script for helm upload to cloudsmith

Update docker-image.yml to push to docker hub

.env.example

@@ -27,19 +27,14 @@ EMAIL_TOKEN_LIFETIME=
 # Required
 MONGO_URL=mongodb://root:example@mongo:27017/?authSource=admin
 
-# Optional credentials for MongoDB container instance
+# Optional credentials for MongoDB container instance and Mongo-Express
 MONGO_USERNAME=root
 MONGO_PASSWORD=example
 
-# Mongo-Express vars (needed for development only)
-ME_CONFIG_MONGODB_ADMINUSERNAME=root
-ME_CONFIG_MONGODB_ADMINPASSWORD=example
-ME_CONFIG_MONGODB_URL=mongodb://root:example@mongo:27017/
-
 # Website URL
 # Required
-NODE_ENV=development
-NEXT_PUBLIC_WEBSITE_URL=http://localhost:8080
+
+SITE_URL=http://localhost:8080
 
 # Mail/SMTP
 # Required to send emails

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,29 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+### Describe the bug
+A clear and concise description of what the bug is.
+
+### To Reproduce
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+### Expected behavior
+A clear and concise description of what you expected to happen.
+
+### Screenshots
+If applicable, add screenshots to help explain your problem.
+
+### Platform you are having the issue on:
+
+### Additional context
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature Request
+about: Let us now what feature you would want to have in Infisical
+title: ''
+labels: 'feature request'
+assignees: ''
+
+---
+
+### Feature description
+A clear and concise description of what the the feature should be.
+
+### Why would it be useful?
+Why would this feature be useful for Infisical users? 
+
+### Additional context
+Add any other context about the problem here.

.github/workflows/close_inactive_issues.yml

@@ -0,0 +1,22 @@
+name: Close inactive issues
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v4
+        with:
+          days-before-issue-stale: 30
+          days-before-issue-close: 14
+          stale-issue-label: "stale"
+          stale-issue-message: "This issue is stale because it has been open for 30 days with no activity."
+          close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/docker-image.yml

@@ -0,0 +1,37 @@
+name: Push to Docker Hub
+
+on: [workflow_dispatch]
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push backend
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          context: backend
+          tags: infisical/backend:test
+      -
+        name: Build and push frontend
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          file: frontend/Dockerfile.dev
+          context: frontend
+          tags: infisical/frontend:test

.github/workflows/helm-chart-release.yaml

@@ -0,0 +1,33 @@
+name: Release Charts
+
+on: [workflow_dispatch]
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.10.0
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.4.1
+        with:
+          charts_dir: helm-charts
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/release_build.yml

@@ -35,7 +35,7 @@ jobs:
       - uses: actions/setup-python@v4
       - run: pip install --upgrade cloudsmith-cli
       - name: Publish to CloudSmith 
-        run: sh cli/upload_to_cloudfront.sh
+        run: sh cli/upload_to_cloudsmith.sh
         env:
           CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
       

.gitignore

@@ -49,3 +49,6 @@ yarn-error.log*
 .env.production.local
 .vercel
 .env.infisical
+
+# Infisical init
+.infisical.json

CONTRIBUTING.md

@@ -1,5 +1,7 @@
 # Contributing to Infisical
 
-Thanks for taking the time to contribute!
+Thanks for taking the time to contribute! 😃 🚀
 
-Please refer to our Contributing Guide for instructions on how to contribute.
+Please refer to our [Contributing Guide](https://infisical.com/docs/contributing/overview) for instructions on how to contribute.
+
+We also have some 🔥amazing🔥 merch for our contributors. Please reach out to tony@infisical.com for more info 👀

LICENSE

@@ -0,0 +1,25 @@
+Copyright (c) 2022 Infisical Inc.
+
+Portions of this software are licensed as follows:
+
+- All content that resides under any "ee/" directory of this repository, if such directories exists, are licensed under the license defined in "ee/LICENSE".
+- All third party components incorporated into the Infisical Software are licensed under the original license provided by the owner of the applicable component.
+- Content outside of the above mentioned directories or restrictions above is available under the "MIT Expat" license as defined below.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -1,14 +1,14 @@
 build:
-	docker-compose -f docker-compose.yml -f docker-compose.prod.yml build
+	docker-compose -f docker-compose.yml build
 
 push:
-	docker-compose -f docker-compose.yml -f docker-compose.prod.yml push
+	docker-compose -f docker-compose.yml push
 
 up-dev:
-	docker-compose -f docker-compose.yml -f docker-compose.dev.yml up --build
+	docker-compose -f docker-compose.dev.yml up --build
 
 up-prod:
-	docker-compose -f docker-compose.yml -f docker-compose.prod.yml up --build
+	docker-compose -f docker-compose.yml up --build
 
 down:
-	docker-compose down
+	docker-compose down

README.md

@@ -3,13 +3,14 @@
   <img width="300" src="/img/logoname-white.svg#gh-dark-mode-only" alt="infisical">
 </h1>
 <p align="center">
-  <p align="center">Open-source, end-to-end encrypted, 1-line-of-code tool to sync environment variables across you team and infrastructure.</p>
+  <p align="center">Open-source, E2EE, simple tool to manage and sync environment variables across your team and infrastructure.</p>
 </p>
 
 <h4 align="center">
-  <a href="https://infisical.com/signup">Get Started - we host (Infisical Cloud)</a> |
-  <a href="https://infisical.com/docs/self_host_overview">Get Started - you host</a> |
-  <a href="https://infisical.com/docs/gettingStarted">Docs</a> |
+  <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">Slack</a> |
+  <a href="https://infisical.com/">Infisical Cloud</a> |
+  <a href="https://infisical.com/docs/self-hosting/overview">Self-Hosting</a> |
+  <a href="https://infisical.com/docs/getting-started/introduction">Docs</a> |
   <a href="https://www.infisical.com">Website</a>
 </h4>
 
@@ -20,51 +21,59 @@
   <a href="https://github.com/infisical/infisical/blob/main/CONTRIBUTING.md">
     <img src="https://img.shields.io/badge/PRs-Welcome-brightgreen" alt="PRs welcome!" />
   </a>
-  <a href="https://join.slack.com/t/infisical/shared_invite/zt-1dgg63ln8-G7PCNJdCymAT9YF3j1ewVA">
+  <a href="">
+    <img src="https://img.shields.io/github/commit-activity/m/infisical/infisical" alt="git commit activity" />
+  </a>
+  <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">
     <img src="https://img.shields.io/badge/chat-on%20Slack-blueviolet" alt="Slack community channel" />
   </a>
 </h4>
 
 <img src="/img/infisical_github_repo.png" width="100%" alt="Dashboard" />
 
-**[Infisical](https://infisical.com)** is an open source tool to help teams manage and sync environment variables across their development workflow and infrastructure. It's designed to be simple and end-to-end encrypted. You can start with just 1 line of code within 10 minutes.
+**[Infisical](https://infisical.com)** is an open source, E2EE tool to help teams manage and sync environment variables across their development workflow and infrastructure. It's designed to be simple and take minutes to get going.
 
-- **User-Friendly Dashboard** to manage your organization's environment variables within projects
-- **[Language-Agnostic CLI](https://infisical.com/docs/CLI)**  that pulls and injects environment variables into your local workflow
-- **[Complete control over your data](https://infisical.com/docs/self_host_overview)** - host it yourself on any infrastructure
+- **[User-Friendly Dashboard](https://infisical.com/docs/getting-started/dashboard/project)** to manage your team's environment variables within projects
+- **[Language-Agnostic CLI](https://infisical.com/docs/cli/overview)** that pulls and injects environment variables into your local workflow
+- **[Complete control over your data](https://infisical.com/docs/self-hosting/overview)** - host it yourself on any infrastructure
 - **Navigate Multiple Environments** per project (e.g. development, staging, production, etc.)
 - **Personal/Shared** scoping for environment variables
-- **[Integrations](https://infisical.com/docs/Heroku)** with CI/CD and production infrastructure (Heroku available, more coming soon)
-- **[1-Click Deploy](https://infisical.com/docs/linux)** to Digital Ocean (other providers coming soon)
-- 🔜 **Authentication/Authorization** for projects (read/write controls coming soon)
-- 🔜 **Automatic Secret Rotation** (coming soon)
-- 🔜 **2FA** (coming soon)
-- 🔜 **Access Logs** (coming soon)
-- 🔜 **Slack Integration & MS Teams** integrations (coming soon)
+- **[Integrations](https://infisical.com/docs/integrations/overview)** with CI/CD and production infrastructure (Heroku available, more coming soon)
+- 🔜 **1-Click Deploy** to Digital Ocean and Heroku
+- 🔜 **Authentication/Authorization** for projects (read/write controls soon)
+- 🔜 **Automatic Secret Rotation**
+- 🔜 **2FA**
+- 🔜 **Access Logs**
+- 🔜 **Slack Integration & MS Teams** integrations
 
 And more.
 
+## Get started
+
+To quickly get started, visit our [get started guide](https://infisical.com/docs/getting-started/introduction).
+
 ## What's cool about this?
 
-Infisical is the first open-source end-to-end encrypted secret manager that takes less than 10 minutes to setup. 
+Infisical makes secret management simple and end-to-end encrypted by default. We're on a mission to make it more accessible to all developers, <i>not just security teams</i>. 
 
-Yes. There are other secret managers out there. Some of them are incredibly complicated - they were built for security teams, not developers. The other ones are not end-to-end encrypted, and because of that they can read your secrets. If you care about efficiency and security at the same time - Infisical is right for you. 
+According to a [report](https://www.ekransystem.com/en/blog/secrets-management) in 2019, only 10% of organizations use secret management solutions despite all using digital secrets to some extent.
 
-On top of that, Infisical is one of the few open source solutions. Need any integrations or want a new feature? You can [create an issue for us](https://github.com/Infisical/infisical/issues) or contribute directly! This is the power of open-source. :)
+If you care about efficiency and security, then Infisical is right for you.
+
+We are currently working hard to make Infisical more extensive. Need any integrations or want a new feature? Feel free to [create an issue](https://github.com/Infisical/infisical/issues) or [contribute](https://infisical.com/docs/contributing/overview) directly to the repository.
 
 ## Contributing
 
-For full documentation, visit [infisical.com/docs](https://infisical.com/docs).
-
-Whether it's big or small, we ❤️ contributions. Check out our guide to see how to [get started](./DEVELOPERS.md).
+Whether it's big or small, we love contributions ❤️ Check out our guide to see how to [get started](https://infisical.com/docs/contributing/overview).
 
 Not sure where to get started? [Book a free, non-pressure pairing sessions with one of our teammates](mailto:tony@infisical.com?subject=Pairing%20session&body=I'd%20like%20to%20do%20a%20pairing%20session!)!
 
 ## Community & Support
 
-- [GitHub Discussions](https://github.com/Infisical/infisical/discussions) for help with building and discussion.
-- [GitHub Issues](https://github.com/Infisical/infisical-cli/issues) for any bugs and errors you encounter using Infisical.
-- [Community Slack](https://join.slack.com/t/infisical/shared_invite/zt-1dgg63ln8-G7PCNJdCymAT9YF3j1ewVA) for hanging out with the community and quick communication with the team.
+- [Slack](https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g) (For live discussion with the community and the Infisical team)
+- [GitHub Discussions](https://github.com/Infisical/infisical/discussions) (For help with building and deeper conversations about features)
+- [GitHub Issues](https://github.com/Infisical/infisical-cli/issues) (For any bugs and errors you encounter using Infisical)
+- [Twitter](https://twitter.com/infisical) (Get news fast) 
 
 ## Status
 
@@ -72,34 +81,194 @@ Not sure where to get started? [Book a free, non-pressure pairing sessions with
 - [ ] Public Beta: Stable enough for most non-enterprise use-cases.
 - [ ] Public: Production-ready.
 
+We're currently in Public Alpha.
+
+## Stay Up-to-Date
+
+Infisical officially launched as v.1.0 on November 21st, 2022. However, a lot of new features are coming very quickly. Watch **releases** of this repository to be notified about future updates:
+
+![infisical-star-github](https://github.com/Infisical/infisical/blob/main/.github/images/star-infisical.gif?raw=true)
+
 ## Integrations
 
-We're currently setting the foundation and building integrations so secrets can be synced everywhere. Any help is welcome! :)
+We're currently setting the foundation and building [integrations](https://infisical.com/docs/integrations/overview) so secrets can be synced everywhere. Any help is welcome! :)
 
-- [x] Docker
-- [x] Docker Compose
-- [x] Heroku
-- [ ] Vercel
-- [ ] Kubernetes
-- [ ] AWS
-- [ ] GCP
-- [ ] Azure
-- [ ] Digital Ocean
-- [ ] GitLab
-- [ ] CircleCI
+<table>
+<tr>
+  <th>Platforms </th>
+  <th>Frameworks</th>
+</tr>
+<tr> 
+  <td>
+
+<table>
+  <tbody>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/platforms/docker?ref=github.com">
+          ✔️ Docker
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/platforms/docker-compose?ref=github.com">
+          ✔️ Docker Compose
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/cloud/heroku?ref=github.com">
+          ✔️ Heroku
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 Vercel (https://github.com/Infisical/infisical/issues/60)
+      </td>
+      <td align="left" valign="middle">
+        🔜 GitLab CI/CD
+      </td>
+      <td align="left" valign="middle">
+        🔜 Fly.io
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 AWS
+      </td>
+      <td align="left" valign="middle">
+        🔜 GitHub Actions (https://github.com/Infisical/infisical/issues/54)
+      </td>
+      <td align="left" valign="middle">
+         🔜 Railway
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 GCP
+      </td>
+      <td align="left" valign="middle">
+        🔜 Kubernetes
+      </td>
+      <td align="left" valign="middle">
+        🔜 CircleCI
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 Jenkins
+      </td>
+      <td align="left" valign="middle">
+        🔜 Digital Ocean
+      </td>
+      <td align="left" valign="middle">
+        🔜 Azure
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+         🔜 TravisCI
+      </td>
+      <td align="left" valign="middle">
+         🔜 Netlify (https://github.com/Infisical/infisical/issues/55)
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+  </td>
+<td>
 
 
-We're currently in Public Alpha.
+<table>
+  <tbody>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/react?ref=github.com">
+          ✔️ React
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/express?ref=github.com">
+          ✔️ Express
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/gatsby?ref=github.com">
+          ✔️ Gatsby
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/flask?ref=github.com">
+          ✔️ Flask
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/django?ref=github.com">
+          ✔️ Django
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/laravel?ref=github.com">
+          ✔️ Laravel
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/nestjs?ref=github.com">
+          ✔️ NestJS
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/remix?ref=github.com">
+          ✔️ Remix
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/nextjs?ref=github.com">
+          ✔️ Next.js
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/vite?ref=github.com">
+          ✔️ Vite
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/rails?ref=github.com">
+          ✔️ Ruby on Rails
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/vue?ref=github.com">
+          ✔️ Vue
+        </a>
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+</td>
+</tr> 
+</table>
+
 
 ## Open-source vs. paid
 
-This repo is entirely MIT licensed, with the exception of the `ee` directory which will contain premium enterprise features requring a Infisical license in the future. We're currently focused on developing non-enterprise offerings first that should suit most use-cases.
+This repo is entirely MIT licensed, with the exception of the `ee` directory which will contain premium enterprise features requiring a Infisical license in the future. We're currently focused on developing non-enterprise offerings first that should suit most use-cases.
 
 ## Security
 
 Looking to report a security vulnerability? Please don't post about it in GitHub issue. Instead, refer to our [SECURITY.md](./SECURITY.md) file.
 
-
 ## Contributors 🦸
 
 [//]: contributor-faces
@@ -107,4 +276,5 @@ Looking to report a security vulnerability? Please don't post about it in GitHub
 <!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
 <!-- prettier-ignore-start -->
 <!-- markdownlint-disable -->
- <a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/vlad-matsiiako"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> 
+
+<a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/mv-turtle"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/gangjun06"><img src="https://avatars.githubusercontent.com/u/50910815?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/reginaldbondoc"><img src="https://avatars.githubusercontent.com/u/7693108?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/SH5H"><img src="https://avatars.githubusercontent.com/u/25437192?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/tobias-mintlify"><img src="https://avatars.githubusercontent.com/u/110702161?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/0xflotus"><img src="https://avatars.githubusercontent.com/u/26602940?v=4" width="50" height="50" alt=""/></a> 

backend/environment.d.ts

@@ -21,6 +21,7 @@ declare global {
       PRIVATE_KEY: string;
       PUBLIC_KEY: string;
       SENTRY_DSN: string;
+      SITE_URL: string;
       SMTP_HOST: string;
       SMTP_NAME: string;
       SMTP_PASSWORD: string;
@@ -31,7 +32,6 @@ declare global {
       STRIPE_PUBLISHABLE_KEY: string;
       STRIPE_SECRET_KEY: string;
       STRIPE_WEBHOOK_SECRET: string;
-      WEBSITE_URL: string;
     }
   }
 }

backend/package-lock.json

@@ -43,6 +43,8 @@
         "@types/jsonwebtoken": "^8.5.9",
         "@types/node": "^18.11.3",
         "@types/nodemailer": "^6.4.6",
+        "@types/swagger-jsdoc": "^6.0.1",
+        "@types/swagger-ui-express": "^4.1.3",
         "@typescript-eslint/eslint-plugin": "^5.40.1",
         "@typescript-eslint/parser": "^5.40.1",
         "eslint": "^8.26.0",
@@ -2915,6 +2917,22 @@
       "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==",
       "dev": true
     },
+    "node_modules/@types/swagger-jsdoc": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@types/swagger-jsdoc/-/swagger-jsdoc-6.0.1.tgz",
+      "integrity": "sha512-+MUpcbyxD528dECUBCEVm6abNuORdbuGjbrUdHDeAQ+rkPuo2a+L4N02WJHF3bonSSE6SJ3dUJwF2V6+cHnf0w==",
+      "dev": true
+    },
+    "node_modules/@types/swagger-ui-express": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/@types/swagger-ui-express/-/swagger-ui-express-4.1.3.tgz",
+      "integrity": "sha512-jqCjGU/tGEaqIplPy3WyQg+Nrp6y80DCFnDEAvVKWkJyv0VivSSDCChkppHRHAablvInZe6pijDFMnavtN0vqA==",
+      "dev": true,
+      "dependencies": {
+        "@types/express": "*",
+        "@types/serve-static": "*"
+      }
+    },
     "node_modules/@types/webidl-conversions": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/@types/webidl-conversions/-/webidl-conversions-7.0.0.tgz",
@@ -13337,6 +13355,22 @@
       "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==",
       "dev": true
     },
+    "@types/swagger-jsdoc": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@types/swagger-jsdoc/-/swagger-jsdoc-6.0.1.tgz",
+      "integrity": "sha512-+MUpcbyxD528dECUBCEVm6abNuORdbuGjbrUdHDeAQ+rkPuo2a+L4N02WJHF3bonSSE6SJ3dUJwF2V6+cHnf0w==",
+      "dev": true
+    },
+    "@types/swagger-ui-express": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/@types/swagger-ui-express/-/swagger-ui-express-4.1.3.tgz",
+      "integrity": "sha512-jqCjGU/tGEaqIplPy3WyQg+Nrp6y80DCFnDEAvVKWkJyv0VivSSDCChkppHRHAablvInZe6pijDFMnavtN0vqA==",
+      "dev": true,
+      "requires": {
+        "@types/express": "*",
+        "@types/serve-static": "*"
+      }
+    },
     "@types/webidl-conversions": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/@types/webidl-conversions/-/webidl-conversions-7.0.0.tgz",

backend/package.json

@@ -56,6 +56,8 @@
     "@types/jsonwebtoken": "^8.5.9",
     "@types/node": "^18.11.3",
     "@types/nodemailer": "^6.4.6",
+    "@types/swagger-jsdoc": "^6.0.1",
+    "@types/swagger-ui-express": "^4.1.3",
     "@typescript-eslint/eslint-plugin": "^5.40.1",
     "@typescript-eslint/parser": "^5.40.1",
     "eslint": "^8.26.0",

backend/src/config/index.ts

@@ -1,5 +1,5 @@
 const PORT = process.env.PORT || 4000;
-const EMAIL_TOKEN_LIFETIME = process.env.EMAIL_TOKEN_LIFETIME! || '86400'; // investigate
+const EMAIL_TOKEN_LIFETIME = process.env.EMAIL_TOKEN_LIFETIME! || '86400';
 const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY!;
 const JWT_AUTH_LIFETIME = process.env.JWT_AUTH_LIFETIME! || '10d';
 const JWT_AUTH_SECRET = process.env.JWT_AUTH_SECRET!;
@@ -12,11 +12,12 @@ const MONGO_URL = process.env.MONGO_URL!;
 const NODE_ENV = process.env.NODE_ENV! || 'production';
 const OAUTH_CLIENT_SECRET_HEROKU = process.env.OAUTH_CLIENT_SECRET_HEROKU!;
 const OAUTH_TOKEN_URL_HEROKU = process.env.OAUTH_TOKEN_URL_HEROKU!;
-const POSTHOG_HOST = process.env.POSTHOG_HOST!;
-const POSTHOG_PROJECT_API_KEY = process.env.POSTHOG_PROJECT_API_KEY!;
+const POSTHOG_HOST = process.env.POSTHOG_HOST! || 'https://app.posthog.com';
+const POSTHOG_PROJECT_API_KEY = process.env.POSTHOG_PROJECT_API_KEY! || 'phc_nSin8j5q2zdhpFDI1ETmFNUIuTG4DwKVyIigrY10XiE';
 const PRIVATE_KEY = process.env.PRIVATE_KEY!;
 const PUBLIC_KEY = process.env.PUBLIC_KEY!;
 const SENTRY_DSN = process.env.SENTRY_DSN!;
+const SITE_URL = process.env.SITE_URL!;
 const SMTP_HOST = process.env.SMTP_HOST! || 'smtp.gmail.com';
 const SMTP_NAME = process.env.SMTP_NAME!;
 const SMTP_USERNAME = process.env.SMTP_USERNAME!;
@@ -27,7 +28,7 @@ const STRIPE_PRODUCT_STARTER = process.env.STRIPE_PRODUCT_STARTER!;
 const STRIPE_PUBLISHABLE_KEY = process.env.STRIPE_PUBLISHABLE_KEY!;
 const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY!;
 const STRIPE_WEBHOOK_SECRET = process.env.STRIPE_WEBHOOK_SECRET!;
-const WEBSITE_URL = 'http://frontend:3000';
+const TELEMETRY_ENABLED = (process.env.TELEMETRY_ENABLED! !== 'false') && true;
 
 export {
 	PORT,
@@ -49,6 +50,7 @@ export {
 	PRIVATE_KEY,
 	PUBLIC_KEY,
 	SENTRY_DSN,
+	SITE_URL,
 	SMTP_HOST,
 	SMTP_NAME,
 	SMTP_USERNAME,
@@ -59,5 +61,5 @@ export {
 	STRIPE_PUBLISHABLE_KEY,
 	STRIPE_SECRET_KEY,
 	STRIPE_WEBHOOK_SECRET,
-	WEBSITE_URL
+	TELEMETRY_ENABLED
 };

backend/src/controllers/membershipController.ts

@@ -6,7 +6,7 @@ import {
 	deleteMembership as deleteMember
 } from '../helpers/membership';
 import { sendMail } from '../helpers/nodemailer';
-import { WEBSITE_URL } from '../config';
+import { SITE_URL } from '../config';
 import { ADMIN, MEMBER, GRANTED, ACCEPTED } from '../variables';
 
 /**
@@ -217,11 +217,10 @@ export const inviteUserToWorkspace = async (req: Request, res: Response) => {
 				inviterFirstName: req.user.firstName,
 				inviterEmail: req.user.email,
 				workspaceName: req.membership.workspace.name,
-				callback_url: WEBSITE_URL + '/login'
+				callback_url: SITE_URL + '/login'
 			}
 		});
 	} catch (err) {
-		console.error(err);
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
 		return res.status(400).send({

backend/src/controllers/membershipOrgController.ts

@@ -1,7 +1,7 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import crypto from 'crypto';
-import { WEBSITE_URL, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../config';
+import { SITE_URL, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../config';
 import { MembershipOrg, Organization, User, Token } from '../models';
 import { deleteMembershipOrg as deleteMemberFromOrg } from '../helpers/membershipOrg';
 import { checkEmailVerification } from '../helpers/signup';
@@ -186,7 +186,7 @@ export const inviteUserToOrganization = async (req: Request, res: Response) => {
 					organizationName: organization.name,
 					email: inviteeEmail,
 					token,
-					callback_url: WEBSITE_URL + '/signupinvite'
+					callback_url: SITE_URL + '/signupinvite'
 				}
 			});
 		}

backend/src/controllers/organizationController.ts

@@ -1,13 +1,14 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import {
+	SITE_URL,
 	STRIPE_SECRET_KEY,
 	STRIPE_PRODUCT_STARTER,
 	STRIPE_PRODUCT_PRO,
-	STRIPE_PRODUCT_CARD_AUTH,
-	WEBSITE_URL
+	STRIPE_PRODUCT_CARD_AUTH
 } from '../config';
 import Stripe from 'stripe';
+
 const stripe = new Stripe(STRIPE_SECRET_KEY, {
 	apiVersion: '2022-08-01'
 });
@@ -350,13 +351,13 @@ export const createOrganizationPortalSession = async (
 				customer: req.membershipOrg.organization.customerId,
 				mode: 'setup',
 				payment_method_types: ['card'],
-				success_url: WEBSITE_URL + '/dashboard',
-				cancel_url: WEBSITE_URL + '/dashboard'
+				success_url: SITE_URL + '/dashboard',
+				cancel_url: SITE_URL + '/dashboard'
 			});
 		} else {
 			session = await stripe.billingPortal.sessions.create({
 				customer: req.membershipOrg.organization.customerId,
-				return_url: WEBSITE_URL + '/dashboard'
+				return_url: SITE_URL + '/dashboard'
 			});
 		}
 

backend/src/controllers/secretController.ts

@@ -7,16 +7,9 @@ import {
 	reformatPullSecrets
 } from '../helpers/secret';
 import { pushKeys } from '../helpers/key';
-import { PostHog } from 'posthog-node';
 import { ENV_SET } from '../variables';
-import { NODE_ENV, POSTHOG_PROJECT_API_KEY, POSTHOG_HOST } from '../config';
 
-let client: any;
-if (NODE_ENV === 'production' && POSTHOG_PROJECT_API_KEY && POSTHOG_HOST) {
-	client = new PostHog(POSTHOG_PROJECT_API_KEY, {
-		host: POSTHOG_HOST
-	});
-}
+import { postHogClient } from '../services';
 
 interface PushSecret {
 	ciphertextKey: string;
@@ -68,11 +61,10 @@ export const pushSecrets = async (req: Request, res: Response) => {
 			keys
 		});
 
-		if (client) {
-			// capture secrets pushed event in production
-			client.capture({
-				distinctId: req.user.email,
+		if (postHogClient) {
+			postHogClient.capture({
 				event: 'secrets pushed',
+				distinctId: req.user.email,
 				properties: {
 					numberOfSecrets: secrets.length,
 					environment,
@@ -81,6 +73,7 @@ export const pushSecrets = async (req: Request, res: Response) => {
 				}
 			});
 		}
+
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
@@ -131,9 +124,9 @@ export const pullSecrets = async (req: Request, res: Response) => {
 			secrets = reformatPullSecrets({ secrets });
 		}
 
-		if (client) {
+		if (postHogClient) {
 			// capture secrets pushed event in production
-			client.capture({
+			postHogClient.capture({
 				distinctId: req.user.email,
 				event: 'secrets pulled',
 				properties: {
@@ -198,9 +191,9 @@ export const pullSecretsServiceToken = async (req: Request, res: Response) => {
 			workspace: req.serviceToken.workspace
 		};
 
-		if (client) {
+		if (postHogClient) {
 			// capture secrets pushed event in production
-			client.capture({
+			postHogClient.capture({
 				distinctId: req.serviceToken.user.email,
 				event: 'secrets pulled',
 				properties: {

backend/src/helpers/rateLimiter.ts

@@ -3,7 +3,7 @@ import rateLimit from 'express-rate-limit';
 // 300 requests per 15 minutes
 const apiLimiter = rateLimit({
 	windowMs: 15 * 60 * 1000,
-	max: 300,
+	max: 400,
 	standardHeaders: true,
 	legacyHeaders: false
 });
@@ -11,7 +11,7 @@ const apiLimiter = rateLimit({
 // 5 requests per hour
 const signupLimiter = rateLimit({
 	windowMs: 60 * 60 * 1000,
-	max: 5,
+	max: 10,
 	standardHeaders: true,
 	legacyHeaders: false
 });
@@ -19,7 +19,7 @@ const signupLimiter = rateLimit({
 // 10 requests per hour
 const loginLimiter = rateLimit({
 	windowMs: 60 * 60 * 1000,
-	max: 10,
+	max: 20,
 	standardHeaders: true,
 	legacyHeaders: false
 });
@@ -27,7 +27,7 @@ const loginLimiter = rateLimit({
 // 5 requests per hour
 const passwordLimiter = rateLimit({
 	windowMs: 60 * 60 * 1000,
-	max: 5,
+	max: 10,
 	standardHeaders: true,
 	legacyHeaders: false
 });

backend/src/index.ts

@@ -4,9 +4,10 @@ import cors from 'cors';
 import cookieParser from 'cookie-parser';
 import mongoose from 'mongoose';
 import dotenv from 'dotenv';
+
 dotenv.config();
 import * as Sentry from '@sentry/node';
-import { PORT, SENTRY_DSN, NODE_ENV, MONGO_URL, WEBSITE_URL } from './config';
+import { PORT, SENTRY_DSN, NODE_ENV, MONGO_URL, SITE_URL, POSTHOG_PROJECT_API_KEY, POSTHOG_HOST, TELEMETRY_ENABLED } from './config';
 import { apiLimiter } from './helpers/rateLimiter';
 
 const app = express();
@@ -54,7 +55,7 @@ app.enable('trust proxy');
 app.use(cookieParser());
 app.use(cors({
 	credentials: true,
-	origin: WEBSITE_URL
+	origin: SITE_URL
 }));
 
 if (NODE_ENV === 'production') {

backend/src/routes/auth.ts

@@ -13,7 +13,7 @@ router.post(
 
 router.post(
 	'/login1',
-	// loginLimiter,
+	loginLimiter,
 	body('email').exists().trim().notEmpty(),
 	body('clientPublicKey').exists().trim().notEmpty(),
 	validateRequest,
@@ -22,7 +22,7 @@ router.post(
 
 router.post(
 	'/login2',
-	// loginLimiter,
+	loginLimiter,
 	body('email').exists().trim().notEmpty(),
 	body('clientProof').exists().trim().notEmpty(),
 	validateRequest,

backend/src/routes/signup.ts

@@ -7,7 +7,7 @@ import { signupLimiter } from '../helpers/rateLimiter';
 
 router.post(
 	'/email/signup',
-	// signupLimiter,
+	signupLimiter,
 	body('email').exists().trim().notEmpty().isEmail(),
 	validateRequest,
 	signupController.beginEmailSignup
@@ -15,7 +15,7 @@ router.post(
 
 router.post(
 	'/email/verify',
-	// signupLimiter,
+	signupLimiter,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('code').exists().trim().notEmpty(),
 	validateRequest,
@@ -24,7 +24,7 @@ router.post(
 
 router.post(
 	'/complete-account/signup',
-	// signupLimiter,
+	signupLimiter,
 	requireSignupAuth,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('firstName').exists().trim().notEmpty(),
@@ -42,7 +42,7 @@ router.post(
 
 router.post(
 	'/complete-account/invite',
-	// signupLimiter,
+	signupLimiter,
 	requireSignupAuth,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('firstName').exists().trim().notEmpty(),

backend/src/services/PostHogClient.ts

@@ -0,0 +1,15 @@
+import { PostHog } from 'posthog-node';
+import { NODE_ENV, POSTHOG_HOST, POSTHOG_PROJECT_API_KEY, TELEMETRY_ENABLED } from '../config';
+
+let postHogClient: any;
+if (
+    NODE_ENV === 'production'
+    && TELEMETRY_ENABLED
+) {
+    // case: enable opt-out telemetry in production
+    postHogClient = new PostHog(POSTHOG_PROJECT_API_KEY, {
+        host: POSTHOG_HOST
+    });
+}
+
+export default postHogClient;

backend/src/services/index.ts

@@ -0,0 +1,5 @@
+import postHogClient from './PostHogClient';
+
+export {
+    postHogClient
+}

cli/README.md

@@ -1,102 +0,0 @@
-## Install
-#### Windows 
-Use [Scoop](https://scoop.sh/) package manager
-
-```
-$ scoop bucket add org https://github.com/Infisical/scoop-infisical.git
-$ scoop install infisical
-$ infisical --version
-```
-
-To update:
-
-```
-$ scoop update infisical
-```
-
-#### Mac OS 
-Use [brew](https://brew.sh/) package manager
-
-```
-$ brew install infisical/get-cli/infisical  
-$ infisical --version
-```
-
-To update:
-
-```
-$ brew upgrade infisical
-```
-
-#### Linux
-##### Debian/Ubuntu (package manager: apt) 
-
-```
-Add Infisical apt repo 
-$ echo "deb [trusted=yes] https://apt.fury.io/infisical/ /" | tee -a /etc/apt/sources.list.d/infisical.list
-
-Add prerequisites
-$ apt update && apt -y install ca-certificates sudo 
-
-Install infisical cli
-$ sudo apt update && apt install infisical
-
-To make sure the CLI has been installed, you may run this command.
-$ infisical --version 
-```
-
-We do not yet have repositores setup for APK, YUM and APT package managers. However, we have several binaries which can be downloaded manually for your Linux. Please vist the [release age](https://github.com/Infisical/infisical/releases) 
-
-#### Install via bash and curl
-This script will attempt to download the correct version of Infisical CLI and add it to your path. No package manager needed.
-
-```
-curl https://raw.githubusercontent.com/Infisical/infisical/main/scripts/install.sh | sh
-```
-
-## Local Usage
-Once you have the CLI installed, using it is easy. 
-
-#### Steps 1
-Create a project at https://infisical.com/ if you haven't already add your secrets to it. 
-
-#### Step 2
-Login to the CLI by running the following command in your terminal 
-
-```
-infisical login 
-```
-
-#### Step 3
-After logging in, `CD` to the root of the project where you would like to inject your secrets into. Once you are in the root, run the following command in the terminal to link your Infisical project to your local project.
-
-```
-infisical init 
-```
-
-#### Step 3
-To inject the secrets from the project you have selected into your application process, run the following command.
-
-```
-infisical run -- <your application start command>
-```
-
-Example:
-
-```
-infisical run -- npm run dev 
-```
-
-## General production Usage
-Once you have the binary installed in your production environment, injecting secrets is easy. 
-
-#### Steps 1
-Get a Infisical Token for your project by visiting BLANK. Also note down the project ID for which you created the token for. 
-
-#### Steps 2
-Ensure your application has the environment variable `INFISICAL_TOKEN` asigned to the token you received in step one. Then run 
-
-```
-infisical run --projectId=<projectID> -- <your application start command>
-```
-

cli/go.mod

@@ -4,14 +4,14 @@ go 1.19
 
 require (
 	github.com/spf13/cobra v1.6.1
-	golang.org/x/crypto v0.2.0
+	golang.org/x/crypto v0.3.0
 )
 
 require (
 	github.com/alessio/shellescape v1.4.1 // indirect
-	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect
-	github.com/danieljoos/wincred v1.1.0 // indirect
-	github.com/godbus/dbus/v5 v5.0.6 // indirect
+	github.com/chzyer/readline v1.5.1 // indirect
+	github.com/danieljoos/wincred v1.1.2 // indirect
+	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	golang.org/x/net v0.2.0 // indirect
 	golang.org/x/sys v0.2.0 // indirect
 )

cli/go.sum

@@ -1,21 +1,26 @@
 github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
 github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
-github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
+github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM=
+github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
+github.com/chzyer/readline v1.5.1 h1:upd/6fQk4src78LMRzh5vItIt361/o4uq553V8B5sGI=
+github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
+github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/danieljoos/wincred v1.1.0 h1:3RNcEpBg4IhIChZdFRSdlQt1QjCp1sMAPIrOnm7Yf8g=
 github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
+github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
+github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
 github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
-github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
+github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA=
@@ -36,14 +41,16 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/zalando/go-keyring v0.2.1 h1:MBRN/Z8H4U5wEKXiD67YbDAr5cj/DOStmSga70/2qKc=
 github.com/zalando/go-keyring v0.2.1/go.mod h1:g63M2PPn0w5vjmEbwAX3ib5I+41zdm4esSETOn9Y6Dw=
-golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE=
-golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

cli/packages/cmd/login.go

@@ -28,8 +28,9 @@ var loginCmd = &cobra.Command{
 	PreRun:                toggleDebug,
 	Run: func(cmd *cobra.Command, args []string) {
 		hasUserLoggedInbefore, currentLoggedInUserEmail, err := util.IsUserLoggedIn()
+
 		if err != nil {
-			log.Debugln(err)
+			log.Debugln("Unable to get current logged in user.", err)
 		}
 
 		if hasUserLoggedInbefore {
@@ -45,12 +46,6 @@ var loginCmd = &cobra.Command{
 			}
 		}
 
-		if err != nil {
-			log.Errorln("Unable to get current logged in user.")
-			log.Debugln(err)
-			return
-		}
-
 		email, password, err := askForLoginCredentials()
 		if err != nil {
 			log.Errorln("Unable to parse email and password for authentication")
@@ -119,8 +114,8 @@ func init() {
 
 func askForLoginCredentials() (email string, password string, err error) {
 	validateEmail := func(input string) error {
-		result, err := regexp.MatchString("^\\w+@[a-zA-Z_]+?\\.[a-zA-Z]{2,3}$", input)
-		if err != nil || !result {
+		matched, err := regexp.MatchString("^[\\w!#$%&'*+/=?`{|}~^-]+(?:\\.[\\w!#$%&'*+/=?`{|}~^-]+)*@(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,6}$", input)
+		if err != nil || !matched {
 			return errors.New("this doesn't look like an email address")
 		}
 		return nil
@@ -160,6 +155,7 @@ func askForLoginCredentials() (email string, password string, err error) {
 }
 
 func getFreshUserCredentials(email string, password string) (*models.LoginTwoResponse, error) {
+	log.Debugln("getFreshUserCredentials:", "email", email, "password", password)
 	httpClient := resty.New()
 	httpClient.SetRetryCount(5)
 
@@ -180,7 +176,7 @@ func getFreshUserCredentials(email string, password string) (*models.LoginTwoRes
 		R().
 		SetBody(loginOneRequest).
 		SetResult(&loginOneResponseResult).
-		Post(fmt.Sprintf("%v/%v", util.INFISICAL_URL, "login1"))
+		Post(fmt.Sprintf("%v/v1/auth/login1", util.INFISICAL_URL))
 
 	if err != nil {
 		return nil, err
@@ -216,7 +212,7 @@ func getFreshUserCredentials(email string, password string) (*models.LoginTwoRes
 		R().
 		SetBody(LoginTwoRequest).
 		SetResult(&loginTwoResponseResult).
-		Post(fmt.Sprintf("%v/%v", util.INFISICAL_URL, "login2"))
+		Post(fmt.Sprintf("%v/v1/auth/login2", util.INFISICAL_URL))
 
 	if err != nil {
 		return nil, err

cli/packages/cmd/root.go

@@ -15,7 +15,7 @@ var rootCmd = &cobra.Command{
 	Short:             "Infisical CLI is used to inject environment variables into any process",
 	Long:              `Infisical is a simple, end-to-end encrypted service that enables teams to sync and manage their environment variables across their development life cycle.`,
 	CompletionOptions: cobra.CompletionOptions{DisableDefaultCmd: true},
-	Version:           "1.0.0",
+	Version:           "0.1.6",
 }
 
 // Execute adds all child commands to the root command and sets flags appropriately.
@@ -30,5 +30,5 @@ func Execute() {
 func init() {
 	rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 	rootCmd.PersistentFlags().BoolVarP(&debugLogging, "debug", "d", false, "Enable verbose logging")
-	rootCmd.PersistentFlags().StringVar(&util.INFISICAL_URL, "domain", "https://api.infisical.com", "Point the CLI to your own backend")
+	rootCmd.PersistentFlags().StringVar(&util.INFISICAL_URL, "domain", "https://app.infisical.com/api", "Point the CLI to your own backend")
 }

cli/packages/cmd/run.go

@@ -22,13 +22,20 @@ var runCmd = &cobra.Command{
 	Use:                   "run [any infisical run command flags] -- [your application start command]",
 	Short:                 "Used to inject environments variables into your application process",
 	DisableFlagsInUseLine: true,
-	Example:               "infisical run --stage=prod -- npm run dev",
+	Example:               "infisical run --env=prod -- npm run dev",
 	Args:                  cobra.MinimumNArgs(1),
 	PreRun:                toggleDebug,
 	Run: func(cmd *cobra.Command, args []string) {
-		stageName, err := cmd.Flags().GetString("stage")
+		envName, err := cmd.Flags().GetString("env")
 		if err != nil {
-			log.Errorln("Unable to parse the stage flag")
+			log.Errorln("Unable to parse the environment flag")
+			log.Debugln(err)
+			return
+		}
+
+		shouldExpandSecrets, err := cmd.Flags().GetBool("expand")
+		if err != nil {
+			log.Errorln("Unable to parse the substitute flag")
 			log.Debugln(err)
 			return
 		}
@@ -41,7 +48,7 @@ var runCmd = &cobra.Command{
 		}
 
 		var envsFromApi []models.SingleEnvironmentVariable
-		infisicalToken := os.Getenv(util.INFISICAL_SERVICE_TOKEN)
+		infisicalToken := os.Getenv(util.INFISICAL_TOKEN_NAME)
 		if infisicalToken == "" {
 			hasUserLoggedInbefore, loggedInUserEmail, err := util.IsUserLoggedIn()
 			if err != nil {
@@ -67,14 +74,14 @@ var runCmd = &cobra.Command{
 				return
 			}
 
-			envsFromApi, err = util.GetSecretsFromAPIUsingCurrentLoggedInUser(stageName, userCreds)
+			envsFromApi, err = util.GetSecretsFromAPIUsingCurrentLoggedInUser(envName, userCreds)
 			if err != nil {
 				log.Errorln("Something went wrong when pulling secrets using your logged in credentials. If the issue persists, double check your project id/try logging in again.")
 				log.Debugln(err)
 				return
 			}
 		} else {
-			envsFromApi, err = util.GetSecretsFromAPIUsingInfisicalToken(infisicalToken, stageName, projectId)
+			envsFromApi, err = util.GetSecretsFromAPIUsingInfisicalToken(infisicalToken, envName, projectId)
 			if err != nil {
 				log.Errorln("Something went wrong when pulling secrets using your Infisical token. Double check the token, project id or environment name (dev, prod, ect.)")
 				log.Debugln(err)
@@ -82,18 +89,26 @@ var runCmd = &cobra.Command{
 			}
 		}
 
-		execCmd(args[0], args[1:], envsFromApi)
+		if shouldExpandSecrets {
+			substitutions := util.SubstituteSecrets(envsFromApi)
+			execCmd(args[0], args[1:], substitutions)
+		} else {
+			execCmd(args[0], args[1:], envsFromApi)
+		}
+
 	},
 }
 
 func init() {
 	rootCmd.AddCommand(runCmd)
-	runCmd.Flags().StringP("stage", "s", "dev", "Set the stage (dev, prod, etc.) from which your secrets should be pulled from")
+	runCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
 	runCmd.Flags().String("projectId", "", "The project ID from which your secrets should be pulled from")
+	runCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 }
 
 // Credit: inspired by AWS Valut
 func execCmd(command string, args []string, envs []models.SingleEnvironmentVariable) error {
+	log.Infof("\x1b[%dm%s\x1b[0m", 32, "\u2713 Injected Infisical secrets into your application process successfully")
 	log.Debugln("Secrets to inject:", envs)
 	log.Debugf("executing command: %s %s \n", command, strings.Join(args, " "))
 	cmd := exec.Command(command, args...)

cli/packages/models/error.go

@@ -0,0 +1,14 @@
+package models
+
+import log "github.com/sirupsen/logrus"
+
+// Custom error type so that we can give helpful messages in CLI
+type Error struct {
+	Err             error
+	DebugMessage    string
+	FriendlyMessage string
+}
+
+func (e *Error) printFriendlyMessage() {
+	log.Infoln(e.FriendlyMessage)
+}

cli/packages/util/common.go

@@ -9,10 +9,10 @@ const (
 	CONFIG_FILE_NAME                     = "infisical-config.json"
 	CONFIG_FOLDER_NAME                   = ".infisical"
 	INFISICAL_WORKSPACE_CONFIG_FILE_NAME = ".infisical.json"
-	INFISICAL_SERVICE_TOKEN              = "INFISICAL_SERVICE_TOKEN"
+	INFISICAL_TOKEN_NAME                 = "INFISICAL_TOKEN"
 )
 
-var INFISICAL_URL = "https://api.infisical.com"
+var INFISICAL_URL = "https://app.infisical.com/api"
 
 func GetHomeDir() (string, error) {
 	directory, err := os.UserHomeDir()

cli/packages/util/credentials.go

@@ -81,7 +81,7 @@ func IsUserLoggedIn() (hasUserLoggedIn bool, theUsersEmail string, err error) {
 
 		response, err := httpClient.
 			R().
-			Post(fmt.Sprintf("%v/%v", INFISICAL_URL, "checkAuth"))
+			Post(fmt.Sprintf("%v/v1/auth/checkAuth", INFISICAL_URL))
 
 		if err != nil {
 			return false, "", err

cli/packages/util/secrets.go

@@ -4,6 +4,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	"regexp"
 	"strings"
 
 	"github.com/Infisical/infisical-merge/packages/models"
@@ -12,8 +13,8 @@ import (
 	"golang.org/x/crypto/nacl/box"
 )
 
-func GetSecretsFromAPIUsingCurrentLoggedInUser(stageName string, userCreds models.UserCredentials) ([]models.SingleEnvironmentVariable, error) {
-	log.Debugln("stageName", stageName, "userCreds", userCreds)
+func GetSecretsFromAPIUsingCurrentLoggedInUser(envName string, userCreds models.UserCredentials) ([]models.SingleEnvironmentVariable, error) {
+	log.Debugln("envName", envName, "userCreds", userCreds)
 	// check if user has configured a workspace
 	workspace, err := GetWorkSpaceFromFile()
 	if err != nil {
@@ -28,10 +29,12 @@ func GetSecretsFromAPIUsingCurrentLoggedInUser(stageName string, userCreds model
 	var pullSecretsRequestResponse models.PullSecretsResponse
 	response, err := httpClient.
 		R().
-		SetQueryParam("environment", stageName).
+		SetQueryParam("environment", envName).
 		SetQueryParam("channel", "cli").
 		SetResult(&pullSecretsRequestResponse).
-		Get(fmt.Sprintf("%v/%v/%v", INFISICAL_URL, "secret", workspace.WorkspaceId)) // need to change workspace id
+		Get(fmt.Sprintf("%v/v1/secret/%v", INFISICAL_URL, workspace.WorkspaceId)) // need to change workspace id
+
+	log.Debugln("Response from get secrets:", response)
 
 	if err != nil {
 		return nil, err
@@ -97,9 +100,9 @@ func GetSecretsFromAPIUsingCurrentLoggedInUser(stageName string, userCreds model
 	return listOfEnv, nil
 }
 
-func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, stageName string, projectId string) ([]models.SingleEnvironmentVariable, error) {
-	if infisicalToken == "" || projectId == "" || stageName == "" {
-		return nil, errors.New("infisical token, project id and or stage name cannot be empty")
+func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, envName string, projectId string) ([]models.SingleEnvironmentVariable, error) {
+	if infisicalToken == "" || projectId == "" || envName == "" {
+		return nil, errors.New("infisical token, project id and or environment name cannot be empty")
 	}
 	splitToken := strings.Split(infisicalToken, ",")
 	JTWToken := splitToken[0]
@@ -113,10 +116,10 @@ func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, stageName strin
 	var pullSecretsByInfisicalTokenResponse models.PullSecretsByInfisicalTokenResponse
 	response, err := httpClient.
 		R().
-		SetQueryParam("environment", stageName).
+		SetQueryParam("environment", envName).
 		SetQueryParam("channel", "cli").
 		SetResult(&pullSecretsByInfisicalTokenResponse).
-		Get(fmt.Sprintf("%v/secret/%v/service-token", INFISICAL_URL, projectId))
+		Get(fmt.Sprintf("%v/v1/secret/%v/service-token", INFISICAL_URL, projectId))
 
 	if err != nil {
 		return nil, err
@@ -191,7 +194,7 @@ func GetWorkSpacesFromAPI(userCreds models.UserCredentials) (workspaces []models
 	response, err := httpClient.
 		R().
 		SetResult(&getWorkSpacesResponse).
-		Get(fmt.Sprintf("%v/%v", INFISICAL_URL, "workspace"))
+		Get(fmt.Sprintf("%v/v1/workspace", INFISICAL_URL))
 
 	if err != nil {
 		return nil, err
@@ -203,3 +206,73 @@ func GetWorkSpacesFromAPI(userCreds models.UserCredentials) (workspaces []models
 
 	return getWorkSpacesResponse.Workspaces, nil
 }
+
+func getExpandedEnvVariable(secrets []models.SingleEnvironmentVariable, variableWeAreLookingFor string, hashMapOfCompleteVariables map[string]string, hashMapOfSelfRefs map[string]string) string {
+	if value, found := hashMapOfCompleteVariables[variableWeAreLookingFor]; found {
+		return value
+	}
+
+	for _, secret := range secrets {
+		if secret.Key == variableWeAreLookingFor {
+			regex := regexp.MustCompile(`\${([^\}]*)}`)
+			variablesToPopulate := regex.FindAllString(secret.Value, -1)
+
+			// case: variable is a constant so return its value
+			if len(variablesToPopulate) == 0 {
+				return secret.Value
+			}
+
+			valueToEdit := secret.Value
+			for _, variableWithSign := range variablesToPopulate {
+				variableWithoutSign := strings.Trim(variableWithSign, "}")
+				variableWithoutSign = strings.Trim(variableWithoutSign, "${")
+
+				// case: reference to self
+				if variableWithoutSign == secret.Key {
+					hashMapOfSelfRefs[variableWithoutSign] = variableWithoutSign
+					continue
+				} else {
+					var expandedVariableValue string
+
+					if preComputedVariable, found := hashMapOfCompleteVariables[variableWithoutSign]; found {
+						expandedVariableValue = preComputedVariable
+					} else {
+						expandedVariableValue = getExpandedEnvVariable(secrets, variableWithoutSign, hashMapOfCompleteVariables, hashMapOfSelfRefs)
+						hashMapOfCompleteVariables[variableWithoutSign] = expandedVariableValue
+					}
+
+					// If after expanding all the vars above, is the current var a self ref? if so no replacement needed for it
+					if _, found := hashMapOfSelfRefs[variableWithoutSign]; found {
+						continue
+					} else {
+						valueToEdit = strings.ReplaceAll(valueToEdit, variableWithSign, expandedVariableValue)
+					}
+				}
+			}
+
+			return valueToEdit
+
+		} else {
+			continue
+		}
+	}
+
+	return "${" + variableWeAreLookingFor + "}"
+}
+
+func SubstituteSecrets(secrets []models.SingleEnvironmentVariable) []models.SingleEnvironmentVariable {
+	hashMapOfCompleteVariables := make(map[string]string)
+	hashMapOfSelfRefs := make(map[string]string)
+	expandedSecrets := []models.SingleEnvironmentVariable{}
+
+	for _, secret := range secrets {
+		expandedVariable := getExpandedEnvVariable(secrets, secret.Key, hashMapOfCompleteVariables, hashMapOfSelfRefs)
+		expandedSecrets = append(expandedSecrets, models.SingleEnvironmentVariable{
+			Key:   secret.Key,
+			Value: expandedVariable,
+		})
+
+	}
+
+	return expandedSecrets
+}

cli/packages/util/secrets_test.go

@@ -0,0 +1,160 @@
+package util
+
+import (
+	"testing"
+
+	"github.com/Infisical/infisical-merge/packages/models"
+)
+
+// References to self should return the value unaltered
+func Test_SubstituteSecrets_When_ReferenceToSelf(t *testing.T) {
+
+	var tests = []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{Key: "A", Value: "${A}", ExpectedValue: "${A}"},
+		{Key: "A", Value: "${A} ${A}", ExpectedValue: "${A} ${A}"},
+		{Key: "A", Value: "${A}${A}", ExpectedValue: "${A}${A}"},
+	}
+
+	for _, test := range tests {
+		secret := models.SingleEnvironmentVariable{
+			Key:   test.Key,
+			Value: test.Value,
+		}
+
+		secrets := []models.SingleEnvironmentVariable{secret}
+		result := SubstituteSecrets(secrets)
+
+		if result[0].Value != test.ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected %s but got %s for input %s", test.ExpectedValue, result[0].Value, test.Value)
+		}
+
+	}
+}
+
+func Test_SubstituteSecrets_When_ReferenceDoesNotExist(t *testing.T) {
+
+	var tests = []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{Key: "A", Value: "${X}", ExpectedValue: "${X}"},
+		{Key: "A", Value: "${H}HELLO", ExpectedValue: "${H}HELLO"},
+		{Key: "A", Value: "${L}${S}", ExpectedValue: "${L}${S}"},
+	}
+
+	for _, test := range tests {
+		secret := models.SingleEnvironmentVariable{
+			Key:   test.Key,
+			Value: test.Value,
+		}
+
+		secrets := []models.SingleEnvironmentVariable{secret}
+		result := SubstituteSecrets(secrets)
+
+		if result[0].Value != test.ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected %s but got %s for input %s", test.ExpectedValue, result[0].Value, test.Value)
+		}
+
+	}
+}
+
+func Test_SubstituteSecrets_When_ReferenceDoesNotExist_And_Self_Referencing(t *testing.T) {
+
+	tests := []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{
+			Key:           "O",
+			Value:         "${P} ==$$ ${X} ${UNKNOWN} ${A}",
+			ExpectedValue: "DOMAIN === ${A} DOMAIN >>> ==$$ DOMAIN ${UNKNOWN} ${A}",
+		},
+		{
+			Key:           "X",
+			Value:         "DOMAIN",
+			ExpectedValue: "DOMAIN",
+		},
+		{
+			Key:           "A",
+			Value:         "*${A}* ${X}",
+			ExpectedValue: "*${A}* DOMAIN",
+		},
+		{
+			Key:           "H",
+			Value:         "${X} >>>",
+			ExpectedValue: "DOMAIN >>>",
+		},
+		{
+			Key:           "P",
+			Value:         "DOMAIN === ${A} ${H}",
+			ExpectedValue: "DOMAIN === ${A} DOMAIN >>>",
+		},
+		{
+			Key:           "T",
+			Value:         "${P} ==$$ ${X} ${UNKNOWN} ${A} ${P} ==$$ ${X} ${UNKNOWN} ${A}",
+			ExpectedValue: "DOMAIN === ${A} DOMAIN >>> ==$$ DOMAIN ${UNKNOWN} ${A} DOMAIN === ${A} DOMAIN >>> ==$$ DOMAIN ${UNKNOWN} ${A}",
+		},
+		{
+			Key:           "S",
+			Value:         "${ SSS$$ ${HEY}",
+			ExpectedValue: "${ SSS$$ ${HEY}",
+		},
+	}
+
+	secrets := []models.SingleEnvironmentVariable{}
+	for _, test := range tests {
+		secrets = append(secrets, models.SingleEnvironmentVariable{Key: test.Key, Value: test.Value})
+	}
+
+	results := SubstituteSecrets(secrets)
+
+	for index, expanded := range results {
+		if expanded.Value != tests[index].ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected [%s] but got [%s] for input [%s]", tests[index].ExpectedValue, expanded.Value, tests[index].Value)
+		}
+	}
+}
+
+func Test_SubstituteSecrets_When_No_SubstituteNeeded(t *testing.T) {
+
+	tests := []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{
+			Key:           "DOMAIN",
+			Value:         "infisical.com",
+			ExpectedValue: "infisical.com",
+		},
+		{
+			Key:           "API_KEY",
+			Value:         "hdgsvjshcgkdckhevdkd",
+			ExpectedValue: "hdgsvjshcgkdckhevdkd",
+		},
+		{
+			Key:           "ENV",
+			Value:         "PROD",
+			ExpectedValue: "PROD",
+		},
+	}
+
+	secrets := []models.SingleEnvironmentVariable{}
+	for _, test := range tests {
+		secrets = append(secrets, models.SingleEnvironmentVariable{Key: test.Key, Value: test.Value})
+	}
+
+	results := SubstituteSecrets(secrets)
+
+	for index, expanded := range results {
+		if expanded.Value != tests[index].ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected [%s] but got [%s] for input [%s]", tests[index].ExpectedValue, expanded.Value, tests[index].Value)
+		}
+	}
+}

cli/upload_to_cloudfront.sh

@@ -1,14 +0,0 @@
-for i in *.apk; do
-    [ -f "$i" ] || break
-    cloudsmith push alpine infisical/infisical-cli/alpine/any-version $i
-done
-
-for i in *.deb; do
-    [ -f "$i" ] || break
-    cloudsmith push deb --no-republish infisical/infisical-cli/debian/any-version $i
-done
-
-for i in *.rpm; do
-    [ -f "$i" ] || break
-    cloudsmith push rpm --no-republish infisical/infisical-cli/any-distro/any-version $i
-done

cli/upload_to_cloudsmith.sh

@@ -0,0 +1,15 @@
+cd dist
+for i in *.apk; do
+    [ -f "$i" ] || break
+    cloudsmith push alpine --republish infisical/infisical-cli/alpine/any-version $i
+done
+
+for i in *.deb; do
+    [ -f "$i" ] || break
+    cloudsmith push deb --republish infisical/infisical-cli/any-distro/any-version $i
+done
+
+for i in *.rpm; do
+    [ -f "$i" ] || break
+    cloudsmith push rpm --republish infisical/infisical-cli/any-distro/any-version $i
+done

docker-compose.dev.yml

@@ -1,8 +1,22 @@
 version: '3'
 
 services:
+  nginx:
+    container_name: infisical-dev-nginx
+    image: nginx
+    restart: always
+    ports:
+      - 8080:80
+    volumes:
+      - ./nginx/default.dev.conf:/etc/nginx/conf.d/default.conf:ro
+    depends_on:
+      - frontend
+      - backend
+    networks:
+      - infisical-dev
+
   backend:
-    container_name: infisical-backend
+    container_name: infisical-dev-backend
     restart: unless-stopped
     depends_on:
       - mongo
@@ -16,11 +30,13 @@ services:
       - /app/node_modules
     command: npm run dev
     env_file: .env
+    environment:
+      - NODE_ENV=development
     networks:
-      - infisical
+      - infisical-dev
   
   frontend:
-    container_name: infisical-frontend
+    container_name: infisical-dev-frontend
     restart: unless-stopped
     depends_on:
       - backend
@@ -34,33 +50,47 @@ services:
       - ./frontend/styles:/app/styles
       - ./frontend/components:/app/components
     env_file: .env
+    environment:
+      - NEXT_PUBLIC_ENV=development
+      - NEXT_PUBLIC_WEBSITE_URL=${SITE_URL}
+      - NEXT_PUBLIC_POSTHOG_HOST=${POSTHOG_HOST}
+      - NEXT_PUBLIC_POSTHOG_API_KEY=${POSTHOG_PROJECT_API_KEY}
+      - NEXT_PUBLIC_STRIPE_PRODUCT_PRO=${STRIPE_PRODUCT_PRO}
+      - NEXT_PUBLIC_STRIPE_PRODUCT_STARTER=${STRIPE_PRODUCT_STARTER}
+      - NEXT_PUBLIC_TELEMETRY_ENABLED=${TELEMETRY_ENABLED}
     networks:
-      - infisical
+      - infisical-dev
 
   mongo:
-    container_name: infisical-mongo
     image: mongo
+    container_name: infisical-dev-mongo
     restart: always
-    env_file:
-      - .env
+    env_file: .env
+    environment:
+      - MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME}
+      - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}
     volumes:
       - mongo-data:/data/db
     networks:
-      - infisical
+      - infisical-dev
 
   mongo-express:
-    container_name: infisical-mongo-express
+    container_name: infisical-dev-mongo-express
     image: mongo-express
     restart: always
-    depends_on:
-      - mongo
+    env_file: .env
+    environment:
+      - ME_CONFIG_MONGODB_ADMINUSERNAME=${MONGO_USERNAME}
+      - ME_CONFIG_MONGODB_ADMINPASSWORD=${MONGO_PASSWORD}
+      - ME_CONFIG_MONGODB_URL=mongodb://${MONGO_USERNAME}:${MONGO_PASSWORD}@mongo:27017/
     ports:
       - 8081:8081
-    env_file:
-      - .env
     networks:
-      - infisical
+      - infisical-dev
 
 volumes:
   mongo-data:
-    driver: local
+    driver: local
+
+networks:
+  infisical-dev:

docker-compose.prod.yml

@@ -1,57 +0,0 @@
-version: '3'
-
-services:
-  backend:
-    platform: linux/amd64
-    container_name: infisical-backend
-    restart: unless-stopped
-    depends_on:
-      - mongo
-    build:
-      context: ./backend
-      dockerfile: Dockerfile
-    image: infisical/backend
-    volumes:
-      - ./backend/src:/app/src
-      - ./backend/nodemon.json:/app/nodemon.json
-      - /app/node_modules
-    command: npm run start
-    env_file: .env
-    networks:
-      - infisical
-  
-  frontend:
-    platform: linux/amd64
-    container_name: infisical-frontend
-    restart: unless-stopped
-    depends_on:
-      - backend
-    build:
-      context: ./frontend
-      dockerfile: Dockerfile.prod
-    image: infisical/frontend
-    volumes:
-      - ./frontend/pages:/app/pages
-      - ./frontend/public:/app/public
-      - ./frontend/styles:/app/styles
-      - ./frontend/components:/app/components
-      - ./frontend/next.config.js:/app/next.config.js
-    env_file: .env
-    networks:
-      - infisical
-
-  mongo:
-    container_name: infisical-mongo
-    image: mongo
-    restart: always
-    environment:
-      MONGO_INITDB_ROOT_USERNAME: root
-      MONGO_INITDB_ROOT_PASSWORD: example
-    volumes:
-      - mongo-data:/data/db
-    networks:
-      - infisical
-
-volumes:
-  mongo-data:
-    driver: local

docker-compose.yml

@@ -4,14 +4,73 @@ services:
   nginx:
     container_name: infisical-nginx
     image: nginx
+    restart: always
     ports:
-      - "8080:80"
+      - 80:80
+      - 443:443
     volumes:
       - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
-    networks:
-      - infisical
     depends_on:
       - frontend
+      - backend
+    networks:
+      - infisical
+  
+  backend:
+    platform: linux/amd64
+    container_name: infisical-backend
+    restart: unless-stopped
+    depends_on:
+      - mongo
+    build:
+      context: ./backend
+      dockerfile: Dockerfile
+    image: infisical/backend
+    command: npm run start
+    env_file: .env
+    environment:
+      - NODE_ENV=production
+    networks:
+      - infisical
+  
+  frontend:
+    platform: linux/amd64
+    container_name: infisical-frontend
+    restart: unless-stopped
+    depends_on:
+      - backend
+    build:
+      context: ./frontend
+      dockerfile: Dockerfile.prod
+    image: infisical/frontend
+    env_file: .env
+    environment:
+      - NEXT_PUBLIC_ENV=production
+      - NEXT_PUBLIC_WEBSITE_URL=${SITE_URL}
+      - NEXT_PUBLIC_POSTHOG_HOST=${POSTHOG_HOST}
+      - NEXT_PUBLIC_POSTHOG_API_KEY=${POSTHOG_PROJECT_API_KEY}
+      - NEXT_PUBLIC_STRIPE_PRODUCT_PRO=${STRIPE_PRODUCT_PRO}
+      - NEXT_PUBLIC_STRIPE_PRODUCT_STARTER=${STRIPE_PRODUCT_STARTER}
+      - NEXT_PUBLIC_TELEMETRY_ENABLED=${TELEMETRY_ENABLED}
+    networks:
+      - infisical
+
+  mongo:
+    container_name: infisical-mongo
+    image: mongo
+    restart: always
+    env_file: .env
+    environment:
+      - MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME}
+      - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}
+    volumes:
+      - mongo-data:/data/db
+    networks:
+      - infisical
+
+volumes:
+  mongo-data:
+    driver: local
 
 networks:
   infisical:

docs/CLI.mdx

@@ -1,31 +0,0 @@
----
-title: "Infisical CLI"
-description: "Learn about each supported command and its flags"
----
-
-## Background
-
-Infisical ships with multiple commands to assist with ongoing project needs; we list these commands and give context for them below.
-
-<Card title="Install the CLI" icon="lightbulb" href="/installCLI">
-  If you haven't already, install the Infisical CLI
-</Card>
-
-Note on arguments:
-
-- [environment]: the intended environment for the given command being one of dev, staging, or prod.
-- [projectId]: the project identifier found on the dashboard.
-
-## Commands
-
-- `login` used to set the logged in user. Your credentials are saved securely in your system key ring. Note: only one user can be logged in at a time. To change the logged in user, run the command again and overwrite the previous login.
-- `init` used to link your infisical.com project to your local project. Run this command ideally at the root of your local project. You will have to run this command for each new project you create locally.
-- `run` used to inject your secrets as environment variables into your application process. Example `infisical run --stage=prod -- npm run start`
-  - `---projectId` flag is used to link your local project to a Infisical.com project. Use this option only when you are injecting via Infisical Token instead of your login. 
-  - `---stage` flag is used to set the environment from which your secrets are pulled from. By default, secrets from your project are pulled from the `dev`. To change to for example prod, add `--stage=prod`
-
-### Global flags 
-These are flags you can add to any command 
-
-- `--domain` you may change this if you are self hosting Infisical. By default, the CLI points to Infisical.com backend. To point to your own backend, make sure to set this flag for each command you run. Example `infisical login --domain=https://mybackend.com`
-- `--debug` use this flag when you want to see more logs related to the error you are receiving. By default debug logs are hidden. Example `infisical run --debug <your command>`

docs/Heroku.mdx

@@ -1,24 +0,0 @@
----
-title: "Heroku"
-description: "With this integration, you can automatically sync your secrets to Heroku as soon as you update secrets in Infisical."
----
-
-## Instructions
-
-### Step 1: Open the integrations csonsole
-
-Open the Infisical Dashboard. Choose the project in which you want to set up the intergation. Go to the integrations tab in the left sidebar.
-
-### Step 2: Authenticate with Heroku
-
-Click on Heroku in the list of available integrations. Log in if asked by Heroku and provide the necessary permissions to Infisical. You will afterwards be redirected back to the integrations page.
-
-Note: during an integration with Heroku, for security reasons, it is impossible to maintain end-to-end encryption. In theory, this lets Infisical decrypt yor environment variables. In practice, we can assure you that this will never be done, and it allows us to protect your secrets from bad actors online. The core Infisical service will always stay end-to-end encrypted. With any questions, reach out support@infisical.com.
-
-### Step 3: Start integration
-
-Once the integration is set up, choose a Heroku App that you want to sync the secrets to, and the Infisical project environment that you would to sync the secrets from. Click on the "Start Integration" button.
-
-### Step 4: You're good to go!
-
-The integration should now show status 'In Sync'. Every time you edit the secrets, they will be automatically pushed to Heroku. If you want to update anything in your integration, you will have to delete the current one and create a new one.

docs/cli/overview.mdx

@@ -0,0 +1,103 @@
+---
+title: "Overview"
+---
+
+Prerequisite: Set up an account with [Infisical Cloud](https://app.infisical.com) or via a [self-hosted installation](/self-hosting/overview).
+
+The Infisical CLI provides a way to inject environment variables from the platform into your apps and infrastructure.
+
+## Installation
+
+<Tabs>
+   <Tab title="MacOS">
+  	Use [brew](https://brew.sh/) package manager
+
+    	```bash
+    	# install
+    	brew install infisical/get-cli/infisical
+
+    	# check version
+    	infisical --version
+    	```
+
+    	## Updates
+
+    	```bash
+    	brew upgrade infisical
+    	```
+
+   </Tab>
+   <Tab title="Windows">
+      Use [Scoop](https://scoop.sh/) package manager
+
+    		```bash
+    		# install
+    		scoop bucket add org https://github.com/Infisical/scoop-infisical.git
+    		scoop install infisical
+
+    		# check version
+    		infisical --version
+    		```
+
+    		## Updates
+
+    		```bash
+    		scoop update infisical
+    		```
+
+   </Tab>
+	 <Tab title="Alpine">
+	 Install prerequisite
+		```bash
+		$ sudo apk add --no-cache bash sudo
+		```
+
+    	Add Infisical repository
+    	```bash
+    	$ curl -1sLf \
+    		'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' \
+    		| sudo -E bash
+    	```
+
+    	Then install CLI
+    	```bash
+    	$ sudo apk update && sudo apk add infisical
+    	```
+
+   </Tab>
+	 <Tab title="RedHat/CentOs/Amazon">
+	 Add Infisical repository
+		```bash
+		$ curl -1sLf \
+		'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' \
+		| sudo -E bash
+		```
+
+    	Then install CLI
+    	```bash
+    	$ sudo yum install infisical
+    	```
+
+   </Tab>
+	 <Tab title="Debian/Ubuntu">
+	 	Add Infisical repository 
+			
+		```bash
+		$ curl -1sLf \
+		'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' \
+		| sudo -E bash
+		```
+
+    	Then install CLI
+    	```bash
+    	$ sudo apt-get update && sudo apt-get install -y infisical
+    	```
+
+   </Tab>
+</Tabs>
+
+## Log in to the Infisical CLI
+
+```bash
+infisical login
+```

docs/cli/reference/commands.mdx

@@ -0,0 +1,20 @@
+---
+title: "Commands"
+---
+
+## Commands
+
+| Command | Description                                                          |
+| ------- | -------------------------------------------------------------------- |
+| `login` | Used to authenticate and set the logged in user.                     |
+| `init`  | Used to link a local project to the platform.                        |
+| `run`   | Used to inject envars from the platform into an application process. |
+
+## Global options
+
+| Option            | Description                                     |
+| ----------------- | ----------------------------------------------- |
+| `--help`, `-h`    | List help for any command                       |
+| `--debug`, `-d`   | Enable verbose logging                          |
+| `--domain`        | Use to direct Infisical to a self-hosted domain |
+| `--version`, `-v` | Print version information and quit              |

docs/cli/reference/init.mdx

@@ -0,0 +1,13 @@
+---
+title: "infisical init"
+---
+
+```bash
+infisical init
+```
+
+## Description
+
+Link a local project to the platform
+
+The command creates a `infisical.json` file containing your Project ID.

docs/cli/reference/login.mdx

@@ -0,0 +1,13 @@
+---
+title: "infisical login"
+---
+
+```bash
+infisical login
+```
+
+## Description
+
+Verify a user and save credentials to the system keyring.
+
+To change the logged in user, run the command again to overwrite the previous login.

docs/cli/reference/run.mdx

@@ -0,0 +1,19 @@
+---
+title: "infisical run"
+---
+
+```bash
+infisical run [options] -- [your application start command]
+```
+
+## Description
+
+Inject environment variables from the platform into an application process.
+
+## Options
+
+| Option         | Description                                                                                                 | Default value |
+| -------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
+| `--env`        | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod` | `dev`         |
+| `--projectId`  | Used to link a local project to the platform (required only if injecting via the service token method)      | `None`        |
+| `--expand`     | Parse shell parameter expansions in your secrets (e.g., `${DOMAIN}`)      | `true`        |

docs/cli/token.mdx

@@ -0,0 +1,21 @@
+---
+title: "Infisical Token"
+---
+
+Prerequisite: [Infisical Token and How to Generate One](../../getting-started/dashboard/token).
+
+It's possible to use the CLI to sync environment varialbes without manually entering login credentials by using a service token in the prerequisite link above.
+
+## Feeding Infisical Token to the CLI
+
+The CLI looks out for an environment variable called the `INFISICAL_TOKEN` which you can set depending on where you run the CLI. If `INFISICAL_TOKEN` is detected by the CLI, it will authenticate and retrieve the environment variables which the token is authorized for.
+
+A common use-case is to use the Infisical Token to fetch environment variables with Docker. More specifically, a token can be passed to a container as an environment variable for the CLI to authenticate and pull its corresponding secrets. Check out the integration guides for that:
+
+- [Docker](../../integrations/platforms/docker)
+- [Docker Compose](../../integrations/platforms/docker-compose)
+
+<Info>
+  Once the token is expired, the CLI using it will no longer be able to make
+  requests with it.
+</Info>

docs/cli/usage.mdx

@@ -0,0 +1,46 @@
+---
+title: "Usage"
+---
+
+Prerequisite: [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your project
+
+```bash
+# move to your project
+cd /path/to/project
+
+# initialize infisical
+infisical init
+```
+
+## Inject environment variables
+
+```bash
+# inject environment variables into app
+infisical run -- [your application start command]
+```
+
+Options you can specify:
+
+| Option        | Description                                                                                                 | Default value |
+| ------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
+| `--env`       | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod` | `dev`         |
+| `--projectId` | Used to link a local project to the platform (required only if injecting via the service token method)      | `None`        |
+| `--expand`    | Parse shell parameter expansions in your secrets (e.g., `${DOMAIN}`)                                        | `true`        |
+
+## Examples:
+
+```bash
+# example with node
+infisical run -- node index.js
+
+# example with node (nodemon)
+infisical run -- nodemon index.js
+
+# example with node (nodemon) pulling in secrets from test environment
+infisical run --env=test -- nodemon index.js
+
+# example with flask
+infisical run -- flask run
+```

docs/contributing/FAQ.mdx

@@ -0,0 +1,16 @@
+---
+title: "Frequently Asked Questions"
+description: "Have any questions? [Join our Slack community](https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g)."
+---
+
+## Problem with SMTP
+
+You can normally populate `SMTP_USERNAME` and `SMTP_PASSWORD` with your usual login and password (you could also create a 'burner' email). Sometimes, there still are problems. 
+
+You can go to your Gmail account settings > security and enable “less secure apps”. This would allow Infisical to use your Gmail to send emails.
+
+If it still doesn't work, [this](https://stackoverflow.com/questions/72547853/unable-to-send-email-in-c-sharp-less-secure-app-access-not-longer-available/72553362#72553362) should help.
+
+## `MONGO_URL` issues
+
+Your `MONGO_URL` should be something like `mongodb://root:example@mongo:27017/?authSource=admin`. If you want to change it (not recommended), you should make sure that you keep this URL in line with `MONGO_USERNAME=root` and `MONGO_PASSWORD=example`.

docs/contributing/developing.mdx

@@ -16,7 +16,7 @@ cd infisical
 
 ## Set up environment variables
 
-Tweak the `.env` according to your preferences. Refer to the available [environment variables](envars).
+Tweak the `.env` according to your preferences. Refer to the available [environment variables](/self-hosting/configuration/envars).
 
 ```bash
 cp .env.example .env
@@ -26,20 +26,21 @@ cp .env.example .env
 
 ```bash
 # build and start the services
-docker-compose -f docker-compose.yml -f docker-compose.prod.yml up --build
+docker-compose -f docker-compose.dev.yml up --build
 ```
 
-Then browse http://localhost:3000
+Then browse http://localhost:8080
 
 ```bash
 # To stop environment use Control+C (on Mac) CTRL+C (on Win) or
-docker-compose down
+docker-compose -f docker-compose.dev.yml down
 # start services
-docker-compose up
+docker-compose -f docker-compose.dev.yml up
 ```
 
-The docker-compose environment consists of:
+The docker-compose development environment consists of:
 
+- nginx
 - frontend
 - backend
 - mongo

docs/envars.mdx

@@ -1,35 +0,0 @@
----
-title: "Environment Variables"
-description: ""
----
-
-## The .env file
-
-Configuring Infisical requires setting some environment variables. There is a file called `.env.example` at the root directory of our main repo that you can use to create a `.env` before you start the server.
-
-| Variable                          | Description                                                                                                 | Default Value    |
-| --------------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------------- |
-| `PRIVATE_KEY`                     | ❗️ NaCl-generated server secret key                                                                        | `None`           |
-| `PUBLIC_KEY`                      | ❗️ NaCl-generated server public key                                                                        | `None`           |
-| `ENCRYPTION_KEY`                  | ❗️ Strong hex encryption key                                                                               | `None`           |
-| `JWT_SIGNUP_SECRET`               | ❗️JWT token secret                                                                                         | `None`           |
-| `JWT_REFRESH_SECRET`              | ❗️ JWT token secret                                                                                        | `None`           |
-| `JWT_AUTH_SECRET`                 | ❗️ JWT token secret                                                                                        | `None`           |
-| `JWT_SECRET_SECRET`               | ❗️ JWT token secret                                                                                        | `None`           |
-| `JWT_SIGNUP_LIFETIME`             | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `15m`            |
-| `JWT_REFRESH_LIFETIME`            | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `90d`            |
-| `JWT_AUTH_LIFETIME`               | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `10d`            |
-| `EMAIL_TOKEN_LIFETIME`            | Email OTP/magic-link lifetime expressed in seconds                                                          | `86400`          |
-| `MONGO_URL`                       | ❗️ MongoDB instance connection string either to container instance or MongoDB Cloud                        | `None`           |
-| `MONGO_USERNAME`                  | MongoDB container username                                                                                  | `None`           |
-| `MONGO_PASSWORD`                  | MongoDB container password                                                                                  | `None`           |
-| `ME_CONFIG_MONGODB_ADMINUSERNAME` | Same as `MONGO_USERNAME` for mongo-express in development                                                   | `None`           |
-| `ME_CONFIG_MONGODB_ADMINPASSWORD` | Same as `MONGO_PASSWORD` for mongo-express in development                                                   | `None`           |
-| `NEXT_PUBLIC_WEBSITE_URL`         | ❗️ Site URL - should be an absolute URL including the protocol (e.g. `https://infisical.com`)              | `None`           |
-| `SMT_HOST`                        | Whether the user joined the community                                                                       | `smtp.gmail.com` |
-| `SMTP_NAME`                       | ❗️ Whether the user joined the community                                                                   | `None`           |
-| `SMTP_USERNAME`                   | ❗️ Whether the user joined the community                                                                   | `None`           |
-| `SMTP_PASSWORD`                   | ❗️ Whether the user joined the community                                                                   | `None`           |
-| `OAUTH_CLIENT_SECRET_HEROKU`      | OAuth client secret for Heroku integration                                                                  | `None`           |
-| `OAUTH_TOKEN_URL_HEROKU`          | OAuth token URL for Heroku integration                                                                      | `None`           |
-| `SENTRY_DSN`                      | DSN for error-monitoring with Sentry                                                                        | `None`           |

docs/getting-started/dashboard/create-account.mdx

@@ -0,0 +1,15 @@
+---
+title: "Sign up"
+---
+
+## Self-hosted
+
+If you're using a self-hosted installation, follow the [setup](/self-hosting/overview) then open your site URL `{SITE_URL}`.
+
+## Infisical Cloud
+
+Open [infisical.com](https://infisical.com/) and click on either "Try Infisical for free" or "Start for free" to complete the signup sequence.
+
+Once you've done that, you'll be taken to the dashboard where we've populated some default environment variables for demonstration.
+
+![dashboard](../../images/dashboard.png)

docs/getting-started/dashboard/integrations.mdx

@@ -0,0 +1,11 @@
+---
+title: "Integrations"
+---
+
+Integrations allow environment variables to be synced across your entire infrastructure from local development to CI/CD and production.
+
+We're still early with integrations, but expect more soon.
+
+![integrations](../../images/project-integrations.png)
+
+Check out our [integrations](/integrations/overview).

docs/getting-started/dashboard/organization.mdx

@@ -0,0 +1,32 @@
+---
+title: "Organization"
+---
+
+An organization houses projects and members.
+
+By default, Infisical creates an organization under your name. You can manage your organization in your organization settings.
+
+![organization name modal open](../../images/dashboard-name-modal-organization.png)
+![organization name modal open](../../images/organization.png)
+
+## Members
+
+Members of an organization can create and add other members to projects within that organization.
+
+To add a member to your organization, scroll down to the "Organization Members" section and invite the member via email. They'll receive an email to confirm their organization invitation. If the member is an existing user on the platform, they will be automatically added to the organization.
+
+![organization members](../../images/organization-members.png)
+
+<Note>
+  Note that access to projects must be provisioned to new members after they've
+  accepted their organization invitation, and they will not be added to any
+  projects by default.
+</Note>
+
+## Incident contacts
+
+Incident contacts of an organization are alerted if anything abnormal is detected within the operations of an organization.
+
+To add an incident contact to your organization, scroll down to the "Incident Contacts" section and add their email.
+
+![organization incident contacts](../../images/organization-ic.png)

docs/getting-started/dashboard/project.mdx

@@ -0,0 +1,60 @@
+---
+title: "Project"
+---
+
+A project houses environment variables for an application.
+
+## Dashboard
+
+The dashboard page is where you can manage environment variables for a given project.
+
+![project dashboard](../../images/dashboard.png)
+
+### Environment variables
+
+Environment variables can be added or removed from a project. By default, they are pre-populated in your first project for demonstration. For any subsequent project, it can be convenient to import existing environment variables by dragging and dropping a .env file containing them.
+
+Here's what dragging and dropping a .env looks like:
+
+![project drag and drop](../../images/project-drag-drop.png)
+
+### Environments
+
+In most cases, environment variables belong to specific environments: development, staging, testing, and production. You can input environment variables for each environment that your project uses.
+
+![project environment](../../images/project-environment.png)
+
+### Personal/Shared scoping
+
+Every environment variable is classified as either personal or shared.
+
+- A personal environment variable is one created by a user of a project to be available for that user only.
+- A shared environment variable is one created by a user of a project to be available for other users of the project.
+
+You can toggle the classification of an environment variable by pressing on its settings:
+
+![project variable toggle open](../../images/project-envar-toggle-open.png)
+
+### Search
+
+You can search for any environment variable by its key.
+
+![project search](../../images/project-search.png)
+
+### Sort
+
+You can sort environment variables alphabetically by their keys.
+
+![project sort](../../images/project-sort.png)
+
+### Hide/Un-hide
+
+You can hide or un-hide the values of your environment variables. By default, the values are hidden for your privacy.
+
+![project hide](../../images/project-hide.png)
+
+### Download as .env
+
+You can download your environment variables back in a .env file.
+
+![project download](../../images/project-download.png)

docs/getting-started/dashboard/token.mdx

@@ -0,0 +1,16 @@
+---
+title: "Infisical Token"
+---
+
+An Infisical Token is needed to authenticate the CLI when there isn't an easy way to input your login credentials.
+
+It's useful for the [Docker](/integrations/platforms/docker) and [Docker Compose](/integrations/platforms/docker-compose) integrations.
+
+It's possible to generate the token in the settings of a project.
+
+![token add](../../images/project-token-add.png)
+
+<Note>
+  The token grants read-only access to a particular environment and project for
+  a specified amount of time.
+</Note>

docs/getting-started/features.mdx

@@ -0,0 +1,43 @@
+---
+title: "Features"
+---
+
+This is a non-exhaustive list of features that Infisical offers:
+
+## Web UI
+
+The Web UI is used to manage teams and environment variables.
+
+- Provision access to organizations and projects.
+- Add/delete/update, scope, search, sort, hide-unhide environment variables.
+- Separate environment variables by environment.
+- Import environment variables via drag-and-drop, export them as a .env file.
+
+## CLI
+
+The CLI is used to inject environment variables into applications and infrastructure.
+
+- Inject environment variables.
+- Inject environment variables into containers via service tokens for Docker.
+
+## Roadmap
+
+We're building the future of secret management, one that's comprehensive and accessible to all. Some high-level features we have in mind:
+
+| Feature                               | Status      |
+| ------------------------------------- | ----------- |
+| Integrations                          | Ongoing     |
+| More hosting options                  | Ongoing     |
+| 1-Click Deploys                       | Ongoing     |
+| Account recovery: Backup key          | Ongoing     |
+| Account recovery: Member-assisted     | Coming soon |
+| Slack & MS teams integrations         | Coming soon |
+| Access logs                           | Coming soon |
+| Version control for secrets           | Coming soon |
+| 2FA                                   | Coming soon |
+| Restricted IPs                        | Coming soon |
+| Read/write access controls            | Coming soon |
+| Secret rotation                       | Coming soon |
+| Comparing secrets across environments | Coming soon |
+
+Interested in contributing? Check out the [guide](/contributing/overview).

docs/getting-started/introduction.mdx

@@ -0,0 +1,37 @@
+---
+title: "Introduction"
+---
+
+Infisical is an [open-source](https://opensource.com/resources/what-open-source), [end-to-end encrypted](https://en.wikipedia.org/wiki/End-to-end_encryption) secret manager that enables teams to easily manage and sync their environment variables.
+
+Start syncing environment variables with [Infisical Cloud](https://app.infisical.com) or learn how to [host Infisical](/self-hosting/overview) yourself.
+
+<CardGroup cols={2}>
+  <Card
+    title="Quickstart"
+    href="/getting-started/quickstart"
+    icon="timer"
+    color="#ea5a0c"
+  >
+    Tour Infisical in a few minutes.
+  </Card>
+  <Card href="/cli/overview" title="CLI" icon="square-terminal" color="#16a34a">
+    Install the CLI to inject secrets into apps and infra.
+  </Card>
+  <Card
+    href="/self-hosting/overview"
+    title="Self-hosting"
+    icon="server"
+    color="#0285c7"
+  >
+    Learn how to configure and deploy Infisical.
+  </Card>
+  <Card
+    href="/integrations/overview"
+    title="Integrations"
+    icon="plug"
+    color="#dc2626"
+  >
+    Explore integrations for Docker, AWS, Heroku, etc.
+  </Card>
+</CardGroup>

docs/getting-started/quickstart.mdx

@@ -0,0 +1,43 @@
+---
+title: "Quickstart"
+---
+
+This example demonstrates how to store and inject environment variables from [Infisical Cloud](https://app.infisical.com) into your application.
+
+Note that the Infisical CLI is platform-agnostic and can inject environment variables across many tech stacks and frameworks.
+
+## Set up Infisical Cloud
+
+1. Login or create an accout at `app.infisical.com`.
+2. Create a new project.
+3. Populate your environment variables as in the image below.
+
+![project quickstart](../images/project-quickstart.png)
+
+## Set up the CLI
+
+1. Follow the instructions to [install the CLI](/cli/overview).
+
+2. Initialize Infisical for your project.
+
+```bash
+# move to your project
+cd /path/to/project
+
+# initialize infisical
+infisical init
+```
+
+## Start your app with environment variables injected
+
+```bash
+# inject environment variables into app
+infisical run -- [your application start command]
+```
+
+<Info>
+  Check out our [integrations](/integrations/overview) for injecting environment
+  variables into frameworks and platforms like Docker.
+</Info>
+
+Your app should be running with the environment variables injected.

docs/gettingStarted.mdx

@@ -1,34 +0,0 @@
----
-title: "Getting Started"
-description: "Infisical is a simple, end-to-end encrypted (E2EE) secrets manager that enables teams to sync and manage their application environment variables."
----
-
-## Introduction
-
-Infisical works by injecting environment variables into your application process. Because of this, Infisical works for all programing languages and platforms.
-
-Infisical is powered by public-key cryptography to ensure that you are the only person who can access your secrets. Read more about our security [here](https://dub.sh/XocpMvT)
-<Card
-  title="Security Brief"
-  icon="shield-halved"
-  iconType="duotone"
-  href="https://dub.sh/XocpMvT"
->
-  Learn more about our system + security here.
-</Card>
-
-
-### Step 1: Make an account
-
-Head to [https://infisical.com](https://infisical.com/) to make an account and create a project. Once you've made an account, you'll be prompted to a dashboard with some placeholder environment variables. Go ahead and replace the placeholder environment variables with your environment variables from your .env file.
-
-### Step 2 (Optional): Invite your dev team
-
-Navigate to the “Team” tab in the left sidebar and invite your teammates to the project by submitting their emails. They'll each receive an email invitation to join the project and get access to the environment variables. A few things to note about invitations due to how our public-key cryptography works:
-
-- If a teammate is already registered with Infisical, then they'll receive access to the environment variables immediately.
-- If a teammate is unregistered with Infisical, then they'll have to request access to the environment variables once they've registered.
-
-### Step 3: Install the CLI
-The Infisical CLI will allow you to inject secrets into any environment. This includes both your local and production environments. 
- 

docs/infisicalToken.mdx

@@ -1,68 +0,0 @@
----
-title: "Infisical Token"
-description: "Learn to authenticate via the CLI without in manually"
----
-
-## Background
-
-To authenticate the Infisical CLI in environments other than your local desktop environment, you will have to utilize the Infisical Token. 
-The Infisical Token is a quick and easy way to authenticate the CLI without having to type in your email and password. This is especially needed
-in production environments where you cannot type in your login details. 
-
-With the Infisical Token, you can allow read only access to a particular environment (dev, prod, etc.) for a given project for a set amount of time. Once the token expires, any CLI application 
-that relies on it for authentication will be denied access to retrieve the related secrets. 
-
-## Generate a Infisical Token
-To get started, navigate to your dashboard and select the project for which you would like to generate a Infisical Token for. 
-Then head over to project settings and you should see a similar page like below. 
-
-![title](./images/project_settings_page.png)
-
-To add a new Infisical Token, press the `add new token` button. This will bring up a page like below. 
-
-![title](./images/add_new_token.png)
-
-Enter a name to help you identify the token then choose the environment from which you would like the CLI to retrieve the secrets from. Lastly, choose a duration 
-for the token.
-
-<Info>
-Once the token is expired, the CLI using it will no longer be able to make requests with it. 
-</Info>
-
-
-## Use Infisical token with CLI
-Once you have generated a token, it is easy to tell the Infisical CLI to use it. 
-
-### Feeding the token to the CLI 
-The CLI looks out for an environment variable called `INFISICAL_TOKEN`. Setting this environment variable depends on where you run the CLI. 
-For example, if you are running the CLI in a Docker container, you may set the environment variable via the docker run command like so. 
-
-Docker run example:
-```
- docker run --env INFISICAL_TOKEN=<the token you generated>...
-```
-
-<Warning>
-In the event your token is exposed, visit the project settings page again and deactivate the token to expire it immediately. 
-</Warning>
-
-### Prepare `infisical run` command
-
-Once you have exposed the `INFISICAL_TOKEN` environment variable to the environment the CLI is running in you can prepare the run command.
-To have the CLI authenticate via the Infisical Token, you must provide values for flags `--stage` and `--projectId`
-
-Example:
-```
-infisical run --stage=prod --projectId=<the project id for the token you generated>
-```
-
-<Info>
-  Notice that we do not need to run any other command such as `infisical init` or `infisical login` when we use the Infisical Token.
-</Info>
-
-
-To learn more about the commands and it's flags [visit](/CLI)
-
-### Support
-
-Lastly, if you have any questions or inquiries, shoot an email over to [support@infisical.com](mailto:support@infisical.com) so we can assist you. Alternatively, feel free to post your question or DM us on Slack here; we'd be happy to connect with you.

docs/installCLI.mdx

@@ -1,124 +0,0 @@
----
-title: "Install CLI"
-description: "Install the official Infisical CLI for both your development and production environments"
----
-
-## Install
-
-Installing Infisical CLI is simple. Just follow the guide for your OS below.
-
-<Accordion title="Install on MacOS ">
-  Use [brew](https://brew.sh/) package manager
-
-	```
-	$ brew install infisical/get-cli/infisical  
-	$ infisical --version
-	```
-
-	To update:
-
-	```
-	$ brew upgrade infisical
-	```
-</Accordion>
-
-<Accordion title="Install on Windows ">
-	Use [Scoop](https://scoop.sh/) package manager
-
-	```
-	$ scoop bucket add org https://github.com/Infisical/scoop-infisical.git
-	$ scoop install infisical
-	$ infisical --version
-	```
-
-	To update:
-
-	```
-	$ scoop update infisical
-	```
-</Accordion>
-
-
-<Accordion title="Install on RedHat/CentOS">
-	```
-	$ curl https://raw.githubusercontent.com/Infisical/infisical/main/infisical-cli.repo | tee /etc/yum.repos.d/infisical-cli.repo 
-
-	$ yum update && sudo yum install infisical
-	```
-</Accordion>
-
-<Accordion title="Install on Alpine">
-	```
-	$ apk add --no-cache bash sudo curl
-	$ curl -1sLf \
-		'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' \
-		| sudo -E bash
-
-	$ sudo apk add infisical
-
-	$ infisical --help
-	```
-</Accordion>
-
-<Accordion title="Install on Debian/Ubuntu">
-	```
-	Add Infisical apt repo 
-	$ echo "deb [trusted=yes] https://apt.fury.io/infisical/ /" | tee -a /etc/apt/sources.list.d/infisical.list
-
-	Add prerequisites
-	$ apt update && apt -y curl ca-certificates sudo 
-
-	Install infisical cli
-	$ sudo apt update && apt install infisical
-
-	To make sure the CLI has been installed, you may run this command.
-	$ infisical --version 
-	```
-</Accordion>
-
-## Usage
-Once you have the CLI installed in your system, follow the guide to login and sync your first project.
-
-#### Login
-Login to the CLI by running the following command in your terminal
-
-```
-infisical login 
-```
-<Info>
-To authenticate without logging in manually, read about [Infisical Token](/infisicalToken)
-</Info>
-#### Link secrets to your project
-After logging in, `CD` into the root of your local project. Then run the following command in the terminal to link your Infisical project to your local project.
-
-```
-infisical init 
-```
-
-#### Inject 
-To inject the secrets from the Infisical project you have selected in step 2 into your application process, run the following command.
-
-```
-infisical run -- <your application start command>
-```
-
-Example:
-
-```
-infisical run -- npm run dev 
-```
-
-By default, Infisical injects secrets from your development environment. To modify from which environment your secrets are pulled from, use the --stage flag 
-
-Example:
-
-```
-infisical run --stage=prod -- npm run dev 
-```
-
-You're now automatically pulling and injecting secrets as environment variables into your application!
-
-### Support
-We're constantly improving Infisical, so we'd love to get your feedback and take feature requests.
-
-Lastly, if you have any questions or inquiries, shoot an email over to [support@infisical.com](mailto:support@infisical.com) so we can assist you. Alternatively, feel free to post your question or DM us on Slack here; we'd be happy to connect with you.

docs/integrations/cloud/heroku.mdx

@@ -0,0 +1,26 @@
+---
+title: "Heroku"
+description: "With this integration, you can automatically sync your secrets to Heroku as soon as you update secrets in Infisical."
+---
+
+## Instructions
+
+### Step 1: Open the integrations console
+
+Open the Infisical Dashboard. Choose the project in which you want to set up the intergation. Go to the integrations tab in the left sidebar.
+
+### Step 2: Authenticate with Heroku
+
+Click on "Heroku" tile. Log in if required and provide the necessary permissions to Infisical. You will afterwards be redirected back to the integrations page.
+
+Note: during an integration with Heroku, for security reasons, it is impossible to maintain end-to-end encryption. In theory, this lets Infisical decrypt yor environment variables. In practice, we can assure you that this will never be done, and it allows us to protect your secrets from bad actors online. With any questions, reach out support@infisical.com.
+
+### Step 3: Start integration
+
+Choose a Heroku App that you want to sync the secrets to, and the Infisical project environment that you want to sync the secrets from. Start the integration.
+
+The integration should now show status 'In Sync'. Every time you edit secrets, they will be automatically pushed to Heroku. 
+
+<Info> 
+  If you need to update your integration, you will have to delete the current one and create a new one.
+</Info>

docs/integrations/frameworks/django.mdx

@@ -0,0 +1,24 @@
+---
+title: "Django"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Django](https://www.djangoproject.com) project
+
+```bash
+# move to your Django project
+cd /path/to/project
+
+# initialize infisical
+infisical init
+```
+
+## Start your server with environment variables injected
+
+```bash
+infisical run -- python manage.py runserver
+```