auth.png)
+![organization users](/images/platform/organization/organization-users.png)

-<Tip>
-	You can adjust the maximum time a user token will remain valid for your organization. After this period, users will be required to re-authenticate. This helps improve security by enforcing regular sign-ins.
-</Tip>
+Infisical supports [user identities](/documentation/platform/identities/user-identities) (representing people) and [machine identities](/documentation/platform/identities/machine-identities) (representing services, CI/CD pipelines, or agents). The same roles and permissions can be applied to either type of identity.

-## Access Control
+To manage access at scale, Infisical also supports [user groups](/documentation/platform/groups) — roles assigned to a group apply to all of its members automatically.

-The **Access Control** page is where you can manage identities (both people and machines) that are part of your organization.
-You can add or remove additional members as well as modify their permissions.
+Note that Infisical distinguishes between organization-level and project-level access control:

-![organization members](../../images/platform/organization/organization-members.png)
-![organization identities](../../images/platform/organization/organization-machine-identities.png)
+- [Organization-level access control](/documentation/platform/access-controls/role-based-access-controls#organization-level-access-controls): Roles and permissions governing access to organization-level resources and controls such as billing, member management, and identity provider configuration.
+- [Project-level access control](/documentation/platform/access-controls/role-based-access-controls#project-level-access-controls): Roles and permissions governing access to resources and workflows within a specific project (e.g., secrets, certificates, SSH hosts).

-In the **Organization Roles** tab, you can edit current or create new custom roles for members within the organization.
+![organization roles](/images/platform/organization/organization-roles.png)
+
+To learn more about how permissions work in detail, refer to the [access control documentation](/documentation/platform/access-controls/overview).

 <Info>
-  Note that Role-Based Access Management (RBAC) is partly a paid feature.
-
-  Infisical provides immutable roles like `admin`, `member`, etc.
-  at the organization and project level for free.
+Infisical provides immutable roles such as `admin` and `member` for free.

 If you're using Infisical Cloud, the ability to create custom roles is available under the **Pro Tier**.
+
 If you're self-hosting Infisical, then you should contact sales@infisical.com to purchase an enterprise license to use it.

 </Info>

-![organization roles](../../images/platform/organization/organization-members-roles.png)
-
-As you can see next, Infisical supports granular permissions that you can tailor to each role.
-If you need certain members to only be able to access billing details, for example, then you can
-assign them that permission only.
-
-![organization role permissions](../../images/platform/organization/organization-members-roles-add-perm.png)
-
 ## Usage & Billing

-The **Usage & Billing** page applies only to [Infisical Cloud](https://app.infisical.com) and is where you can
-manage your plan and billing information.
+The _Usage & Billing_ tab provides an overview of your organization's billing information and platform usage.

-This includes the following items:
+Infisical calculates usage at the organization level—aggregating activity across all projects and product types (e.g., Secrets Management, SSH, PKI). From this tab, you can track usage, view billing details, and manage your Infisical Cloud subscription.

- Current plan: The current plan information such as what tier your organization is on and what features/limits apply to this tier.
- Licenses: The license keys for self-hosted instances of Infisical (if applicable).
- Receipts: The receipts of monthly/annual invoices.
- Billing: The billing details of your organization including payment methods on file, tax IDs (if applicable), etc.
+![organization billing](/images/platform/organization/organization-billing.png)

-![organization usage and billing](../../images/platform/organization/organization-usage-billing.png)
+## Audit Logs
+
+Infisical provides a unified view of [audit logs](/documentation/platform/audit-logs) at the organization level. All platform activity—including secret access, certificate issuance, platform logins across the organization —is recorded and searchable in a central log view.
+
+Audit logs are also viewable at the project level, where they are scoped to show only events relevant to that specific project. This allows project administrators to monitor activity and investigate changes without requiring organization-wide access.
+
+## App Connections
+
+Infisical supports [app connections](/integrations/app-connections/overview) — integrations configured at the organization level with third-party platforms such as AWS, GCP, GitHub, and many others.
+
+Once configured, these connections can be reused across multiple projects as part of any feature that requires third-party integrations—such as [secret syncing](/integrations/secret-syncs/overview) or [dynamic credential generation](/documentation/platform/dynamic-secrets/overview).
+
+![organization app connections](/images/platform/organization/organization-app-connections.png)
+
+To learn more, refer to the [app connections documentation](/integrations/app-connections/overview).
+
+## Organization Settings
+
+The _Organization Settings_ tab lets you configure global behavior and security controls for the organization.
+
+Key configuration areas include:
+
+- General: Manage the organization’s name, slug, and default role for newly invited members.
+- Single Sign-On (SSO): Enable [SAML](/documentation/platform/sso/overview), [LDAP](/documentation/platform/ldap/overview), or [OIDC-based](/documentation/platform/sso/general-oidc/overview) authentication for user login.
+- Provisioning: Enable [SCIM](/documentation/platform/scim/overview) to automatically provision and deprovision users and groups from an identity provider.
+- Security Policies: Enforce MFA and configure session duration limits.
+- Encryption: Integrate with external KMS systems or bring your own encryption keys (BYOK).
+- [Audit Log Streaming](/documentation/platform/audit-log-streams/audit-log-streams): Forward audit events to third-party logging tools like SIEMs or cloud storage.
+- Workflow Integrations: Trigger [Slack](/documentation/platform/workflow-integrations/slack-integration) or [Microsoft Teams](/documentation/platform/workflow-integrations/microsoft-teams-integration) notifications for events like access requests.
+- [Project Templates](/documentation/platform/project-templates): Define default environments, roles, and settings to standardize project creation.
+- KMIP (Enterprise): Connect to KMIP-compatible HSMs for hardware-backed key storage and operations.
+
+![organization settings](/images/platform/organization/organization-settings.png)
--- a/docs/documentation/platform/pki/overview.mdx
+++ b/docs/documentation/platform/pki/overview.mdx
@@ -1,13 +1,13 @@
 ---
-title: "Internal PKI"
+title: "Infisical PKI"
 sidebarTitle: "Overview"
 description: "Learn how to create a Private CA hierarchy and issue X.509 certificates."
 ---

-Infisical can be used to create a Private Certificate Authority (CA) hierarchy and issue X.509 certificates for internal use. This allows you to manage your own PKI infrastructure and issue digital certificates for subscribers such as services, applications, and devices.
+Infisical can be used to create and manage Certificate Authorities (CAs) and issue X.509 certificates. This allows you to manage PKI infrastructure and issue digital certificates for subscribers such as services, applications, and devices.

 Infisical's PKI offering is split into three components:

- [Certificate Authorities](/documentation/platform/pki/private-ca): Create and manage private CAs, including root and intermediate CAs.
+- [Certificate Authorities](/documentation/platform/pki/private-ca): Create and manage CAs, including root and intermediate CAs.
 - [Subscribers](/documentation/platform/pki/subscribers): Define and manage entities that will request X.509 certificates from CAs. This module provides a centralized view of all subscribers, enabling you to issue certificates and monitor their status.
 - [Certificates](/documentation/platform/pki/certificates): Track and monitor issued X.509 certificates, maintaining a comprehensive inventory of all active and expired certificates.
--- a/docs/documentation/platform/project.mdx
+++ b/docs/documentation/platform/project.mdx
@@ -1,116 +1,51 @@
 ---
-title: "Projects"
+title: "Overview"
 description: "Learn more and understand the concept of Infisical projects."
 ---

-A project in Infisical belongs to an [organization](./organization) and contains a number of environments, folders, and secrets.
-Only users and machine identities who belong to a project can access resources inside of it according to predefined permissions.
+## Projects

-Infisical also allows users to request project access. Refer to the [project access request section](./access-controls/project-access-requests)
+A project defines a specific scope of work for a given product line in Infisical.

-## Project environments
+Projects are created within an [organization](/documentation/platform/organization), and an organization can contain multiple projects across different product types.

-For both visual and organizational structure, Infisical allows splitting up secrets into environments (e.g., development, staging, production). In project settings, such environments can be
-customized depending on the intended use case.
+## Project Types

-![project secrets overview](../../images/platform/project/project-environments.png)
+Infisical supports project types, each representing a different security product with its own dashboard, workflows, and capabilities.

-## Secrets Overview
+![project types](/images/platform/project/project-types.png)

-The **Secrets Overview** page captures a birds-eye-view of secrets and [folders](./folder) across environments.
-This is useful for comparing secrets, identifying if anything is missing, and making quick changes.
+The supported project types are:

-![project secrets overview](../../images/platform/project/project-secrets-overview-open.png)
+- [Secrets Management](/documentation/platform/secrets-mgmt/overview): Securely store, access, and distribute secrets across environments with fine-grained controls, automatic rotation, and audit logging.
+- [Secrets Scanning](/documentation/platform/secret-scanning/overview): Detect hardcoded secrets in code, CI pipelines, and infrastructure—integrated with GitHub, GitLab, Bitbucket, and more.
+- [Infisical PKI](/documentation/platform/pki/overview): Issue and manage X.509 certificates using protocols like EST, with support for internal and external CAs.
+- [Infisical SSH](/documentation/platform/ssh/overview): Provide short-lived SSH access to servers using certificate-based authentication, replacing static keys with policy-driven, time-bound control.
+- [Infisical KMS](/documentation/platform/kms/overview): Encrypt and decrypt data using centrally managed keys with enforced access policies and full audit visibility.

-## Secrets Dashboard
+## Roles and Access Control

-The **Secrets Dashboard** page appears when you press to manage the secrets of a specific environment.
+[Users](/documentation/platform/identities/user-identities) and [machine identities](/documentation/platform/identities/machine-identities) must be added to a project to access its resources. Each identity is assigned a [project-level role](/documentation/platform/access-controls/role-based-access-controls#project-level-access-controls) that defines what they can manage—such as secrets, certificates, or SSH access. These roles apply to both individuals and [user groups](/documentation/platform/groups), enabling scalable access across teams and environments.

-![project dashboard](../../images/dashboard.png)
+Project access is strictly scoped: only members of a project can view or manage its resources. If someone needs access but isn’t part of the project, they can submit an access request.

-### Secrets
+Each project in Infisical has its own [access control model](/documentation/platform/access-controls/role-based-access-controls#project-level-access-controls), distinct from [organization-level access control](/documentation/platform/access-controls/role-based-access-controls#organization-level-access-controls). While organization roles govern broader administrative access, project-level roles control what users, groups, and machine identities can do within the boundaries of a specific project—such as managing secrets, issuing certificates, or configuring SSH access.

-To add a secret, press **Add Secret** button at the top of the dashboard.
+Depending on the project type (e.g. Secrets Management, PKI, SSH), project-level access control supports advanced features like [temporary access](/documentation/platform/access-controls/temporary-access), [access requests](/documentation/platform/access-controls/access-requests), and [additional privileges](/documentation/platform/access-controls/additional-privileges).

-![project add secret](../../images/platform/project/project-secrets-add.png)
+![project roles](/images/platform/project/project-roles.png)

-For a new project, it can be convenient to populate the dashboard by dropping a `.env` file into the provided pane as shown below:
+To learn more about how permissions work in detail, refer to the [access control documentation](/documentation/platform/access-controls/overview).

-![project drop env file](../../images/platform/project/project-secrets-drop-env.png)
+## Audit Logs

-To delete a secret, hover over it and press the **X** button that appears on the right side.
+Infisical provides [audit logging](/documentation/platform/audit-logs) at the project level to help teams monitor activity and maintain accountability within a specific project. These logs capture all relevant events—such as secret access, certificate issuance, and SSH activity—that occur within the boundaries of that project.

-![project delete secret](../../images/platform/project/project-secrets-delete.png)
+Unlike the organization-level audit view, which aggregates logs across all projects in one centralized interface, the project-level audit view is scoped to a single project. This enables relevant project admins and contributors to review activity relevant to their work without having broader access to audit logs in other projects that they are not part of.

-To delete multiple secrets at once, hover over and select the secrets you'd like to delete
-and press the **Delete** button that appears at the top.
+## Project Settings

-![project delete secret batch](../../images/platform/project/project-secrets-delete-batch.png)
+Each project has its own settings panel, with options that vary depending on the selected product type. These may include
+setup and configuration for environments, tags, behaviors, encryption strategies, and other options.

-### Search
-
-To search for specific secrets by their key name, you can use the search bar.
-
-![project search](../../images/platform/project/project-secrets-search.png)
-
-To assist you with finding secrets, you can also group them by similar prefixes and filter them by tags (if applicable).
-
-![project filter](../../images/platform/project/project-secrets-filter.png)
-
-### Hide/Un-hide
-
-To view/hide all secrets at once, toggle the hide or un-hide button.
-
-![project filter](../../images/platform/project/project-secrets-unhide.png)
-
-### Download as .env
-
-To download/export secrets back into a `.env` file, press the download button.
-
-![project download back env](../../images/platform/project/project-secrets-download-env.png)
-
-### Tags
-
-To better organize similar secrets, hover over them and label them with a tag.
-
-![project tag secret](../../images/platform/project/project-secrets-tag.png)
-
-### Comments
-
-To provide more context about a given secret, especially for your team, hover over it and press the comment button.
-
-![project comment secret](../../images/platform/project/project-secrets-comment.png)
-
-### Personal overrides
-
-Infisical employs the concept of **shared** and **personal** secrets to address the need
-for common and custom secret values, or branching, amongst members of a team during software development.
-To provide a helpful analogy: A shared value is to a `main` branch as a personal value is to a custom branch.
-
-Consider:
-
- A team with users A, B, user C.
- A project with an environment containing a shared secret called D with the value E.
-
-Suppose user A overrides the value of secret D with the value F.
-
-Then:
-
- If user A fetches the secret D back, they get the value F.
- If users B and C fetch the secret D back, they both get the value E.
-
-<Info>
-  Please keep in mind that secret reminders won't work with personal overrides.
-</Info>
-
-![project override secret](../../images/platform/project/project-secrets-override.png)
-
-### Drawer
-
-To view the full details of each secret, you can hover over it and press on the ellipses button.
-
-![project secrets ellipses](../../images/platform/project/project-secrets-ellipses.png)
-
-This opens up a side-drawer:
-
-![project secrets drawer](../../images/platform/project/project-secrets-drawer.png)
+Project settings are fully independent and reflect the capabilities of the associated product.
--- a/docs/documentation/platform/secrets-mgmt/overview.mdx
+++ b/docs/documentation/platform/secrets-mgmt/overview.mdx
@@ -0,0 +1,17 @@
+---
+title: "Secrets Management"
+sidebarTitle: "Overview"
+description: "Learn how to securely store, access, and manage sensitive application secrets."
+---
+
+Infisical provides a flexible platform for managing application secrets — such as API keys, database credentials, application configuration, and more — across every stage of the development lifecycle from local development to production.
+
+It helps teams eliminate hardcoded secrets, enforce access controls, and adopt secure workflows like secret rotation, dynamic secrets, and secrets syncs to external platforms.
+
+Core capabilities include:
+
+- Secret Stores: Secure, versioned storage scoped by [project](/documentation/platform/secrets-mgmt/project), [environment](/documentation/platform/secrets-mgmt/project#project-environments), and [path](/documentation/platform/folder).
+- [Access Control](/documentation/platform/access-controls/overview): Fine-grained, identity-aware permissions for users and machines
+- Secret Delivery: Access secrets via [CLI](/cli/overview), [SDKs](/sdks/overview) (Go, Node.js, Python, etc.), [HTTP API](/api-reference/overview/introduction), [agents](/integrations/platforms/infisical-agent), [Kubernetes Operator](/integrations/platforms/kubernetes/overview), [External Secrets Operator (ESO)](https://external-secrets.io/latest/provider/infisical), and more.
+- Lifecycle Automation: Automate [secret rotation](/documentation/platform/secret-rotation/overview), generate [dynamic secrets](/documentation/platform/dynamic-secrets/overview), and enforce [approval-based workflows](/documentation/platform/pr-workflows).
+- [Secrets Syncs](/integrations/secret-syncs/overview): Push secrets to external services like [GitHub](/integrations/secret-syncs/github), [GitLab](/integrations/secret-syncs/gitlab), [AWS Secrets Manager](/integrations/secret-syncs/aws-secrets-manager), [Vercel](/integrations/secret-syncs/vercel), and more.
--- a/docs/documentation/platform/secrets-mgmt/project.mdx
+++ b/docs/documentation/platform/secrets-mgmt/project.mdx
@@ -0,0 +1,115 @@
+---
+title: "Projects"
+description: "Learn more and understand the concept of Infisical projects."
+---
+
+A secrets management project in Infisical is a dedicated workspace for managing application secrets such as API keys, database credentials, configuration, etc. used by your applications.
+
+Secrets are organized into a clear hierarchy of environments, folders, and individual secrets, making it easy to manage values across different stages of your development lifecycle (e.g., development, staging, production).
+
+## Project environments
+
+For both visual and organizational structure, Infisical allows splitting up secrets into environments (e.g., development, staging, production). In project settings, such environments can be
+customized depending on the intended use case.
+
+![project secrets overview](/images/platform/project/project-environments.png)
+
+## Secrets Overview
+
+The **Secrets Overview** page captures a birds-eye-view of secrets and [folders](./folder) across environments.
+This is useful for comparing secrets, identifying if anything is missing, and making quick changes.
+
+![project secrets overview](/images/platform/project/project-secrets-overview-open.png)
+
+## Secrets Dashboard
+
+The **Secrets Dashboard** page appears when you press to manage the secrets of a specific environment.
+
+![project dashboard](/images/dashboard.png)
+
+### Secrets
+
+To add a secret, press **Add Secret** button at the top of the dashboard.
+
+![project add secret](/images/platform/project/project-secrets-add.png)
+
+For a new project, it can be convenient to populate the dashboard by dropping a `.env` file into the provided pane as shown below:
+
+![project drop env file](/images/platform/project/project-secrets-drop-env.png)
+
+To delete a secret, hover over it and press the **X** button that appears on the right side.
+
+![project delete secret](/images/platform/project/project-secrets-delete.png)
+
+To delete multiple secrets at once, hover over and select the secrets you'd like to delete
+and press the **Delete** button that appears at the top.
+
+![project delete secret batch](/images/platform/project/project-secrets-delete-batch.png)
+
+### Search
+
+To search for specific secrets by their key name, you can use the search bar.
+
+![project search](/images/platform/project/project-secrets-search.png)
+
+To assist you with finding secrets, you can also group them by similar prefixes and filter them by tags (if applicable).
+
+![project filter](/images/platform/project/project-secrets-filter.png)
+
+### Hide/Un-hide
+
+To view/hide all secrets at once, toggle the hide or un-hide button.
+
+![project filter](/images/platform/project/project-secrets-unhide.png)
+
+### Download as .env
+
+To download/export secrets back into a `.env` file, press the download button.
+
+![project download back env](/images/platform/project/project-secrets-download-env.png)
+
+### Tags
+
+To better organize similar secrets, hover over them and label them with a tag.
+
+![project tag secret](/images/platform/project/project-secrets-tag.png)
+
+### Comments
+
+To provide more context about a given secret, especially for your team, hover over it and press the comment button.
+
+![project comment secret](/images/platform/project/project-secrets-comment.png)
+
+### Personal overrides
+
+Infisical employs the concept of **shared** and **personal** secrets to address the need
+for common and custom secret values, or branching, amongst members of a team during software development.
+To provide a helpful analogy: A shared value is to a `main` branch as a personal value is to a custom branch.
+
+Consider:
+
+- A team with users A, B, user C.
+- A project with an environment containing a shared secret called D with the value E.
+
+Suppose user A overrides the value of secret D with the value F.
+
+Then:
+
+- If user A fetches the secret D back, they get the value F.
+- If users B and C fetch the secret D back, they both get the value E.
+
+<Info>
+  Please keep in mind that secret reminders won't work with personal overrides.
+</Info>
+
+![project override secret](/images/platform/project/project-secrets-override.png)
+
+### Drawer
+
+To view the full details of each secret, you can hover over it and press on the ellipses button.
+
+![project secrets ellipses](/images/platform/project/project-secrets-ellipses.png)
+
+This opens up a side-drawer:
+
+![project secrets drawer](/images/platform/project/project-secrets-drawer.png)
--- a/docs/documentation/platform/ssh/host-groups.mdx
+++ b/docs/documentation/platform/ssh/host-groups.mdx
@@ -1,5 +1,5 @@
 ---
-title: "Infisical SSH"
+title: "Host Groups"
 sidebarTitle: "Host Groups"
 description: "Learn how to organize SSH hosts into groups and manage access policies at scale."
 ---
--- a/docs/documentation/platform/ssh/overview.mdx
+++ b/docs/documentation/platform/ssh/overview.mdx
@@ -1,5 +1,5 @@
 ---
-title: "Infisical SSH"
+title: "Overview"
 sidebarTitle: "Overview"
 description: "Learn how to securely provision user SSH access to your infrastructure using SSH certificates."
 ---
--- a/docs/images/platform/organization/organization-app-connections.png
+++ b/docs/images/platform/organization/organization-app-connections.png
--- a/docs/images/platform/organization/organization-billing.png
+++ b/docs/images/platform/organization/organization-billing.png
--- a/docs/images/platform/organization/organization-machine-identities.png
+++ b/docs/images/platform/organization/organization-machine-identities.png
--- a/docs/images/platform/organization/organization-members-roles-add-perm.png
+++ b/docs/images/platform/organization/organization-members-roles-add-perm.png
--- a/docs/images/platform/organization/organization-members-roles.png
+++ b/docs/images/platform/organization/organization-members-roles.png
--- a/docs/images/platform/organization/organization-members.png
+++ b/docs/images/platform/organization/organization-members.png
--- a/docs/images/platform/organization/organization-projects.png
+++ b/docs/images/platform/organization/organization-projects.png
--- a/docs/images/platform/organization/organization-roles.png
+++ b/docs/images/platform/organization/organization-roles.png
--- a/docs/images/platform/organization/organization-settings-auth.png
+++ b/docs/images/platform/organization/organization-settings-auth.png
--- a/docs/images/platform/organization/organization-settings-general.png
+++ b/docs/images/platform/organization/organization-settings-general.png
--- a/docs/images/platform/organization/organization-settings.png
+++ b/docs/images/platform/organization/organization-settings.png
--- a/docs/images/platform/organization/organization-usage-billing.png
+++ b/docs/images/platform/organization/organization-usage-billing.png
--- a/docs/images/platform/organization/organization-users.png
+++ b/docs/images/platform/organization/organization-users.png
--- a/docs/images/platform/organization/organization.png
+++ b/docs/images/platform/organization/organization.png
--- a/docs/images/platform/project/project-roles.png
+++ b/docs/images/platform/project/project-roles.png
--- a/docs/images/platform/project/project-types.png
+++ b/docs/images/platform/project/project-types.png
Author	SHA1	Message	Date
Maidul Islam	1b29a4564a	fix typos	2025-08-04 14:52:47 -07:00
Maidul Islam	9e3c0c8583	fix links	2025-08-04 14:51:02 -07:00
Maidul Islam	16ebe0f8e7	small nits	2025-08-04 14:11:13 -07:00
Tuan Dang	dc0cc4c29d	Update images for user + machine identities	2025-08-04 18:48:46 +07:00
Tuan Dang	6dd639be60	Update docs to be multi-product	2025-08-04 16:58:00 +07:00