add todo(author) to previous existing comment

Improvement:  Filterable Project Select for Audit Logs

.env.example

@@ -74,8 +74,8 @@ CAPTCHA_SECRET=
 
 NEXT_PUBLIC_CAPTCHA_SITE_KEY=
 
-OTEL_TELEMETRY_COLLECTION_ENABLED=
-OTEL_EXPORT_TYPE=
+OTEL_TELEMETRY_COLLECTION_ENABLED=false
+OTEL_EXPORT_TYPE=prometheus
 OTEL_EXPORT_OTLP_ENDPOINT=
 OTEL_OTLP_PUSH_INTERVAL=
 

backend/package-lock.json

@@ -33,6 +33,7 @@
         "@octokit/plugin-retry": "^5.0.5",
         "@octokit/rest": "^20.0.2",
         "@octokit/webhooks-types": "^7.3.1",
+        "@octopusdeploy/api-client": "^3.4.1",
         "@opentelemetry/api": "^1.9.0",
         "@opentelemetry/auto-instrumentations-node": "^0.53.0",
         "@opentelemetry/exporter-metrics-otlp-proto": "^0.55.0",
@@ -6955,6 +6956,21 @@
       "resolved": "https://registry.npmjs.org/@octokit/webhooks-types/-/webhooks-types-7.1.0.tgz",
       "integrity": "sha512-y92CpG4kFFtBBjni8LHoV12IegJ+KFxLgKRengrVjKmGE5XMeCuGvlfRe75lTRrgXaG6XIWJlFpIDTlkoJsU8w=="
     },
+    "node_modules/@octopusdeploy/api-client": {
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/@octopusdeploy/api-client/-/api-client-3.4.1.tgz",
+      "integrity": "sha512-j6FRgDNzc6AQoT3CAguYLWxoMR4W5TKCT1BCPpqjEN9mknmdMSKfYORs3djn/Yj/BhqtITTydDpBoREbzKY5+g==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "adm-zip": "^0.5.9",
+        "axios": "^1.2.1",
+        "form-data": "^4.0.0",
+        "glob": "^8.0.3",
+        "lodash": "^4.17.21",
+        "semver": "^7.3.8",
+        "urijs": "^1.19.11"
+      }
+    },
     "node_modules/@opentelemetry/api": {
       "version": "1.9.0",
       "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.0.tgz",
@@ -22397,6 +22413,12 @@
         "punycode": "^2.1.0"
       }
     },
+    "node_modules/urijs": {
+      "version": "1.19.11",
+      "resolved": "https://registry.npmjs.org/urijs/-/urijs-1.19.11.tgz",
+      "integrity": "sha512-HXgFDgDommxn5/bIv0cnQZsPhHDA90NPHD6+c/v21U5+Sx5hoP8+dP9IZXBU1gIfvdRfhG8cel9QNPeionfcCQ==",
+      "license": "MIT"
+    },
     "node_modules/url": {
       "version": "0.10.3",
       "resolved": "https://registry.npmjs.org/url/-/url-0.10.3.tgz",

backend/package.json

@@ -141,6 +141,7 @@
     "@octokit/plugin-retry": "^5.0.5",
     "@octokit/rest": "^20.0.2",
     "@octokit/webhooks-types": "^7.3.1",
+    "@octopusdeploy/api-client": "^3.4.1",
     "@opentelemetry/api": "^1.9.0",
     "@opentelemetry/auto-instrumentations-node": "^0.53.0",
     "@opentelemetry/exporter-metrics-otlp-proto": "^0.55.0",

backend/src/ee/routes/v1/dynamic-secret-router.ts

@@ -1,3 +1,4 @@
+import slugify from "@sindresorhus/slugify";
 import ms from "ms";
 import { z } from "zod";
 
@@ -7,7 +8,6 @@ import { DYNAMIC_SECRETS } from "@app/lib/api-docs";
 import { daysToMillisecond } from "@app/lib/dates";
 import { removeTrailingSlash } from "@app/lib/fn";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { SanitizedDynamicSecretSchema } from "@app/server/routes/sanitizedSchemas";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -48,7 +48,15 @@ export const registerDynamicSecretRouter = async (server: FastifyZodProvider) =>
           .nullable(),
         path: z.string().describe(DYNAMIC_SECRETS.CREATE.path).trim().default("/").transform(removeTrailingSlash),
         environmentSlug: z.string().describe(DYNAMIC_SECRETS.CREATE.environmentSlug).min(1),
-        name: slugSchema({ min: 1, max: 64, field: "Name" }).describe(DYNAMIC_SECRETS.CREATE.name)
+        name: z
+          .string()
+          .describe(DYNAMIC_SECRETS.CREATE.name)
+          .min(1)
+          .toLowerCase()
+          .max(64)
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid"
+          })
       }),
       response: {
         200: z.object({

backend/src/ee/routes/v1/group-router.ts

@@ -1,8 +1,8 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { GroupsSchema, OrgMembershipRole, UsersSchema } from "@app/db/schemas";
 import { GROUPS } from "@app/lib/api-docs";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 
@@ -14,7 +14,15 @@ export const registerGroupRouter = async (server: FastifyZodProvider) => {
     schema: {
       body: z.object({
         name: z.string().trim().min(1).max(50).describe(GROUPS.CREATE.name),
-        slug: slugSchema({ min: 5, max: 36 }).optional().describe(GROUPS.CREATE.slug),
+        slug: z
+          .string()
+          .min(5)
+          .max(36)
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .optional()
+          .describe(GROUPS.CREATE.slug),
         role: z.string().trim().min(1).default(OrgMembershipRole.NoAccess).describe(GROUPS.CREATE.role)
       }),
       response: {
@@ -92,7 +100,14 @@ export const registerGroupRouter = async (server: FastifyZodProvider) => {
       body: z
         .object({
           name: z.string().trim().min(1).describe(GROUPS.UPDATE.name),
-          slug: slugSchema({ min: 5, max: 36 }).describe(GROUPS.UPDATE.slug),
+          slug: z
+            .string()
+            .min(5)
+            .max(36)
+            .refine((v) => slugify(v) === v, {
+              message: "Slug must be a valid slug"
+            })
+            .describe(GROUPS.UPDATE.slug),
           role: z.string().trim().min(1).describe(GROUPS.UPDATE.role)
         })
         .partial(),

backend/src/ee/routes/v1/identity-project-additional-privilege-router.ts

@@ -8,7 +8,6 @@ import { IDENTITY_ADDITIONAL_PRIVILEGE } from "@app/lib/api-docs";
 import { UnauthorizedError } from "@app/lib/errors";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import {
   ProjectPermissionSchema,
@@ -34,7 +33,17 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
       body: z.object({
         identityId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.identityId),
         projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.projectSlug),
-        slug: slugSchema({ min: 1, max: 60 }).optional().describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.slug),
+        slug: z
+          .string()
+          .min(1)
+          .max(60)
+          .trim()
+          .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .optional()
+          .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.slug),
         permissions: ProjectPermissionSchema.array()
           .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.permissions)
           .optional(),
@@ -68,7 +77,7 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
         actorOrgId: req.permission.orgId,
         actorAuthMethod: req.permission.authMethod,
         ...req.body,
-        slug: req.body.slug ?? slugify(alphaNumericNanoId(12)),
+        slug: req.body.slug ? slugify(req.body.slug) : slugify(alphaNumericNanoId(12)),
         isTemporary: false,
         // eslint-disable-next-line @typescript-eslint/ban-ts-comment
         // @ts-ignore-error this is valid ts
@@ -94,7 +103,17 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
       body: z.object({
         identityId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.identityId),
         projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.projectSlug),
-        slug: slugSchema({ min: 1, max: 60 }).optional().describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.slug),
+        slug: z
+          .string()
+          .min(1)
+          .max(60)
+          .trim()
+          .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .optional()
+          .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.slug),
         permissions: ProjectPermissionSchema.array()
           .describe(IDENTITY_ADDITIONAL_PRIVILEGE.CREATE.permissions)
           .optional(),
@@ -140,7 +159,7 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
         actorOrgId: req.permission.orgId,
         actorAuthMethod: req.permission.authMethod,
         ...req.body,
-        slug: req.body.slug ?? slugify(alphaNumericNanoId(12)),
+        slug: req.body.slug ? slugify(req.body.slug) : slugify(alphaNumericNanoId(12)),
         isTemporary: true,
         // eslint-disable-next-line @typescript-eslint/ban-ts-comment
         // @ts-ignore-error this is valid ts
@@ -170,7 +189,16 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
         projectSlug: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.projectSlug),
         privilegeDetails: z
           .object({
-            slug: slugSchema({ min: 1, max: 60 }).describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.newSlug),
+            slug: z
+              .string()
+              .min(1)
+              .max(60)
+              .trim()
+              .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+              .refine((v) => slugify(v) === v, {
+                message: "Slug must be a valid slug"
+              })
+              .describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.newSlug),
             permissions: ProjectPermissionSchema.array().describe(IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.permissions),
             privilegePermission: ProjectSpecificPrivilegePermissionSchema.describe(
               IDENTITY_ADDITIONAL_PRIVILEGE.UPDATE.privilegePermission

backend/src/ee/routes/v1/org-role-router.ts

@@ -1,8 +1,8 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { OrgMembershipRole, OrgMembershipsSchema, OrgRolesSchema } from "@app/db/schemas";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 
@@ -18,10 +18,17 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
         organizationId: z.string().trim()
       }),
       body: z.object({
-        slug: slugSchema({ min: 1, max: 64 }).refine(
-          (val) => !Object.values(OrgMembershipRole).includes(val as OrgMembershipRole),
-          "Please choose a different slug, the slug you have entered is reserved"
-        ),
+        slug: z
+          .string()
+          .min(1)
+          .trim()
+          .refine(
+            (val) => !Object.values(OrgMembershipRole).includes(val as OrgMembershipRole),
+            "Please choose a different slug, the slug you have entered is reserved"
+          )
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid"
+          }),
         name: z.string().trim(),
         description: z.string().trim().optional(),
         permissions: z.any().array()
@@ -87,13 +94,17 @@ export const registerOrgRoleRouter = async (server: FastifyZodProvider) => {
         roleId: z.string().trim()
       }),
       body: z.object({
-        // TODO: Switch to slugSchema after verifying correct methods with Akhil - Omar 11/24
-        slug: slugSchema({ min: 1, max: 64 })
+        slug: z
+          .string()
+          .trim()
+          .optional()
           .refine(
-            (val) => !Object.keys(OrgMembershipRole).includes(val),
+            (val) => typeof val !== "undefined" && !Object.keys(OrgMembershipRole).includes(val),
             "Please choose a different slug, the slug you have entered is reserved."
           )
-          .optional(),
+          .refine((val) => typeof val === "undefined" || slugify(val) === val, {
+            message: "Slug must be a valid"
+          }),
         name: z.string().trim().optional(),
         description: z.string().trim().optional(),
         permissions: z.any().array().optional()

backend/src/ee/routes/v1/project-role-router.ts

@@ -1,4 +1,5 @@
 import { packRules } from "@casl/ability/extra";
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { ProjectMembershipRole, ProjectMembershipsSchema, ProjectRolesSchema } from "@app/db/schemas";
@@ -8,7 +9,6 @@ import {
 } from "@app/ee/services/permission/project-permission";
 import { PROJECT_ROLE } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { SanitizedRoleSchemaV1 } from "@app/server/routes/sanitizedSchemas";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -32,11 +32,18 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
         projectSlug: z.string().trim().describe(PROJECT_ROLE.CREATE.projectSlug)
       }),
       body: z.object({
-        slug: slugSchema({ max: 64 })
+        slug: z
+          .string()
+          .toLowerCase()
+          .trim()
+          .min(1)
           .refine(
             (val) => !Object.values(ProjectMembershipRole).includes(val as ProjectMembershipRole),
             "Please choose a different slug, the slug you have entered is reserved"
           )
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid"
+          })
           .describe(PROJECT_ROLE.CREATE.slug),
         name: z.string().min(1).trim().describe(PROJECT_ROLE.CREATE.name),
         description: z.string().trim().optional().describe(PROJECT_ROLE.CREATE.description),
@@ -87,13 +94,21 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
         roleId: z.string().trim().describe(PROJECT_ROLE.UPDATE.roleId)
       }),
       body: z.object({
-        slug: slugSchema()
+        slug: z
+          .string()
+          .toLowerCase()
+          .trim()
+          .optional()
+          .describe(PROJECT_ROLE.UPDATE.slug)
           .refine(
-            (val) => !Object.values(ProjectMembershipRole).includes(val as ProjectMembershipRole),
+            (val) =>
+              typeof val === "undefined" ||
+              !Object.values(ProjectMembershipRole).includes(val as ProjectMembershipRole),
             "Please choose a different slug, the slug you have entered is reserved"
           )
-          .describe(PROJECT_ROLE.UPDATE.slug)
-          .optional(),
+          .refine((val) => typeof val === "undefined" || slugify(val) === val, {
+            message: "Slug must be a valid"
+          }),
         name: z.string().trim().optional().describe(PROJECT_ROLE.UPDATE.name),
         description: z.string().trim().optional().describe(PROJECT_ROLE.UPDATE.description),
         permissions: ProjectPermissionV1Schema.array().describe(PROJECT_ROLE.UPDATE.permissions).optional()

backend/src/ee/routes/v1/project-template-router.ts

@@ -1,3 +1,4 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { ProjectMembershipRole, ProjectTemplatesSchema } from "@app/db/schemas";
@@ -7,13 +8,22 @@ import { ProjectTemplateDefaultEnvironments } from "@app/ee/services/project-tem
 import { isInfisicalProjectTemplate } from "@app/ee/services/project-template/project-template-fns";
 import { ProjectTemplates } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { UnpackedPermissionSchema } from "@app/server/routes/santizedSchemas/permission";
 import { AuthMode } from "@app/services/auth/auth-type";
 
 const MAX_JSON_SIZE_LIMIT_IN_BYTES = 32_768;
 
+const SlugSchema = z
+  .string()
+  .trim()
+  .min(1)
+  .max(32)
+  .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+  .refine((v) => slugify(v) === v, {
+    message: "Must be valid slug format"
+  });
+
 const isReservedRoleSlug = (slug: string) =>
   Object.values(ProjectMembershipRole).includes(slug as ProjectMembershipRole);
 
@@ -24,14 +34,14 @@ const SanitizedProjectTemplateSchema = ProjectTemplatesSchema.extend({
   roles: z
     .object({
       name: z.string().trim().min(1),
-      slug: slugSchema(),
+      slug: SlugSchema,
       permissions: UnpackedPermissionSchema.array()
     })
     .array(),
   environments: z
     .object({
       name: z.string().trim().min(1),
-      slug: slugSchema(),
+      slug: SlugSchema,
       position: z.number().min(1)
     })
     .array()
@@ -40,7 +50,7 @@ const SanitizedProjectTemplateSchema = ProjectTemplatesSchema.extend({
 const ProjectTemplateRolesSchema = z
   .object({
     name: z.string().trim().min(1),
-    slug: slugSchema(),
+    slug: SlugSchema,
     permissions: ProjectPermissionV2Schema.array()
   })
   .array()
@@ -68,7 +78,7 @@ const ProjectTemplateRolesSchema = z
 const ProjectTemplateEnvironmentsSchema = z
   .object({
     name: z.string().trim().min(1),
-    slug: slugSchema(),
+    slug: SlugSchema,
     position: z.number().min(1)
   })
   .array()
@@ -178,11 +188,9 @@ export const registerProjectTemplateRouter = async (server: FastifyZodProvider)
     schema: {
       description: "Create a project template.",
       body: z.object({
-        name: slugSchema({ field: "name" })
-          .refine((val) => !isInfisicalProjectTemplate(val), {
-            message: `The requested project template name is reserved.`
-          })
-          .describe(ProjectTemplates.CREATE.name),
+        name: SlugSchema.refine((val) => !isInfisicalProjectTemplate(val), {
+          message: `The requested project template name is reserved.`
+        }).describe(ProjectTemplates.CREATE.name),
         description: z.string().max(256).trim().optional().describe(ProjectTemplates.CREATE.description),
         roles: ProjectTemplateRolesSchema.default([]).describe(ProjectTemplates.CREATE.roles),
         environments: ProjectTemplateEnvironmentsSchema.default(ProjectTemplateDefaultEnvironments).describe(
@@ -222,10 +230,9 @@ export const registerProjectTemplateRouter = async (server: FastifyZodProvider)
       description: "Update a project template.",
       params: z.object({ templateId: z.string().uuid().describe(ProjectTemplates.UPDATE.templateId) }),
       body: z.object({
-        name: slugSchema({ field: "name" })
-          .refine((val) => !isInfisicalProjectTemplate(val), {
-            message: `The requested project template name is reserved.`
-          })
+        name: SlugSchema.refine((val) => !isInfisicalProjectTemplate(val), {
+          message: `The requested project template name is reserved.`
+        })
           .optional()
           .describe(ProjectTemplates.UPDATE.name),
         description: z.string().max(256).trim().optional().describe(ProjectTemplates.UPDATE.description),

backend/src/ee/routes/v1/user-additional-privilege-router.ts

@@ -7,7 +7,6 @@ import { ProjectUserAdditionalPrivilegeTemporaryMode } from "@app/ee/services/pr
 import { PROJECT_USER_ADDITIONAL_PRIVILEGE } from "@app/lib/api-docs";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { SanitizedUserProjectAdditionalPrivilegeSchema } from "@app/server/routes/santizedSchemas/user-additional-privilege";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -22,7 +21,17 @@ export const registerUserAdditionalPrivilegeRouter = async (server: FastifyZodPr
     schema: {
       body: z.object({
         projectMembershipId: z.string().min(1).describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.projectMembershipId),
-        slug: slugSchema({ min: 1, max: 60 }).optional().describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.slug),
+        slug: z
+          .string()
+          .min(1)
+          .max(60)
+          .trim()
+          .refine((v) => v.toLowerCase() === v, "Slug must be lowercase")
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .optional()
+          .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.slug),
         permissions: ProjectPermissionV2Schema.array().describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.CREATE.permissions),
         type: z.discriminatedUnion("isTemporary", [
           z.object({
@@ -78,7 +87,15 @@ export const registerUserAdditionalPrivilegeRouter = async (server: FastifyZodPr
       }),
       body: z
         .object({
-          slug: slugSchema({ min: 1, max: 60 }).describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.UPDATE.slug),
+          slug: z
+            .string()
+            .max(60)
+            .trim()
+            .refine((v) => v.toLowerCase() === v, "Slug must be lowercase")
+            .refine((v) => slugify(v) === v, {
+              message: "Slug must be a valid slug"
+            })
+            .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.UPDATE.slug),
           permissions: ProjectPermissionV2Schema.array()
             .optional()
             .describe(PROJECT_USER_ADDITIONAL_PRIVILEGE.UPDATE.permissions),

backend/src/ee/routes/v2/identity-project-additional-privilege-router.ts

@@ -7,7 +7,6 @@ import { ProjectPermissionV2Schema } from "@app/ee/services/permission/project-p
 import { IDENTITY_ADDITIONAL_PRIVILEGE_V2 } from "@app/lib/api-docs";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { SanitizedIdentityPrivilegeSchema } from "@app/server/routes/santizedSchemas/identitiy-additional-privilege";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -29,7 +28,17 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
       body: z.object({
         identityId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE_V2.CREATE.identityId),
         projectId: z.string().min(1).describe(IDENTITY_ADDITIONAL_PRIVILEGE_V2.CREATE.projectId),
-        slug: slugSchema({ min: 1, max: 60 }).optional().describe(IDENTITY_ADDITIONAL_PRIVILEGE_V2.CREATE.slug),
+        slug: z
+          .string()
+          .min(1)
+          .max(60)
+          .trim()
+          .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .optional()
+          .describe(IDENTITY_ADDITIONAL_PRIVILEGE_V2.CREATE.slug),
         permissions: ProjectPermissionV2Schema.array().describe(IDENTITY_ADDITIONAL_PRIVILEGE_V2.CREATE.permission),
         type: z.discriminatedUnion("isTemporary", [
           z.object({
@@ -91,7 +100,16 @@ export const registerIdentityProjectAdditionalPrivilegeRouter = async (server: F
         id: z.string().trim().describe(IDENTITY_ADDITIONAL_PRIVILEGE_V2.UPDATE.id)
       }),
       body: z.object({
-        slug: slugSchema({ min: 1, max: 60 }).describe(IDENTITY_ADDITIONAL_PRIVILEGE_V2.UPDATE.slug),
+        slug: z
+          .string()
+          .min(1)
+          .max(60)
+          .trim()
+          .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .describe(IDENTITY_ADDITIONAL_PRIVILEGE_V2.UPDATE.slug),
         permissions: ProjectPermissionV2Schema.array()
           .optional()
           .describe(IDENTITY_ADDITIONAL_PRIVILEGE_V2.UPDATE.privilegePermission),

backend/src/ee/routes/v2/project-role-router.ts

@@ -1,11 +1,11 @@
 import { packRules } from "@casl/ability/extra";
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { ProjectMembershipRole, ProjectRolesSchema } from "@app/db/schemas";
 import { ProjectPermissionV2Schema } from "@app/ee/services/permission/project-permission";
 import { PROJECT_ROLE } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { SanitizedRoleSchema } from "@app/server/routes/sanitizedSchemas";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -29,11 +29,18 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
         projectId: z.string().trim().describe(PROJECT_ROLE.CREATE.projectId)
       }),
       body: z.object({
-        slug: slugSchema({ min: 1, max: 64 })
+        slug: z
+          .string()
+          .toLowerCase()
+          .trim()
+          .min(1)
           .refine(
             (val) => !Object.values(ProjectMembershipRole).includes(val as ProjectMembershipRole),
             "Please choose a different slug, the slug you have entered is reserved"
           )
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid"
+          })
           .describe(PROJECT_ROLE.CREATE.slug),
         name: z.string().min(1).trim().describe(PROJECT_ROLE.CREATE.name),
         description: z.string().trim().optional().describe(PROJECT_ROLE.CREATE.description),
@@ -83,13 +90,21 @@ export const registerProjectRoleRouter = async (server: FastifyZodProvider) => {
         roleId: z.string().trim().describe(PROJECT_ROLE.UPDATE.roleId)
       }),
       body: z.object({
-        slug: slugSchema({ min: 1, max: 64 })
+        slug: z
+          .string()
+          .toLowerCase()
+          .trim()
+          .optional()
+          .describe(PROJECT_ROLE.UPDATE.slug)
           .refine(
-            (val) => !Object.values(ProjectMembershipRole).includes(val as ProjectMembershipRole),
+            (val) =>
+              typeof val === "undefined" ||
+              !Object.values(ProjectMembershipRole).includes(val as ProjectMembershipRole),
             "Please choose a different slug, the slug you have entered is reserved"
           )
-          .optional()
-          .describe(PROJECT_ROLE.UPDATE.slug),
+          .refine((val) => typeof val === "undefined" || slugify(val) === val, {
+            message: "Slug must be a valid"
+          }),
         name: z.string().trim().optional().describe(PROJECT_ROLE.UPDATE.name),
         description: z.string().trim().optional().describe(PROJECT_ROLE.UPDATE.description),
         permissions: ProjectPermissionV2Schema.array().describe(PROJECT_ROLE.UPDATE.permissions).optional()

backend/src/ee/services/dynamic-secret-lease/dynamic-secret-lease-service.ts

@@ -112,7 +112,7 @@ export const dynamicSecretLeaseServiceFactory = ({
       })
     ) as object;
 
-    const selectedTTL = ttl ?? dynamicSecretCfg.defaultTTL;
+    const selectedTTL = ttl || dynamicSecretCfg.defaultTTL;
     const { maxTTL } = dynamicSecretCfg;
     const expireAt = new Date(new Date().getTime() + ms(selectedTTL));
     if (maxTTL) {
@@ -187,7 +187,7 @@ export const dynamicSecretLeaseServiceFactory = ({
       })
     ) as object;
 
-    const selectedTTL = ttl ?? dynamicSecretCfg.defaultTTL;
+    const selectedTTL = ttl || dynamicSecretCfg.defaultTTL;
     const { maxTTL } = dynamicSecretCfg;
     const expireAt = new Date(dynamicSecretLease.expireAt.getTime() + ms(selectedTTL));
     if (maxTTL) {

backend/src/lib/api-docs/constants.ts

@@ -1082,7 +1082,8 @@ export const INTEGRATION = {
       shouldDisableDelete: "The flag to disable deletion of secrets in AWS Parameter Store.",
       shouldMaskSecrets: "Specifies if the secrets synced from Infisical to Gitlab should be marked as 'Masked'.",
       shouldProtectSecrets: "Specifies if the secrets synced from Infisical to Gitlab should be marked as 'Protected'.",
-      shouldEnableDelete: "The flag to enable deletion of secrets."
+      shouldEnableDelete: "The flag to enable deletion of secrets.",
+      octopusDeployScopeValues: "Specifies the scope values to set on synced secrets to Octopus Deploy."
     }
   },
   UPDATE: {

backend/src/lib/config/env.ts

@@ -10,7 +10,7 @@ export const GITLAB_URL = "https://gitlab.com";
 export const IS_PACKAGED = (process as any)?.pkg !== undefined;
 
 const zodStrBool = z
-  .enum(["true", "false"])
+  .string()
   .optional()
   .transform((val) => val === "true");
 

backend/src/server/lib/schemas.ts

@@ -1,24 +0,0 @@
-import slugify from "@sindresorhus/slugify";
-import { z } from "zod";
-
-interface SlugSchemaInputs {
-  min?: number;
-  max?: number;
-  field?: string;
-}
-
-export const slugSchema = ({ min = 1, max = 32, field = "Slug" }: SlugSchemaInputs = {}) => {
-  return z
-    .string()
-    .toLowerCase()
-    .trim()
-    .min(min, {
-      message: `${field} field must be at least ${min} character${min === 1 ? "" : "s"}`
-    })
-    .max(max, {
-      message: `${field} field must be at most ${max} character${max === 1 ? "" : "s"}`
-    })
-    .refine((v) => slugify(v, { lowercase: true, separator: "-" }) === v, {
-      message: `${field} field can only contain letters, numbers, and hyphens`
-    });
-};

backend/src/server/routes/v1/cmek-router.ts

@@ -1,3 +1,4 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { InternalKmsSchema, KmsKeysSchema } from "@app/db/schemas";
@@ -7,12 +8,19 @@ import { getBase64SizeInBytes, isBase64 } from "@app/lib/base64";
 import { SymmetricEncryption } from "@app/lib/crypto/cipher";
 import { OrderByDirection } from "@app/lib/types";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 import { CmekOrderBy } from "@app/services/cmek/cmek-types";
 
-const keyNameSchema = slugSchema({ min: 1, max: 32, field: "Name" });
+const keyNameSchema = z
+  .string()
+  .trim()
+  .min(1)
+  .max(32)
+  .toLowerCase()
+  .refine((v) => slugify(v) === v, {
+    message: "Name must be slug friendly"
+  });
 const keyDescriptionSchema = z.string().trim().max(500).optional();
 
 const base64Schema = z.string().superRefine((val, ctx) => {

backend/src/server/routes/v1/external-group-org-role-mapping-router.ts

@@ -1,9 +1,9 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { ExternalGroupOrgRoleMappingsSchema } from "@app/db/schemas/external-group-org-role-mappings";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 
@@ -48,7 +48,13 @@ export const registerExternalGroupOrgRoleMappingRouter = async (server: FastifyZ
         mappings: z
           .object({
             groupName: z.string().trim().min(1),
-            roleSlug: slugSchema({ max: 64 })
+            roleSlug: z
+              .string()
+              .min(1)
+              .toLowerCase()
+              .refine((v) => slugify(v) === v, {
+                message: "Role must be a valid slug"
+              })
           })
           .array()
       }),

backend/src/server/routes/v1/integration-auth-router.ts

@@ -5,6 +5,7 @@ import { INTEGRATION_AUTH } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
+import { OctopusDeployScope } from "@app/services/integration-auth/integration-auth-types";
 
 import { integrationAuthPubSchema } from "../sanitizedSchemas";
 
@@ -1008,4 +1009,118 @@ export const registerIntegrationAuthRouter = async (server: FastifyZodProvider)
       return { buildConfigs };
     }
   });
+
+  server.route({
+    method: "GET",
+    url: "/:integrationAuthId/octopus-deploy/scope-values",
+    config: {
+      rateLimit: readLimit
+    },
+    onRequest: verifyAuth([AuthMode.JWT]),
+    schema: {
+      params: z.object({
+        integrationAuthId: z.string().trim()
+      }),
+      querystring: z.object({
+        scope: z.nativeEnum(OctopusDeployScope),
+        spaceId: z.string().trim(),
+        resourceId: z.string().trim()
+      }),
+      response: {
+        200: z.object({
+          Environments: z
+            .object({
+              Name: z.string(),
+              Id: z.string()
+            })
+            .array(),
+          Machines: z
+            .object({
+              Name: z.string(),
+              Id: z.string()
+            })
+            .array(),
+          Actions: z
+            .object({
+              Name: z.string(),
+              Id: z.string()
+            })
+            .array(),
+          Roles: z
+            .object({
+              Name: z.string(),
+              Id: z.string()
+            })
+            .array(),
+          Channels: z
+            .object({
+              Name: z.string(),
+              Id: z.string()
+            })
+            .array(),
+          TenantTags: z
+            .object({
+              Name: z.string(),
+              Id: z.string()
+            })
+            .array(),
+          Processes: z
+            .object({
+              ProcessType: z.string(),
+              Name: z.string(),
+              Id: z.string()
+            })
+            .array()
+        })
+      }
+    },
+    handler: async (req) => {
+      const scopeValues = await server.services.integrationAuth.getOctopusDeployScopeValues({
+        actorId: req.permission.id,
+        actor: req.permission.type,
+        actorAuthMethod: req.permission.authMethod,
+        actorOrgId: req.permission.orgId,
+        id: req.params.integrationAuthId,
+        scope: req.query.scope,
+        spaceId: req.query.spaceId,
+        resourceId: req.query.resourceId
+      });
+      return scopeValues;
+    }
+  });
+
+  server.route({
+    method: "GET",
+    url: "/:integrationAuthId/octopus-deploy/spaces",
+    config: {
+      rateLimit: readLimit
+    },
+    onRequest: verifyAuth([AuthMode.JWT]),
+    schema: {
+      params: z.object({
+        integrationAuthId: z.string().trim()
+      }),
+      response: {
+        200: z.object({
+          spaces: z
+            .object({
+              Name: z.string(),
+              Id: z.string(),
+              IsDefault: z.boolean()
+            })
+            .array()
+        })
+      }
+    },
+    handler: async (req) => {
+      const spaces = await server.services.integrationAuth.getOctopusDeploySpaces({
+        actorId: req.permission.id,
+        actor: req.permission.type,
+        actorAuthMethod: req.permission.authMethod,
+        actorOrgId: req.permission.orgId,
+        id: req.params.integrationAuthId
+      });
+      return { spaces };
+    }
+  });
 };

backend/src/server/routes/v1/organization-router.ts

@@ -1,3 +1,4 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import {
@@ -13,7 +14,6 @@ import { EventType, UserAgentType } from "@app/ee/services/audit-log/audit-log-t
 import { AUDIT_LOGS, ORGANIZATIONS } from "@app/lib/api-docs";
 import { getLastMidnightDateISO } from "@app/lib/fn";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { ActorType, AuthMode, MfaMethod } from "@app/services/auth/auth-type";
 
@@ -243,10 +243,22 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
       params: z.object({ organizationId: z.string().trim() }),
       body: z.object({
         name: z.string().trim().max(64, { message: "Name must be 64 or fewer characters" }).optional(),
-        slug: slugSchema({ max: 64 }).optional(),
+        slug: z
+          .string()
+          .trim()
+          .max(64, { message: "Slug must be 64 or fewer characters" })
+          .regex(/^[a-zA-Z0-9-]+$/, "Slug must only contain alphanumeric characters or hyphens")
+          .optional(),
         authEnforced: z.boolean().optional(),
         scimEnabled: z.boolean().optional(),
-        defaultMembershipRoleSlug: slugSchema({ max: 64, field: "Default Membership Role" }).optional(),
+        defaultMembershipRoleSlug: z
+          .string()
+          .min(1)
+          .trim()
+          .refine((v) => slugify(v) === v, {
+            message: "Membership role must be a valid slug"
+          })
+          .optional(),
         enforceMfa: z.boolean().optional(),
         selectedMfaMethod: z.nativeEnum(MfaMethod).optional()
       }),

backend/src/server/routes/v1/project-env-router.ts

@@ -1,10 +1,10 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { ProjectEnvironmentsSchema } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { ENVIRONMENTS } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 
@@ -124,7 +124,13 @@ export const registerProjectEnvRouter = async (server: FastifyZodProvider) => {
       body: z.object({
         name: z.string().trim().describe(ENVIRONMENTS.CREATE.name),
         position: z.number().min(1).optional().describe(ENVIRONMENTS.CREATE.position),
-        slug: slugSchema({ max: 64 }).describe(ENVIRONMENTS.CREATE.slug)
+        slug: z
+          .string()
+          .trim()
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .describe(ENVIRONMENTS.CREATE.slug)
       }),
       response: {
         200: z.object({
@@ -182,7 +188,14 @@ export const registerProjectEnvRouter = async (server: FastifyZodProvider) => {
         id: z.string().trim().describe(ENVIRONMENTS.UPDATE.id)
       }),
       body: z.object({
-        slug: slugSchema({ max: 64 }).optional().describe(ENVIRONMENTS.UPDATE.slug),
+        slug: z
+          .string()
+          .trim()
+          .optional()
+          .refine((v) => !v || slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .describe(ENVIRONMENTS.UPDATE.slug),
         name: z.string().trim().optional().describe(ENVIRONMENTS.UPDATE.name),
         position: z.number().optional().describe(ENVIRONMENTS.UPDATE.position)
       }),

backend/src/server/routes/v1/secret-tag-router.ts

@@ -1,9 +1,9 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { SecretTagsSchema } from "@app/db/schemas";
 import { SECRET_TAGS } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 
@@ -111,7 +111,14 @@ export const registerSecretTagRouter = async (server: FastifyZodProvider) => {
         projectId: z.string().trim().describe(SECRET_TAGS.CREATE.projectId)
       }),
       body: z.object({
-        slug: slugSchema({ max: 64 }).describe(SECRET_TAGS.CREATE.slug),
+        slug: z
+          .string()
+          .toLowerCase()
+          .trim()
+          .describe(SECRET_TAGS.CREATE.slug)
+          .refine((v) => slugify(v) === v, {
+            message: "Invalid slug. Slug can only contain alphanumeric characters and hyphens."
+          }),
         color: z.string().trim().describe(SECRET_TAGS.CREATE.color)
       }),
       response: {
@@ -146,7 +153,14 @@ export const registerSecretTagRouter = async (server: FastifyZodProvider) => {
         tagId: z.string().trim().describe(SECRET_TAGS.UPDATE.tagId)
       }),
       body: z.object({
-        slug: slugSchema({ max: 64 }).describe(SECRET_TAGS.UPDATE.slug),
+        slug: z
+          .string()
+          .toLowerCase()
+          .trim()
+          .describe(SECRET_TAGS.UPDATE.slug)
+          .refine((v) => slugify(v) === v, {
+            message: "Invalid slug. Slug can only contain alphanumeric characters and hyphens."
+          }),
         color: z.string().trim().describe(SECRET_TAGS.UPDATE.color)
       }),
       response: {

backend/src/server/routes/v1/slack-router.ts

@@ -1,10 +1,10 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { SlackIntegrationsSchema, WorkflowIntegrationsSchema } from "@app/db/schemas";
 import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { getConfig } from "@app/lib/config/env";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
 
@@ -35,7 +35,12 @@ export const registerSlackRouter = async (server: FastifyZodProvider) => {
         }
       ],
       querystring: z.object({
-        slug: slugSchema({ max: 64 }),
+        slug: z
+          .string()
+          .trim()
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          }),
         description: z.string().optional()
       }),
       response: {
@@ -283,7 +288,13 @@ export const registerSlackRouter = async (server: FastifyZodProvider) => {
         id: z.string()
       }),
       body: z.object({
-        slug: slugSchema({ max: 64 }).optional(),
+        slug: z
+          .string()
+          .trim()
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .optional(),
         description: z.string().optional()
       }),
       response: {

backend/src/server/routes/v2/project-router.ts

@@ -1,3 +1,4 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import {
@@ -11,7 +12,6 @@ import { EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { InfisicalProjectTemplate } from "@app/ee/services/project-template/project-template-types";
 import { PROJECTS } from "@app/lib/api-docs";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
-import { slugSchema } from "@app/server/lib/schemas";
 import { getTelemetryDistinctId } from "@app/server/lib/telemetry";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
 import { AuthMode } from "@app/services/auth/auth-type";
@@ -27,6 +27,14 @@ const projectWithEnv = SanitizedProjectSchema.extend({
   environments: z.object({ name: z.string(), slug: z.string(), id: z.string() }).array()
 });
 
+const slugSchema = z
+  .string()
+  .min(5)
+  .max(36)
+  .refine((v) => slugify(v) === v, {
+    message: "Slug must be at least 5 character but no more than 36"
+  });
+
 export const registerProjectRouter = async (server: FastifyZodProvider) => {
   /* Get project key */
   server.route({
@@ -154,9 +162,21 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
       body: z.object({
         projectName: z.string().trim().describe(PROJECTS.CREATE.projectName),
         projectDescription: z.string().trim().optional().describe(PROJECTS.CREATE.projectDescription),
-        slug: slugSchema({ min: 5, max: 36 }).optional().describe(PROJECTS.CREATE.slug),
+        slug: z
+          .string()
+          .min(5)
+          .max(36)
+          .refine((v) => slugify(v) === v, {
+            message: "Slug must be a valid slug"
+          })
+          .optional()
+          .describe(PROJECTS.CREATE.slug),
         kmsKeyId: z.string().optional(),
-        template: slugSchema({ field: "Template Name", max: 64 })
+        template: z
+          .string()
+          .refine((v) => slugify(v) === v, {
+            message: "Template name must be in slug format"
+          })
           .optional()
           .default(InfisicalProjectTemplate.Default)
           .describe(PROJECTS.CREATE.template)
@@ -224,7 +244,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
         }
       ],
       params: z.object({
-        slug: slugSchema({ min: 5, max: 36 }).describe("The slug of the project to delete.")
+        slug: slugSchema.describe("The slug of the project to delete.")
       }),
       response: {
         200: SanitizedProjectSchema
@@ -258,7 +278,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
     },
     schema: {
       params: z.object({
-        slug: slugSchema({ min: 5, max: 36 }).describe("The slug of the project to get.")
+        slug: slugSchema.describe("The slug of the project to get.")
       }),
       response: {
         200: projectWithEnv
@@ -291,7 +311,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
     },
     schema: {
       params: z.object({
-        slug: slugSchema({ min: 5, max: 36 }).describe("The slug of the project to update.")
+        slug: slugSchema.describe("The slug of the project to update.")
       }),
       body: z.object({
         name: z.string().trim().optional().describe(PROJECTS.UPDATE.name),
@@ -334,7 +354,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
     },
     schema: {
       params: z.object({
-        slug: slugSchema({ min: 5, max: 36 }).describe(PROJECTS.LIST_CAS.slug)
+        slug: slugSchema.describe(PROJECTS.LIST_CAS.slug)
       }),
       querystring: z.object({
         status: z.enum([CaStatus.ACTIVE, CaStatus.PENDING_CERTIFICATE]).optional().describe(PROJECTS.LIST_CAS.status),
@@ -375,7 +395,7 @@ export const registerProjectRouter = async (server: FastifyZodProvider) => {
     },
     schema: {
       params: z.object({
-        slug: slugSchema({ min: 5, max: 36 }).describe(PROJECTS.LIST_CERTIFICATES.slug)
+        slug: slugSchema.describe(PROJECTS.LIST_CERTIFICATES.slug)
       }),
       querystring: z.object({
         friendlyName: z.string().optional().describe(PROJECTS.LIST_CERTIFICATES.friendlyName),

backend/src/services/integration-auth/integration-app-list.ts

@@ -1,6 +1,7 @@
 /* eslint-disable no-await-in-loop */
 import { createAppAuth } from "@octokit/auth-app";
 import { Octokit } from "@octokit/rest";
+import { Client as OctopusDeployClient, ProjectRepository as OctopusDeployRepository } from "@octopusdeploy/api-client";
 
 import { TIntegrationAuths } from "@app/db/schemas";
 import { getConfig } from "@app/lib/config/env";
@@ -1087,6 +1088,33 @@ const getAppsAzureDevOps = async ({ accessToken, orgName }: { accessToken: strin
   return apps;
 };
 
+const getAppsOctopusDeploy = async ({
+  apiKey,
+  instanceURL,
+  spaceName = "Default"
+}: {
+  apiKey: string;
+  instanceURL: string;
+  spaceName?: string;
+}) => {
+  const client = await OctopusDeployClient.create({
+    instanceURL,
+    apiKey,
+    userAgentApp: "Infisical Integration"
+  });
+
+  const repository = new OctopusDeployRepository(client, spaceName);
+
+  const projects = await repository.list({
+    take: 1000
+  });
+
+  return projects.Items.map((project) => ({
+    name: project.Name,
+    appId: project.Id
+  }));
+};
+
 export const getApps = async ({
   integration,
   integrationAuth,
@@ -1260,6 +1288,13 @@ export const getApps = async ({
         orgName: azureDevOpsOrgName as string
       });
 
+    case Integrations.OCTOPUS_DEPLOY:
+      return getAppsOctopusDeploy({
+        apiKey: accessToken,
+        instanceURL: url!,
+        spaceName: workspaceSlug
+      });
+
     default:
       throw new NotFoundError({ message: `Integration '${integration}' not found` });
   }

backend/src/services/integration-auth/integration-auth-service.ts

@@ -1,6 +1,7 @@
 import { ForbiddenError } from "@casl/ability";
 import { createAppAuth } from "@octokit/auth-app";
 import { Octokit } from "@octokit/rest";
+import { Client as OctopusClient, SpaceRepository as OctopusSpaceRepository } from "@octopusdeploy/api-client";
 import AWS from "aws-sdk";
 
 import { SecretEncryptionAlgo, SecretKeyEncoding, TIntegrationAuths, TIntegrationAuthsInsert } from "@app/db/schemas";
@@ -9,7 +10,7 @@ import { ProjectPermissionActions, ProjectPermissionSub } from "@app/ee/services
 import { getConfig } from "@app/lib/config/env";
 import { request } from "@app/lib/config/request";
 import { decryptSymmetric128BitHexKeyUTF8, encryptSymmetric128BitHexKeyUTF8 } from "@app/lib/crypto";
-import { BadRequestError, NotFoundError } from "@app/lib/errors";
+import { BadRequestError, InternalServerError, NotFoundError } from "@app/lib/errors";
 import { TGenericPermission, TProjectPermission } from "@app/lib/types";
 
 import { TIntegrationDALFactory } from "../integration/integration-dal";
@@ -20,6 +21,7 @@ import { getApps } from "./integration-app-list";
 import { TIntegrationAuthDALFactory } from "./integration-auth-dal";
 import { IntegrationAuthMetadataSchema, TIntegrationAuthMetadata } from "./integration-auth-schema";
 import {
+  OctopusDeployScope,
   TBitbucketEnvironment,
   TBitbucketWorkspace,
   TChecklyGroups,
@@ -38,6 +40,8 @@ import {
   TIntegrationAuthGithubOrgsDTO,
   TIntegrationAuthHerokuPipelinesDTO,
   TIntegrationAuthNorthflankSecretGroupDTO,
+  TIntegrationAuthOctopusDeployProjectScopeValuesDTO,
+  TIntegrationAuthOctopusDeploySpacesDTO,
   TIntegrationAuthQoveryEnvironmentsDTO,
   TIntegrationAuthQoveryOrgsDTO,
   TIntegrationAuthQoveryProjectDTO,
@@ -48,6 +52,7 @@ import {
   TIntegrationAuthVercelBranchesDTO,
   TNorthflankSecretGroup,
   TOauthExchangeDTO,
+  TOctopusDeployVariableSet,
   TSaveIntegrationAccessTokenDTO,
   TTeamCityBuildConfig,
   TVercelBranches
@@ -1521,6 +1526,88 @@ export const integrationAuthServiceFactory = ({
     return integrationAuthDAL.create(newIntegrationAuth);
   };
 
+  const getOctopusDeploySpaces = async ({
+    actorId,
+    actor,
+    actorOrgId,
+    actorAuthMethod,
+    id
+  }: TIntegrationAuthOctopusDeploySpacesDTO) => {
+    const integrationAuth = await integrationAuthDAL.findById(id);
+    if (!integrationAuth) throw new NotFoundError({ message: `Integration auth with ID '${id}' not found` });
+
+    const { permission } = await permissionService.getProjectPermission(
+      actor,
+      actorId,
+      integrationAuth.projectId,
+      actorAuthMethod,
+      actorOrgId
+    );
+    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
+    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
+    const { accessToken } = await getIntegrationAccessToken(integrationAuth, shouldUseSecretV2Bridge, botKey);
+
+    const client = await OctopusClient.create({
+      apiKey: accessToken,
+      instanceURL: integrationAuth.url!,
+      userAgentApp: "Infisical Integration"
+    });
+
+    const spaceRepository = new OctopusSpaceRepository(client);
+
+    const spaces = await spaceRepository.list({
+      partialName: "", // throws error if no string is present...
+      take: 1000
+    });
+
+    return spaces.Items;
+  };
+
+  const getOctopusDeployScopeValues = async ({
+    actorId,
+    actor,
+    actorOrgId,
+    actorAuthMethod,
+    id,
+    scope,
+    spaceId,
+    resourceId
+  }: TIntegrationAuthOctopusDeployProjectScopeValuesDTO) => {
+    const integrationAuth = await integrationAuthDAL.findById(id);
+    if (!integrationAuth) throw new NotFoundError({ message: `Integration auth with ID '${id}' not found` });
+
+    const { permission } = await permissionService.getProjectPermission(
+      actor,
+      actorId,
+      integrationAuth.projectId,
+      actorAuthMethod,
+      actorOrgId
+    );
+    ForbiddenError.from(permission).throwUnlessCan(ProjectPermissionActions.Read, ProjectPermissionSub.Integrations);
+    const { shouldUseSecretV2Bridge, botKey } = await projectBotService.getBotKey(integrationAuth.projectId);
+    const { accessToken } = await getIntegrationAccessToken(integrationAuth, shouldUseSecretV2Bridge, botKey);
+
+    let url: string;
+    switch (scope) {
+      case OctopusDeployScope.Project:
+        url = `${integrationAuth.url}/api/${spaceId}/projects/${resourceId}/variables`;
+        break;
+      // future support tenant, variable set etc.
+      default:
+        throw new InternalServerError({ message: `Unhandled Octopus Deploy scope` });
+    }
+
+    // SDK doesn't support variable set...
+    const { data: variableSet } = await request.get<TOctopusDeployVariableSet>(url, {
+      headers: {
+        "X-NuGet-ApiKey": accessToken,
+        Accept: "application/json"
+      }
+    });
+
+    return variableSet.ScopeValues;
+  };
+
   return {
     listIntegrationAuthByProjectId,
     listOrgIntegrationAuth,
@@ -1552,6 +1639,8 @@ export const integrationAuthServiceFactory = ({
     getBitbucketWorkspaces,
     getBitbucketEnvironments,
     getIntegrationAccessToken,
-    duplicateIntegrationAuth
+    duplicateIntegrationAuth,
+    getOctopusDeploySpaces,
+    getOctopusDeployScopeValues
   };
 };

backend/src/services/integration-auth/integration-auth-types.ts

@@ -193,3 +193,72 @@ export type TIntegrationsWithEnvironment = TIntegrations & {
     | null
     | undefined;
 };
+
+export type TIntegrationAuthOctopusDeploySpacesDTO = {
+  id: string;
+} & Omit<TProjectPermission, "projectId">;
+
+export type TIntegrationAuthOctopusDeployProjectScopeValuesDTO = {
+  id: string;
+  spaceId: string;
+  resourceId: string;
+  scope: OctopusDeployScope;
+} & Omit<TProjectPermission, "projectId">;
+
+export enum OctopusDeployScope {
+  Project = "project"
+  // add tenant, variable set, etc.
+}
+
+export type TOctopusDeployVariableSet = {
+  Id: string;
+  OwnerId: string;
+  Version: number;
+  Variables: {
+    Id: string;
+    Name: string;
+    Value: string;
+    Description: string;
+    Scope: {
+      Environment?: string[];
+      Machine?: string[];
+      Role?: string[];
+      TargetRole?: string[];
+      Action?: string[];
+      User?: string[];
+      Trigger?: string[];
+      ParentDeployment?: string[];
+      Private?: string[];
+      Channel?: string[];
+      TenantTag?: string[];
+      Tenant?: string[];
+      ProcessOwner?: string[];
+    };
+    IsEditable: boolean;
+    Prompt: {
+      Description: string;
+      DisplaySettings: Record<string, string>;
+      Label: string;
+      Required: boolean;
+    } | null;
+    Type: "String";
+    IsSensitive: boolean;
+  }[];
+  ScopeValues: {
+    Environments: { Id: string; Name: string }[];
+    Machines: { Id: string; Name: string }[];
+    Actions: { Id: string; Name: string }[];
+    Roles: { Id: string; Name: string }[];
+    Channels: { Id: string; Name: string }[];
+    TenantTags: { Id: string; Name: string }[];
+    Processes: {
+      ProcessType: string;
+      Id: string;
+      Name: string;
+    }[];
+  };
+  SpaceId: string;
+  Links: {
+    Self: string;
+  };
+};

backend/src/services/integration-auth/integration-list.ts

@@ -34,7 +34,8 @@ export enum Integrations {
   HASURA_CLOUD = "hasura-cloud",
   RUNDECK = "rundeck",
   AZURE_DEVOPS = "azure-devops",
-  AZURE_APP_CONFIGURATION = "azure-app-configuration"
+  AZURE_APP_CONFIGURATION = "azure-app-configuration",
+  OCTOPUS_DEPLOY = "octopus-deploy"
 }
 
 export enum IntegrationType {
@@ -413,6 +414,15 @@ export const getIntegrationOptions = async () => {
       type: "pat",
       clientId: "",
       docsLink: ""
+    },
+    {
+      name: "Octopus Deploy",
+      slug: "octopus-deploy",
+      image: "Octopus Deploy.png",
+      isAvailable: true,
+      type: "sat",
+      clientId: "",
+      docsLink: ""
     }
   ];
 

backend/src/services/integration-auth/integration-sync-secret.ts

@@ -32,14 +32,14 @@ import { z } from "zod";
 import { SecretType, TIntegrationAuths, TIntegrations } from "@app/db/schemas";
 import { getConfig } from "@app/lib/config/env";
 import { request } from "@app/lib/config/request";
-import { BadRequestError } from "@app/lib/errors";
+import { BadRequestError, InternalServerError } from "@app/lib/errors";
 import { logger } from "@app/lib/logger";
 import { TCreateManySecretsRawFn, TUpdateManySecretsRawFn } from "@app/services/secret/secret-types";
 
 import { TIntegrationDALFactory } from "../integration/integration-dal";
 import { IntegrationMetadataSchema } from "../integration/integration-schema";
 import { IntegrationAuthMetadataSchema } from "./integration-auth-schema";
-import { TIntegrationsWithEnvironment } from "./integration-auth-types";
+import { OctopusDeployScope, TIntegrationsWithEnvironment, TOctopusDeployVariableSet } from "./integration-auth-types";
 import {
   IntegrationInitialSyncBehavior,
   IntegrationMappingBehavior,
@@ -473,7 +473,7 @@ const syncSecretsAzureKeyVault = async ({
     id: string; // secret URI
     value: string;
     attributes: {
-      enabled: true;
+      enabled: boolean;
       created: number;
       updated: number;
       recoveryLevel: string;
@@ -509,10 +509,19 @@ const syncSecretsAzureKeyVault = async ({
 
   const getAzureKeyVaultSecrets = await paginateAzureKeyVaultSecrets(`${integration.app}/secrets?api-version=7.3`);
 
+  const enabledAzureKeyVaultSecrets = getAzureKeyVaultSecrets.filter((secret) => secret.attributes.enabled);
+
+  // disabled keys to skip sending updates to
+  const disabledAzureKeyVaultSecretKeys = getAzureKeyVaultSecrets
+    .filter(({ attributes }) => !attributes.enabled)
+    .map((getAzureKeyVaultSecret) => {
+      return getAzureKeyVaultSecret.id.substring(getAzureKeyVaultSecret.id.lastIndexOf("/") + 1);
+    });
+
   let lastSlashIndex: number;
   const res = (
     await Promise.all(
-      getAzureKeyVaultSecrets.map(async (getAzureKeyVaultSecret) => {
+      enabledAzureKeyVaultSecrets.map(async (getAzureKeyVaultSecret) => {
         if (!lastSlashIndex) {
           lastSlashIndex = getAzureKeyVaultSecret.id.lastIndexOf("/");
         }
@@ -658,6 +667,7 @@ const syncSecretsAzureKeyVault = async ({
   }) => {
     let isSecretSet = false;
     let maxTries = 6;
+    if (disabledAzureKeyVaultSecretKeys.includes(key)) return;
 
     while (!isSecretSet && maxTries > 0) {
       // try to set secret
@@ -4201,6 +4211,61 @@ const syncSecretsRundeck = async ({
   }
 };
 
+const syncSecretsOctopusDeploy = async ({
+  integration,
+  integrationAuth,
+  secrets,
+  accessToken
+}: {
+  integration: TIntegrations;
+  integrationAuth: TIntegrationAuths;
+  secrets: Record<string, { value: string; comment?: string }>;
+  accessToken: string;
+}) => {
+  let url: string;
+  switch (integration.scope) {
+    case OctopusDeployScope.Project:
+      url = `${integrationAuth.url}/api/${integration.targetEnvironmentId}/projects/${integration.appId}/variables`;
+      break;
+    // future support tenant, variable set, etc.
+    default:
+      throw new InternalServerError({ message: `Unhandled Octopus Deploy scope: ${integration.scope}` });
+  }
+
+  // SDK doesn't support variable set...
+  const { data: variableSet } = await request.get<TOctopusDeployVariableSet>(url, {
+    headers: {
+      "X-NuGet-ApiKey": accessToken,
+      Accept: "application/json"
+    }
+  });
+
+  await request.put(
+    url,
+    {
+      ...variableSet,
+      Variables: Object.entries(secrets).map(([key, value]) => ({
+        Name: key,
+        Value: value.value,
+        Description: value.comment ?? "",
+        Scope:
+          (integration.metadata as { octopusDeployScopeValues: TOctopusDeployVariableSet["ScopeValues"] })
+            ?.octopusDeployScopeValues ?? {},
+        IsEditable: false,
+        Prompt: null,
+        Type: "String",
+        IsSensitive: true
+      }))
+    } as unknown as TOctopusDeployVariableSet,
+    {
+      headers: {
+        "X-NuGet-ApiKey": accessToken,
+        Accept: "application/json"
+      }
+    }
+  );
+};
+
 /**
  * Sync/push [secrets] to [app] in integration named [integration]
  *
@@ -4513,6 +4578,14 @@ export const syncIntegrationSecrets = async ({
         accessToken
       });
       break;
+    case Integrations.OCTOPUS_DEPLOY:
+      await syncSecretsOctopusDeploy({
+        integration,
+        integrationAuth,
+        secrets,
+        accessToken
+      });
+      break;
     default:
       throw new BadRequestError({ message: "Invalid integration" });
   }

backend/src/services/integration/integration-schema.ts

@@ -46,5 +46,18 @@ export const IntegrationMetadataSchema = z.object({
   shouldDisableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldDisableDelete),
   shouldEnableDelete: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldEnableDelete),
   shouldMaskSecrets: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldMaskSecrets),
-  shouldProtectSecrets: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldProtectSecrets)
+  shouldProtectSecrets: z.boolean().optional().describe(INTEGRATION.CREATE.metadata.shouldProtectSecrets),
+
+  octopusDeployScopeValues: z
+    .object({
+      // in Octopus Deploy Scope Value Format
+      Environment: z.string().array().optional(),
+      Action: z.string().array().optional(),
+      Channel: z.string().array().optional(),
+      Machine: z.string().array().optional(),
+      ProcessOwner: z.string().array().optional(),
+      Role: z.string().array().optional()
+    })
+    .optional()
+    .describe(INTEGRATION.CREATE.metadata.octopusDeployScopeValues)
 });

cli/go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/fatih/semgroup v1.2.0
 	github.com/gitleaks/go-gitdiff v0.8.0
 	github.com/h2non/filetype v1.1.3
-	github.com/infisical/go-sdk v0.3.8
+	github.com/infisical/go-sdk v0.4.3
 	github.com/mattn/go-isatty v0.0.20
 	github.com/muesli/ansi v0.0.0-20221106050444-61f0cd9a192a
 	github.com/muesli/mango-cobra v1.2.0

cli/go.sum

@@ -265,8 +265,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/infisical/go-sdk v0.3.8 h1:0dGOhF3cwt0q5QzpnUs4lxwBiEza+DQYOyvEn7AfrM0=
-github.com/infisical/go-sdk v0.3.8/go.mod h1:HHW7DgUqoolyQIUw/9HdpkZ3bDLwWyZ0HEtYiVaDKQw=
+github.com/infisical/go-sdk v0.4.3 h1:O5ZJ2eCBAZDE9PIAfBPq9Utb2CgQKrhmj9R0oFTRu4U=
+github.com/infisical/go-sdk v0.4.3/go.mod h1:6fWzAwTPIoKU49mQ2Oxu+aFnJu9n7k2JcNrZjzhHM2M=
 github.com/jedib0t/go-pretty v4.3.0+incompatible h1:CGs8AVhEKg/n9YbUenWmNStRW2PHJzaeDodcfvRAbIo=
 github.com/jedib0t/go-pretty v4.3.0+incompatible/go.mod h1:XemHduiw8R651AF9Pt4FwCTKeG3oo7hrHJAoznj9nag=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=

cli/packages/api/api.go

@@ -205,6 +205,25 @@ func CallGetAllWorkSpacesUserBelongsTo(httpClient *resty.Client) (GetWorkSpacesR
 	return workSpacesResponse, nil
 }
 
+func CallGetProjectById(httpClient *resty.Client, id string) (Project, error) {
+	var projectResponse GetProjectByIdResponse
+	response, err := httpClient.
+		R().
+		SetResult(&projectResponse).
+		SetHeader("User-Agent", USER_AGENT).
+		Get(fmt.Sprintf("%v/v1/workspace/%s", config.INFISICAL_URL, id))
+
+	if err != nil {
+		return Project{}, err
+	}
+
+	if response.IsError() {
+		return Project{}, fmt.Errorf("CallGetProjectById: Unsuccessful response:  [response=%v]", response)
+	}
+
+	return projectResponse.Project, nil
+}
+
 func CallIsAuthenticated(httpClient *resty.Client) bool {
 	var workSpacesResponse GetWorkSpacesResponse
 	response, err := httpClient.

cli/packages/api/model.go

@@ -128,6 +128,10 @@ type GetWorkSpacesResponse struct {
 	} `json:"workspaces"`
 }
 
+type GetProjectByIdResponse struct {
+	Project Project `json:"workspace"`
+}
+
 type GetOrganizationsResponse struct {
 	Organizations []struct {
 		ID   string `json:"id"`
@@ -163,6 +167,12 @@ type Secret struct {
 	PlainTextKey            string `json:"plainTextKey"`
 }
 
+type Project struct {
+	ID   string `json:"id"`
+	Name string `json:"name"`
+	Slug string `json:"slug"`
+}
+
 type RawSecret struct {
 	SecretKey     string `json:"secretKey,omitempty"`
 	SecretValue   string `json:"secretValue,omitempty"`

cli/packages/cmd/dynamic_secrets.go

@@ -0,0 +1,571 @@
+/*
+Copyright (c) 2023 Infisical Inc.
+*/
+package cmd
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/Infisical/infisical-merge/packages/api"
+	"github.com/Infisical/infisical-merge/packages/config"
+	"github.com/Infisical/infisical-merge/packages/visualize"
+
+	// "github.com/Infisical/infisical-merge/packages/models"
+	"github.com/Infisical/infisical-merge/packages/util"
+	// "github.com/Infisical/infisical-merge/packages/visualize"
+	"github.com/go-resty/resty/v2"
+	"github.com/posthog/posthog-go"
+	"github.com/spf13/cobra"
+
+	infisicalSdk "github.com/infisical/go-sdk"
+	infisicalSdkModels "github.com/infisical/go-sdk/packages/models"
+)
+
+var dynamicSecretCmd = &cobra.Command{
+	Example:               `infisical dynamic-secrets`,
+	Short:                 "Used to list dynamic secrets",
+	Use:                   "dynamic-secrets",
+	DisableFlagsInUseLine: true,
+	Args:                  cobra.NoArgs,
+	Run:                   getDynamicSecretList,
+}
+
+func getDynamicSecretList(cmd *cobra.Command, args []string) {
+	environmentName, _ := cmd.Flags().GetString("env")
+	if !cmd.Flags().Changed("env") {
+		environmentFromWorkspace := util.GetEnvFromWorkspaceFile()
+		if environmentFromWorkspace != "" {
+			environmentName = environmentFromWorkspace
+		}
+	}
+
+	token, err := util.GetInfisicalToken(cmd)
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	projectId, err := cmd.Flags().GetString("projectId")
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	secretsPath, err := cmd.Flags().GetString("path")
+	if err != nil {
+		util.HandleError(err, "Unable to parse path flag")
+	}
+
+	var infisicalToken string
+	httpClient := resty.New()
+
+	if projectId == "" {
+		workspaceFile, err := util.GetWorkSpaceFromFile()
+		if err != nil {
+			util.HandleError(err, "Unable to get local project details")
+		}
+		projectId = workspaceFile.WorkspaceId
+	}
+
+	if token != nil && (token.Type == util.SERVICE_TOKEN_IDENTIFIER || token.Type == util.UNIVERSAL_AUTH_TOKEN_IDENTIFIER) {
+		infisicalToken = token.Token
+	} else {
+		util.RequireLogin()
+		util.RequireLocalWorkspaceFile()
+
+		loggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
+		if err != nil {
+			util.HandleError(err, "Unable to authenticate")
+		}
+
+		if loggedInUserDetails.LoginExpired {
+			util.PrintErrorMessageAndExit("Your login session has expired, please run [infisical login] and try again")
+		}
+		infisicalToken = loggedInUserDetails.UserCredentials.JTWToken
+	}
+
+	httpClient.SetAuthToken(infisicalToken)
+
+	infisicalClient := infisicalSdk.NewInfisicalClient(context.Background(), infisicalSdk.Config{
+		SiteUrl:          config.INFISICAL_URL,
+		UserAgent:        api.USER_AGENT,
+		AutoTokenRefresh: false,
+	})
+	infisicalClient.Auth().SetAccessToken(infisicalToken)
+
+	projectDetails, err := api.CallGetProjectById(httpClient, projectId)
+	if err != nil {
+		util.HandleError(err, "To fetch project details")
+	}
+
+	dynamicSecretRootCredentials, err := infisicalClient.DynamicSecrets().List(infisicalSdk.ListDynamicSecretsRootCredentialsOptions{
+		ProjectSlug:     projectDetails.Slug,
+		SecretPath:      secretsPath,
+		EnvironmentSlug: environmentName,
+	})
+
+	if err != nil {
+		util.HandleError(err, "To fetch dynamic secret root credentials details")
+	}
+
+	visualize.PrintAllDynamicRootCredentials(dynamicSecretRootCredentials)
+	Telemetry.CaptureEvent("cli-command:dynamic-secrets", posthog.NewProperties().Set("count", len(dynamicSecretRootCredentials)).Set("version", util.CLI_VERSION))
+}
+
+var dynamicSecretLeaseCmd = &cobra.Command{
+	Example:               `lease`,
+	Short:                 "Manage leases for dynamic secrets",
+	Use:                   "lease",
+	DisableFlagsInUseLine: true,
+}
+
+var dynamicSecretLeaseCreateCmd = &cobra.Command{
+	Example:               `lease create <dynamic secret name>"`,
+	Short:                 "Used to lease dynamic secret by name",
+	Use:                   "create [dynamic-secret]",
+	DisableFlagsInUseLine: true,
+	Args:                  cobra.ExactArgs(1),
+	Run:                   createDynamicSecretLeaseByName,
+}
+
+func createDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
+	dynamicSecretRootCredentialName := args[0]
+
+	environmentName, _ := cmd.Flags().GetString("env")
+	if !cmd.Flags().Changed("env") {
+		environmentFromWorkspace := util.GetEnvFromWorkspaceFile()
+		if environmentFromWorkspace != "" {
+			environmentName = environmentFromWorkspace
+		}
+	}
+
+	token, err := util.GetInfisicalToken(cmd)
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	projectId, err := cmd.Flags().GetString("projectId")
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	ttl, err := cmd.Flags().GetString("ttl")
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	secretsPath, err := cmd.Flags().GetString("path")
+	if err != nil {
+		util.HandleError(err, "Unable to parse path flag")
+	}
+
+	plainOutput, err := cmd.Flags().GetBool("plain")
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	var infisicalToken string
+	httpClient := resty.New()
+
+	if projectId == "" {
+		workspaceFile, err := util.GetWorkSpaceFromFile()
+		if err != nil {
+			util.HandleError(err, "Unable to get local project details")
+		}
+		projectId = workspaceFile.WorkspaceId
+	}
+
+	if token != nil && (token.Type == util.SERVICE_TOKEN_IDENTIFIER || token.Type == util.UNIVERSAL_AUTH_TOKEN_IDENTIFIER) {
+		infisicalToken = token.Token
+	} else {
+		util.RequireLogin()
+		util.RequireLocalWorkspaceFile()
+
+		loggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
+		if err != nil {
+			util.HandleError(err, "Unable to authenticate")
+		}
+
+		if loggedInUserDetails.LoginExpired {
+			util.PrintErrorMessageAndExit("Your login session has expired, please run [infisical login] and try again")
+		}
+		infisicalToken = loggedInUserDetails.UserCredentials.JTWToken
+	}
+
+	httpClient.SetAuthToken(infisicalToken)
+
+	infisicalClient := infisicalSdk.NewInfisicalClient(context.Background(), infisicalSdk.Config{
+		SiteUrl:          config.INFISICAL_URL,
+		UserAgent:        api.USER_AGENT,
+		AutoTokenRefresh: false,
+	})
+	infisicalClient.Auth().SetAccessToken(infisicalToken)
+
+	projectDetails, err := api.CallGetProjectById(httpClient, projectId)
+	if err != nil {
+		util.HandleError(err, "To fetch project details")
+	}
+
+	dynamicSecretRootCredential, err := infisicalClient.DynamicSecrets().GetByName(infisicalSdk.GetDynamicSecretRootCredentialByNameOptions{
+		DynamicSecretName: dynamicSecretRootCredentialName,
+		ProjectSlug:       projectDetails.Slug,
+		SecretPath:        secretsPath,
+		EnvironmentSlug:   environmentName,
+	})
+
+	if err != nil {
+		util.HandleError(err, "To fetch dynamic secret root credentials details")
+	}
+
+	leaseCredentials, _, leaseDetails, err := infisicalClient.DynamicSecrets().Leases().Create(infisicalSdk.CreateDynamicSecretLeaseOptions{
+		DynamicSecretName: dynamicSecretRootCredential.Name,
+		ProjectSlug:       projectDetails.Slug,
+		TTL:               ttl,
+		SecretPath:        secretsPath,
+		EnvironmentSlug:   environmentName,
+	})
+	if err != nil {
+		util.HandleError(err, "To lease dynamic secret")
+	}
+
+	if plainOutput {
+		for key, value := range leaseCredentials {
+			if cred, ok := value.(string); ok {
+				fmt.Printf("%s=%s\n", key, cred)
+			}
+		}
+	} else {
+		fmt.Println("Dynamic Secret Leasing")
+		fmt.Printf("Name: %s\n", dynamicSecretRootCredential.Name)
+		fmt.Printf("Provider: %s\n", dynamicSecretRootCredential.Type)
+		fmt.Printf("Lease ID: %s\n", leaseDetails.Id)
+		fmt.Printf("Expire At: %s\n", leaseDetails.ExpireAt.Local().Format("02-Jan-2006 03:04:05 PM"))
+		visualize.PrintAllDyamicSecretLeaseCredentials(leaseCredentials)
+	}
+
+	Telemetry.CaptureEvent("cli-command:dynamic-secrets lease", posthog.NewProperties().Set("type", dynamicSecretRootCredential.Type).Set("version", util.CLI_VERSION))
+}
+
+var dynamicSecretLeaseRenewCmd = &cobra.Command{
+	Example:               `lease renew <dynamic secret name>"`,
+	Short:                 "Used to renew dynamic secret lease by name",
+	Use:                   "renew [lease-id]",
+	DisableFlagsInUseLine: true,
+	Args:                  cobra.ExactArgs(1),
+	Run:                   renewDynamicSecretLeaseByName,
+}
+
+func renewDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
+	dynamicSecretLeaseId := args[0]
+
+	environmentName, _ := cmd.Flags().GetString("env")
+	if !cmd.Flags().Changed("env") {
+		environmentFromWorkspace := util.GetEnvFromWorkspaceFile()
+		if environmentFromWorkspace != "" {
+			environmentName = environmentFromWorkspace
+		}
+	}
+
+	token, err := util.GetInfisicalToken(cmd)
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	projectId, err := cmd.Flags().GetString("projectId")
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	ttl, err := cmd.Flags().GetString("ttl")
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	secretsPath, err := cmd.Flags().GetString("path")
+	if err != nil {
+		util.HandleError(err, "Unable to parse path flag")
+	}
+
+	var infisicalToken string
+	httpClient := resty.New()
+
+	if projectId == "" {
+		workspaceFile, err := util.GetWorkSpaceFromFile()
+		if err != nil {
+			util.HandleError(err, "Unable to get local project details")
+		}
+		projectId = workspaceFile.WorkspaceId
+	}
+
+	if token != nil && (token.Type == util.SERVICE_TOKEN_IDENTIFIER || token.Type == util.UNIVERSAL_AUTH_TOKEN_IDENTIFIER) {
+		infisicalToken = token.Token
+	} else {
+		util.RequireLogin()
+		util.RequireLocalWorkspaceFile()
+
+		loggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
+		if err != nil {
+			util.HandleError(err, "Unable to authenticate")
+		}
+
+		if loggedInUserDetails.LoginExpired {
+			util.PrintErrorMessageAndExit("Your login session has expired, please run [infisical login] and try again")
+		}
+		infisicalToken = loggedInUserDetails.UserCredentials.JTWToken
+	}
+
+	httpClient.SetAuthToken(infisicalToken)
+
+	infisicalClient := infisicalSdk.NewInfisicalClient(context.Background(), infisicalSdk.Config{
+		SiteUrl:          config.INFISICAL_URL,
+		UserAgent:        api.USER_AGENT,
+		AutoTokenRefresh: false,
+	})
+	infisicalClient.Auth().SetAccessToken(infisicalToken)
+
+	projectDetails, err := api.CallGetProjectById(httpClient, projectId)
+	if err != nil {
+		util.HandleError(err, "To fetch project details")
+	}
+
+	if err != nil {
+		util.HandleError(err, "To fetch dynamic secret root credentials details")
+	}
+
+	leaseDetails, err := infisicalClient.DynamicSecrets().Leases().RenewById(infisicalSdk.RenewDynamicSecretLeaseOptions{
+		ProjectSlug:     projectDetails.Slug,
+		TTL:             ttl,
+		SecretPath:      secretsPath,
+		EnvironmentSlug: environmentName,
+		LeaseId:         dynamicSecretLeaseId,
+	})
+	if err != nil {
+		util.HandleError(err, "To renew dynamic secret lease")
+	}
+
+	fmt.Println("Successfully renewed dynamic secret lease")
+	visualize.PrintAllDynamicSecretLeases([]infisicalSdkModels.DynamicSecretLease{leaseDetails})
+
+	Telemetry.CaptureEvent("cli-command:dynamic-secrets lease renew", posthog.NewProperties().Set("version", util.CLI_VERSION))
+}
+
+var dynamicSecretLeaseRevokeCmd = &cobra.Command{
+	Example:               `lease delete <dynamic secret name>"`,
+	Short:                 "Used to delete dynamic secret lease by name",
+	Use:                   "delete [lease-id]",
+	DisableFlagsInUseLine: true,
+	Args:                  cobra.ExactArgs(1),
+	Run:                   revokeDynamicSecretLeaseByName,
+}
+
+func revokeDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
+	dynamicSecretLeaseId := args[0]
+
+	environmentName, _ := cmd.Flags().GetString("env")
+	if !cmd.Flags().Changed("env") {
+		environmentFromWorkspace := util.GetEnvFromWorkspaceFile()
+		if environmentFromWorkspace != "" {
+			environmentName = environmentFromWorkspace
+		}
+	}
+
+	token, err := util.GetInfisicalToken(cmd)
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	projectId, err := cmd.Flags().GetString("projectId")
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	secretsPath, err := cmd.Flags().GetString("path")
+	if err != nil {
+		util.HandleError(err, "Unable to parse path flag")
+	}
+
+	var infisicalToken string
+	httpClient := resty.New()
+
+	if projectId == "" {
+		workspaceFile, err := util.GetWorkSpaceFromFile()
+		if err != nil {
+			util.HandleError(err, "Unable to get local project details")
+		}
+		projectId = workspaceFile.WorkspaceId
+	}
+
+	if token != nil && (token.Type == util.SERVICE_TOKEN_IDENTIFIER || token.Type == util.UNIVERSAL_AUTH_TOKEN_IDENTIFIER) {
+		infisicalToken = token.Token
+	} else {
+		util.RequireLogin()
+		util.RequireLocalWorkspaceFile()
+
+		loggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
+		if err != nil {
+			util.HandleError(err, "Unable to authenticate")
+		}
+
+		if loggedInUserDetails.LoginExpired {
+			util.PrintErrorMessageAndExit("Your login session has expired, please run [infisical login] and try again")
+		}
+		infisicalToken = loggedInUserDetails.UserCredentials.JTWToken
+	}
+
+	httpClient.SetAuthToken(infisicalToken)
+
+	infisicalClient := infisicalSdk.NewInfisicalClient(context.Background(), infisicalSdk.Config{
+		SiteUrl:          config.INFISICAL_URL,
+		UserAgent:        api.USER_AGENT,
+		AutoTokenRefresh: false,
+	})
+	infisicalClient.Auth().SetAccessToken(infisicalToken)
+
+	projectDetails, err := api.CallGetProjectById(httpClient, projectId)
+	if err != nil {
+		util.HandleError(err, "To fetch project details")
+	}
+
+	if err != nil {
+		util.HandleError(err, "To fetch dynamic secret root credentials details")
+	}
+
+	leaseDetails, err := infisicalClient.DynamicSecrets().Leases().DeleteById(infisicalSdk.DeleteDynamicSecretLeaseOptions{
+		ProjectSlug:     projectDetails.Slug,
+		SecretPath:      secretsPath,
+		EnvironmentSlug: environmentName,
+		LeaseId:         dynamicSecretLeaseId,
+	})
+	if err != nil {
+		util.HandleError(err, "To revoke  dynamic secret lease")
+	}
+
+	fmt.Println("Successfully revoked dynamic secret lease")
+	visualize.PrintAllDynamicSecretLeases([]infisicalSdkModels.DynamicSecretLease{leaseDetails})
+
+	Telemetry.CaptureEvent("cli-command:dynamic-secrets lease revoke", posthog.NewProperties().Set("version", util.CLI_VERSION))
+}
+
+var dynamicSecretLeaseListCmd = &cobra.Command{
+	Example:               `lease list <dynamic secret name>"`,
+	Short:                 "Used to list leases of a dynamic secret by name",
+	Use:                   "list [dynamic-secret]",
+	DisableFlagsInUseLine: true,
+	Args:                  cobra.ExactArgs(1),
+	Run:                   listDynamicSecretLeaseByName,
+}
+
+func listDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
+	dynamicSecretRootCredentialName := args[0]
+
+	environmentName, _ := cmd.Flags().GetString("env")
+	if !cmd.Flags().Changed("env") {
+		environmentFromWorkspace := util.GetEnvFromWorkspaceFile()
+		if environmentFromWorkspace != "" {
+			environmentName = environmentFromWorkspace
+		}
+	}
+
+	token, err := util.GetInfisicalToken(cmd)
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	projectId, err := cmd.Flags().GetString("projectId")
+	if err != nil {
+		util.HandleError(err, "Unable to parse flag")
+	}
+
+	secretsPath, err := cmd.Flags().GetString("path")
+	if err != nil {
+		util.HandleError(err, "Unable to parse path flag")
+	}
+
+	var infisicalToken string
+	httpClient := resty.New()
+
+	if projectId == "" {
+		workspaceFile, err := util.GetWorkSpaceFromFile()
+		if err != nil {
+			util.HandleError(err, "Unable to get local project details")
+		}
+		projectId = workspaceFile.WorkspaceId
+	}
+
+	if token != nil && (token.Type == util.SERVICE_TOKEN_IDENTIFIER || token.Type == util.UNIVERSAL_AUTH_TOKEN_IDENTIFIER) {
+		infisicalToken = token.Token
+	} else {
+		util.RequireLogin()
+		util.RequireLocalWorkspaceFile()
+
+		loggedInUserDetails, err := util.GetCurrentLoggedInUserDetails()
+		if err != nil {
+			util.HandleError(err, "Unable to authenticate")
+		}
+
+		if loggedInUserDetails.LoginExpired {
+			util.PrintErrorMessageAndExit("Your login session has expired, please run [infisical login] and try again")
+		}
+		infisicalToken = loggedInUserDetails.UserCredentials.JTWToken
+	}
+
+	httpClient.SetAuthToken(infisicalToken)
+
+	infisicalClient := infisicalSdk.NewInfisicalClient(context.Background(), infisicalSdk.Config{
+		SiteUrl:          config.INFISICAL_URL,
+		UserAgent:        api.USER_AGENT,
+		AutoTokenRefresh: false,
+	})
+	infisicalClient.Auth().SetAccessToken(infisicalToken)
+
+	projectDetails, err := api.CallGetProjectById(httpClient, projectId)
+	if err != nil {
+		util.HandleError(err, "To fetch project details")
+	}
+
+	dynamicSecretLeases, err := infisicalClient.DynamicSecrets().Leases().List(infisicalSdk.ListDynamicSecretLeasesOptions{
+		DynamicSecretName: dynamicSecretRootCredentialName,
+		ProjectSlug:       projectDetails.Slug,
+		SecretPath:        secretsPath,
+		EnvironmentSlug:   environmentName,
+	})
+
+	if err != nil {
+		util.HandleError(err, "To fetch dynamic secret leases list")
+	}
+
+	visualize.PrintAllDynamicSecretLeases(dynamicSecretLeases)
+	Telemetry.CaptureEvent("cli-command:dynamic-secrets lease list", posthog.NewProperties().Set("lease-count", len(dynamicSecretLeases)).Set("version", util.CLI_VERSION))
+}
+
+func init() {
+	dynamicSecretLeaseCreateCmd.Flags().StringP("path", "p", "/", "The path from where dynamic secret should be leased from")
+	dynamicSecretLeaseCreateCmd.Flags().String("token", "", "Create dynamic secret leases using machine identity access token")
+	dynamicSecretLeaseCreateCmd.Flags().String("projectId", "", "Manually set the projectId to fetch leased from when using machine identity based auth")
+	dynamicSecretLeaseCreateCmd.Flags().String("ttl", "", "The lease lifetime TTL. If not provided the default TTL of dynamic secret will be used.")
+	dynamicSecretLeaseCreateCmd.Flags().Bool("plain", false, "Print leased credentials without formatting, one per line")
+	dynamicSecretLeaseCmd.AddCommand(dynamicSecretLeaseCreateCmd)
+
+	dynamicSecretLeaseListCmd.Flags().StringP("path", "p", "/", "The path from where dynamic secret should be leased from")
+	dynamicSecretLeaseListCmd.Flags().String("token", "", "Fetch dynamic secret leases machine identity access token")
+	dynamicSecretLeaseListCmd.Flags().String("projectId", "", "Manually set the projectId to fetch leased from when using machine identity based auth")
+	dynamicSecretLeaseCmd.AddCommand(dynamicSecretLeaseListCmd)
+
+	dynamicSecretLeaseRenewCmd.Flags().StringP("path", "p", "/", "The path from where dynamic secret should be leased from")
+	dynamicSecretLeaseRenewCmd.Flags().String("token", "", "Renew dynamic secrets machine identity access token")
+	dynamicSecretLeaseRenewCmd.Flags().String("projectId", "", "Manually set the projectId to fetch leased from when using machine identity based auth")
+	dynamicSecretLeaseRenewCmd.Flags().String("ttl", "", "The lease lifetime TTL. If not provided the default TTL of dynamic secret will be used.")
+	dynamicSecretLeaseCmd.AddCommand(dynamicSecretLeaseRenewCmd)
+
+	dynamicSecretLeaseRevokeCmd.Flags().StringP("path", "p", "/", "The path from where dynamic secret should be leased from")
+	dynamicSecretLeaseRevokeCmd.Flags().String("token", "", "Delete dynamic secrets using machine identity access token")
+	dynamicSecretLeaseRevokeCmd.Flags().String("projectId", "", "Manually set the projectId to fetch leased from when using machine identity based auth")
+	dynamicSecretLeaseCmd.AddCommand(dynamicSecretLeaseRevokeCmd)
+
+	dynamicSecretCmd.AddCommand(dynamicSecretLeaseCmd)
+
+	dynamicSecretCmd.Flags().String("token", "", "Fetch secrets using service token or machine identity access token")
+	dynamicSecretCmd.Flags().String("projectId", "", "Manually set the projectId to fetch dynamic-secret when using machine identity based auth")
+	dynamicSecretCmd.PersistentFlags().String("env", "dev", "Used to select the environment name on which actions should be taken on")
+	dynamicSecretCmd.Flags().String("path", "/", "get dynamic secret within a folder path")
+	rootCmd.AddCommand(dynamicSecretCmd)
+}

cli/packages/visualize/dynamic_secret_leases.go

@@ -0,0 +1,39 @@
+package visualize
+
+import infisicalModels "github.com/infisical/go-sdk/packages/models"
+
+func PrintAllDyamicSecretLeaseCredentials(leaseCredentials map[string]any) {
+	rows := [][]string{}
+	for key, value := range leaseCredentials {
+		if cred, ok := value.(string); ok {
+			rows = append(rows, []string{key, cred})
+		}
+	}
+
+	headers := []string{"Key", "Value"}
+
+	GenericTable(headers, rows)
+}
+
+func PrintAllDynamicRootCredentials(dynamicRootCredentials []infisicalModels.DynamicSecret) {
+	rows := [][]string{}
+	for _, el := range dynamicRootCredentials {
+		rows = append(rows, []string{el.Name, el.Type, el.DefaultTTL, el.MaxTTL})
+	}
+
+	headers := []string{"Name", "Provider", "Default TTL", "Max TTL"}
+
+	GenericTable(headers, rows)
+}
+
+func PrintAllDynamicSecretLeases(dynamicSecretLeases []infisicalModels.DynamicSecretLease) {
+	rows := [][]string{}
+	const timeformat = "02-Jan-2006 03:04:05 PM"
+	for _, el := range dynamicSecretLeases {
+		rows = append(rows, []string{el.Id, el.ExpireAt.Local().Format(timeformat), el.CreatedAt.Local().Format(timeformat)})
+	}
+
+	headers := []string{"ID", "Expire At", "Created At"}
+
+	GenericTable(headers, rows)
+}

cli/packages/visualize/visualize.go

@@ -94,6 +94,33 @@ func getLongestValues(rows [][3]string) (longestSecretName, longestSecretType in
 	return
 }
 
+func GenericTable(headers []string, rows [][]string) {
+	t := table.NewWriter()
+	t.SetOutputMirror(os.Stdout)
+	t.SetStyle(table.StyleLight)
+
+	// t.SetTitle(tableOptions.Title)
+	t.Style().Options.DrawBorder = true
+	t.Style().Options.SeparateHeader = true
+	t.Style().Options.SeparateColumns = true
+
+	tableHeaders := table.Row{}
+	for _, header := range headers {
+		tableHeaders = append(tableHeaders, header)
+	}
+
+	t.AppendHeader(tableHeaders)
+	for _, row := range rows {
+		tableRow := table.Row{}
+		for _, val := range row {
+			tableRow = append(tableRow, val)
+		}
+		t.AppendRow(tableRow)
+	}
+
+	t.Render()
+}
+
 // stringWidth returns the width of a string.
 // ANSI escape sequences are ignored and double-width characters are handled correctly.
 func stringWidth(str string) (width int) {

company/handbook/time-off.mdx

@@ -12,6 +12,18 @@ To request time off, just submit a request in Rippling and let Maidul know at le
 
 Since Infisical's team is globally distributed, it is hard for us to keep track of all the various national holidays across many different countries. Whether you'd like to celebrate Christmas or National Brisket Day (which, by the way, is on May 28th), you are welcome to take PTO on those days – just let Maidul know at least a week ahead so that we can adjust our planning. 
 
-## Winter Break 
+## Winter break 
 
-Every year, Infisical team goes on a company-wide vacation during winter holidays. This year, the winter break period starts on December 21st, 2024 and ends on January 5th, 2025. You should expect to do no scheduled work during this period, but we will have a rotation process for [high and urgent service disruptions](https://infisical.com/sla). 
+Every year, Infisical team goes on a company-wide vacation during winter holidays. This year, the winter break period starts on December 21st, 2024 and ends on January 5th, 2025. You should expect to do no scheduled work during this period, but we will have a rotation process for [high and urgent service disruptions](https://infisical.com/sla). 
+
+## Parental leave
+
+At Infisical, we recognize that parental leave is a special and important time, significantly different from a typical vacation. We’re proud to offer parental leave to everyone, regardless of gender, and whether you’ve become a parent through childbirth or adoption.
+
+For team members who have been with Infisical for over a year by the time of your child’s birth or adoption, you are eligible for up to 12 weeks of paid parental leave. This leave will be provided in one continuous block to allow you uninterrupted time with your family. If you have been with Infisical for less than a year, we will follow the parental leave provisions required by your local jurisdiction.
+
+While we trust your judgment, parental leave is intended to be a distinct benefit and is not designed to be combined with our unlimited PTO policy. To ensure fairness and balance, we generally discourage combining parental leave with an extended vacation.
+
+When you’re ready, please notify Maidul about your plans for parental leave, ideally at least four months in advance. This allows us to support you fully and arrange any necessary logistics, including salary adjustments and statutory paperwork.
+
+We’re here to support you as you embark on this exciting new chapter in your life!

docs/cli/commands/dynamic-secrets.mdx

@@ -0,0 +1,295 @@
+---
+title: "infisical dynamic-secrets"
+description: "Perform dynamic secret operations directly with the CLI"
+---
+
+```
+infisical dynamic-secrets
+```
+
+## Description
+
+Dynamic secrets are unique secrets generated on demand based on the provided configuration settings. For more details, refer to [dynamics secrets section](/documentation/platform/dynamic-secrets/overview).
+
+This command enables you to perform list, lease, renew lease, and revoke lease operations on dynamic secrets within your Infisical project.
+
+### Sub-commands
+
+<Accordion title="infisical dynamic-secrets">
+  Use this command to print out all of the dynamic secrets in your project.
+
+```bash
+$ infisical dynamic-secrets
+```
+
+### Environment variables
+
+<Accordion title="INFISICAL_TOKEN">
+  Used to fetch dynamic secrets via a [machine identity](/documentation/platform/identities/machine-identities) instead of logged-in credentials. Simply, export this variable in the terminal before running this command.
+
+```bash
+# Example
+export INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id=<identity-client-id> --client-secret=<identity-client-secret> --silent --plain) # --plain flag will output only the token, so it can be fed to an environment variable. --silent will disable any update messages.
+```
+
+</Accordion>
+
+<Accordion title="INFISICAL_DISABLE_UPDATE_CHECK">
+  Used to disable the check for new CLI versions. This can improve the time it takes to run this command. Recommended for production environments.
+
+To use, simply export this variable in the terminal before running this command.
+
+```bash
+# Example
+export INFISICAL_DISABLE_UPDATE_CHECK=true
+```
+
+</Accordion>
+
+### Flags
+
+<Accordion title="--projectId">
+  The project ID to fetch dynamic secrets from. This is required when using a machine identity to authenticate.
+
+```bash
+# Example
+infisical dynamic-secrets --projectId=<project-id>
+```
+
+</Accordion>
+
+<Accordion title="--token">
+  The authenticated token to fetch dynamic secrets from. This is required when using a machine identity to authenticate.
+
+```bash
+# Example
+infisical dynamic-secrets --token=<token>
+```
+
+</Accordion>
+
+<Accordion title="--env">
+  Used to select the environment name on which actions should be taken. Default
+  value: `dev`
+</Accordion>
+
+<Accordion title="--path">
+  Use to select the project folder on which dynamic secrets will be accessed.
+
+```bash
+# Example
+infisical dynamic-secrets --path="/" --env=dev
+```
+
+</Accordion>
+</Accordion>
+<Accordion title="infisical dynamic-secrets lease create">
+  This command is used to create a new lease for a dynamic secret.
+
+```bash
+$ infisical dynamic-secrets lease create <dynamic-secret-name>
+```
+
+### Flags
+
+<Accordion title="--env">
+  Used to select the environment name on which actions should be taken. Default
+  value: `dev`
+</Accordion>
+
+<Accordion title="--plain">
+  The `--plain` flag will output dynamic secret lease credentials values without formatting, one per line.
+  Default value: `false`
+
+```bash
+# Example
+infisical dynamic-secrets lease create dynamic-secret-postgres --plain
+```
+
+</Accordion>
+
+<Accordion title="--path">
+  The `--path` flag indicates which project folder dynamic secrets will be injected from.
+
+```bash
+# Example
+infisical dynamic-secrets lease create <dynamic-secret-name> --path="/" --env=dev
+```
+
+</Accordion>
+
+<Accordion title="--projectId">
+  The project ID of the dynamic secrets to lease from. This is required when using a machine identity to authenticate.
+
+```bash
+# Example
+infisical dynamic-secrets lease create <dynamic-secret-name> --projectId=<project-id>
+```
+
+</Accordion>
+
+<Accordion title="--token">
+  The authenticated token to create dynamic secret leases. This is required when using a machine identity to authenticate.
+
+```bash
+# Example
+infisical dynamic-secrets lease create <dynamic-secret-name> --token=<token>
+```
+
+</Accordion>
+
+<Accordion title="--ttl">
+  The lease lifetime. If not provided, the default TTL of the dynamic secret root credential will be used.
+
+```bash
+# Example
+infisical dynamic-secrets lease create <dynamic-secret-name> --ttl=<ttl>
+```
+
+</Accordion>
+
+</Accordion>
+<Accordion title="infisical dynamic-secrets lease list">
+  This command is used to list leases for a dynamic secret.
+
+```bash
+$ infisical dynamic-secrets lease list <dynamic-secret-name>
+```
+
+### Flags
+
+<Accordion title="--env">
+  Used to select the environment name on which actions should be taken. Default
+  value: `dev`
+</Accordion>
+
+<Accordion title="--path">
+  The `--path` flag indicates which project folder dynamic secrets will be injected from.
+
+```bash
+# Example
+infisical dynamic-secrets lease list <dynamic-secret-name> --path="/" --env=dev
+```
+
+</Accordion>
+
+<Accordion title="--projectId">
+  The project ID of the dynamic secrets to list leases from. This is required when using a machine identity to authenticate.
+
+```bash
+# Example
+infisical dynamic-secrets lease list <dynamic-secret-name> --projectId=<project-id>
+```
+
+</Accordion>
+
+<Accordion title="--token">
+  The authenticated token to list dynamic secret leases. This is required when using a machine identity to authenticate.
+
+```bash
+# Example
+infisical dynamic-secrets lease list <dynamic-secret-name> --token=<token>
+```
+
+</Accordion>
+</Accordion>
+
+<Accordion title="infisical dynamic-secrets lease renew">
+  This command is used to renew a lease before it expires.
+
+```bash
+$ infisical dynamic-secrets lease renew <lease-id>
+```
+
+### Flags
+
+<Accordion title="--env">
+  Used to select the environment name on which actions should be taken. Default
+  value: `dev`
+</Accordion>
+
+<Accordion title="--path">
+  The `--path` flag indicates which project folder dynamic secrets will be renewed from.
+
+```bash
+# Example
+infisical dynamic-secrets lease renew <lease-id> --path="/" --env=dev
+```
+
+</Accordion>
+
+<Accordion title="--projectId">
+  The project ID of the dynamic secret's lease from. This is required when using a machine identity to authenticate.
+
+```bash
+# Example
+infisical dynamic-secrets lease renew <lease-id> --projectId=<project-id>
+```
+
+</Accordion>
+
+<Accordion title="--token">
+  The authenticated token to create dynamic secret leases. This is required when using a machine identity to authenticate.
+
+```bash
+# Example
+infisical dynamic-secrets lease renew <lease-id> --token=<token>
+```
+
+</Accordion>
+
+<Accordion title="--ttl">
+  The lease lifetime. If not provided, the default TTL of the dynamic secret root credential will be used.
+
+```bash
+# Example
+infisical dynamic-secrets lease renew <lease-id> --ttl=<ttl>
+```
+
+</Accordion>
+</Accordion>
+
+<Accordion title="infisical dynamic-secrets lease delete">
+  This command is used to delete a lease.
+
+```bash
+$ infisical dynamic-secrets lease delete <lease-id>
+```
+
+### Flags
+
+<Accordion title="--env">
+  Used to select the environment name on which actions should be taken. Default
+  value: `dev`
+</Accordion>
+
+<Accordion title="--path">
+  The `--path` flag indicates which project folder dynamic secrets will be deleted from.
+
+```bash
+# Example
+infisical dynamic-secrets lease delete <lease-id> --path="/" --env=dev
+```
+
+</Accordion>
+
+<Accordion title="--projectId">
+  The project ID of the dynamic secret's lease from. This is required when using a machine identity to authenticate.
+
+```bash
+# Example
+infisical dynamic-secrets lease delete <lease-id> --projectId=<project-id>
+```
+
+</Accordion>
+
+<Accordion title="--token">
+  The authenticated token to delete dynamic secret leases. This is required when using a machine identity to authenticate.
+
+```bash
+# Example
+infisical dynamic-secrets lease delete <lease-id> --token=<token>
+```
+
+</Accordion>
+</Accordion>

docs/integrations/cicd/octopus-deploy.mdx

@@ -0,0 +1,76 @@
+---
+title: "Octopus Deploy"
+description: "Learn how to sync secrets from Infisical to Octopus Deploy"
+---
+
+Prerequisites:
+
+- Set up and add secrets to [Infisical Cloud](https://app.infisical.com)
+
+<Steps>
+    <Step title="Create a Service Account for Infisical in Octopus Deploy">
+        Navigate to **Configuration** > **Users** and click on the **Create Service Account** button.
+
+        ![integrations octopus deploy
+        users](/images/integrations/octopus-deploy/integrations-octopus-deploy-user-settings.png)
+
+        Fill out the required fields and click on the **Save** button.
+        ![integrations octopus deploy service
+        account](/images/integrations/octopus-deploy/integrations-octopus-deploy-create-service-account.png)
+    </Step>
+    <Step title="Generate an API Key for your Service Account">
+        On the **Service Account** user page, expand the **API Keys** section and click on the **New API Key** button.
+
+        ![integrations octopus deploy
+        new api key](/images/integrations/octopus-deploy/integrations-octopus-deploy-create-api-key.png)
+
+        Fill out the required fields and click on the **Generate New** button.
+
+        ![integrations octopus deploy
+        generate api key](/images/integrations/octopus-deploy/integrations-octopus-deploy-generate-api-key.png)
+
+        <Note>If you configure your access token to expire,
+            you will need to generate a new API key for Infisical prior to this date to keep your integration running.</Note>
+
+        Copy the generated **API Key** and click on the **Close** button.
+
+        ![integrations octopus deploy
+        copy api key](/images/integrations/octopus-deploy/integrations-octopus-deploy-copy-api-key.png)
+    </Step>
+    <Step title="Create a Service Accounts Team and assign your Service Account">
+        <Note>You can skip creating a new team if you already have an Octopus Deploy team configured with
+            the **Project Contributor** role to assign your Service Account to.</Note>
+
+        Navigate to **Configuration** > **Teams** and click on the **Add Team** button.
+
+        ![integrations octopus deploy
+        teams](/images/integrations/octopus-deploy/integrations-octopus-deploy-team-settings.png)
+
+        Create a new team for **Service Accounts** and click on the **Save** button.
+        ![integrations octopus deploy add
+        team](/images/integrations/octopus-deploy/integrations-octopus-deploy-create-team.png)
+
+        On the **Members** tab, click on the **Add Member** button, add your **Infisical Service Account** and click on the **Add** button.
+        ![integrations octopus deploy add service account to team](/images/integrations/octopus-deploy/integrations-octopus-deploy-add-to-team.png)
+
+        On the **User Roles** tab, click on the **Include User Role** button, and add the **Project Contributor** role. Optionally,
+        click on the **Define Scope** button to further refine what projects your Service Account has access to. Click on the **Apply** button once complete.
+        ![integrations octopus deploy add user roles to team](/images/integrations/octopus-deploy/integrations-octopus-deploy-add-role.png)
+
+        Save your team changes by clicking on the **Save** button.
+        ![integrations octopus deploy save team changes](/images/integrations/octopus-deploy/integrations-octopus-deploy-save-team.png)
+    </Step>
+    <Step title="Setup Integration">
+        In Infisical, navigate to your **Project** > **Integrations** page and select the **Octopus Deploy** integration.
+        ![integration octopus deploy](/images/integrations/octopus-deploy/integrations-octopus-deploy-integrations.png)
+
+        Enter your **Instance URL** and **API Key** from **Octopus Deploy** to authorize Infisical.
+        ![integration octopus deploy](/images/integrations/octopus-deploy/integrations-octopus-deploy-authorize.png)
+
+        Select a **Space** and **Project** from **Octopus Deploy** to sync secrets to; configuring additional **Scope Values** as needed. Click on the **Create Integration** button once configured.
+        ![integration octopus deploy](/images/integrations/octopus-deploy/integrations-octopus-deploy-create.png)
+
+        Your Infisical secrets will begin to sync to **Octopus Deploy**.
+        ![integration octopus deploy](/images/integrations/octopus-deploy/integrations-octopus-deploy-sync.png)
+    </Step>
+</Steps>

docs/integrations/overview.mdx

@@ -42,6 +42,7 @@ Missing an integration? [Throw in a request](https://github.com/Infisical/infisi
 | [CircleCI](/integrations/cicd/circleci)                        | CI/CD                  | Available   |
 | [Travis CI](/integrations/cicd/travisci)                       | CI/CD                  | Available   |
 | [Rundeck](/integrations/cicd/rundeck)                          | CI/CD                  | Available   |
+| [Octopus Deploy](/integrations/cicd/octopus-deploy)            | CI/CD                  | Available   |
 | [React](/integrations/frameworks/react)                        | Framework              | Available   |
 | [Vue](/integrations/frameworks/vue)                            | Framework              | Available   |
 | [Express](/integrations/frameworks/express)                    | Framework              | Available   |

docs/mint.json

@@ -316,6 +316,7 @@
             "cli/commands/init",
             "cli/commands/run",
             "cli/commands/secrets",
+            "cli/commands/dynamic-secrets",
             "cli/commands/export",
             "cli/commands/token",
             "cli/commands/service-token",
@@ -423,7 +424,8 @@
             "integrations/cicd/travisci",
             "integrations/cicd/rundeck",
             "integrations/cicd/codefresh",
-            "integrations/cloud/checkly"
+            "integrations/cloud/checkly",
+            "integrations/cicd/octopus-deploy"
           ]
         }
       ]

frontend/next.config.js

@@ -2,7 +2,7 @@ const path = require("path");
 
 const ContentSecurityPolicy = `
 	default-src 'self';
-  connect-src 'self' https://*.posthog.com;
+  connect-src 'self' https://*.posthog.com http://127.0.0.1:*;
 	script-src 'self' https://*.posthog.com https://js.stripe.com https://api.stripe.com https://widget.intercom.io https://js.intercomcdn.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline' 'unsafe-eval';
 	style-src 'self' https://rsms.me 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com;
 	child-src https://api.stripe.com;

frontend/package-lock.json

@@ -89,7 +89,7 @@
         "react-mailchimp-subscribe": "^2.1.3",
         "react-markdown": "^8.0.3",
         "react-redux": "^8.0.2",
-        "react-select": "^5.8.1",
+        "react-select": "^5.8.3",
         "react-table": "^7.8.0",
         "react-toastify": "^9.1.3",
         "sanitize-html": "^2.12.1",
@@ -21259,9 +21259,9 @@
       }
     },
     "node_modules/react-select": {
-      "version": "5.8.1",
-      "resolved": "https://registry.npmjs.org/react-select/-/react-select-5.8.1.tgz",
-      "integrity": "sha512-RT1CJmuc+ejqm5MPgzyZujqDskdvB9a9ZqrdnVLsvAHjJ3Tj0hELnLeVPQlmYdVKCdCpxanepl6z7R5KhXhWzg==",
+      "version": "5.8.3",
+      "resolved": "https://registry.npmjs.org/react-select/-/react-select-5.8.3.tgz",
+      "integrity": "sha512-lVswnIq8/iTj1db7XCG74M/3fbGB6ZaluCzvwPGT5ZOjCdL/k0CLWhEK0vCBLuU5bHTEf6Gj8jtSvi+3v+tO1w==",
       "license": "MIT",
       "dependencies": {
         "@babel/runtime": "^7.12.0",

frontend/package.json

@@ -162,4 +162,4 @@
     "tailwindcss": "3.2",
     "typescript": "^4.9.3"
   }
-}
+}

frontend/public/data/frequentConstants.ts

@@ -36,7 +36,8 @@ const integrationSlugNameMapping: Mapping = {
   "hasura-cloud": "Hasura Cloud",
   rundeck: "Rundeck",
   "azure-devops": "Azure DevOps",
-  "azure-app-configuration": "Azure App Configuration"
+  "azure-app-configuration": "Azure App Configuration",
+  "octopus-deploy": "Octopus Deploy"
 };
 
 const envMapping: Mapping = {

frontend/src/components/tags/CreateTagModal/CreateTagModal.tsx

@@ -3,6 +3,7 @@ import { Controller, useForm } from "react-hook-form";
 import { faCheck } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { zodResolver } from "@hookform/resolvers/zod";
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { createNotification } from "@app/components/notifications";
@@ -17,7 +18,6 @@ import {
 } from "@app/components/v2";
 import { useWorkspace } from "@app/context";
 import { useCreateWsTag } from "@app/hooks/api";
-import { slugSchema } from "@app/lib/schemas";
 
 export const secretTagsColors = [
   {
@@ -88,7 +88,13 @@ type Props = {
 };
 
 const createTagSchema = z.object({
-  slug: slugSchema({ min: 1, field: "Tag Slug" }),
+  slug: z
+    .string()
+    .trim()
+    .toLowerCase()
+    .refine((v) => slugify(v) === v, {
+      message: "Invalid slug. Slug can only contain alphanumeric characters and hyphens."
+    }),
   color: z.string().trim()
 });
 

frontend/src/components/v2/CreatableSelect/CreatableSelect.tsx

@@ -0,0 +1,68 @@
+import { GroupBase } from "react-select";
+import ReactSelectCreatable, { CreatableProps } from "react-select/creatable";
+import { twMerge } from "tailwind-merge";
+
+import { ClearIndicator, DropdownIndicator, MultiValueRemove, Option } from "../Select/components";
+
+export const CreatableSelect = <T,>({
+  isMulti,
+  closeMenuOnSelect,
+  ...props
+}: CreatableProps<T, boolean, GroupBase<T>>) => {
+  return (
+    <ReactSelectCreatable
+      isMulti={isMulti}
+      closeMenuOnSelect={closeMenuOnSelect ?? !isMulti}
+      hideSelectedOptions={false}
+      unstyled
+      styles={{
+        input: (base) => ({
+          ...base,
+          "input:focus": {
+            boxShadow: "none"
+          }
+        }),
+        multiValueLabel: (base) => ({
+          ...base,
+          whiteSpace: "normal",
+          overflow: "visible"
+        }),
+        control: (base) => ({
+          ...base,
+          transition: "none"
+        })
+      }}
+      components={{ DropdownIndicator, ClearIndicator, MultiValueRemove, Option }}
+      classNames={{
+        container: () => "w-full font-inter",
+        control: ({ isFocused }) =>
+          twMerge(
+            isFocused ? "border-primary-400/50" : "border-mineshaft-600 hover:border-gray-400",
+            "border w-full p-0.5 rounded-md text-mineshaft-200 font-inter bg-mineshaft-900 hover:cursor-pointer"
+          ),
+        placeholder: () => "text-mineshaft-400 text-sm pl-1 py-0.5",
+        input: () => "pl-1 py-0.5",
+        valueContainer: () => `p-1 max-h-[14rem] ${isMulti ? "!overflow-y-scroll" : ""} gap-1`,
+        singleValue: () => "leading-7 ml-1",
+        multiValue: () => "bg-mineshaft-600 rounded items-center py-0.5 px-2 gap-1.5",
+        multiValueLabel: () => "leading-6 text-sm",
+        multiValueRemove: () => "hover:text-red text-bunker-400",
+        indicatorsContainer: () => "p-1 gap-1",
+        clearIndicator: () => "p-1 hover:text-red text-bunker-400",
+        indicatorSeparator: () => "bg-bunker-400",
+        dropdownIndicator: () => "text-bunker-200 p-1",
+        menu: () =>
+          "mt-2 border text-sm text-mineshaft-200 bg-mineshaft-900 border-mineshaft-600 rounded-md",
+        groupHeading: () => "ml-3 mt-2 mb-1 text-mineshaft-400 text-sm",
+        option: ({ isFocused, isSelected }) =>
+          twMerge(
+            isFocused && "bg-mineshaft-700 active:bg-mineshaft-600",
+            isSelected && "text-mineshaft-200",
+            "hover:cursor-pointer text-xs px-3 py-2"
+          ),
+        noOptionsMessage: () => "text-mineshaft-400 p-2 rounded-md"
+      }}
+      {...props}
+    />
+  );
+};

frontend/src/components/v2/CreatableSelect/index.tsx

@@ -0,0 +1 @@
+export * from "./CreatableSelect";

frontend/src/components/v2/DatePicker/DatePicker.tsx

@@ -14,6 +14,7 @@ export type DatePickerProps = Omit<DayPickerProps, "selected"> & {
   onChange: (date?: Date) => void;
   popUpProps: PopoverProps;
   popUpContentProps: PopoverContentProps;
+  dateFormat?: "PPP" | "PP" | "P"; // extend as needed
 };
 
 // Doc: https://react-day-picker.js.org/
@@ -22,6 +23,7 @@ export const DatePicker = ({
   onChange,
   popUpProps,
   popUpContentProps,
+  dateFormat = "PPP",
   ...props
 }: DatePickerProps) => {
   const [timeValue, setTimeValue] = useState<string>(value ? format(value, "HH:mm") : "00:00");
@@ -53,7 +55,7 @@ export const DatePicker = ({
     <Popover {...popUpProps}>
       <PopoverTrigger asChild>
         <Button variant="outline_bg" leftIcon={<FontAwesomeIcon icon={faCalendar} />}>
-          {value ? format(value, "PPP") : "Pick a date and time"}
+          {value ? format(value, dateFormat) : "Pick a date and time"}
         </Button>
       </PopoverTrigger>
       <PopoverContent className="w-fit p-2" {...popUpContentProps}>

frontend/src/components/v2/FilterableSelect/FilterableSelect.tsx

@@ -1,52 +1,14 @@
-import Select, {
-  ClearIndicatorProps,
-  components,
-  DropdownIndicatorProps,
-  MultiValueRemoveProps,
-  OptionProps,
-  Props
-} from "react-select";
-import { faCheckCircle, faCircleXmark } from "@fortawesome/free-regular-svg-icons";
-import { faChevronDown, faXmark } from "@fortawesome/free-solid-svg-icons";
-import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import Select, { Props } from "react-select";
 import { twMerge } from "tailwind-merge";
 
-const DropdownIndicator = <T,>(props: DropdownIndicatorProps<T>) => {
-  return (
-    <components.DropdownIndicator {...props}>
-      <FontAwesomeIcon icon={faChevronDown} size="xs" />
-    </components.DropdownIndicator>
-  );
-};
+import { ClearIndicator, DropdownIndicator, MultiValueRemove, Option } from "../Select/components";
 
-const ClearIndicator = <T,>(props: ClearIndicatorProps<T>) => {
-  return (
-    <components.ClearIndicator {...props}>
-      <FontAwesomeIcon icon={faCircleXmark} />
-    </components.ClearIndicator>
-  );
-};
-
-const MultiValueRemove = (props: MultiValueRemoveProps) => {
-  return (
-    <components.MultiValueRemove {...props}>
-      <FontAwesomeIcon icon={faXmark} size="xs" />
-    </components.MultiValueRemove>
-  );
-};
-
-const Option = <T,>({ isSelected, children, ...props }: OptionProps<T>) => {
-  return (
-    <components.Option isSelected={isSelected} {...props}>
-      {children}
-      {isSelected && (
-        <FontAwesomeIcon className="ml-2 text-primary" icon={faCheckCircle} size="sm" />
-      )}
-    </components.Option>
-  );
-};
-
-export const FilterableSelect = <T,>({ isMulti, closeMenuOnSelect, ...props }: Props<T>) => (
+export const FilterableSelect = <T,>({
+  isMulti,
+  closeMenuOnSelect,
+  tabSelectsValue = false,
+  ...props
+}: Props<T>) => (
   <Select
     isMulti={isMulti}
     closeMenuOnSelect={closeMenuOnSelect ?? !isMulti}
@@ -69,7 +31,14 @@ export const FilterableSelect = <T,>({ isMulti, closeMenuOnSelect, ...props }: P
         transition: "none"
       })
     }}
-    components={{ DropdownIndicator, ClearIndicator, MultiValueRemove, Option }}
+    tabSelectsValue={tabSelectsValue}
+    components={{
+      DropdownIndicator,
+      ClearIndicator,
+      MultiValueRemove,
+      Option,
+      ...props.components
+    }}
     classNames={{
       container: () => "w-full font-inter",
       control: ({ isFocused }) =>
@@ -79,7 +48,8 @@ export const FilterableSelect = <T,>({ isMulti, closeMenuOnSelect, ...props }: P
         ),
       placeholder: () => "text-mineshaft-400 text-sm pl-1 py-0.5",
       input: () => "pl-1 py-0.5",
-      valueContainer: () => `p-1 max-h-[14rem] ${isMulti ? "!overflow-y-scroll" : ""} gap-1`,
+      valueContainer: () =>
+        `p-1 max-h-[14rem] ${isMulti ? "!overflow-y-auto thin-scrollbar" : ""} gap-1`,
       singleValue: () => "leading-7 ml-1",
       multiValue: () => "bg-mineshaft-600 rounded items-center py-0.5 px-2 gap-1.5",
       multiValueLabel: () => "leading-6 text-sm",
@@ -89,13 +59,13 @@ export const FilterableSelect = <T,>({ isMulti, closeMenuOnSelect, ...props }: P
       indicatorSeparator: () => "bg-bunker-400",
       dropdownIndicator: () => "text-bunker-200 p-1",
       menu: () =>
-        "mt-2 border text-sm text-mineshaft-200 bg-mineshaft-900 border-mineshaft-600 rounded-md",
+        "mt-2 p-2 border text-sm text-mineshaft-200 thin-scrollbar bg-mineshaft-900 border-mineshaft-600 rounded-md",
       groupHeading: () => "ml-3 mt-2 mb-1 text-mineshaft-400 text-sm",
       option: ({ isFocused, isSelected }) =>
         twMerge(
           isFocused && "bg-mineshaft-700 active:bg-mineshaft-600",
           isSelected && "text-mineshaft-200",
-          "hover:cursor-pointer text-xs px-3 py-2"
+          "hover:cursor-pointer mb-1 rounded text-xs px-3 py-2"
         ),
       noOptionsMessage: () => "text-mineshaft-400 p-2 rounded-md"
     }}

frontend/src/components/v2/Select/components/index.tsx

@@ -0,0 +1,45 @@
+import {
+  ClearIndicatorProps,
+  components,
+  DropdownIndicatorProps,
+  MultiValueRemoveProps,
+  OptionProps
+} from "react-select";
+import { faCheckCircle, faCircleXmark } from "@fortawesome/free-regular-svg-icons";
+import { faChevronDown, faXmark } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+
+export const DropdownIndicator = <T,>(props: DropdownIndicatorProps<T>) => {
+  return (
+    <components.DropdownIndicator {...props}>
+      <FontAwesomeIcon icon={faChevronDown} size="xs" />
+    </components.DropdownIndicator>
+  );
+};
+
+export const ClearIndicator = <T,>(props: ClearIndicatorProps<T>) => {
+  return (
+    <components.ClearIndicator {...props}>
+      <FontAwesomeIcon icon={faCircleXmark} />
+    </components.ClearIndicator>
+  );
+};
+
+export const MultiValueRemove = (props: MultiValueRemoveProps) => {
+  return (
+    <components.MultiValueRemove {...props}>
+      <FontAwesomeIcon icon={faXmark} size="xs" />
+    </components.MultiValueRemove>
+  );
+};
+
+export const Option = <T,>({ isSelected, children, ...props }: OptionProps<T>) => {
+  return (
+    <components.Option isSelected={isSelected} {...props}>
+      {children}
+      {isSelected && (
+        <FontAwesomeIcon className="ml-2 text-primary" icon={faCheckCircle} size="sm" />
+      )}
+    </components.Option>
+  );
+};

frontend/src/hooks/api/integrationAuth/queries.tsx

@@ -17,7 +17,9 @@ import {
   Project,
   Service,
   Team,
-  TeamCityBuildConfig
+  TeamCityBuildConfig,
+  TGetIntegrationAuthOctopusDeployScopeValuesDTO,
+  TOctopusDeployVariableSetScopeValues
 } from "./types";
 
 const integrationAuthKeys = {
@@ -119,7 +121,14 @@ const integrationAuthKeys = {
   }: {
     integrationAuthId: string;
     appId: string;
-  }) => [{ integrationAuthId, appId }, "integrationAuthTeamCityBranchConfigs"] as const
+  }) => [{ integrationAuthId, appId }, "integrationAuthTeamCityBranchConfigs"] as const,
+  getIntegrationAuthOctopusDeploySpaces: (integrationAuthId: string) =>
+    [{ integrationAuthId }, "getIntegrationAuthOctopusDeploySpaces"] as const,
+  getIntegrationAuthOctopusDeployScopeValues: ({
+    integrationAuthId,
+    ...params
+  }: TGetIntegrationAuthOctopusDeployScopeValuesDTO) =>
+    [{ integrationAuthId }, "getIntegrationAuthOctopusDeployScopeValues", params] as const
 };
 
 const fetchIntegrationAuthById = async (integrationAuthId: string) => {
@@ -479,6 +488,28 @@ const fetchIntegrationAuthTeamCityBuildConfigs = async ({
   return buildConfigs;
 };
 
+const fetchIntegrationAuthOctopusDeploySpaces = async (integrationAuthId: string) => {
+  const {
+    data: { spaces }
+  } = await apiRequest.get<{
+    spaces: { Name: string; Slug: string; Id: string; IsDefault: boolean }[];
+  }>(`/api/v1/integration-auth/${integrationAuthId}/octopus-deploy/spaces`);
+  return spaces;
+};
+
+const fetchIntegrationAuthOctopusDeployScopeValues = async ({
+  integrationAuthId,
+  scope,
+  spaceId,
+  resourceId
+}: TGetIntegrationAuthOctopusDeployScopeValuesDTO) => {
+  const { data } = await apiRequest.get<TOctopusDeployVariableSetScopeValues>(
+    `/api/v1/integration-auth/${integrationAuthId}/octopus-deploy/scope-values`,
+    { params: { scope, spaceId, resourceId } }
+  );
+  return data;
+};
+
 export const useGetIntegrationAuthById = (integrationAuthId: string) => {
   return useQuery({
     queryKey: integrationAuthKeys.getIntegrationAuthById(integrationAuthId),
@@ -487,17 +518,24 @@ export const useGetIntegrationAuthById = (integrationAuthId: string) => {
   });
 };
 
-export const useGetIntegrationAuthApps = ({
-  integrationAuthId,
-  teamId,
-  azureDevOpsOrgName,
-  workspaceSlug
-}: {
-  integrationAuthId: string;
-  teamId?: string;
-  azureDevOpsOrgName?: string;
-  workspaceSlug?: string;
-}) => {
+export const useGetIntegrationAuthApps = (
+  {
+    integrationAuthId,
+    teamId,
+    azureDevOpsOrgName,
+    workspaceSlug
+  }: {
+    integrationAuthId: string;
+    teamId?: string;
+    azureDevOpsOrgName?: string;
+    workspaceSlug?: string;
+  },
+  options?: UseQueryOptions<
+    Awaited<ReturnType<typeof fetchIntegrationAuthApps>>,
+    unknown,
+    Awaited<ReturnType<typeof fetchIntegrationAuthApps>>
+  >
+) => {
   return useQuery({
     queryKey: integrationAuthKeys.getIntegrationAuthApps(integrationAuthId, teamId, workspaceSlug),
     queryFn: () =>
@@ -507,7 +545,7 @@ export const useGetIntegrationAuthApps = ({
         azureDevOpsOrgName,
         workspaceSlug
       }),
-    enabled: true
+    ...options
   });
 };
 
@@ -759,6 +797,27 @@ export const useGetIntegrationAuthBitBucketWorkspaces = (integrationAuthId: stri
   });
 };
 
+export const useGetIntegrationAuthOctopusDeploySpaces = (integrationAuthId: string) => {
+  return useQuery({
+    queryKey: integrationAuthKeys.getIntegrationAuthOctopusDeploySpaces(integrationAuthId),
+    queryFn: () => fetchIntegrationAuthOctopusDeploySpaces(integrationAuthId)
+  });
+};
+
+export const useGetIntegrationAuthOctopusDeployScopeValues = (
+  params: TGetIntegrationAuthOctopusDeployScopeValuesDTO,
+  options?: UseQueryOptions<
+    TOctopusDeployVariableSetScopeValues,
+    unknown,
+    TOctopusDeployVariableSetScopeValues
+  >
+) =>
+  useQuery({
+    queryKey: integrationAuthKeys.getIntegrationAuthOctopusDeployScopeValues(params),
+    queryFn: () => fetchIntegrationAuthOctopusDeployScopeValues(params),
+    ...options
+  });
+
 export const useGetIntegrationAuthBitBucketEnvironments = (
   {
     integrationAuthId,

frontend/src/hooks/api/integrationAuth/types.ts

@@ -99,3 +99,29 @@ export type TDuplicateIntegrationAuthDTO = {
   integrationAuthId: string;
   projectId: string;
 };
+
+export enum OctopusDeployScope {
+  Project = "project"
+  // tenant, variable set
+}
+
+export type TGetIntegrationAuthOctopusDeployScopeValuesDTO = {
+  integrationAuthId: string;
+  spaceId: string;
+  resourceId: string;
+  scope: OctopusDeployScope;
+};
+
+export type TOctopusDeployVariableSetScopeValues = {
+  Environments: { Id: string; Name: string }[];
+  Machines: { Id: string; Name: string }[];
+  Actions: { Id: string; Name: string }[];
+  Roles: { Id: string; Name: string }[];
+  Channels: { Id: string; Name: string }[];
+  TenantTags: { Id: string; Name: string }[];
+  Processes: {
+    ProcessType: string;
+    Id: string;
+    Name: string;
+  }[];
+};

frontend/src/hooks/api/integrations/queries.tsx

@@ -4,7 +4,7 @@ import { createNotification } from "@app/components/notifications";
 import { apiRequest } from "@app/config/request";
 
 import { workspaceKeys } from "../workspace";
-import { TCloudIntegration, TIntegrationWithEnv } from "./types";
+import { TCloudIntegration, TIntegrationWithEnv, TOctopusDeployScopeValues } from "./types";
 
 export const integrationQueryKeys = {
   getIntegrations: () => ["integrations"] as const,
@@ -87,6 +87,7 @@ export const useCreateIntegration = () => {
         shouldMaskSecrets?: boolean;
         shouldProtectSecrets?: boolean;
         shouldEnableDelete?: boolean;
+        octopusDeployScopeValues?: TOctopusDeployScopeValues;
       };
     }) => {
       const {

frontend/src/hooks/api/integrations/types.ts

@@ -58,11 +58,21 @@ export type TIntegration = {
     shouldProtectSecrets?: boolean;
     shouldEnableDelete?: boolean;
 
+    octopusDeployScopeValues?: TOctopusDeployScopeValues;
     awsIamRole?: string;
     region?: string;
   };
 };
 
+export type TOctopusDeployScopeValues = {
+  Environment?: string[];
+  Action?: string[];
+  Channel?: string[];
+  Machine?: string[];
+  ProcessOwner?: string[];
+  Role?: string[];
+};
+
 export type TIntegrationWithEnv = TIntegration & {
   environment: {
     id: string;

frontend/src/hooks/api/kms/types.ts

@@ -1,7 +1,6 @@
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
-import { slugSchema } from "@app/lib/schemas";
-
 export type Kms = {
   id: string;
   description: string;
@@ -89,7 +88,13 @@ export const ExternalKmsInputSchema = z.discriminatedUnion("type", [
 ]);
 
 export const AddExternalKmsSchema = z.object({
-  name: slugSchema({ min: 1, field: "Alias" }),
+  name: z
+    .string()
+    .trim()
+    .min(1)
+    .refine((v) => slugify(v) === v, {
+      message: "Alias must be a valid slug"
+    }),
   description: z.string().trim().optional(),
   provider: ExternalKmsInputSchema
 });

frontend/src/hooks/api/organization/types.ts

@@ -52,7 +52,7 @@ export type Invoice = {
 };
 
 export type PmtMethod = {
-  id: string;
+  _id: string;
   brand: string;
   exp_month: number;
   exp_year: number;

frontend/src/layouts/AppLayout/AppLayout.tsx

@@ -10,7 +10,6 @@ import { useTranslation } from "react-i18next";
 import Link from "next/link";
 import { useRouter } from "next/router";
 import { faGithub, faSlack } from "@fortawesome/free-brands-svg-icons";
-import { faStar } from "@fortawesome/free-regular-svg-icons";
 import {
   faAngleDown,
   faArrowLeft,
@@ -22,15 +21,11 @@ import {
   faInfo,
   faMobile,
   faPlus,
-  faQuestion,
-  faStar as faSolidStar
+  faQuestion
 } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { DropdownMenuTrigger } from "@radix-ui/react-dropdown-menu";
-import { twMerge } from "tailwind-merge";
 
-import { createNotification } from "@app/components/notifications";
-import { OrgPermissionCan } from "@app/components/permissions";
 import { tempLocalStorage } from "@app/components/utilities/checks/tempLocalStorage";
 import SecurityClient from "@app/components/utilities/SecurityClient";
 import {
@@ -39,20 +34,9 @@ import {
   DropdownMenuContent,
   DropdownMenuItem,
   Menu,
-  MenuItem,
-  Select,
-  SelectItem,
-  UpgradePlanModal
+  MenuItem
 } from "@app/components/v2";
-import { NewProjectModal } from "@app/components/v2/projects/NewProjectModal";
-import {
-  OrgPermissionActions,
-  OrgPermissionSubjects,
-  useOrganization,
-  useSubscription,
-  useUser,
-  useWorkspace
-} from "@app/context";
+import { useOrganization, useSubscription, useUser, useWorkspace } from "@app/context";
 import { usePopUp, useToggle } from "@app/hooks";
 import {
   useGetAccessRequestsCount,
@@ -62,11 +46,9 @@ import {
   useSelectOrganization
 } from "@app/hooks/api";
 import { MfaMethod } from "@app/hooks/api/auth/types";
-import { Workspace } from "@app/hooks/api/types";
-import { useUpdateUserProjectFavorites } from "@app/hooks/api/users/mutation";
-import { useGetUserProjectFavorites } from "@app/hooks/api/users/queries";
 import { AuthMethod } from "@app/hooks/api/users/types";
 import { InsecureConnectionBanner } from "@app/layouts/AppLayout/components/InsecureConnectionBanner";
+import { ProjectSelect } from "@app/layouts/AppLayout/components/ProjectSelect";
 import { navigateUserToOrg } from "@app/views/Login/Login.utils";
 import { Mfa } from "@app/views/Login/Mfa";
 import { CreateOrgModal } from "@app/views/Org/components";
@@ -108,23 +90,10 @@ export const AppLayout = ({ children }: LayoutProps) => {
   const { workspaces, currentWorkspace } = useWorkspace();
   const { orgs, currentOrg } = useOrganization();
 
-  const { data: projectFavorites } = useGetUserProjectFavorites(currentOrg?.id!);
-  const { mutateAsync: updateUserProjectFavorites } = useUpdateUserProjectFavorites();
   const [shouldShowMfa, toggleShowMfa] = useToggle(false);
   const [requiredMfaMethod, setRequiredMfaMethod] = useState(MfaMethod.EMAIL);
   const [mfaSuccessCallback, setMfaSuccessCallback] = useState<() => void>(() => {});
 
-  const workspacesWithFaveProp = useMemo(
-    () =>
-      workspaces
-        .map((w): Workspace & { isFavorite: boolean } => ({
-          ...w,
-          isFavorite: Boolean(projectFavorites?.includes(w.id))
-        }))
-        .sort((a, b) => Number(b.isFavorite) - Number(a.isFavorite)),
-    [workspaces, projectFavorites]
-  );
-
   const { user } = useUser();
   const { subscription } = useSubscription();
   const workspaceId = currentWorkspace?.id || "";
@@ -137,17 +106,9 @@ export const AppLayout = ({ children }: LayoutProps) => {
     return (secretApprovalReqCount?.open || 0) + (accessApprovalRequestCount?.pendingCount || 0);
   }, [secretApprovalReqCount, accessApprovalRequestCount]);
 
-  const isAddingProjectsAllowed = subscription?.workspaceLimit
-    ? subscription.workspacesUsed < subscription.workspaceLimit
-    : true;
-
   const infisicalPlatformVersion = process.env.NEXT_PUBLIC_INFISICAL_PLATFORM_VERSION;
 
-  const { popUp, handlePopUpOpen, handlePopUpToggle } = usePopUp([
-    "addNewWs",
-    "upgradePlan",
-    "createOrg"
-  ] as const);
+  const { popUp, handlePopUpToggle } = usePopUp(["createOrg"] as const);
 
   const { t } = useTranslation();
 
@@ -230,38 +191,6 @@ export const AppLayout = ({ children }: LayoutProps) => {
     putUserInOrg();
   }, [router.query.id]);
 
-  const addProjectToFavorites = async (projectId: string) => {
-    try {
-      if (currentOrg?.id) {
-        await updateUserProjectFavorites({
-          orgId: currentOrg?.id,
-          projectFavorites: [...(projectFavorites || []), projectId]
-        });
-      }
-    } catch (err) {
-      createNotification({
-        text: "Failed to add project to favorites.",
-        type: "error"
-      });
-    }
-  };
-
-  const removeProjectFromFavorites = async (projectId: string) => {
-    try {
-      if (currentOrg?.id) {
-        await updateUserProjectFavorites({
-          orgId: currentOrg?.id,
-          projectFavorites: [...(projectFavorites || []).filter((entry) => entry !== projectId)]
-        });
-      }
-    } catch (err) {
-      createNotification({
-        text: "Failed to remove project from favorites.",
-        type: "error"
-      });
-    }
-  };
-
   if (shouldShowMfa) {
     return (
       <div className="flex max-h-screen min-h-screen flex-col items-center justify-center gap-2 overflow-y-auto bg-gradient-to-tr from-mineshaft-600 via-mineshaft-800 to-bunker-700">
@@ -448,94 +377,7 @@ export const AppLayout = ({ children }: LayoutProps) => {
                 )}
                 {!router.asPath.includes("org") &&
                   (!router.asPath.includes("personal") && currentWorkspace ? (
-                    <div className="mt-5 mb-4 w-full p-3">
-                      <p className="ml-1.5 mb-1 text-xs font-semibold uppercase text-gray-400">
-                        Project
-                      </p>
-                      <Select
-                        defaultValue={currentWorkspace?.id}
-                        value={currentWorkspace?.id}
-                        className="w-full bg-mineshaft-600 py-2.5 font-medium [&>*:first-child]:truncate"
-                        onValueChange={(value) => {
-                          router.push(`/project/${value}/secrets/overview`);
-                          localStorage.setItem("projectData.id", value);
-                        }}
-                        position="popper"
-                        dropdownContainerClassName="text-bunker-200 bg-mineshaft-800 border border-mineshaft-600 z-50 max-h-96 border-gray-700"
-                      >
-                        <div className="no-scrollbar::-webkit-scrollbar h-full no-scrollbar">
-                          {workspacesWithFaveProp
-                            .filter((ws) => ws.orgId === currentOrg?.id)
-                            .map(({ id, name, isFavorite }) => (
-                              <div
-                                className={twMerge(
-                                  "mb-1 grid grid-cols-7 rounded-md hover:bg-mineshaft-500",
-                                  id === currentWorkspace?.id && "bg-mineshaft-500"
-                                )}
-                                key={id}
-                              >
-                                <div className="col-span-6">
-                                  <SelectItem
-                                    key={`ws-layout-list-${id}`}
-                                    value={id}
-                                    className="transition-none data-[highlighted]:bg-mineshaft-500"
-                                  >
-                                    {name}
-                                  </SelectItem>
-                                </div>
-                                <div className="col-span-1 flex items-center">
-                                  {isFavorite ? (
-                                    <FontAwesomeIcon
-                                      icon={faSolidStar}
-                                      className="text-sm text-mineshaft-300 hover:text-mineshaft-400"
-                                      onClick={(e) => {
-                                        e.stopPropagation();
-                                        removeProjectFromFavorites(id);
-                                      }}
-                                    />
-                                  ) : (
-                                    <FontAwesomeIcon
-                                      icon={faStar}
-                                      className="text-sm text-mineshaft-400 hover:text-mineshaft-300"
-                                      onClick={(e) => {
-                                        e.stopPropagation();
-                                        addProjectToFavorites(id);
-                                      }}
-                                    />
-                                  )}
-                                </div>
-                              </div>
-                            ))}
-                        </div>
-                        <hr className="mt-1 mb-1 h-px border-0 bg-gray-700" />
-                        <div className="w-full">
-                          <OrgPermissionCan
-                            I={OrgPermissionActions.Create}
-                            a={OrgPermissionSubjects.Workspace}
-                          >
-                            {(isAllowed) => (
-                              <Button
-                                className="w-full bg-mineshaft-700 py-2 text-bunker-200"
-                                colorSchema="primary"
-                                variant="outline_bg"
-                                size="sm"
-                                isDisabled={!isAllowed}
-                                onClick={() => {
-                                  if (isAddingProjectsAllowed) {
-                                    handlePopUpOpen("addNewWs");
-                                  } else {
-                                    handlePopUpOpen("upgradePlan");
-                                  }
-                                }}
-                                leftIcon={<FontAwesomeIcon icon={faPlus} />}
-                              >
-                                Add Project
-                              </Button>
-                            )}
-                          </OrgPermissionCan>
-                        </div>
-                      </Select>
-                    </div>
+                    <ProjectSelect />
                   ) : (
                     <Link href={`/org/${currentOrg?.id}/overview`}>
                       <div className="my-6 flex cursor-default items-center justify-center pr-2 text-sm text-mineshaft-300 hover:text-mineshaft-100">
@@ -813,15 +655,6 @@ export const AppLayout = ({ children }: LayoutProps) => {
               </div>
             </nav>
           </aside>
-          <NewProjectModal
-            isOpen={popUp.addNewWs.isOpen}
-            onOpenChange={(isOpen) => handlePopUpToggle("addNewWs", isOpen)}
-          />
-          <UpgradePlanModal
-            isOpen={popUp.upgradePlan.isOpen}
-            onOpenChange={(isOpen) => handlePopUpToggle("upgradePlan", isOpen)}
-            text="You have exceeded the number of projects allowed on the free plan."
-          />
           <CreateOrgModal
             isOpen={popUp?.createOrg?.isOpen}
             onClose={() => handlePopUpToggle("createOrg", false)}

frontend/src/layouts/AppLayout/components/ProjectSelect/ProjectSelect.tsx

@@ -0,0 +1,212 @@
+import { useMemo } from "react";
+import { components, MenuProps, OptionProps } from "react-select";
+import { faStar } from "@fortawesome/free-regular-svg-icons";
+import { faEye, faPlus, faStar as faSolidStar } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { twMerge } from "tailwind-merge";
+
+import { createNotification } from "@app/components/notifications";
+import { OrgPermissionCan } from "@app/components/permissions";
+import { Button, FilterableSelect, UpgradePlanModal } from "@app/components/v2";
+import { NewProjectModal } from "@app/components/v2/projects";
+import {
+  OrgPermissionActions,
+  OrgPermissionSubjects,
+  useOrganization,
+  useSubscription,
+  useWorkspace
+} from "@app/context";
+import { usePopUp } from "@app/hooks";
+import { useUpdateUserProjectFavorites } from "@app/hooks/api/users/mutation";
+import { useGetUserProjectFavorites } from "@app/hooks/api/users/queries";
+import { Workspace } from "@app/hooks/api/workspace/types";
+
+type TWorkspaceWithFaveProp = Workspace & { isFavorite: boolean };
+
+const ProjectsMenu = ({ children, ...props }: MenuProps<TWorkspaceWithFaveProp>) => {
+  return (
+    <components.Menu {...props}>
+      {children}
+      <hr className="mb-2 h-px border-0 bg-mineshaft-500" />
+      <OrgPermissionCan I={OrgPermissionActions.Create} a={OrgPermissionSubjects.Workspace}>
+        {(isAllowed) => (
+          <Button
+            className="w-full bg-mineshaft-700 pt-2 text-bunker-200"
+            colorSchema="primary"
+            variant="outline_bg"
+            size="xs"
+            isDisabled={!isAllowed}
+            onClick={() => props.clearValue()}
+            leftIcon={<FontAwesomeIcon icon={faPlus} />}
+          >
+            Add Project
+          </Button>
+        )}
+      </OrgPermissionCan>
+    </components.Menu>
+  );
+};
+
+const ProjectOption = ({
+  isSelected,
+  children,
+  data,
+  ...props
+}: OptionProps<TWorkspaceWithFaveProp>) => {
+  const { currentOrg } = useOrganization();
+  const { mutateAsync: updateUserProjectFavorites } = useUpdateUserProjectFavorites();
+  const { data: projectFavorites } = useGetUserProjectFavorites(currentOrg?.id!);
+
+  const removeProjectFromFavorites = async (projectId: string) => {
+    try {
+      await updateUserProjectFavorites({
+        orgId: currentOrg!.id,
+        projectFavorites: [...(projectFavorites || []).filter((entry) => entry !== projectId)]
+      });
+    } catch (err) {
+      createNotification({
+        text: "Failed to remove project from favorites.",
+        type: "error"
+      });
+    }
+  };
+
+  const addProjectToFavorites = async (projectId: string) => {
+    try {
+      await updateUserProjectFavorites({
+        orgId: currentOrg!.id,
+        projectFavorites: [...(projectFavorites || []), projectId]
+      });
+    } catch (err) {
+      createNotification({
+        text: "Failed to add project to favorites.",
+        type: "error"
+      });
+    }
+  };
+  return (
+    <components.Option
+      isSelected={isSelected}
+      data={data}
+      {...props}
+      className={twMerge(props.className, isSelected && "bg-mineshaft-500")}
+    >
+      <div className="flex w-full items-center">
+        {isSelected && (
+          <FontAwesomeIcon className="mr-2 text-mineshaft-300" icon={faEye} size="sm" />
+        )}
+        <p className="truncate">{children}</p>
+        {data.isFavorite ? (
+          <FontAwesomeIcon
+            icon={faSolidStar}
+            className="ml-auto text-sm text-yellow-600 hover:text-mineshaft-400"
+            onClick={async (e) => {
+              e.stopPropagation();
+              await removeProjectFromFavorites(data.id);
+            }}
+          />
+        ) : (
+          <FontAwesomeIcon
+            icon={faStar}
+            className="ml-auto text-sm text-mineshaft-400 hover:text-mineshaft-300"
+            onClick={async (e) => {
+              e.stopPropagation();
+              await addProjectToFavorites(data.id);
+            }}
+          />
+        )}
+      </div>
+    </components.Option>
+  );
+};
+
+export const ProjectSelect = () => {
+  const { workspaces, currentWorkspace } = useWorkspace();
+  const { currentOrg } = useOrganization();
+  const { data: projectFavorites } = useGetUserProjectFavorites(currentOrg?.id!);
+
+  const { subscription } = useSubscription();
+
+  const isAddingProjectsAllowed = subscription?.workspaceLimit
+    ? subscription.workspacesUsed < subscription.workspaceLimit
+    : true;
+
+  const { popUp, handlePopUpOpen, handlePopUpToggle } = usePopUp([
+    "addNewWs",
+    "upgradePlan"
+  ] as const);
+
+  const { options, value } = useMemo(() => {
+    const projectOptions = workspaces
+      .map((w): Workspace & { isFavorite: boolean } => ({
+        ...w,
+        isFavorite: Boolean(projectFavorites?.includes(w.id))
+      }))
+      .sort((a, b) => Number(b.isFavorite) - Number(a.isFavorite));
+
+    const currentOption = projectOptions.find((option) => option.id === currentWorkspace?.id);
+
+    if (!currentOption) {
+      return {
+        options: projectOptions,
+        value: null
+      };
+    }
+
+    return {
+      options: [
+        currentOption,
+        ...projectOptions.filter((option) => option.id !== currentOption.id)
+      ],
+      value: currentOption
+    };
+  }, [workspaces, projectFavorites, currentWorkspace]);
+
+  return (
+    <div className="mt-5 mb-4 w-full p-3">
+      <p className="ml-1.5 mb-1 text-xs font-semibold uppercase text-gray-400">Project</p>
+      <FilterableSelect
+        className="text-sm"
+        value={value}
+        filterOption={(option, inputValue) =>
+          option.data.name.toLowerCase().includes(inputValue.toLowerCase())
+        }
+        getOptionLabel={(option) => option.name}
+        getOptionValue={(option) => option.id}
+        onChange={(newValue) => {
+          // hacky use of null as indication to create project
+          if (!newValue) {
+            if (isAddingProjectsAllowed) {
+              handlePopUpOpen("addNewWs");
+            } else {
+              handlePopUpOpen("upgradePlan");
+            }
+            return;
+          }
+
+          const project = newValue as TWorkspaceWithFaveProp;
+          localStorage.setItem("projectData.id", project.id);
+          // todo(akhi): this is not using react query because react query in overview is throwing error when envs are not exact same count
+          // to reproduce change this back to router.push and switch between two projects with different env count
+          // look into this on dashboard revamp
+          window.location.assign(`/project/${project.id}/secrets/overview`);
+        }}
+        options={options}
+        components={{
+          Option: ProjectOption,
+          Menu: ProjectsMenu
+        }}
+      />
+      <UpgradePlanModal
+        isOpen={popUp.upgradePlan.isOpen}
+        onOpenChange={(isOpen) => handlePopUpToggle("upgradePlan", isOpen)}
+        text="You have exceeded the number of projects allowed on the free plan."
+      />
+
+      <NewProjectModal
+        isOpen={popUp.addNewWs.isOpen}
+        onOpenChange={(isOpen) => handlePopUpToggle("addNewWs", isOpen)}
+      />
+    </div>
+  );
+};

frontend/src/layouts/AppLayout/components/ProjectSelect/index.ts

@@ -0,0 +1 @@
+export * from "./ProjectSelect";

frontend/src/lib/schemas/slugSchema.ts

@@ -1,23 +1,12 @@
 import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
-interface SlugSchemaInputs {
-  min?: number;
-  max?: number;
-  field?: string;
-}
-
-export const slugSchema = ({ min = 1, max = 32, field = "Slug" }: SlugSchemaInputs = {}) => {
-  return z
-    .string()
-    .trim()
-    .min(min, {
-      message: `${field} field must be at least ${min} character${min === 1 ? "" : "s"}`
-    })
-    .max(max, {
-      message: `${field} field must be at most ${max} character${max === 1 ? "" : "s"}`
-    })
-    .refine((v) => slugify(v, { lowercase: true, separator: "-" }) === v, {
-      message: `${field} field can only contain letters, numbers, and hyphens`
-    });
-};
+export const slugSchema = z
+  .string()
+  .trim()
+  .min(1)
+  .max(32)
+  .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+  .refine((v) => slugify(v) === v, {
+    message: "Invalid slug format"
+  });

frontend/src/pages/integrations/bitbucket/create.tsx

@@ -181,7 +181,7 @@ export default function BitBucketCreateIntegrationPage() {
                 onChange={onChange}
                 options={currentWorkspace?.environments}
                 placeholder="Select a project environment"
-                isDisabled={!bitbucketWorkspaces?.length}
+                isDisabled={!currentWorkspace?.environments.length}
               />
             </FormControl>
           )}

frontend/src/pages/integrations/octopus-deploy/authorize.tsx

@@ -0,0 +1,138 @@
+import { Controller, useForm } from "react-hook-form";
+import Head from "next/head";
+import Image from "next/image";
+import Link from "next/link";
+import { useRouter } from "next/router";
+import { faArrowUpRightFromSquare, faBookOpen } from "@fortawesome/free-solid-svg-icons";
+import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { z } from "zod";
+
+import { createNotification } from "@app/components/notifications";
+import { Button, Card, CardTitle, FormControl, Input } from "@app/components/v2";
+import { useWorkspace } from "@app/context";
+import { removeTrailingSlash } from "@app/helpers/string";
+import { useSaveIntegrationAccessToken } from "@app/hooks/api";
+
+const formSchema = z.object({
+  instanceUrl: z.string().min(1, { message: "Instance URL required" }),
+  apiKey: z.string().min(1, { message: "API Key required" })
+});
+
+type TForm = z.infer<typeof formSchema>;
+
+export default function OctopusDeployIntegrationPage() {
+  const router = useRouter();
+  const { mutateAsync, isLoading } = useSaveIntegrationAccessToken();
+  const { currentWorkspace } = useWorkspace();
+
+  const { control, handleSubmit } = useForm<TForm>({
+    resolver: zodResolver(formSchema)
+  });
+
+  const onSubmit = async ({ instanceUrl, apiKey }: TForm) => {
+    try {
+      const integrationAuth = await mutateAsync({
+        workspaceId: currentWorkspace!.id,
+        integration: "octopus-deploy",
+        url: removeTrailingSlash(instanceUrl),
+        accessToken: apiKey
+      });
+
+      router.push(`/integrations/octopus-deploy/create?integrationAuthId=${integrationAuth.id}`);
+    } catch (err: any) {
+      createNotification({
+        type: "error",
+        text: err.message ?? "Error authorizing integration"
+      });
+      console.error(err);
+    }
+  };
+
+  return (
+    <form
+      onSubmit={handleSubmit(onSubmit)}
+      className="flex h-full w-full items-center justify-center"
+    >
+      <Head>
+        <title>Authorize Octopus Deploy Integration</title>
+        <link rel="icon" href="/infisical.ico" />
+      </Head>
+      <Card className="mb-12 max-w-lg rounded-md border border-mineshaft-600">
+        <CardTitle
+          className="px-6 text-left text-xl"
+          subTitle="After adding your credentials, you will be prompted to set up an integration for a particular environment and secret path."
+        >
+          <div className="flex flex-row items-center">
+            <div className="inline-flex items-center pb-0.5">
+              <Image
+                src="/images/integrations/Octopus Deploy.png"
+                height={30}
+                width={30}
+                alt="Octopus Deploy logo"
+              />
+            </div>
+            <span className="ml-1.5">Octopus Deploy Integration</span>
+            <Link href="https://infisical.com/docs/integrations/cloud/octopus-deploy" passHref>
+              <a target="_blank" rel="noopener noreferrer">
+                <div className="ml-2 mb-1 inline-block cursor-default rounded-md bg-yellow/20 px-1.5 pb-[0.03rem] pt-[0.04rem] text-sm text-yellow opacity-80 hover:opacity-100">
+                  <FontAwesomeIcon icon={faBookOpen} className="mr-1.5" />
+                  Docs
+                  <FontAwesomeIcon
+                    icon={faArrowUpRightFromSquare}
+                    className="ml-1.5 mb-[0.07rem] text-xxs"
+                  />
+                </div>
+              </a>
+            </Link>
+          </div>
+        </CardTitle>
+        <Controller
+          render={({ field: { value, onChange }, fieldState: { error } }) => (
+            <FormControl
+              label="Octopus Deploy Instance URL"
+              errorText={error?.message}
+              isError={Boolean(error)}
+              className="px-6"
+            >
+              <Input value={value} onChange={onChange} placeholder="https://xxxx.octopus.app" />
+            </FormControl>
+          )}
+          name="instanceUrl"
+          control={control}
+        />
+        <Controller
+          render={({ field: { value, onChange }, fieldState: { error } }) => (
+            <FormControl
+              label="Octopus Deploy API Key"
+              errorText={error?.message}
+              isError={Boolean(error)}
+              className="px-6"
+            >
+              <Input
+                value={value}
+                onChange={onChange}
+                placeholder="API-XXXXXXXXXXXXXXXXXXXXXXXX"
+                type="password"
+              />
+            </FormControl>
+          )}
+          name="apiKey"
+          control={control}
+        />
+        <Button
+          type="submit"
+          colorSchema="primary"
+          variant="outline_bg"
+          className="mb-6 mt-2 ml-auto mr-6 w-min"
+          isLoading={isLoading}
+          isDisabled={isLoading}
+        >
+          Connect to Octopus Deploy
+        </Button>
+      </Card>
+    </form>
+  );
+}
+
+OctopusDeployIntegrationPage.requireAuth = true;

frontend/src/pages/integrations/octopus-deploy/create.tsx

@@ -0,0 +1,444 @@
+import { useEffect } from "react";
+import { Controller, useForm } from "react-hook-form";
+import { SiOctopusdeploy } from "react-icons/si";
+import { useRouter } from "next/router";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { z } from "zod";
+
+import { createNotification } from "@app/components/notifications";
+import {
+  Button,
+  Card,
+  CardTitle,
+  FilterableSelect,
+  FormControl,
+  Spinner
+} from "@app/components/v2";
+import { SecretPathInput } from "@app/components/v2/SecretPathInput";
+import { useWorkspace } from "@app/context";
+import { useCreateIntegration, useGetIntegrationAuthApps } from "@app/hooks/api";
+import {
+  useGetIntegrationAuthOctopusDeployScopeValues,
+  useGetIntegrationAuthOctopusDeploySpaces
+} from "@app/hooks/api/integrationAuth/queries";
+import { OctopusDeployScope } from "@app/hooks/api/integrationAuth/types";
+
+const formSchema = z.object({
+  scope: z.nativeEnum(OctopusDeployScope),
+  secretPath: z.string().default("/"),
+  sourceEnvironment: z.object({ name: z.string(), slug: z.string() }),
+  targetSpace: z.object({ Name: z.string(), Id: z.string() }),
+  targetResource: z.object({ appId: z.string().optional(), name: z.string() }),
+  targetEnvironments: z.object({ Name: z.string(), Id: z.string() }).array().optional(),
+  targetRoles: z.object({ Name: z.string(), Id: z.string() }).array().optional(),
+  targetMachines: z.object({ Name: z.string(), Id: z.string() }).array().optional(),
+  targetProcesses: z
+    .object({ Name: z.string(), Id: z.string(), ProcessType: z.string() })
+    .array()
+    .optional(),
+  targetActions: z.object({ Name: z.string(), Id: z.string() }).array().optional(),
+  targetChannels: z.object({ Name: z.string(), Id: z.string() }).array().optional()
+});
+
+type TFormData = z.infer<typeof formSchema>;
+
+export default function OctopusDeployCreateIntegrationPage() {
+  const router = useRouter();
+  const createIntegration = useCreateIntegration();
+
+  const { watch, control, reset, handleSubmit } = useForm<TFormData>({
+    resolver: zodResolver(formSchema),
+    defaultValues: {
+      secretPath: "/",
+      scope: OctopusDeployScope.Project
+    }
+  });
+
+  const integrationAuthId = router.query.integrationAuthId as string;
+
+  const { currentWorkspace, isLoading: isProjectLoading } = useWorkspace();
+
+  const { data: octopusDeploySpaces, isLoading: isLoadingOctopusDeploySpaces } =
+    useGetIntegrationAuthOctopusDeploySpaces((integrationAuthId as string) ?? "");
+
+  const currentSpace = watch("targetSpace", octopusDeploySpaces?.[0]);
+  const currentScope = watch("scope");
+  const sourceEnv = watch("sourceEnvironment");
+
+  const { data: octopusDeployResources, isLoading: isOctopusDeployResourcesLoading } =
+    useGetIntegrationAuthApps(
+      {
+        integrationAuthId,
+        workspaceSlug: currentSpace?.Name
+        // scope once we support other resources than project
+      },
+      {
+        enabled: Boolean(currentSpace ?? octopusDeploySpaces?.find((space) => space.IsDefault))
+      }
+    );
+
+  const currentResource = watch("targetResource", octopusDeployResources?.[0]);
+
+  const { data: octopusDeployScopeValues, isLoading: isOctopusDeployScopeValuesLoading } =
+    useGetIntegrationAuthOctopusDeployScopeValues(
+      {
+        integrationAuthId,
+        spaceId: currentSpace?.Id,
+        resourceId: currentResource?.appId!,
+        scope: currentScope
+      },
+      { enabled: Boolean(currentSpace && currentResource) }
+    );
+
+  const onSubmit = async ({
+    sourceEnvironment,
+    secretPath,
+    targetEnvironments,
+    targetResource,
+    targetSpace,
+    targetChannels,
+    targetActions,
+    targetMachines,
+    targetProcesses,
+    targetRoles,
+    scope
+  }: TFormData) => {
+    try {
+      await createIntegration.mutateAsync({
+        integrationAuthId,
+        isActive: true,
+        scope,
+        app: targetResource.name,
+        appId: targetResource.appId,
+        targetEnvironment: targetSpace.Name,
+        targetEnvironmentId: targetSpace.Id,
+        metadata: {
+          octopusDeployScopeValues: {
+            Environment: targetEnvironments?.map(({ Id }) => Id),
+            Action: targetActions?.map(({ Id }) => Id),
+            Channel: targetChannels?.map(({ Id }) => Id),
+            ProcessOwner: targetProcesses?.map(({ Id }) => Id),
+            Role: targetRoles?.map(({ Id }) => Id),
+            Machine: targetMachines?.map(({ Id }) => Id)
+          }
+        },
+        sourceEnvironment: sourceEnvironment.slug,
+        secretPath
+      });
+
+      createNotification({
+        type: "success",
+        text: "Successfully created integration"
+      });
+      router.push(`/integrations/${currentWorkspace?.id}`);
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to create integration"
+      });
+      console.error(err);
+    }
+  };
+
+  useEffect(() => {
+    if (!octopusDeployResources || !octopusDeploySpaces || !currentWorkspace) return;
+
+    reset({
+      targetResource: octopusDeployResources[0],
+      targetSpace: octopusDeploySpaces.find((space) => space.IsDefault),
+      sourceEnvironment: currentWorkspace.environments[0],
+      secretPath: "/",
+      scope: OctopusDeployScope.Project
+    });
+  }, [octopusDeploySpaces, octopusDeployResources, currentWorkspace]);
+
+  if (isProjectLoading || isLoadingOctopusDeploySpaces || isOctopusDeployResourcesLoading)
+    return (
+      <div className="flex h-full w-full items-center justify-center p-24">
+        <Spinner />
+      </div>
+    );
+
+  return (
+    <form
+      onSubmit={handleSubmit(onSubmit)}
+      className="flex h-full w-full items-center justify-center"
+    >
+      <Card className="max-w-4xl rounded-md p-8 pt-4">
+        <CardTitle className=" text-center">
+          <SiOctopusdeploy size="1.2rem" className="mr-2 mb-1 inline-block" />
+          Octopus Deploy Integration
+        </CardTitle>
+        <div className="grid grid-cols-2 gap-4">
+          <Controller
+            control={control}
+            name="sourceEnvironment"
+            render={({ field: { value, onChange }, fieldState: { error } }) => (
+              <FormControl
+                errorText={error?.message}
+                isError={Boolean(error)}
+                label="Project Environment"
+              >
+                <FilterableSelect
+                  getOptionValue={(option) => option.slug}
+                  value={value}
+                  getOptionLabel={(option) => option.name}
+                  onChange={onChange}
+                  options={currentWorkspace?.environments}
+                  placeholder="Select a project environment"
+                  isDisabled={!currentWorkspace?.environments.length}
+                />
+              </FormControl>
+            )}
+          />
+          <Controller
+            control={control}
+            name="secretPath"
+            render={({ field: { value, onChange }, fieldState: { error } }) => (
+              <FormControl isError={Boolean(error)} label="Secrets Path">
+                <SecretPathInput
+                  placeholder="/"
+                  environment={sourceEnv?.slug}
+                  value={value}
+                  onChange={onChange}
+                />
+              </FormControl>
+            )}
+          />
+          <div className="col-span-2 flex w-full flex-row items-center pb-2">
+            <div className="w-full border-t border-mineshaft-500" />
+            <span className="mx-2 whitespace-nowrap text-xs text-mineshaft-400">Sync To</span>
+            <div className="w-full border-t border-mineshaft-500" />
+          </div>
+          <Controller
+            control={control}
+            name="targetSpace"
+            render={({ field: { value, onChange }, fieldState: { error } }) => (
+              <FormControl
+                errorText={error?.message}
+                isError={Boolean(error)}
+                label="Octopus Deploy Space"
+              >
+                <FilterableSelect
+                  getOptionValue={(option) => option.Id}
+                  value={value}
+                  getOptionLabel={(option) => option.Name}
+                  onChange={onChange}
+                  options={octopusDeploySpaces}
+                  placeholder={
+                    octopusDeploySpaces?.length ? "Select a space..." : "No spaces found..."
+                  }
+                  isDisabled={!octopusDeploySpaces?.length}
+                />
+              </FormControl>
+            )}
+          />
+          <Controller
+            control={control}
+            name="targetResource"
+            render={({ field: { value, onChange }, fieldState: { error } }) => (
+              <FormControl
+                errorText={error?.message}
+                isError={Boolean(error)}
+                className="capitalize"
+                label={`Octopus Deploy ${currentScope}`}
+              >
+                <FilterableSelect
+                  getOptionValue={(option) => option.appId!}
+                  value={value}
+                  getOptionLabel={(option) => option.name}
+                  onChange={onChange}
+                  options={octopusDeployResources}
+                  placeholder={
+                    octopusDeployResources?.length ? "Select a project..." : "No projects found..."
+                  }
+                  isDisabled={!octopusDeployResources?.length}
+                />
+              </FormControl>
+            )}
+          />
+
+          <Controller
+            control={control}
+            name="targetEnvironments"
+            render={({ field: { value, onChange }, fieldState: { error } }) => (
+              <FormControl
+                errorText={error?.message}
+                isError={Boolean(error)}
+                label="Octopus Deploy Environments"
+                isOptional
+              >
+                <FilterableSelect
+                  isMulti
+                  getOptionValue={(option) => option.Name}
+                  value={value}
+                  getOptionLabel={(option) => option.Name}
+                  onChange={onChange}
+                  isLoading={isOctopusDeployScopeValuesLoading}
+                  options={octopusDeployScopeValues?.Environments}
+                  placeholder={
+                    octopusDeployScopeValues?.Environments?.length
+                      ? "Select environments..."
+                      : "No environments found..."
+                  }
+                  isDisabled={!octopusDeployScopeValues?.Environments?.length}
+                />
+              </FormControl>
+            )}
+          />
+          <Controller
+            control={control}
+            name="targetRoles"
+            render={({ field: { value, onChange }, fieldState: { error } }) => (
+              <FormControl
+                errorText={error?.message}
+                isError={Boolean(error)}
+                label="Octopus Deploy Target Tags"
+                isOptional
+              >
+                <FilterableSelect
+                  isMulti
+                  getOptionValue={(option) => option.Name}
+                  value={value}
+                  getOptionLabel={(option) => option.Name}
+                  onChange={onChange}
+                  isLoading={isOctopusDeployScopeValuesLoading}
+                  options={octopusDeployScopeValues?.Roles}
+                  placeholder={
+                    octopusDeployScopeValues?.Roles?.length
+                      ? "Select target tags..."
+                      : "No target tags found..."
+                  }
+                  isDisabled={!octopusDeployScopeValues?.Roles?.length}
+                />
+              </FormControl>
+            )}
+          />
+          <Controller
+            control={control}
+            name="targetMachines"
+            render={({ field: { value, onChange }, fieldState: { error } }) => (
+              <FormControl
+                errorText={error?.message}
+                isError={Boolean(error)}
+                label="Octopus Deploy Targets"
+                isOptional
+              >
+                <FilterableSelect
+                  isMulti
+                  getOptionValue={(option) => option.Name}
+                  value={value}
+                  getOptionLabel={(option) => option.Name}
+                  onChange={onChange}
+                  isLoading={isOctopusDeployScopeValuesLoading}
+                  options={octopusDeployScopeValues?.Machines}
+                  placeholder={
+                    octopusDeployScopeValues?.Machines?.length
+                      ? "Select targets..."
+                      : "No targets found..."
+                  }
+                  isDisabled={!octopusDeployScopeValues?.Machines?.length}
+                />
+              </FormControl>
+            )}
+          />
+          <Controller
+            control={control}
+            name="targetProcesses"
+            render={({ field: { value, onChange }, fieldState: { error } }) => (
+              <FormControl
+                errorText={error?.message}
+                isError={Boolean(error)}
+                label="Octopus Deploy Processes"
+                isOptional
+              >
+                <FilterableSelect
+                  isMulti
+                  getOptionValue={(option) => option.Name}
+                  value={value}
+                  getOptionLabel={(option) => option.Name}
+                  onChange={onChange}
+                  isLoading={isOctopusDeployScopeValuesLoading}
+                  options={octopusDeployScopeValues?.Processes}
+                  placeholder={
+                    octopusDeployScopeValues?.Processes?.length
+                      ? "Select processes..."
+                      : "No processes found..."
+                  }
+                  isDisabled={!octopusDeployScopeValues?.Processes?.length}
+                />
+              </FormControl>
+            )}
+          />
+          <Controller
+            control={control}
+            name="targetActions"
+            render={({ field: { value, onChange }, fieldState: { error } }) => (
+              <FormControl
+                errorText={error?.message}
+                isError={Boolean(error)}
+                label="Octopus Deploy Deployment Steps"
+                isOptional
+              >
+                <FilterableSelect
+                  isMulti
+                  getOptionValue={(option) => option.Name}
+                  value={value}
+                  getOptionLabel={(option) => option.Name}
+                  onChange={onChange}
+                  isLoading={isOctopusDeployScopeValuesLoading}
+                  options={octopusDeployScopeValues?.Actions}
+                  placeholder={
+                    octopusDeployScopeValues?.Actions?.length
+                      ? "Select deployment steps..."
+                      : "No deployment steps found..."
+                  }
+                  isDisabled={!octopusDeployScopeValues?.Actions?.length}
+                />
+              </FormControl>
+            )}
+          />
+          <Controller
+            control={control}
+            name="targetChannels"
+            render={({ field: { value, onChange }, fieldState: { error } }) => (
+              <FormControl
+                errorText={error?.message}
+                isError={Boolean(error)}
+                label="Octopus Deploy Channels"
+                isOptional
+              >
+                <FilterableSelect
+                  isMulti
+                  getOptionValue={(option) => option.Name}
+                  value={value}
+                  getOptionLabel={(option) => option.Name}
+                  onChange={onChange}
+                  isLoading={isOctopusDeployScopeValuesLoading}
+                  options={octopusDeployScopeValues?.Channels}
+                  placeholder={
+                    octopusDeployScopeValues?.Channels?.length
+                      ? "Select channels..."
+                      : "No channels found..."
+                  }
+                  isDisabled={!octopusDeployScopeValues?.Channels?.length}
+                />
+              </FormControl>
+            )}
+          />
+        </div>
+        <Button
+          type="submit"
+          colorSchema="primary"
+          className="mt-4"
+          isLoading={createIntegration.isLoading}
+          isDisabled={createIntegration.isLoading || !octopusDeployResources?.length}
+        >
+          Create Integration
+        </Button>
+      </Card>
+    </form>
+  );
+}
+
+OctopusDeployCreateIntegrationPage.requireAuth = true;

frontend/src/views/IntegrationsPage/IntegrationDetailsPage/components/IntegrationConnectionSection.tsx

@@ -55,6 +55,8 @@ export const IntegrationConnectionSection = ({ integration }: Props) => {
           return "Path";
         case "bitbucket":
           return "Repository";
+        case "octopus-deploy":
+          return "Project";
         case "github":
           if (["github-env", "github-repo"].includes(integration.scope!)) {
             return "Repository";
@@ -104,6 +106,16 @@ export const IntegrationConnectionSection = ({ integration }: Props) => {
         </div>
       );
     }
+
+    if (integration.integration === "octopus-deploy") {
+      return (
+        <div>
+          <FormLabel className="text-sm font-semibold text-mineshaft-300" label="Space" />
+          <div className="text-sm text-mineshaft-300">{integration.targetEnvironment}</div>
+        </div>
+      );
+    }
+
     if (
       ["vercel", "netlify", "railway", "gitlab", "teamcity"].includes(integration.integration) ||
       (integration.integration === "github" && integration.scope === "github-env")

frontend/src/views/IntegrationsPage/IntegrationDetailsPage/components/IntegrationSettingsSection.tsx

@@ -1,4 +1,5 @@
 import { TIntegrationWithEnv } from "@app/hooks/api/integrations/types";
+import { OctopusDeployScopeValues } from "@app/views/IntegrationsPage/IntegrationDetailsPage/components/OctopusDeployScopeValues";
 
 type Props = {
   integration: TIntegrationWithEnv;
@@ -27,6 +28,7 @@ const metadataMappings: Record<keyof NonNullable<TIntegrationWithEnv["metadata"]
   shouldMaskSecrets: "GitLab Secrets Masking Enabled",
   shouldProtectSecrets: "GitLab Secret Protection Enabled",
   shouldEnableDelete: "GitHub Secret Deletion Enabled",
+  octopusDeployScopeValues: "Octopus Deploy Scope Values",
   awsIamRole: "AWS IAM Role",
   region: "Region"
 } as const;
@@ -35,6 +37,9 @@ export const IntegrationSettingsSection = ({ integration }: Props) => {
   const renderValue = <K extends MetadataKey>(key: K, value: MetadataValue<K>) => {
     if (!value) return null;
 
+    if (key === "octopusDeployScopeValues")
+      return <OctopusDeployScopeValues integration={integration} />;
+
     // If it's a boolean, we render a generic "Yes" or "No" response.
     if (typeof value === "boolean") {
       return value ? "Yes" : "No";
@@ -51,7 +56,7 @@ export const IntegrationSettingsSection = ({ integration }: Props) => {
       }
 
       if (key === "githubVisibilityRepoIds") {
-        return value.join(", ");
+        return (value as string[]).join(", ");
       }
     }
 

frontend/src/views/IntegrationsPage/IntegrationDetailsPage/components/OctopusDeployScopeValues.tsx

@@ -0,0 +1,90 @@
+import { FormLabel, Spinner } from "@app/components/v2";
+import { useGetIntegrationAuthOctopusDeployScopeValues } from "@app/hooks/api/integrationAuth/queries";
+import {
+  OctopusDeployScope,
+  TOctopusDeployVariableSetScopeValues
+} from "@app/hooks/api/integrationAuth/types";
+import { TIntegration, TOctopusDeployScopeValues } from "@app/hooks/api/integrations/types";
+
+type OctopusDeployScopeValuesProps = {
+  integration: TIntegration;
+};
+
+// remove plural since Octopus Deploy can decide whether they want to use singular or plural...
+const modifyKey = (key: keyof TOctopusDeployVariableSetScopeValues) => {
+  switch (key) {
+    case "Processes":
+      return "ProcessOwner";
+    default:
+      return key.substring(0, key.length - 1);
+  }
+};
+
+export const OctopusDeployScopeValues = ({ integration }: OctopusDeployScopeValuesProps) => {
+  const hasScopeValues = Boolean(
+    Object.values(integration.metadata?.octopusDeployScopeValues ?? {}).some(
+      (values) => values.length > 0
+    )
+  );
+
+  const { data: scopeValues = {}, isLoading } = useGetIntegrationAuthOctopusDeployScopeValues(
+    {
+      scope: OctopusDeployScope.Project,
+      spaceId: integration.targetEnvironmentId!,
+      resourceId: integration.appId!,
+      integrationAuthId: integration.integrationAuthId
+    },
+    {
+      enabled: hasScopeValues
+    }
+  );
+
+  if (!integration.metadata?.octopusDeployScopeValues)
+    return <span className="text-sm text-mineshaft-400">Not Configured</span>;
+
+  if (isLoading) return <Spinner size="sm" className="mt-2 ml-2" />;
+
+  const scopeValuesMap = new Map(
+    Object.entries(scopeValues).map(([key, values]) => [
+      modifyKey(key as keyof TOctopusDeployVariableSetScopeValues),
+      new Map((values as { Name: string; Id: string }[]).map((value) => [value.Id, value.Name]))
+    ])
+  );
+
+  return (
+    <>
+      {Object.entries(integration.metadata.octopusDeployScopeValues).map(([key, values]) => {
+        if (!values.length) return null;
+
+        const getLabel = (scope: string) => {
+          switch (scope as keyof TOctopusDeployScopeValues) {
+            case "Role":
+              return "Target Tags";
+            case "Machine":
+              return "Targets";
+            case "ProcessOwner":
+              return "Processes";
+            case "Action":
+              return "Steps";
+            default:
+              return `${scope}s`;
+          }
+        };
+
+        return (
+          <div className="mt-4" key={key}>
+            <FormLabel className="text-sm font-semibold text-mineshaft-200" label={getLabel(key)} />
+
+            <div className="text-sm text-mineshaft-300">
+              {values
+                .map((value) => scopeValuesMap.get(key)?.get(value)!)
+                .map((name) => (
+                  <p key={name}>{name}</p>
+                ))}
+            </div>
+          </div>
+        );
+      })}
+    </>
+  );
+};

frontend/src/views/IntegrationsPage/IntegrationPage.utils.tsx

@@ -140,6 +140,9 @@ export const redirectForProviderAuth = (integrationOption: TCloudIntegration) =>
       case "azure-devops":
         link = `${window.location.origin}/integrations/azure-devops/authorize`;
         break;
+      case "octopus-deploy":
+        link = `${window.location.origin}/integrations/octopus-deploy/authorize`;
+        break;
       default:
         break;
     }

frontend/src/views/IntegrationsPage/components/IntegrationsSection/ConfiguredIntegrationItem.tsx

@@ -76,6 +76,14 @@ export const ConfiguredIntegrationItem = ({
             {integrationSlugNameMapping[integration.integration]}
           </div>
         </div>
+        {integration.integration === "octopus-deploy" && (
+          <div className="ml-2 flex flex-col">
+            <FormLabel label="Space" />
+            <div className="overflow-clip text-ellipsis whitespace-nowrap rounded-md border border-mineshaft-700 bg-mineshaft-900 px-3 py-2 font-inter text-sm text-bunker-200">
+              {integration.targetEnvironment || integration.targetEnvironmentId}
+            </div>
+          </div>
+        )}
         {integration.integration === "qovery" && (
           <div className="flex flex-row">
             <div className="ml-2 flex flex-col">
@@ -108,6 +116,7 @@ export const ConfiguredIntegrationItem = ({
                 (integration.integration === "qovery" && integration?.scope) ||
                 (integration.integration === "circleci" && "Project") ||
                 (integration.integration === "bitbucket" && "Repository") ||
+                (integration.integration === "octopus-deploy" && "Project") ||
                 (integration.integration === "aws-secret-manager" && "Secret") ||
                 (["aws-parameter-store", "rundeck"].includes(integration.integration) && "Path") ||
                 (integration?.integration === "terraform-cloud" && "Project") ||

frontend/src/views/Org/AuditLogsPage/components/LogsFilter.tsx

@@ -12,6 +12,7 @@ import {
   DropdownMenuContent,
   DropdownMenuItem,
   DropdownMenuTrigger,
+  FilterableSelect,
   FormControl,
   Select,
   SelectItem
@@ -64,7 +65,7 @@ export const LogsFilter = ({
 
   useEffect(() => {
     if (workspacesInOrg.length) {
-      setValue("projectId", workspacesInOrg[0].id);
+      setValue("project", workspacesInOrg[0]);
     }
   }, [workspaces]);
 
@@ -111,11 +112,34 @@ export const LogsFilter = ({
   return (
     <div
       className={twMerge(
-        "sticky top-20 z-10 flex items-center justify-between bg-bunker-800",
+        "sticky top-20 z-10 flex flex-wrap items-center justify-between bg-bunker-800",
         className
       )}
     >
-      <div className="flex items-center space-x-2">
+      {isOrgAuditLogs && workspacesInOrg.length > 0 && (
+        <Controller
+          control={control}
+          name="project"
+          render={({ field: { onChange, value }, fieldState: { error } }) => (
+            <FormControl
+              label="Project"
+              errorText={error?.message}
+              isError={Boolean(error)}
+              className="mr-12 w-64"
+            >
+              <FilterableSelect
+                value={value}
+                onChange={onChange}
+                placeholder="Select a project..."
+                options={workspacesInOrg.map(({ name, id }) => ({ name, id }))}
+                getOptionValue={(option) => option.id}
+                getOptionLabel={(option) => option.name}
+              />
+            </FormControl>
+          )}
+        />
+      )}
+      <div className="mt-1 flex items-center space-x-2">
         <Controller
           control={control}
           name="eventType"
@@ -123,7 +147,7 @@ export const LogsFilter = ({
             <FormControl label="Events">
               <DropdownMenu>
                 <DropdownMenuTrigger asChild>
-                  <div className="inline-flex w-full cursor-pointer items-center justify-between rounded-md border border-mineshaft-500 bg-mineshaft-700 px-3 py-2 font-inter text-sm font-normal text-bunker-200 outline-none data-[placeholder]:text-mineshaft-200">
+                  <div className="inline-flex w-full cursor-pointer items-center justify-between whitespace-nowrap rounded-md border border-mineshaft-500 bg-mineshaft-700 px-3 py-2 font-inter text-sm font-normal text-bunker-200 outline-none data-[placeholder]:text-mineshaft-200">
                     {selectedEventTypes?.length === 1
                       ? eventTypes.find((eventType) => eventType.value === selectedEventTypes[0])
                           ?.label
@@ -235,37 +259,6 @@ export const LogsFilter = ({
             </FormControl>
           )}
         />
-
-        {isOrgAuditLogs && workspacesInOrg.length > 0 && (
-          <Controller
-            control={control}
-            name="projectId"
-            render={({ field: { onChange, value, ...field }, fieldState: { error } }) => (
-              <FormControl
-                label="Project"
-                errorText={error?.message}
-                isError={Boolean(error)}
-                className="w-40"
-              >
-                <Select
-                  value={value}
-                  {...field}
-                  onValueChange={(e) => onChange(e)}
-                  className={twMerge(
-                    "w-full border border-mineshaft-500 bg-mineshaft-700 ",
-                    value === undefined && "text-mineshaft-400"
-                  )}
-                >
-                  {workspacesInOrg.map((project) => (
-                    <SelectItem value={String(project.id || "")} key={project.id}>
-                      {project.name}
-                    </SelectItem>
-                  ))}
-                </Select>
-              </FormControl>
-            )}
-          />
-        )}
         <Controller
           name="startDate"
           control={control}
@@ -275,6 +268,7 @@ export const LogsFilter = ({
                 <DatePicker
                   value={field.value || undefined}
                   onChange={onChange}
+                  dateFormat="P"
                   popUpProps={{
                     open: isStartDatePickerOpen,
                     onOpenChange: setIsStartDatePickerOpen
@@ -294,6 +288,7 @@ export const LogsFilter = ({
                 <DatePicker
                   value={field.value || undefined}
                   onChange={onChange}
+                  dateFormat="P"
                   popUpProps={{
                     open: isEndDatePickerOpen,
                     onOpenChange: setIsEndDatePickerOpen
@@ -304,27 +299,27 @@ export const LogsFilter = ({
             );
           }}
         />
+        <Button
+          isLoading={false}
+          colorSchema="primary"
+          variant="outline_bg"
+          className="mt-[0.45rem]"
+          type="submit"
+          leftIcon={<FontAwesomeIcon icon={faFilterCircleXmark} />}
+          onClick={() =>
+            reset({
+              eventType: presets?.eventType || [],
+              actor: presets?.actorId,
+              userAgentType: undefined,
+              startDate: undefined,
+              endDate: undefined,
+              project: null
+            })
+          }
+        >
+          Clear filters
+        </Button>
       </div>
-      <Button
-        isLoading={false}
-        colorSchema="primary"
-        variant="outline_bg"
-        className="mt-1.5"
-        type="submit"
-        leftIcon={<FontAwesomeIcon icon={faFilterCircleXmark} />}
-        onClick={() =>
-          reset({
-            eventType: presets?.eventType || [],
-            actor: presets?.actorId,
-            userAgentType: undefined,
-            startDate: undefined,
-            endDate: undefined,
-            projectId: undefined
-          })
-        }
-      >
-        Clear filters
-      </Button>
     </div>
   );
 };

frontend/src/views/Org/AuditLogsPage/components/LogsSection.tsx

@@ -47,7 +47,7 @@ export const LogsSection = ({
   const { control, reset, watch, setValue } = useForm<AuditLogFilterFormData>({
     resolver: yupResolver(auditLogFilterFormSchema),
     defaultValues: {
-      projectId: undefined,
+      project: null,
       actor: presets?.actorId,
       eventType: presets?.eventType || [],
       page: 1,
@@ -66,7 +66,7 @@ export const LogsSection = ({
   const eventType = watch("eventType") as EventType[] | undefined;
   const userAgentType = watch("userAgentType") as UserAgentType | undefined;
   const actor = watch("actor");
-  const projectId = watch("projectId");
+  const projectId = watch("project")?.id;
 
   const startDate = watch("startDate");
   const endDate = watch("endDate");

frontend/src/views/Org/AuditLogsPage/components/types.tsx

@@ -5,7 +5,7 @@ import { EventType, UserAgentType } from "@app/hooks/api/auditLogs/enums";
 export const auditLogFilterFormSchema = yup
   .object({
     eventMetadata: yup.object({}).optional(),
-    projectId: yup.string().optional(),
+    project: yup.object({ id: yup.string().required(), name: yup.string().required() }).nullable(),
     eventType: yup.array(yup.string().oneOf(Object.values(EventType), "Invalid event type")),
     actor: yup.string(),
     userAgentType: yup.string().oneOf(Object.values(UserAgentType), "Invalid user agent type"),

frontend/src/views/Org/IdentityPage/components/IdentityProjectsSection/IdentityAddToProjectModal.tsx

@@ -4,7 +4,14 @@ import { zodResolver } from "@hookform/resolvers/zod";
 import { z } from "zod";
 
 import { createNotification } from "@app/components/notifications";
-import { Button, FormControl, Modal, ModalContent, Select, SelectItem } from "@app/components/v2";
+import {
+  Button,
+  FilterableSelect,
+  FormControl,
+  Modal,
+  ModalClose,
+  ModalContent
+} from "@app/components/v2";
 import { useOrganization, useWorkspace } from "@app/context";
 import {
   useAddIdentityToWorkspace,
@@ -16,8 +23,8 @@ import { UsePopUpState } from "@app/hooks/usePopUp";
 
 const schema = z
   .object({
-    projectId: z.string(),
-    role: z.string()
+    project: z.object({ name: z.string(), id: z.string() }),
+    role: z.object({ name: z.string(), slug: z.string() })
   })
   .required();
 
@@ -32,7 +39,9 @@ type Props = {
   ) => void;
 };
 
-export const IdentityAddToProjectModal = ({ identityId, popUp, handlePopUpToggle }: Props) => {
+// TODO: eventually refactor to support adding to multiple projects at once? would lose role granularity unique to project
+
+const Content = ({ identityId, handlePopUpToggle }: Omit<Props, "popUp">) => {
   const { currentOrg } = useOrganization();
   const { workspaces } = useWorkspace();
   const { mutateAsync: addIdentityToWorkspace } = useAddIdentityToWorkspace();
@@ -47,10 +56,10 @@ export const IdentityAddToProjectModal = ({ identityId, popUp, handlePopUpToggle
     resolver: zodResolver(schema)
   });
 
-  const projectId = watch("projectId");
+  const projectId = watch("project")?.id;
   const { data: projectMemberships } = useGetIdentityProjectMemberships(identityId);
-  const { data: project } = useGetWorkspaceById(projectId);
-  const { data: roles } = useGetProjectRoles(project?.id ?? "");
+  const { data: project, isLoading: isProjectLoading } = useGetWorkspaceById(projectId);
+  const { data: roles, isLoading: isRolesLoading } = useGetProjectRoles(project?.id ?? "");
 
   const filteredWorkspaces = useMemo(() => {
     const wsWorkspaceIds = new Map();
@@ -64,12 +73,12 @@ export const IdentityAddToProjectModal = ({ identityId, popUp, handlePopUpToggle
     );
   }, [workspaces, projectMemberships]);
 
-  const onFormSubmit = async ({ projectId: workspaceId, role }: FormData) => {
+  const onFormSubmit = async ({ project: selectedProject, role }: FormData) => {
     try {
       await addIdentityToWorkspace({
-        workspaceId,
+        workspaceId: selectedProject.id,
         identityId,
-        role: role || undefined
+        role: role.slug || undefined
       });
 
       createNotification({
@@ -91,87 +100,85 @@ export const IdentityAddToProjectModal = ({ identityId, popUp, handlePopUpToggle
     }
   };
 
+  const isProjectSelected = Boolean(projectId);
+
+  return (
+    <form onSubmit={handleSubmit(onFormSubmit)}>
+      <Controller
+        control={control}
+        name="project"
+        render={({ field: { onChange, value }, fieldState: { error } }) => (
+          <FormControl
+            label="Project"
+            errorText={error?.message}
+            isError={Boolean(error)}
+            className="mt-4"
+          >
+            <FilterableSelect
+              value={value}
+              onChange={onChange}
+              options={filteredWorkspaces}
+              placeholder="Select project..."
+              getOptionValue={(option) => option.id}
+              getOptionLabel={(option) => option.name}
+              isLoading={isProjectSelected && isProjectLoading}
+            />
+          </FormControl>
+        )}
+      />
+      <Controller
+        control={control}
+        name="role"
+        render={({ field: { onChange, value }, fieldState: { error } }) => (
+          <FormControl
+            label="Role"
+            errorText={error?.message}
+            isError={Boolean(error)}
+            className="mt-4"
+          >
+            <FilterableSelect
+              isDisabled={!isProjectSelected}
+              value={value}
+              onChange={onChange}
+              options={roles}
+              isLoading={isProjectSelected && isRolesLoading}
+              placeholder="Select role..."
+              getOptionValue={(option) => option.slug}
+              getOptionLabel={(option) => option.name}
+            />
+          </FormControl>
+        )}
+      />
+      <div className="flex items-center">
+        <Button
+          className="mr-4"
+          size="sm"
+          type="submit"
+          isLoading={isSubmitting}
+          isDisabled={isSubmitting}
+        >
+          Add
+        </Button>
+        <ModalClose asChild>
+          <Button colorSchema="secondary" variant="plain">
+            Cancel
+          </Button>
+        </ModalClose>
+      </div>
+    </form>
+  );
+};
+
+export const IdentityAddToProjectModal = ({ identityId, popUp, handlePopUpToggle }: Props) => {
   return (
     <Modal
       isOpen={popUp?.addIdentityToProject?.isOpen}
       onOpenChange={(isOpen) => {
         handlePopUpToggle("addIdentityToProject", isOpen);
-        reset();
       }}
     >
-      <ModalContent title="Add Identity to Project">
-        <form onSubmit={handleSubmit(onFormSubmit)}>
-          <Controller
-            control={control}
-            name="projectId"
-            defaultValue=""
-            render={({ field: { onChange, ...field }, fieldState: { error } }) => (
-              <FormControl
-                label="Project"
-                errorText={error?.message}
-                isError={Boolean(error)}
-                className="mt-4"
-              >
-                <Select
-                  defaultValue={field.value}
-                  {...field}
-                  onValueChange={(e) => onChange(e)}
-                  className="w-full"
-                >
-                  {(filteredWorkspaces || []).map(({ id, name }) => (
-                    <SelectItem value={id} key={`project-${id}`}>
-                      {name}
-                    </SelectItem>
-                  ))}
-                </Select>
-              </FormControl>
-            )}
-          />
-          <Controller
-            control={control}
-            name="role"
-            defaultValue=""
-            render={({ field: { onChange, ...field }, fieldState: { error } }) => (
-              <FormControl
-                label="Role"
-                errorText={error?.message}
-                isError={Boolean(error)}
-                className="mt-4"
-              >
-                <Select
-                  defaultValue={field.value}
-                  {...field}
-                  onValueChange={(e) => onChange(e)}
-                  className="w-full"
-                >
-                  {(roles || []).map(({ name, slug }) => (
-                    <SelectItem value={slug} key={`project-role-${slug}`}>
-                      {name}
-                    </SelectItem>
-                  ))}
-                </Select>
-              </FormControl>
-            )}
-          />
-          <div className="flex items-center">
-            <Button
-              className="mr-4"
-              size="sm"
-              type="submit"
-              isLoading={isSubmitting}
-              isDisabled={isSubmitting}
-            >
-              Add
-            </Button>
-            <Button
-              colorSchema="secondary"
-              variant="plain"
-              onClick={() => handlePopUpToggle("addIdentityToProject", false)}
-            >
-              Cancel
-            </Button>
-          </div>
-        </form>
+      <ModalContent bodyClassName="overflow-visible" title="Add Identity to Project">
+        <Content identityId={identityId} handlePopUpToggle={handlePopUpToggle} />
       </ModalContent>
     </Modal>
   );

frontend/src/views/Org/MembersPage/components/OrgIdentityTab/components/IdentitySection/IdentitySection.tsx

@@ -42,7 +42,7 @@ export const IdentitySection = withPermission(
       ? subscription.identitiesUsed < subscription.identityLimit
       : true;
 
-    const isEnterprise = subscription?.slug === "enterprise"
+    const isEnterprise = subscription?.slug === "enterprise";
 
     const onDeleteIdentitySubmit = async (identityId: string) => {
       try {
@@ -105,7 +105,7 @@ export const IdentitySection = withPermission(
                 }}
                 isDisabled={!isAllowed}
               >
-                Create identity
+                Create Identity
               </Button>
             )}
           </OrgPermissionCan>

frontend/src/views/Org/MembersPage/components/OrgMembersTab/components/OrgMembersSection/AddOrgMemberModal.tsx

@@ -1,28 +1,18 @@
 import { useEffect } from "react";
 import { Controller, useForm } from "react-hook-form";
-import {
-  faCheckCircle,
-  faChevronDown,
-  faExclamationCircle
-} from "@fortawesome/free-solid-svg-icons";
-import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { z } from "zod";
 
 import { createNotification } from "@app/components/notifications";
 import {
   Button,
-  DropdownMenu,
-  DropdownMenuContent,
-  DropdownMenuItem,
-  DropdownMenuTrigger,
+  FilterableSelect,
   FormControl,
   Modal,
   ModalContent,
   Select,
   SelectItem,
-  TextArea,
-  Tooltip
+  TextArea
 } from "@app/components/v2";
 import { useOrganization } from "@app/context";
 import { isCustomOrgRole } from "@app/helpers/roles";
@@ -44,7 +34,16 @@ const EmailSchema = z.string().email().min(1).trim().toLowerCase();
 
 const addMemberFormSchema = z.object({
   emails: z.string().min(1).trim().toLowerCase(),
-  projectIds: z.array(z.string().min(1).trim().toLowerCase()).default([]),
+  projects: z
+    .array(
+      z.object({
+        name: z.string(),
+        id: z.string(),
+        slug: z.string(),
+        version: z.nativeEnum(ProjectVersion)
+      })
+    )
+    .default([]),
   projectRoleSlug: z.string().min(1).default(DEFAULT_ORG_AND_PROJECT_MEMBER_ROLE_SLUG),
   organizationRoleSlug: z.string().min(1).default(DEFAULT_ORG_AND_PROJECT_MEMBER_ROLE_SLUG)
 });
@@ -72,7 +71,7 @@ export const AddOrgMemberModal = ({
   const { data: organizationRoles } = useGetOrgRoles(currentOrg?.id ?? "");
   const { data: serverDetails } = useFetchServerStatus();
   const { mutateAsync: addUsersMutateAsync } = useAddUsersToOrg();
-  const { data: projects } = useGetUserWorkspaces(true);
+  const { data: projects, isLoading: isProjectsLoading } = useGetUserWorkspaces(true);
 
   const {
     control,
@@ -95,18 +94,14 @@ export const AddOrgMemberModal = ({
     }
   }, [organizationRoles]);
 
-  const selectedProjectIds = watch("projectIds", []);
-
   const onAddMembers = async ({
     emails,
     organizationRoleSlug,
-    projectIds,
+    projects: selectedProjects,
     projectRoleSlug
   }: TAddMemberForm) => {
     if (!currentOrg?.id) return;
 
-    const selectedProjects = projects?.filter((project) => projectIds.includes(String(project.id)));
-
     if (selectedProjects?.length) {
       // eslint-disable-next-line no-restricted-syntax
       for (const project of selectedProjects) {
@@ -144,7 +139,7 @@ export const AddOrgMemberModal = ({
         organizationId: currentOrg?.id,
         inviteeEmails: emails.split(",").map((email) => email.trim()),
         organizationRoleSlug,
-        projects: projectIds.map((id) => ({ id, projectRoleSlug: [projectRoleSlug] }))
+        projects: selectedProjects.map(({ id }) => ({ id, projectRoleSlug: [projectRoleSlug] }))
       });
 
       setCompleteInviteLinks(data?.completeInviteLinks ?? null);
@@ -182,6 +177,7 @@ export const AddOrgMemberModal = ({
       }}
     >
       <ModalContent
+        bodyClassName="overflow-visible"
         title={`Invite others to ${currentOrg?.name}`}
         subTitle={
           <div>
@@ -236,98 +232,33 @@ export const AddOrgMemberModal = ({
               )}
             />
 
-            <div className="flex items-center justify-between gap-2">
+            <div className="flex items-start justify-between gap-2">
               <div className="w-full">
                 <Controller
                   control={control}
-                  name="projectIds"
-                  render={({ field, fieldState: { error } }) => (
+                  name="projects"
+                  render={({ field: { value, onChange }, fieldState: { error } }) => (
                     <FormControl
-                      label="Assign users to projects (optional)"
+                      label="Assign users to projects"
+                      isOptional
                       isError={Boolean(error?.message)}
                       errorText={error?.message}
                     >
-                      <DropdownMenu>
-                        <DropdownMenuTrigger asChild>
-                          {projects && projects.length > 0 ? (
-                            <div className="inline-flex w-full cursor-pointer items-center justify-between rounded-md border border-mineshaft-600 bg-mineshaft-900 px-3 py-2 font-inter text-sm font-normal text-bunker-200 outline-none data-[placeholder]:text-mineshaft-200">
-                              {/* eslint-disable-next-line no-nested-ternary */}
-                              {selectedProjectIds.length === 1
-                                ? projects.find((project) => project.id === selectedProjectIds[0])
-                                    ?.name
-                                : selectedProjectIds.length === 0
-                                ? "No projects selected"
-                                : `${selectedProjectIds.length} projects selected`}
-                              <FontAwesomeIcon icon={faChevronDown} className="text-xs" />
-                            </div>
-                          ) : (
-                            <div className="inline-flex w-full cursor-default items-center justify-between rounded-md border border-mineshaft-600 bg-mineshaft-900 px-3 py-2 font-inter text-sm font-normal text-bunker-200 outline-none data-[placeholder]:text-mineshaft-200">
-                              No projects found
-                            </div>
-                          )}
-                        </DropdownMenuTrigger>
-                        <DropdownMenuContent
-                          align="start"
-                          className="thin-scrollbar z-[100] max-h-80"
-                        >
-                          {projects && projects.length > 0 ? (
-                            projects.map((project) => {
-                              const isSelected = selectedProjectIds.includes(String(project.id));
-
-                              return (
-                                <DropdownMenuItem
-                                  onSelect={(event) =>
-                                    projects.length > 1 && event.preventDefault()
-                                  }
-                                  onClick={() => {
-                                    if (selectedProjectIds.includes(String(project.id))) {
-                                      field.onChange(
-                                        selectedProjectIds.filter(
-                                          (projectId: string) => projectId !== String(project.id)
-                                        )
-                                      );
-                                    } else {
-                                      field.onChange([...selectedProjectIds, String(project.id)]);
-                                    }
-                                  }}
-                                  key={`project-id-${project.id}`}
-                                  icon={
-                                    isSelected ? (
-                                      <FontAwesomeIcon
-                                        icon={faCheckCircle}
-                                        className="pr-0.5 text-primary"
-                                      />
-                                    ) : (
-                                      <div className="pl-[1.01rem]" />
-                                    )
-                                  }
-                                  iconPos="left"
-                                  className="w-[28.4rem] text-sm"
-                                >
-                                  <div className="flex items-center gap-2 capitalize">
-                                    {project.name}
-                                    {project.version !== ProjectVersion.V3 && (
-                                      <Tooltip content="Project is not compatible with this action, please upgrade this project.">
-                                        <FontAwesomeIcon
-                                          icon={faExclamationCircle}
-                                          className="text-xs opacity-50"
-                                        />
-                                      </Tooltip>
-                                    )}
-                                  </div>
-                                </DropdownMenuItem>
-                              );
-                            })
-                          ) : (
-                            <div />
-                          )}
-                        </DropdownMenuContent>
-                      </DropdownMenu>
+                      <FilterableSelect
+                        isMulti
+                        value={value}
+                        onChange={onChange}
+                        isLoading={isProjectsLoading}
+                        getOptionLabel={(project) => project.name}
+                        getOptionValue={(project) => project.id}
+                        options={projects}
+                        placeholder="Select projects..."
+                      />
                     </FormControl>
                   )}
                 />
               </div>
-              <div className="flex min-w-fit justify-end">
+              <div className="mt-[0.15rem] flex min-w-fit justify-end">
                 <Controller
                   control={control}
                   name="projectRoleSlug"
@@ -340,7 +271,7 @@ export const AddOrgMemberModal = ({
                     >
                       <div>
                         <Select
-                          isDisabled={selectedProjectIds.length === 0}
+                          isDisabled={watch("projects", []).length === 0}
                           defaultValue={DEFAULT_ORG_AND_PROJECT_MEMBER_ROLE_SLUG}
                           {...field}
                           onValueChange={(val) => field.onChange(val)}

frontend/src/views/Org/RolePage/components/RoleModal.tsx

@@ -9,13 +9,12 @@ import { Button, FormControl, Input, Modal, ModalContent } from "@app/components
 import { useOrganization } from "@app/context";
 import { useCreateOrgRole, useGetOrgRole, useUpdateOrgRole } from "@app/hooks/api";
 import { UsePopUpState } from "@app/hooks/usePopUp";
-import { slugSchema } from "@app/lib/schemas";
 
 const schema = z
   .object({
     name: z.string(),
     description: z.string(),
-    slug: slugSchema({ min: 1 })
+    slug: z.string()
   })
   .required();
 

frontend/src/views/Project/KmsPage/components/CmekModal.tsx

@@ -1,5 +1,6 @@
 import { Controller, useForm } from "react-hook-form";
 import { zodResolver } from "@hookform/resolvers/zod";
+import slugify from "@sindresorhus/slugify";
 import { z } from "zod";
 
 import { createNotification } from "@app/components/notifications";
@@ -16,10 +17,16 @@ import {
 } from "@app/components/v2";
 import { useWorkspace } from "@app/context";
 import { EncryptionAlgorithm, TCmek, useCreateCmek, useUpdateCmek } from "@app/hooks/api/cmeks";
-import { slugSchema } from "@app/lib/schemas";
 
 const formSchema = z.object({
-  name: slugSchema({ min: 1, max: 32, field: "Name" }),
+  name: z
+    .string()
+    .min(1)
+    .toLowerCase()
+    .max(32)
+    .refine((v) => slugify(v) === v, {
+      message: "Name must be in slug format"
+    }),
   description: z.string().max(500).optional(),
   encryptionAlgorithm: z.nativeEnum(EncryptionAlgorithm)
 });

frontend/src/views/Project/MembersPage/components/IdentityTab/IdentityTab.tsx

@@ -181,7 +181,7 @@ export const IdentityTab = withProjectPermission(
                   onClick={() => handlePopUpOpen("identity")}
                   isDisabled={!isAllowed}
                 >
-                  Add identity
+                  Add Identity
                 </Button>
               )}
             </ProjectPermissionCan>

frontend/src/views/Project/MembersPage/components/IdentityTab/components/IdentityModal.tsx

@@ -1,12 +1,19 @@
-import { useEffect, useMemo } from "react";
+import { useMemo } from "react";
 import { Controller, useForm } from "react-hook-form";
 import Link from "next/link";
-import { yupResolver } from "@hookform/resolvers/yup";
-import * as yup from "yup";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { z } from "zod";
 
 import { createNotification } from "@app/components/notifications";
-import { Button, FormControl, Modal, ModalClose, ModalContent } from "@app/components/v2";
-import { ComboBox } from "@app/components/v2/ComboBox";
+import {
+  Button,
+  FilterableSelect,
+  FormControl,
+  Modal,
+  ModalClose,
+  ModalContent,
+  Spinner
+} from "@app/components/v2";
 import { useOrganization, useWorkspace } from "@app/context";
 import {
   useAddIdentityToWorkspace,
@@ -16,37 +23,30 @@ import {
 } from "@app/hooks/api";
 import { UsePopUpState } from "@app/hooks/usePopUp";
 
-const schema = yup
-  .object({
-    identity: yup.object({
-      id: yup.string().required("Identity id is required"),
-      name: yup.string().required("Identity name is required")
-    }),
-    role: yup.object({
-      slug: yup.string().required("role slug is required"),
-      name: yup.string().required("role name is required")
-    })
-  })
-  .required();
+const schema = z.object({
+  identity: z.object({ name: z.string(), id: z.string() }),
+  role: z.object({ name: z.string(), slug: z.string() })
+});
 
-export type FormData = yup.InferType<typeof schema>;
+export type FormData = z.infer<typeof schema>;
 
 type Props = {
   popUp: UsePopUpState<["identity"]>;
   handlePopUpToggle: (popUpName: keyof UsePopUpState<["identity"]>, state?: boolean) => void;
 };
 
-export const IdentityModal = ({ popUp, handlePopUpToggle }: Props) => {
+const Content = ({ popUp, handlePopUpToggle }: Props) => {
   const { currentOrg } = useOrganization();
   const { currentWorkspace } = useWorkspace();
 
   const organizationId = currentOrg?.id || "";
   const workspaceId = currentWorkspace?.id || "";
 
-  const { data: identityMembershipOrgsData } = useGetIdentityMembershipOrgs({
-    organizationId,
-    limit: 20000 // TODO: this is temp to preserve functionality for larger projects, will replace with combobox in separate PR
-  });
+  const { data: identityMembershipOrgsData, isLoading: isMembershipsLoading } =
+    useGetIdentityMembershipOrgs({
+      organizationId,
+      limit: 20000 // TODO: this is temp to preserve functionality for larger projects, will replace with combobox in separate PR
+    });
   const identityMembershipOrgs = identityMembershipOrgsData?.identityMemberships;
   const { data: identityMembershipsData } = useGetWorkspaceIdentityMemberships({
     workspaceId,
@@ -54,11 +54,7 @@ export const IdentityModal = ({ popUp, handlePopUpToggle }: Props) => {
   });
   const identityMemberships = identityMembershipsData?.identityMemberships;
 
-  const {
-    data: roles,
-    isLoading: isRolesLoading,
-    isFetched: isRolesFetched
-  } = useGetProjectRoles(workspaceId);
+  const { data: roles, isLoading: isRolesLoading } = useGetProjectRoles(workspaceId);
 
   const { mutateAsync: addIdentityToWorkspaceMutateAsync } = useAddIdentityToWorkspace();
 
@@ -76,18 +72,11 @@ export const IdentityModal = ({ popUp, handlePopUpToggle }: Props) => {
     control,
     handleSubmit,
     reset,
-    setValue,
     formState: { isSubmitting }
   } = useForm<FormData>({
-    resolver: yupResolver(schema)
+    resolver: zodResolver(schema)
   });
 
-  useEffect(() => {
-    if (!isRolesFetched || !roles) return;
-
-    setValue("role", { name: roles[0]?.name, slug: roles[0]?.slug });
-  }, [isRolesFetched, roles]);
-
   const onFormSubmit = async ({ identity, role }: FormData) => {
     try {
       await addIdentityToWorkspaceMutateAsync({
@@ -125,104 +114,93 @@ export const IdentityModal = ({ popUp, handlePopUpToggle }: Props) => {
     }
   };
 
+  if (isMembershipsLoading || isRolesLoading)
+    return (
+      <div className="flex w-full items-center justify-center py-10">
+        <Spinner className="text-mineshaft-400" />
+      </div>
+    );
+
+  return filteredIdentityMembershipOrgs.length ? (
+    <form onSubmit={handleSubmit(onFormSubmit)}>
+      <Controller
+        control={control}
+        name="identity"
+        render={({ field: { onChange, value }, fieldState: { error } }) => (
+          <FormControl label="Identity" errorText={error?.message} isError={Boolean(error)}>
+            <FilterableSelect
+              value={value}
+              onChange={onChange}
+              placeholder="Select identity..."
+              options={filteredIdentityMembershipOrgs.map((membership) => membership.identity)}
+              getOptionValue={(option) => option.id}
+              getOptionLabel={(option) => option.name}
+            />
+          </FormControl>
+        )}
+      />
+      <Controller
+        control={control}
+        name="role"
+        render={({ field: { onChange, value }, fieldState: { error } }) => (
+          <FormControl
+            label="Role"
+            errorText={error?.message}
+            isError={Boolean(error)}
+            className="mt-4"
+          >
+            <FilterableSelect
+              value={value}
+              onChange={onChange}
+              options={roles}
+              placeholder="Select role..."
+              getOptionValue={(option) => option.slug}
+              getOptionLabel={(option) => option.name}
+            />
+          </FormControl>
+        )}
+      />
+      <div className="flex items-center">
+        <Button
+          className="mr-4"
+          size="sm"
+          type="submit"
+          isLoading={isSubmitting}
+          isDisabled={isSubmitting}
+        >
+          {popUp?.identity?.data ? "Update" : "Add"}
+        </Button>
+        <ModalClose asChild>
+          <Button colorSchema="secondary" variant="plain">
+            Cancel
+          </Button>
+        </ModalClose>
+      </div>
+    </form>
+  ) : (
+    <div className="flex flex-col space-y-4">
+      <div className="text-sm">
+        All identities in your organization have already been added to this project.
+      </div>
+      <Link href={`/org/${currentWorkspace?.orgId}/members`}>
+        <Button isDisabled={isRolesLoading} isLoading={isRolesLoading} variant="outline_bg">
+          Create a new identity
+        </Button>
+      </Link>
+    </div>
+  );
+};
+
+export const IdentityModal = ({ popUp, handlePopUpToggle }: Props) => {
   return (
     <Modal
       isOpen={popUp?.identity?.isOpen}
       onOpenChange={(isOpen) => {
         handlePopUpToggle("identity", isOpen);
-        reset();
       }}
     >
       <ModalContent title="Add Identity to Project" bodyClassName="overflow-visible">
-        {filteredIdentityMembershipOrgs.length ? (
-          <form onSubmit={handleSubmit(onFormSubmit)}>
-            <Controller
-              control={control}
-              name="identity"
-              defaultValue={{
-                id: filteredIdentityMembershipOrgs?.[0]?.identity?.id,
-                name: filteredIdentityMembershipOrgs?.[0]?.identity?.name
-              }}
-              render={({ field: { onChange, ...field }, fieldState: { error } }) => (
-                <FormControl label="Identity" errorText={error?.message} isError={Boolean(error)}>
-                  <ComboBox
-                    className="w-full"
-                    by="id"
-                    value={{ id: field.value.id, name: field.value.name }}
-                    defaultValue={{ id: field.value.id, name: field.value.name }}
-                    onSelectChange={(value) => onChange({ id: value.id, name: value.name })}
-                    displayValue={(el) => el.name}
-                    onFilter={({ value }, filterQuery) =>
-                      value.name.toLowerCase().includes(filterQuery.toLowerCase())
-                    }
-                    items={filteredIdentityMembershipOrgs.map(({ identity }) => ({
-                      key: identity.id,
-                      value: { id: identity.id, name: identity.name },
-                      label: identity.name
-                    }))}
-                  />
-                </FormControl>
-              )}
-            />
-            <Controller
-              control={control}
-              name="role"
-              defaultValue={{ name: "", slug: "" }}
-              render={({ field: { onChange, ...field }, fieldState: { error } }) => (
-                <FormControl
-                  label="Role"
-                  errorText={error?.message}
-                  isError={Boolean(error)}
-                  className="mt-4"
-                >
-                  <ComboBox
-                    className="w-full"
-                    by="slug"
-                    value={{ slug: field.value.slug, name: field.value.name }}
-                    defaultValue={{ slug: field.value.slug, name: field.value.name }}
-                    onSelectChange={(value) => onChange({ slug: value.slug, name: value.name })}
-                    displayValue={(el) => el.name}
-                    onFilter={({ value }, filterQuery) =>
-                      value.name.toLowerCase().includes(filterQuery.toLowerCase())
-                    }
-                    items={(roles || []).map(({ slug, name }) => ({
-                      key: slug,
-                      value: { slug, name },
-                      label: name
-                    }))}
-                  />
-                </FormControl>
-              )}
-            />
-            <div className="flex items-center">
-              <Button
-                className="mr-4"
-                size="sm"
-                type="submit"
-                isLoading={isSubmitting}
-                isDisabled={isSubmitting}
-              >
-                {popUp?.identity?.data ? "Update" : "Create"}
-              </Button>
-              <ModalClose asChild>
-                <Button colorSchema="secondary" variant="plain">
-                  Cancel
-                </Button>
-              </ModalClose>
-            </div>
-          </form>
-        ) : (
-          <div className="flex flex-col space-y-4">
-            <div className="text-sm">
-              All identities in your organization have already been added to this project.
-            </div>
-            <Link href={`/org/${currentWorkspace?.orgId}/members`}>
-              <Button isDisabled={isRolesLoading} isLoading={isRolesLoading} variant="outline_bg">
-                Create a new identity
-              </Button>
-            </Link>
-          </div>
-        )}
+        <Content popUp={popUp} handlePopUpToggle={handlePopUpToggle} />
       </ModalContent>
     </Modal>
   );

frontend/src/views/Project/RolePage/components/RoleModal.tsx

@@ -13,13 +13,12 @@ import {
   useUpdateProjectRole
 } from "@app/hooks/api";
 import { UsePopUpState } from "@app/hooks/usePopUp";
-import { slugSchema } from "@app/lib/schemas";
 
 const schema = z
   .object({
     name: z.string(),
     description: z.string(),
-    slug: slugSchema({ min: 1 })
+    slug: z.string()
   })
   .required();
 

frontend/src/views/SecretMainPage/components/ActionBar/FolderForm.tsx

@@ -15,7 +15,10 @@ const formSchema = z.object({
   name: z
     .string()
     .trim()
-    .regex(/^[a-zA-Z0-9-_]+$/, "Folder name cannot contain spaces. Only underscore and dashes")
+    .regex(
+      /^[a-zA-Z0-9-_]+$/,
+      "Folder name can only contain letters, numbers, dashes, and underscores"
+    )
 });
 type TFormData = z.infer<typeof formSchema>;
 

frontend/src/views/SecretMainPage/components/CreateSecretForm/CreateSecretForm.tsx

@@ -6,11 +6,12 @@ import { zodResolver } from "@hookform/resolvers/zod";
 import { z } from "zod";
 
 import { createNotification } from "@app/components/notifications";
-import { Button, FilterableSelect, FormControl, Input } from "@app/components/v2";
+import { Button, FormControl, Input } from "@app/components/v2";
+import { CreatableSelect } from "@app/components/v2/CreatableSelect";
 import { InfisicalSecretInput } from "@app/components/v2/InfisicalSecretInput";
 import { ProjectPermissionActions, ProjectPermissionSub, useProjectPermission } from "@app/context";
 import { getKeyValue } from "@app/helpers/parseEnvVar";
-import { useCreateSecretV3, useGetWsTags } from "@app/hooks/api";
+import { useCreateSecretV3, useCreateWsTag, useGetWsTags } from "@app/hooks/api";
 import { SecretType } from "@app/hooks/api/types";
 
 import { PopUpNames, usePopUpAction } from "../../SecretMainPage.store";
@@ -50,12 +51,32 @@ export const CreateSecretForm = ({
   const { closePopUp } = usePopUpAction();
 
   const { mutateAsync: createSecretV3 } = useCreateSecretV3();
+  const createWsTag = useCreateWsTag();
+
   const { permission } = useProjectPermission();
   const canReadTags = permission.can(ProjectPermissionActions.Read, ProjectPermissionSub.Tags);
   const { data: projectTags, isLoading: isTagsLoading } = useGetWsTags(
     canReadTags ? workspaceId : ""
   );
 
+  const slugSchema = z.string().trim().toLowerCase().min(1);
+  const createNewTag = async (slug: string) => {
+    // TODO: Replace with slugSchema generic
+    try {
+      const parsedSlug = slugSchema.parse(slug);
+      await createWsTag.mutateAsync({
+        workspaceID: workspaceId,
+        tagSlug: parsedSlug,
+        tagColor: ""
+      });
+    } catch {
+      createNotification({
+        type: "error",
+        text: "Failed to create new tag"
+      });
+    }
+  };
+
   const handleFormSubmit = async ({ key, value, tags }: TFormSchema) => {
     try {
       await createSecretV3({
@@ -148,16 +169,18 @@ export const CreateSecretForm = ({
               )
             }
           >
-            <FilterableSelect
+            <CreatableSelect
+              isMulti
               className="w-full"
               placeholder="Select tags to assign to secret..."
-              isMulti
+              isValidNewOption={(v) => slugSchema.safeParse(v).success}
               name="tagIds"
               isDisabled={!canReadTags}
               isLoading={isTagsLoading && canReadTags}
               options={projectTags?.map((el) => ({ label: el.slug, value: el.id }))}
               value={field.value}
               onChange={field.onChange}
+              onCreateOption={createNewTag}
             />
           </FormControl>
         )}

frontend/src/views/SecretOverviewPage/SecretOverviewPage.tsx

@@ -186,7 +186,7 @@ export const SecretOverviewPage = () => {
     useGetImportedSecretsAllEnvs({
       projectId: workspaceId,
       path: secretPath,
-      environments: userAvailableEnvs.map(({ slug }) => slug)
+      environments: (userAvailableEnvs || []).map(({ slug }) => slug)
     });
 
   const { isLoading: isOverviewLoading, data: overview } = useGetProjectSecretsOverview(
@@ -618,7 +618,7 @@ export const SecretOverviewPage = () => {
     }
   }, [router.query.search]);
 
-  if (isWorkspaceLoading || (isProjectV3 && isOverviewLoading)) {
+  if (isWorkspaceLoading || (isProjectV3 && visibleEnvs.length > 0 && isOverviewLoading)) {
     return (
       <div className="container mx-auto flex h-screen w-full items-center justify-center px-8 text-mineshaft-50 dark:[color-scheme:dark]">
         <img

frontend/src/views/SecretOverviewPage/components/CreateSecretForm/CreateSecretForm.tsx

@@ -7,15 +7,8 @@ import { zodResolver } from "@hookform/resolvers/zod";
 import { z } from "zod";
 
 import { createNotification } from "@app/components/notifications";
-import {
-  Button,
-  Checkbox,
-  FilterableSelect,
-  FormControl,
-  FormLabel,
-  Input,
-  Tooltip
-} from "@app/components/v2";
+import { Button, Checkbox, FormControl, FormLabel, Input, Tooltip } from "@app/components/v2";
+import { CreatableSelect } from "@app/components/v2/CreatableSelect";
 import { InfisicalSecretInput } from "@app/components/v2/InfisicalSecretInput";
 import {
   ProjectPermissionActions,
@@ -27,6 +20,7 @@ import { getKeyValue } from "@app/helpers/parseEnvVar";
 import {
   useCreateFolder,
   useCreateSecretV3,
+  useCreateWsTag,
   useGetWsTags,
   useUpdateSecretV3
 } from "@app/hooks/api";
@@ -199,6 +193,25 @@ export const CreateSecretForm = ({ secretPath = "/", getSecretByKey, onClose }:
     setValue("value", value);
   };
 
+  const createWsTag = useCreateWsTag();
+  const slugSchema = z.string().trim().toLowerCase().min(1);
+  const createNewTag = async (slug: string) => {
+    // TODO: Replace with slugSchema generic
+    try {
+      const parsedSlug = slugSchema.parse(slug);
+      await createWsTag.mutateAsync({
+        workspaceID: workspaceId,
+        tagSlug: parsedSlug,
+        tagColor: ""
+      });
+    } catch {
+      createNotification({
+        type: "error",
+        text: "Failed to create new tag"
+      });
+    }
+  };
+
   return (
     <form onSubmit={handleSubmit(handleFormSubmit)} noValidate>
       <FormControl
@@ -249,16 +262,18 @@ export const CreateSecretForm = ({ secretPath = "/", getSecretByKey, onClose }:
               )
             }
           >
-            <FilterableSelect
-              className="w-full"
-              placeholder="Select tags to assign to secrets..."
+            <CreatableSelect
               isMulti
+              className="w-full"
+              placeholder="Select tags to assign to secret..."
+              isValidNewOption={(v) => slugSchema.safeParse(v).success}
               name="tagIds"
               isDisabled={!canReadTags}
               isLoading={isTagsLoading && canReadTags}
               options={projectTags?.map((el) => ({ label: el.slug, value: el.id }))}
               value={field.value}
               onChange={field.onChange}
+              onCreateOption={createNewTag}
             />
           </FormControl>
         )}